forked from twmb/franz-go
/
36_sasl_authenticate.go
83 lines (72 loc) · 1.93 KB
/
36_sasl_authenticate.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
package kfake
import (
"errors"
"github.com/burningass23/franz-go/pkg/kerr"
"github.com/burningass23/franz-go/pkg/kmsg"
)
func init() { regKey(36, 0, 2) }
func (c *Cluster) handleSASLAuthenticate(creq clientReq) (kmsg.Response, error) {
req := creq.kreq.(*kmsg.SASLAuthenticateRequest)
resp := req.ResponseKind().(*kmsg.SASLAuthenticateResponse)
if err := checkReqVersion(req.Key(), req.Version); err != nil {
return nil, err
}
switch creq.cc.saslStage {
default:
resp.ErrorCode = kerr.IllegalSaslState.Code
return resp, nil
case saslStageAuthPlain:
u, p, err := saslSplitPlain(req.SASLAuthBytes)
if err != nil {
return nil, err
}
if c.sasls.plain == nil {
return nil, errors.New("invalid sasl")
}
if p != c.sasls.plain[u] {
return nil, errors.New("invalid sasl")
}
creq.cc.saslStage = saslStageComplete
case saslStageAuthScram0_256:
c0, err := scramParseClient0(req.SASLAuthBytes)
if err != nil {
return nil, err
}
if c.sasls.scram256 == nil {
return nil, errors.New("invalid sasl")
}
a, ok := c.sasls.scram256[c0.user]
if !ok {
return nil, errors.New("invalid sasl")
}
s0, serverFirst := scramServerFirst(c0, a)
resp.SASLAuthBytes = serverFirst
creq.cc.saslStage = saslStageAuthScram1
creq.cc.s0 = &s0
case saslStageAuthScram0_512:
c0, err := scramParseClient0(req.SASLAuthBytes)
if err != nil {
return nil, err
}
if c.sasls.scram512 == nil {
return nil, errors.New("invalid sasl")
}
a, ok := c.sasls.scram512[c0.user]
if !ok {
return nil, errors.New("invalid sasl")
}
s0, serverFirst := scramServerFirst(c0, a)
resp.SASLAuthBytes = serverFirst
creq.cc.saslStage = saslStageAuthScram1
creq.cc.s0 = &s0
case saslStageAuthScram1:
serverFinal, err := creq.cc.s0.serverFinal(req.SASLAuthBytes)
if err != nil {
return nil, err
}
resp.SASLAuthBytes = serverFinal
creq.cc.saslStage = saslStageComplete
creq.cc.s0 = nil
}
return resp, nil
}