Skip to content

Implement PAP-SHA256 auth mechanism  #243

New issue
New issue
Closed
#250
Closed
Implement PAP-SHA256 auth mechanism #243
#250
Assignees
oleg-jukovec
@oleg-jukovec

Description

@oleg-jukovec
oleg-jukovec
opened on Dec 1, 2022

We need to support a new authorization mechanizm PAP-SHA256, RFC:

https://www.notion.so/tarantool/Authentication-methods-908501aa74834bdea70c384d6df97105

We need:

  1. To add Opts.AuthType to force 'chap-sha1' or 'pap-sha256' authorization method here:

    go-tarantool/connection.go

    Line 215 in d6d0031

    type Opts struct {
  2. To check IPROTO_AUTH_TYPE = 0x5bhere:

    go-tarantool/response.go

    Lines 195 to 210 in d6d0031

    case KeyVersion:
    if err = d.Decode(&serverProtocolInfo.Version); err != nil {
    return err
    }
    case KeyFeatures:
    if larr, err = d.DecodeArrayLen(); err != nil {
    return err
    }
    serverProtocolInfo.Features = make([]ProtocolFeature, larr)
    for i := 0; i < larr; i++ {
    if err = d.Decode(&feature); err != nil {
    return err
    }
    serverProtocolInfo.Features[i] = feature
    }

    and add the information about auth type to IdRequest response.
  3. To choose an authorization method by priority: Opts.AuthType -> IPROTO_AUTH_TYPE -> 'chap-sha1' (default).
  4. To implement the method pap-sha256 for authReques according to the RFC:
    https://github.com/tarantool/go-tarantool/blob/d6d0031d7a0ce9959edf57f9407bba9652a37506/auth.go

    go-tarantool/request.go

    Lines 598 to 603 in d6d0031

    func (req *authRequest) Body(res SchemaResolver, enc *encoder) error {
    return enc.Encode(map[uint32]interface{}{
    KeyUserName: req.user,
    KeyTuple: []interface{}{string("chap-sha1"), string(req.scramble)},
    })
    }

The connector should refuse to use PAP-SHA256 unless the network channel is encrypted with SSL/TLS.

Linked issues:

tarantool/tarantool#7987
tarantool/tarantool#7988
tarantool/tarantool#7989
https://github.com/tarantool/tarantool-ee/issues/295
https://github.com/tarantool/enterprise_doc/issues/206

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions