Skip to content
This repository has been archived by the owner on Jun 23, 2022. It is now read-only.

feat(security): init sasl #599

Merged
merged 16 commits into from
Aug 26, 2020
Merged

feat(security): init sasl #599

merged 16 commits into from
Aug 26, 2020

Conversation

levy5307
Copy link
Contributor

@levy5307 levy5307 commented Aug 21, 2020
edited by neverchanje
Loading

If the config of enable_auth is true, we should init sasl.

[security]
+ sasl_plugin_path =

acelyc111
acelyc111 reviewed Aug 24, 2020
View reviewed changes
src/runtime/security/kinit_context.cpp Outdated Show resolved Hide resolved
src/runtime/security/kinit_context.cpp Outdated Show resolved Hide resolved
src/runtime/security/sasl_utils.cpp Outdated Show resolved Hide resolved
src/runtime/security/sasl_utils.cpp Outdated
return SASL_OK;
}

ddebug_f("sasl log info: log level = {}, message = {}", logger_level_to_string(level), msg);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All logs are in DEBUG level? I think it;s needed to convert level to related rdsn's log level.

Copy link
Contributor Author

@levy5307 levy5307 Aug 24, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have thought about this. But the log level in sasl is not a one-to-one correspondence log level in rdsn.
log level in rdsn:

typedef enum dsn_log_level_t {
    LOG_LEVEL_INFORMATION,
    LOG_LEVEL_DEBUG,
    LOG_LEVEL_WARNING,
    LOG_LEVEL_ERROR,
    LOG_LEVEL_FATAL,
    LOG_LEVEL_COUNT,
    LOG_LEVEL_INVALID
} dsn_log_level_t;

log level in sasl:

define SASL_LOG_NONE  0	/* don't log anything */
#define SASL_LOG_ERR   1	/* log unusual errors (default) */
#define SASL_LOG_FAIL  2	/* log all authentication failures */
#define SASL_LOG_WARN  3	/* log non-fatal warnings */
#define SASL_LOG_NOTE  4	/* more verbose than LOG_WARN */
#define SASL_LOG_DEBUG 5	/* more verbose than LOG_NOTE */
#define SASL_LOG_TRACE 6	/* traces of internal protocols */
#define SASL_LOG_PASS  7	/* traces of internal protocols, including passwords */

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about?

SASL_LOG_ERR -> LOG_LEVEL_ERROR
SASL_LOG_FAIL/SASL_LOG_WARN -> LOG_LEVEL_WARNING
SASL_LOG_NOTE -> LOG_LEVEL_INFORMATION
othres -> LOG_LEVEL_DEBUG

Copy link
Contributor Author

@levy5307 levy5307 Aug 25, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

SASL_LOG_ERR -> LOG_LEVEL_ERROR
SASL_LOG_FAIL/SASL_LOG_WARN -> LOG_LEVEL_WARNING
SASL_LOG_NOTE -> LOG_LEVEL_DEBUG
othres -> LOG_LEVEL_INFORMATION

@hycdong hycdong merged commit 1859305 into XiaoMi:master Aug 26, 2020
@levy5307 levy5307 added the type/config-change PR that made modification on configs, which should be noted in release note. label Oct 30, 2020
levy5307 added a commit to levy5307/rdsn that referenced this pull request Dec 21, 2020
@levy5307
feat(security): init sasl (XiaoMi#599)
9e081da
@neverchanje neverchanje mentioned this pull request Mar 1, 2021
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@hycdong hycdong hycdong approved these changes

@acelyc111 acelyc111 acelyc111 approved these changes

@neverchanje neverchanje neverchanje approved these changes

Assignees
No one assigned
Labels
component/security type/config-change PR that made modification on configs, which should be noted in release note.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@levy5307 @neverchanje @acelyc111 @hycdong