5afcec4a3d
The alien thread was a solution for reactor stalls caused by indivisible
password‑hashing tasks (scylladb/scylladb#24524). However, because
there is only one alien thread, overall hashing throughput was reduced
(see, e.g., scylladb/scylla-enterprise#5711). To address this,
the alien‑thread solution is reverted, and a hashing implementation
with yielding will be introduced later in this patch series.
This reverts commit 9574513ec1.
74 lines
2.1 KiB
C++
74 lines
2.1 KiB
C++
/*
|
|
* Copyright (C) 2020 ScyllaDB
|
|
*
|
|
* Modified by ScyllaDB
|
|
*/
|
|
|
|
/*
|
|
* SPDX-License-Identifier: LicenseRef-ScyllaDB-Source-Available-1.0
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
#include "auth/authenticator.hh"
|
|
#include "auth/cache.hh"
|
|
|
|
namespace cql3 {
|
|
class query_processor;
|
|
}
|
|
|
|
namespace service {
|
|
class migration_manager;
|
|
class raft_group0_client;
|
|
}
|
|
|
|
namespace auth {
|
|
|
|
/// Delegates authentication to saslauthd. When this class is asked to authenticate, it passes the credentials
|
|
/// to saslauthd, gets its response, and allows or denies authentication based on that response.
|
|
class saslauthd_authenticator : public authenticator {
|
|
sstring _socket_path; ///< Path to the domain socket on which saslauthd is listening.
|
|
public:
|
|
saslauthd_authenticator(cql3::query_processor&, ::service::raft_group0_client&, ::service::migration_manager&, cache&);
|
|
|
|
future<> start() override;
|
|
|
|
future<> stop() override;
|
|
|
|
std::string_view qualified_java_name() const override;
|
|
|
|
bool require_authentication() const override;
|
|
|
|
authentication_option_set supported_options() const override;
|
|
|
|
authentication_option_set alterable_options() const override;
|
|
|
|
future<authenticated_user> authenticate(const credentials_map& credentials) const override;
|
|
|
|
future<> create(std::string_view role_name, const authentication_options& options, ::service::group0_batch& mc) override;
|
|
|
|
future<> alter(std::string_view role_name, const authentication_options& options, ::service::group0_batch& mc) override;
|
|
|
|
future<> drop(std::string_view role_name, ::service::group0_batch& mc) override;
|
|
|
|
future<custom_options> query_custom_options(std::string_view role_name) const override;
|
|
|
|
const resource_set& protected_resources() const override;
|
|
|
|
::shared_ptr<sasl_challenge> new_sasl_challenge() const override;
|
|
|
|
virtual future<> ensure_superuser_is_created() const override {
|
|
return make_ready_future<>();
|
|
}
|
|
};
|
|
|
|
/// A set of four credential strings that saslauthd expects.
|
|
struct saslauthd_credentials {
|
|
sstring username, password, service, realm;
|
|
};
|
|
|
|
future<bool> authenticate_with_saslauthd(sstring saslauthd_socket_path, const saslauthd_credentials& creds);
|
|
|
|
}
|
|
|