Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update error message when connect with an out-of-date client #4021

Merged
merged 3 commits into from
Mar 14, 2022
Merged

Update error message when connect with an out-of-date client #4021

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
0e11a4a
Update error message
Aiee Mar 14, 2022
b134868
Do clientAddr check before FLAGS_enable_authorize check
Aiee Mar 14, 2022
1d4653d
Fix typo
Aiee Mar 14, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 20 additions & 17 deletions src/graph/service/GraphService.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -210,36 +210,39 @@ folly::Future<std::string> GraphService::future_executeJsonWithParameter(
Status GraphService::auth(const std::string& username,
const std::string& password,
const HostAddr& clientIp) {
auto metaClient = queryEngine_->metaClient();

// TODO(Aiee) This is a walkaround to address the problem that using a lower version(< v2.6.0)
// client to connect with higher version(>= v3.0.0) Nebula service will cause a crash.
//
// Only the clients since v2.6.0 will call verifyVersion(), thus we could determine whether the
// client version is lower than v2.6.0
auto clientAddrIt = metaClient->getClientAddrMap().find(clientIp);
if (clientAddrIt == metaClient->getClientAddrMap().end()) {
return Status::Error(
folly::sformat("The version of the client sending request from {} is lower than v2.6.0, "
"please update the client.",
clientIp.toString()));
}

// Skip authentication if FLAGS_enable_authorize is false
if (!FLAGS_enable_authorize) {
return Status::OK();
}

// Authenticate via diffrent auth types
if (FLAGS_auth_type == "password") {
auto metaClient = queryEngine_->metaClient();
// TODO(Aiee) This is a walkaround to address the problem that using a lower version(< v2.6.0)
// client to connect with higher version(>= v3.0.0) Nebula service will cause a crash.
//
// Only the clients since v2.6.0 will call verifyVersion(), thus we could determine whether the
// client version is lower than v2.6.0
auto clientAddrIt = metaClient->getClientAddrMap().find(clientIp);
if (clientAddrIt == metaClient->getClientAddrMap().end()) {
return Status::Error(
folly::sformat("The version of the client sending request from {} is lower than v2.6.0, "
"please update the client.",
clientIp.toString()));
}

// Auth with PasswordAuthenticator
auto authenticator = std::make_unique<PasswordAuthenticator>(queryEngine_->metaClient());
auto authenticator = std::make_unique<PasswordAuthenticator>(metaClient);
return authenticator->auth(username, proxygen::md5Encode(folly::StringPiece(password)));
} else if (FLAGS_auth_type == "cloud") {
// Cloud user and native user will be mixed.
// Since cloud user and native user has the same transport protocol,
// There is no way to identify which one is in the graph layer,
// let's check the native user's password first, then cloud user.
auto pwdAuth = std::make_unique<PasswordAuthenticator>(queryEngine_->metaClient());
auto pwdAuth = std::make_unique<PasswordAuthenticator>(metaClient);
return pwdAuth->auth(username, proxygen::md5Encode(folly::StringPiece(password)));
auto cloudAuth = std::make_unique<CloudAuthenticator>(queryEngine_->metaClient());
auto cloudAuth = std::make_unique<CloudAuthenticator>(metaClient);
return cloudAuth->auth(username, password);
}
LOG(WARNING) << "Unknown auth type: " << FLAGS_auth_type;
Expand Down