Google Git
Sign in
apache / kudu / 1ad8c1f18a35e06d4aafd7813de71ee335c68ea1 / . / src / kudu / rpc / sasl_helper.h
blob: 998e7a144cf38afbfaae5375197715412e9083f5 [file] [log] [blame]
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
#pragma once
#include <cstdint>
#include <set>
#include <string>
#include "kudu/gutil/macros.h"
#include "kudu/rpc/sasl_common.h"
namespace kudu {
class Slice;
class Status;
namespace rpc {
class NegotiatePB;
// Helper class which contains functionality that is common to client and server
// SASL negotiations. Most of these methods are convenience methods for
// interacting with the libsasl2 library.
class SaslHelper {
public:
enum PeerType {
CLIENT,
SERVER
};
explicit SaslHelper(PeerType peer_type);
~SaslHelper() = default;
// Specify the fully-qualified domain name of the remote server.
void set_server_fqdn(const std::string& domain_name);
const char* server_fqdn() const;
// Globally-registered available SASL plugins.
const std::set<SaslMechanism::Type>& GlobalMechs() const {
return global_mechs_;
}
// Helper functions for managing the list of active SASL mechanisms.
const std::set<SaslMechanism::Type>& EnabledMechs() const {
return enabled_mechs_;
}
// Implements the client_mech_list / mech_list callbacks.
int GetOptionCb(const char* plugin_name, const char* option, const char** result, unsigned* len);
// Enable the PLAIN SASL mechanism.
Status EnablePlain();
// Enable the GSSAPI (Kerberos) mechanism.
Status EnableGSSAPI();
// Check for the PLAIN SASL mechanism.
bool IsPlainEnabled() const;
// Sanity check that the call ID is the negotiation call ID.
// Logs DFATAL if call_id does not match.
Status CheckNegotiateCallId(int32_t call_id) const;
// Parse msg from the given Slice.
Status ParseNegotiatePB(const Slice& param_buf, NegotiatePB* msg);
private:
Status EnableMechanism(SaslMechanism::Type mech);
// Returns space-delimited local mechanism list string suitable for passing
// to libsasl2, such as via "mech_list" callbacks.
// The returned pointer is valid only until the next call to EnabledMechsString().
const char* EnabledMechsString() const;
std::string server_fqdn_;
// Authentication types and data.
const PeerType peer_type_;
std::string tag_;
std::set<SaslMechanism::Type> global_mechs_; // Cache of global mechanisms.
std::set<SaslMechanism::Type> enabled_mechs_; // Active mechanisms.
mutable std::string enabled_mechs_string_; // Mechanism list string returned by callbacks.
bool plain_enabled_;
bool gssapi_enabled_;
DISALLOW_COPY_AND_ASSIGN(SaslHelper);
};
} // namespace rpc
} // namespace kudu