From: Vladislav Shpilevoy <v.shpilevoy@tarantool.org>
To: tarantool-patches@freelists.org
Cc: vdavydov.dev@gmail.com
Subject: [PATCH v2 05/10] session: move salt into iproto connection
Date: Fri, 20 Apr 2018 16:24:30 +0300 [thread overview]
Message-ID: <34a781b067d100c015dea649ad59700ac0a50acf.1524228894.git.v.shpilevoy@tarantool.org> (raw)
In-Reply-To: <cover.1524228894.git.v.shpilevoy@tarantool.org>
In-Reply-To: <cover.1524228894.git.v.shpilevoy@tarantool.org>
Session salt is 32 random bytes, that are used to encode password
when a user is authorized. The salt is not used in non-binary
sessions, and can be moved to iproto connection.
---
src/box/authentication.cc | 4 ++--
src/box/authentication.h | 3 ++-
src/box/box.cc | 4 ++--
src/box/box.h | 2 +-
src/box/iproto.cc | 17 ++++++++++++-----
src/box/session.cc | 3 ---
src/box/session.h | 4 ----
7 files changed, 19 insertions(+), 18 deletions(-)
diff --git a/src/box/authentication.cc b/src/box/authentication.cc
index fef549c55..811974cb9 100644
--- a/src/box/authentication.cc
+++ b/src/box/authentication.cc
@@ -37,7 +37,7 @@
static char zero_hash[SCRAMBLE_SIZE];
void
-authenticate(const char *user_name, uint32_t len,
+authenticate(const char *user_name, uint32_t len, const char *salt,
const char *tuple)
{
struct user *user = user_find_by_name_xc(user_name, len);
@@ -84,7 +84,7 @@ authenticate(const char *user_name, uint32_t len,
"invalid scramble size");
}
- if (scramble_check(scramble, session->salt, user->def->hash2)) {
+ if (scramble_check(scramble, salt, user->def->hash2)) {
auth_res.is_authenticated = false;
if (session_run_on_auth_triggers(&auth_res) != 0)
diag_raise();
diff --git a/src/box/authentication.h b/src/box/authentication.h
index e91fe0a0e..9935e3548 100644
--- a/src/box/authentication.h
+++ b/src/box/authentication.h
@@ -45,6 +45,7 @@ struct on_auth_trigger_ctx {
void
-authenticate(const char *user_name, uint32_t len, const char *tuple);
+authenticate(const char *user_name, uint32_t len, const char *salt,
+ const char *tuple);
#endif /* INCLUDES_TARANTOOL_BOX_AUTHENTICATION_H */
diff --git a/src/box/box.cc b/src/box/box.cc
index d2dfc5b5f..ad21f051d 100644
--- a/src/box/box.cc
+++ b/src/box/box.cc
@@ -1233,7 +1233,7 @@ box_on_join(const tt_uuid *instance_uuid)
}
void
-box_process_auth(struct auth_request *request)
+box_process_auth(struct auth_request *request, const char *salt)
{
rmean_collect(rmean_box, IPROTO_AUTH, 1);
@@ -1243,7 +1243,7 @@ box_process_auth(struct auth_request *request)
const char *user = request->user_name;
uint32_t len = mp_decode_strl(&user);
- authenticate(user, len, request->scramble);
+ authenticate(user, len, salt, request->scramble);
}
void
diff --git a/src/box/box.h b/src/box/box.h
index c9b5aad01..84899cc13 100644
--- a/src/box/box.h
+++ b/src/box/box.h
@@ -150,7 +150,7 @@ box_reset_stat(void);
} /* extern "C" */
void
-box_process_auth(struct auth_request *request);
+box_process_auth(struct auth_request *request, const char *salt);
void
box_process_join(struct ev_io *io, struct xrow_header *header);
diff --git a/src/box/iproto.cc b/src/box/iproto.cc
index 96a8b708e..9e809b2e5 100644
--- a/src/box/iproto.cc
+++ b/src/box/iproto.cc
@@ -48,6 +48,7 @@
#include "coio.h"
#include "scoped_guard.h"
#include "memory.h"
+#include "random.h"
#include "port.h"
#include "box.h"
@@ -64,6 +65,8 @@
/* The number of iproto messages in flight */
enum { IPROTO_MSG_MAX = 768 };
+enum { IPROTO_SALT_SIZE = 32 };
+
/**
* Network readahead. A signed integer to avoid
* automatic type coercion to an unsigned type.
@@ -364,6 +367,8 @@ struct iproto_connection
/** Pointer to the current output buffer. */
struct obuf *p_obuf;
} tx;
+ /** Authentication salt. */
+ char salt[IPROTO_SALT_SIZE];
};
static struct mempool iproto_connection_pool;
@@ -1344,9 +1349,10 @@ static void
tx_process_misc(struct cmsg *m)
{
struct iproto_msg *msg = tx_accept_msg(m);
- struct obuf *out = msg->connection->tx.p_obuf;
+ struct iproto_connection *con = msg->connection;
+ struct obuf *out = con->tx.p_obuf;
- tx_fiber_init(msg->connection->session, msg->header.sync);
+ tx_fiber_init(con->session, msg->header.sync);
if (tx_check_schema(msg->header.schema_version))
goto error;
@@ -1354,7 +1360,7 @@ tx_process_misc(struct cmsg *m)
try {
switch (msg->header.type) {
case IPROTO_AUTH:
- box_process_auth(&msg->auth);
+ box_process_auth(&msg->auth, con->salt);
iproto_reply_ok_xc(out, msg->header.sync,
::schema_version);
break;
@@ -1505,8 +1511,9 @@ tx_process_connect(struct cmsg *m)
static __thread char greeting[IPROTO_GREETING_SIZE];
/* TODO: dirty read from tx thread */
struct tt_uuid uuid = INSTANCE_UUID;
- greeting_encode(greeting, tarantool_version_id(),
- &uuid, con->session->salt, SESSION_SEED_SIZE);
+ random_bytes(con->salt, IPROTO_SALT_SIZE);
+ greeting_encode(greeting, tarantool_version_id(), &uuid,
+ con->salt, IPROTO_SALT_SIZE);
obuf_dup_xc(out, greeting, IPROTO_GREETING_SIZE);
if (! rlist_empty(&session_on_connect)) {
if (session_run_on_connect_triggers(con->session) != 0)
diff --git a/src/box/session.cc b/src/box/session.cc
index ea6d76bb4..3d787bd51 100644
--- a/src/box/session.cc
+++ b/src/box/session.cc
@@ -33,7 +33,6 @@
#include "memory.h"
#include "assoc.h"
#include "trigger.h"
-#include "random.h"
#include "user.h"
#include "error.h"
@@ -96,8 +95,6 @@ session_create(int fd, enum session_type type)
/* For on_connect triggers. */
credentials_init(&session->credentials, guest_user->auth_token,
guest_user->def->uid);
- if (fd >= 0)
- random_bytes(session->salt, SESSION_SEED_SIZE);
struct mh_i64ptr_node_t node;
node.key = session->id;
node.val = session;
diff --git a/src/box/session.h b/src/box/session.h
index 4f9235ea8..c387e6f95 100644
--- a/src/box/session.h
+++ b/src/box/session.h
@@ -47,8 +47,6 @@ session_init();
void
session_free();
-enum { SESSION_SEED_SIZE = 32, SESSION_DELIM_SIZE = 16 };
-
enum session_type {
SESSION_TYPE_BACKGROUND = 0,
SESSION_TYPE_BINARY,
@@ -86,8 +84,6 @@ struct session {
*/
uint64_t sync;
enum session_type type;
- /** Authentication salt. */
- char salt[SESSION_SEED_SIZE];
/** Session user id and global grants */
struct credentials credentials;
/** Trigger for fiber on_stop to cleanup created on-demand session */
--
2.15.1 (Apple Git-101)
next prev parent reply other threads:[~2018-04-20 13:24 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-20 13:24 [PATCH v2 00/10] session: introduce box.session.push Vladislav Shpilevoy
2018-04-20 13:24 ` [PATCH v2 01/10] yaml: don't throw OOM on any error in yaml encoding Vladislav Shpilevoy
2018-05-10 18:10 ` [tarantool-patches] " Konstantin Osipov
2018-04-20 13:24 ` [tarantool-patches] [PATCH v2 10/10] session: introduce binary box.session.push Vladislav Shpilevoy
2018-05-10 19:50 ` Konstantin Osipov
2018-05-24 20:50 ` [tarantool-patches] " Vladislav Shpilevoy
2018-04-20 13:24 ` [PATCH v2 02/10] yaml: introduce yaml.encode_tagged Vladislav Shpilevoy
2018-05-10 18:22 ` [tarantool-patches] " Konstantin Osipov
2018-05-24 20:50 ` [tarantool-patches] " Vladislav Shpilevoy
2018-05-30 19:15 ` Konstantin Osipov
2018-05-30 20:49 ` Vladislav Shpilevoy
2018-05-31 10:46 ` Konstantin Osipov
2018-04-20 13:24 ` [PATCH v2 03/10] yaml: introduce yaml.decode_tag Vladislav Shpilevoy
2018-05-10 18:41 ` [tarantool-patches] " Konstantin Osipov
2018-05-24 20:50 ` [tarantool-patches] " Vladislav Shpilevoy
2018-05-31 10:54 ` Konstantin Osipov
2018-05-31 11:36 ` Konstantin Osipov
2018-04-20 13:24 ` [PATCH v2 04/10] console: use Lua C API to do formatting for console Vladislav Shpilevoy
2018-05-10 18:46 ` [tarantool-patches] " Konstantin Osipov
2018-05-24 20:50 ` [tarantool-patches] " Vladislav Shpilevoy
2018-04-20 13:24 ` Vladislav Shpilevoy [this message]
2018-05-10 18:47 ` [tarantool-patches] [PATCH v2 05/10] session: move salt into iproto connection Konstantin Osipov
2018-04-20 13:24 ` [PATCH v2 06/10] session: introduce session vtab and meta Vladislav Shpilevoy
2018-05-10 19:20 ` [tarantool-patches] " Konstantin Osipov
2018-05-24 20:50 ` [tarantool-patches] " Vladislav Shpilevoy
2018-04-20 13:24 ` [PATCH v2 07/10] port: rename dump() into dump_msgpack() Vladislav Shpilevoy
2018-05-10 19:21 ` [tarantool-patches] " Konstantin Osipov
2018-04-20 13:24 ` [PATCH v2 08/10] session: introduce text box.session.push Vladislav Shpilevoy
2018-05-10 19:27 ` [tarantool-patches] " Konstantin Osipov
2018-05-24 20:50 ` [tarantool-patches] " Vladislav Shpilevoy
2018-04-20 13:24 ` [PATCH v2 09/10] session: enable box.session.push in local console Vladislav Shpilevoy
2018-05-10 19:28 ` [tarantool-patches] " Konstantin Osipov
2018-05-24 20:50 ` [tarantool-patches] [PATCH 1/1] netbox: introduce iterable future objects Vladislav Shpilevoy
2018-06-04 22:17 ` [tarantool-patches] " Vladislav Shpilevoy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=34a781b067d100c015dea649ad59700ac0a50acf.1524228894.git.v.shpilevoy@tarantool.org \
--to=v.shpilevoy@tarantool.org \
--cc=tarantool-patches@freelists.org \
--cc=vdavydov.dev@gmail.com \
--subject='Re: [PATCH v2 05/10] session: move salt into iproto connection' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox