From 40df6df98ac638e4dceeff84f3085d516aee86ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arnaud=20Cogolu=C3=A8gnes?= Date: Tue, 6 Jun 2023 11:08:02 +0200 Subject: [PATCH 1/3] Fix SASL external authentication in stream plugin (cherry picked from commit 21347490f96e9b42acda7c359db672bec226663e) (cherry picked from commit 540c761c8d0160d34aa47b4a77e5a7029b603c83) --- .../src/rabbit_stream_reader.erl | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/deps/rabbitmq_stream/src/rabbit_stream_reader.erl b/deps/rabbitmq_stream/src/rabbit_stream_reader.erl index 1a5331d787e4..aaba4db87a4d 100644 --- a/deps/rabbitmq_stream/src/rabbit_stream_reader.erl +++ b/deps/rabbitmq_stream/src/rabbit_stream_reader.erl @@ -75,7 +75,7 @@ stream_leaders :: #{stream() => pid()}, stream_subscriptions :: #{stream() => [subscription_id()]}, credits :: atomics:atomics_ref(), - authentication_state :: atom(), + authentication_state :: any(), user :: undefined | #user{}, virtual_host :: undefined | binary(), connection_step :: @@ -1371,8 +1371,6 @@ handle_frame_pre_auth(Transport, ServerProperties}}), send(Transport, S, Frame), {Connection#stream_connection{client_properties = ClientProperties, - authentication_state = - peer_properties_exchanged, connection_step = peer_properties_exchanged}, State}; handle_frame_pre_auth(Transport, @@ -1438,10 +1436,8 @@ handle_frame_pre_auth(Transport, rabbit_core_metrics:auth_attempt_succeeded(RemoteAddress, <<>>, stream), - {C1#stream_connection{authentication_state = - AuthState1, - connection_step = - authenticating}, + {C1#stream_connection{authentication_state = AuthState1, + connection_step = authenticating}, {sasl_authenticate, ?RESPONSE_SASL_CHALLENGE, Challenge}}; {ok, User = #user{username = Username}} -> @@ -1458,11 +1454,9 @@ handle_frame_pre_auth(Transport, [], C1, State), - {C1#stream_connection{authentication_state = - done, - user = User, - connection_step = - authenticated}, + {C1#stream_connection{user = User, + authentication_state = done, + connection_step = authenticated}, {sasl_authenticate, ?RESPONSE_CODE_OK, <<>>}}; not_allowed -> From 5bdaf04a49a86032a1671538c7ec86ddee7411b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arnaud=20Cogolu=C3=A8gnes?= Date: Tue, 6 Jun 2023 13:04:35 +0200 Subject: [PATCH 2/3] Polish authentication in stream reader (cherry picked from commit 6c14d736abb66dd2db2d0740cdc7daa61d7f7e1d) (cherry picked from commit a24b44347ac0ec93178e9bd9d6ba2d277dcba7e5) # Conflicts: # deps/rabbitmq_stream/src/rabbit_stream_reader.erl --- deps/rabbitmq_stream/src/rabbit_stream_reader.erl | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/deps/rabbitmq_stream/src/rabbit_stream_reader.erl b/deps/rabbitmq_stream/src/rabbit_stream_reader.erl index aaba4db87a4d..8574bfe2dd43 100644 --- a/deps/rabbitmq_stream/src/rabbit_stream_reader.erl +++ b/deps/rabbitmq_stream/src/rabbit_stream_reader.erl @@ -64,6 +64,7 @@ %% client port peer_port, auth_mechanism, + authentication_state :: any(), connected_at :: integer(), helper_sup :: pid(), socket :: rabbit_net:socket(), @@ -75,7 +76,6 @@ stream_leaders :: #{stream() => pid()}, stream_subscriptions :: #{stream() => [subscription_id()]}, credits :: atomics:atomics_ref(), - authentication_state :: any(), user :: undefined | #user{}, virtual_host :: undefined | binary(), connection_step :: @@ -1433,9 +1433,12 @@ handle_frame_pre_auth(Transport, {C1#stream_connection{connection_step = failure}, {sasl_authenticate, ?RESPONSE_SASL_ERROR, <<>>}}; {challenge, Challenge, AuthState1} -> +<<<<<<< HEAD rabbit_core_metrics:auth_attempt_succeeded(RemoteAddress, <<>>, stream), +======= +>>>>>>> a24b44347a (Polish authentication in stream reader) {C1#stream_connection{authentication_state = AuthState1, connection_step = authenticating}, {sasl_authenticate, ?RESPONSE_SASL_CHALLENGE, From 7ab9cb0e64c413f2dcec355062fcb043002cb524 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arnaud=20Cogolu=C3=A8gnes?= Date: Tue, 6 Jun 2023 15:49:23 +0200 Subject: [PATCH 3/3] Do not count authentication success in challenge phase --- deps/rabbitmq_stream/src/rabbit_stream_reader.erl | 6 ------ 1 file changed, 6 deletions(-) diff --git a/deps/rabbitmq_stream/src/rabbit_stream_reader.erl b/deps/rabbitmq_stream/src/rabbit_stream_reader.erl index 8574bfe2dd43..1295da09a131 100644 --- a/deps/rabbitmq_stream/src/rabbit_stream_reader.erl +++ b/deps/rabbitmq_stream/src/rabbit_stream_reader.erl @@ -1433,12 +1433,6 @@ handle_frame_pre_auth(Transport, {C1#stream_connection{connection_step = failure}, {sasl_authenticate, ?RESPONSE_SASL_ERROR, <<>>}}; {challenge, Challenge, AuthState1} -> -<<<<<<< HEAD - rabbit_core_metrics:auth_attempt_succeeded(RemoteAddress, - <<>>, - stream), -======= ->>>>>>> a24b44347a (Polish authentication in stream reader) {C1#stream_connection{authentication_state = AuthState1, connection_step = authenticating}, {sasl_authenticate, ?RESPONSE_SASL_CHALLENGE,