Repository: kudu Updated Branches: refs/heads/master aa90fc02c -> d47c13872
Rename SaslAuth to SaslMechanism As part of the recent RPC negotiation changes the role of this message changed slightly, and the new name is more indicative of its purpose. Change-Id: I1e4750825812b31229516a7c71ac308056ca15c8 Reviewed-on: http://gerrit.cloudera.org:8080/5913 Reviewed-by: Todd Lipcon <t...@apache.org> Tested-by: Kudu Jenkins Project: http://git-wip-us.apache.org/repos/asf/kudu/repo Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/d47c1387 Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/d47c1387 Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/d47c1387 Branch: refs/heads/master Commit: d47c13872061e66924c6d9033df59638fe5ceea0 Parents: aa90fc0 Author: Dan Burkert <danburk...@apache.org> Authored: Fri Feb 3 19:38:19 2017 -0800 Committer: Dan Burkert <danburk...@apache.org> Committed: Mon Feb 6 23:22:23 2017 +0000 ---------------------------------------------------------------------- docs/design-docs/rpc.md | 14 +++++++------- .../org/apache/kudu/client/SecureRpcHelper.java | 9 ++++----- src/kudu/rpc/client_negotiation.cc | 8 +++----- src/kudu/rpc/rpc_header.proto | 8 ++++---- src/kudu/rpc/server_negotiation.cc | 18 +++++++++--------- 5 files changed, 27 insertions(+), 30 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/kudu/blob/d47c1387/docs/design-docs/rpc.md ---------------------------------------------------------------------- diff --git a/docs/design-docs/rpc.md b/docs/design-docs/rpc.md index 6c2c598..23d697a 100644 --- a/docs/design-docs/rpc.md +++ b/docs/design-docs/rpc.md @@ -393,13 +393,13 @@ Client Server | +----NegotiatePB-----------------------------+ | | | step = NEGOTIATE | | | | supported_features = <client RPC features> | ----------------------> | - | | auths = <client SASL mechanisms> | | + | | mechanisms = <client SASL mechanisms> | | | +--------------------------------------------+ | | | | +----NegotiatePB-----------------------------+ | | | step = NEGOTIATE | | | <---------------------- | supported_features = <server RPC features> | | - | | auths = <server SASL mechanisms> | | + | | mechanisms = <server SASL mechanisms> | | | +--------------------------------------------+ | ``` @@ -463,11 +463,11 @@ client, respectively, may occur depending on the mechanism. ``` Client Server | | - | +----NegotiatePB----------------+ | - | | step = SASL_INITIATE | | - | | auths[0] = <chosen mechanism> | -----------------------------------> | - | | token = <SASL token> | | - | +-------------------------------+ | + | +----NegotiatePB---------------------+ | + | | step = SASL_INITIATE | | + | | mechanisms[0] = <chosen mechanism> | ------------------------------> | + | | token = <SASL token> | | + | +------------------------------------+ | | | | <...SASL_INITIATE is followed by 0 or more SASL_CHALLENGE + | | SASL_RESPONSE steps...> | http://git-wip-us.apache.org/repos/asf/kudu/blob/d47c1387/java/kudu-client/src/main/java/org/apache/kudu/client/SecureRpcHelper.java ---------------------------------------------------------------------- diff --git a/java/kudu-client/src/main/java/org/apache/kudu/client/SecureRpcHelper.java b/java/kudu-client/src/main/java/org/apache/kudu/client/SecureRpcHelper.java index 0ec6547..23bc35d 100644 --- a/java/kudu-client/src/main/java/org/apache/kudu/client/SecureRpcHelper.java +++ b/java/kudu-client/src/main/java/org/apache/kudu/client/SecureRpcHelper.java @@ -202,10 +202,9 @@ public class SecureRpcHelper { } - private void handleNegotiateResponse(Channel chan, RpcHeader.NegotiatePB response) throws - SaslException { - RpcHeader.NegotiatePB.SaslAuth negotiatedAuth = null; - for (RpcHeader.NegotiatePB.SaslAuth auth : response.getAuthsList()) { + private void handleNegotiateResponse(Channel chan, RpcHeader.NegotiatePB response) throws SaslException { + RpcHeader.NegotiatePB.SaslMechanism negotiatedAuth = null; + for (RpcHeader.NegotiatePB.SaslMechanism auth : response.getSaslMechanismsList()) { negotiatedAuth = auth; } @@ -227,7 +226,7 @@ public class SecureRpcHelper { builder.setToken(ZeroCopyLiteralByteString.wrap(saslToken)); } builder.setStep(RpcHeader.NegotiatePB.NegotiateStep.SASL_INITIATE); - builder.addAuths(negotiatedAuth); + builder.addSaslMechanisms(negotiatedAuth); sendSaslMessage(chan, builder.build()); } http://git-wip-us.apache.org/repos/asf/kudu/blob/d47c1387/src/kudu/rpc/client_negotiation.cc ---------------------------------------------------------------------- diff --git a/src/kudu/rpc/client_negotiation.cc b/src/kudu/rpc/client_negotiation.cc index 3d32e14..bb1bfb2 100644 --- a/src/kudu/rpc/client_negotiation.cc +++ b/src/kudu/rpc/client_negotiation.cc @@ -329,13 +329,11 @@ Status ClientNegotiation::HandleNegotiate(const NegotiatePB& response) { // Build a map of the SASL mechanisms offered by the server. const set<SaslMechanism::Type>& client_mechs = helper_.EnabledMechs(); set<SaslMechanism::Type> server_mechs; - map<SaslMechanism::Type, NegotiatePB::SaslAuth> server_mech_map; - for (const NegotiatePB::SaslAuth& auth : response.auths()) { - auto mech = SaslMechanism::value_of(auth.mechanism()); + for (const NegotiatePB::SaslMechanism& sasl_mech : response.sasl_mechanisms()) { + auto mech = SaslMechanism::value_of(sasl_mech.mechanism()); if (mech == SaslMechanism::INVALID) { continue; } - server_mech_map[mech] = auth; server_mechs.insert(mech); } @@ -468,7 +466,7 @@ Status ClientNegotiation::SendSaslInitiate() { NegotiatePB msg; msg.set_step(NegotiatePB::SASL_INITIATE); msg.mutable_token()->assign(init_msg, init_msg_len); - msg.add_auths()->set_mechanism(negotiated_mech); + msg.add_sasl_mechanisms()->set_mechanism(negotiated_mech); return SendNegotiatePB(msg); } http://git-wip-us.apache.org/repos/asf/kudu/blob/d47c1387/src/kudu/rpc/rpc_header.proto ---------------------------------------------------------------------- diff --git a/src/kudu/rpc/rpc_header.proto b/src/kudu/rpc/rpc_header.proto index 5bc628d..3159688 100644 --- a/src/kudu/rpc/rpc_header.proto +++ b/src/kudu/rpc/rpc_header.proto @@ -88,13 +88,13 @@ message NegotiatePB { TLS_HANDSHAKE = 5; } - message SaslAuth { + message SaslMechanism { // The SASL mechanism, i.e. 'PLAIN' or 'GSSAPI'. required string mechanism = 2; // Deprecated: no longer used. - optional string DEPRECATED_method = 1; - optional bytes DEPRECATED_challenge = 5 [(REDACT) = true]; + // optional string method = 1; + // optional bytes challenge = 5 [(REDACT) = true]; } // When the client sends its NEGOTIATE step message, it sends its set of @@ -127,7 +127,7 @@ message NegotiatePB { // During the NEGOTIATE step, contains the supported SASL mechanisms. // During the SASL_INITIATE step, contains the single chosen SASL mechanism. - repeated SaslAuth auths = 4; + repeated SaslMechanism sasl_mechanisms = 4; } message RemoteMethodPB { http://git-wip-us.apache.org/repos/asf/kudu/blob/d47c1387/src/kudu/rpc/server_negotiation.cc ---------------------------------------------------------------------- diff --git a/src/kudu/rpc/server_negotiation.cc b/src/kudu/rpc/server_negotiation.cc index 6f5c118..d52eb75 100644 --- a/src/kudu/rpc/server_negotiation.cc +++ b/src/kudu/rpc/server_negotiation.cc @@ -356,8 +356,8 @@ Status ServerNegotiation::SendNegotiate(const set<SaslMechanism::Type>& server_m NegotiatePB response; response.set_step(NegotiatePB::NEGOTIATE); - for (auto mech : server_mechs) { - response.add_auths()->set_mechanism(SaslMechanism::name_of(mech)); + for (auto mechanism : server_mechs) { + response.add_sasl_mechanisms()->set_mechanism(SaslMechanism::name_of(mechanism)); } // Tell the client which features we support. @@ -421,18 +421,18 @@ Status ServerNegotiation::HandleSaslInitiate(const NegotiatePB& request) { } TRACE("Received SASL_INITIATE request from client"); - if (request.auths_size() != 1) { + if (request.sasl_mechanisms_size() != 1) { Status s = Status::NotAuthorized( - "SASL_INITIATE request must include exactly one SaslAuth section, found", - std::to_string(request.auths_size())); + "SASL_INITIATE request must include exactly one SASL mechanism, found", + std::to_string(request.sasl_mechanisms_size())); RETURN_NOT_OK(SendError(ErrorStatusPB::FATAL_UNAUTHORIZED, s)); return s; } - const NegotiatePB::SaslAuth& auth = request.auths(0); - TRACE("Client requested to use mechanism: $0", auth.mechanism()); + const string& mechanism = request.sasl_mechanisms(0).mechanism(); + TRACE("Client requested to use mechanism: $0", mechanism); - negotiated_mech_ = SaslMechanism::value_of(auth.mechanism()); + negotiated_mech_ = SaslMechanism::value_of(mechanism); // If we are speaking TLS and the negotiated mechanism is GSSAPI (Kerberos), // configure SASL to use integrity protection so that the channel bindings @@ -448,7 +448,7 @@ Status ServerNegotiation::HandleSaslInitiate(const NegotiatePB& request) { Status s = WrapSaslCall(sasl_conn_.get(), [&]() { return sasl_server_start( sasl_conn_.get(), // The SASL connection context created by init() - auth.mechanism().c_str(), // The mechanism requested by the client. + mechanism.c_str(), // The mechanism requested by the client. request.token().c_str(), // Optional string the client gave us. request.token().length(), // Client string len. &server_out, // The output of the SASL library, might not be NULL terminated