From 508d09e42015a9fd49501218227f5ae73cb70bc0 Mon Sep 17 00:00:00 2001 From: Bret McGuire Date: Wed, 24 Jan 2024 10:31:26 -0600 Subject: [PATCH] Add support for AstraAuthenticator (#123) --- proxycore/auth.go | 23 ++++++++++++++++------- proxycore/clientconn.go | 2 +- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/proxycore/auth.go b/proxycore/auth.go index 0de28c4..42a3947 100644 --- a/proxycore/auth.go +++ b/proxycore/auth.go @@ -17,10 +17,12 @@ package proxycore import ( "bytes" "fmt" + + "go.uber.org/zap" ) type Authenticator interface { - InitialResponse(authenticator string) ([]byte, error) + InitialResponse(authenticator string, c *ClientConn) ([]byte, error) EvaluateChallenge(token []byte) ([]byte, error) Success(token []byte) error } @@ -31,14 +33,21 @@ type passwordAuth struct { password string } -func (d *passwordAuth) InitialResponse(authenticator string) ([]byte, error) { - switch authenticator { - case "com.datastax.bdp.cassandra.auth.DseAuthenticator": +const dseAuthenticator = "com.datastax.bdp.cassandra.auth.DseAuthenticator" +const passwordAuthenticator = "org.apache.cassandra.auth.PasswordAuthenticator" +const astraAuthenticator = "org.apache.cassandra.auth.AstraAuthenticator" + +func (d *passwordAuth) InitialResponse(authenticator string, c *ClientConn) ([]byte, error) { + if authenticator == dseAuthenticator { return []byte("PLAIN"), nil - case "org.apache.cassandra.auth.PasswordAuthenticator": - return d.makeToken(), nil } - return nil, fmt.Errorf("unknown authenticator: %v", authenticator) + // We'll return a SASL response but if we're seeing an authenticator we're unfamiliar with at least log + // that information here + if (authenticator != passwordAuthenticator) && (authenticator != astraAuthenticator) { + c.logger.Info("observed unknown authenticator, treating as SASL", + zap.String("authenticator", authenticator)) + } + return d.makeToken(), nil } func (d *passwordAuth) EvaluateChallenge(token []byte) ([]byte, error) { diff --git a/proxycore/clientconn.go b/proxycore/clientconn.go index fc0d684..be92774 100644 --- a/proxycore/clientconn.go +++ b/proxycore/clientconn.go @@ -152,7 +152,7 @@ func (c *ClientConn) registerForEvents(ctx context.Context, version primitive.Pr } func (c *ClientConn) authInitialResponse(ctx context.Context, version primitive.ProtocolVersion, auth Authenticator, authenticate *message.Authenticate) error { - token, err := auth.InitialResponse(authenticate.Authenticator) + token, err := auth.InitialResponse(authenticate.Authenticator, c) if err != nil { return err }