mirror of
https://github.com/scylladb/scylladb.git
synced 2026-05-22 15:52:13 +00:00
14b36b3db1
Convert all authenticator implementations to receive their configuration from auth::config instead of accessing db::config through the query processor: - password_authenticator: reads superuser name and salted password from config, stores them as members - saslauthd_authenticator: reads socket path from config - certificate_authenticator: reads role queries from config - transitional_authenticator: passes config to inner password_authenticator - maintenance_socket_authenticator: inherits new constructor via using declaration Signed-off-by: Pavel Emelyanov <xemul@scylladb.com>
76 lines
2.2 KiB
C++
76 lines
2.2 KiB
C++
/*
|
|
* Copyright (C) 2020 ScyllaDB
|
|
*
|
|
* Modified by ScyllaDB
|
|
*/
|
|
|
|
/*
|
|
* SPDX-License-Identifier: LicenseRef-ScyllaDB-Source-Available-1.1
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
#include "auth/authenticator.hh"
|
|
#include "auth/cache.hh"
|
|
|
|
namespace cql3 {
|
|
class query_processor;
|
|
}
|
|
|
|
namespace service {
|
|
class migration_manager;
|
|
class raft_group0_client;
|
|
}
|
|
|
|
namespace auth {
|
|
|
|
struct config;
|
|
|
|
/// Delegates authentication to saslauthd. When this class is asked to authenticate, it passes the credentials
|
|
/// to saslauthd, gets its response, and allows or denies authentication based on that response.
|
|
class saslauthd_authenticator : public authenticator {
|
|
sstring _socket_path; ///< Path to the domain socket on which saslauthd is listening.
|
|
public:
|
|
saslauthd_authenticator(cql3::query_processor&, ::service::raft_group0_client&, ::service::migration_manager&, cache&, const config&);
|
|
|
|
future<> start() override;
|
|
|
|
future<> stop() override;
|
|
|
|
std::string_view qualified_java_name() const override;
|
|
|
|
bool require_authentication() const override;
|
|
|
|
authentication_option_set supported_options() const override;
|
|
|
|
authentication_option_set alterable_options() const override;
|
|
|
|
future<authenticated_user> authenticate(const credentials_map& credentials) const override;
|
|
|
|
future<> create(std::string_view role_name, const authentication_options& options, ::service::group0_batch& mc) override;
|
|
|
|
future<> alter(std::string_view role_name, const authentication_options& options, ::service::group0_batch& mc) override;
|
|
|
|
future<> drop(std::string_view role_name, ::service::group0_batch& mc) override;
|
|
|
|
future<custom_options> query_custom_options(std::string_view role_name) const override;
|
|
|
|
const resource_set& protected_resources() const override;
|
|
|
|
::shared_ptr<sasl_challenge> new_sasl_challenge() const override;
|
|
|
|
virtual future<> ensure_superuser_is_created() const override {
|
|
return make_ready_future<>();
|
|
}
|
|
};
|
|
|
|
/// A set of four credential strings that saslauthd expects.
|
|
struct saslauthd_credentials {
|
|
sstring username, password, service, realm;
|
|
};
|
|
|
|
future<bool> authenticate_with_saslauthd(sstring saslauthd_socket_path, const saslauthd_credentials& creds);
|
|
|
|
}
|
|
|