mirror of
https://github.com/etcd-io/etcd.git
synced 2024-09-27 06:25:44 +00:00
ead5096fa9
Currently auth tokens are generated in the replicated state machine layer randomly. It means one auth token generated in node A cannot be used for node B. It is problematic for load balancing and fail over. This commit moves the token generation logic from the state machine to API layer (before raft) and let all nodes share a single token. Log index of Raft is also added to a token for ensuring uniqueness of the token and detecting activation of the token in the cluster (some nodes can receive the token before generating and installing the token in its state machine). This commit also lets authStore have simple token related things. It is required because of unit test. The test requires cleaning of the state of the simple token things after one test (succeeding test can create duplicated token and it causes panic).
56 lines
1.5 KiB
Go
56 lines
1.5 KiB
Go
// Copyright 2016 The etcd Authors
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package auth
|
|
|
|
// CAUTION: This randum number based token mechanism is only for testing purpose.
|
|
// JWT based mechanism will be added in the near future.
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"math/big"
|
|
)
|
|
|
|
const (
|
|
letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
|
|
defaultSimpleTokenLength = 16
|
|
)
|
|
|
|
func (as *authStore) GenSimpleToken() (string, error) {
|
|
ret := make([]byte, defaultSimpleTokenLength)
|
|
|
|
for i := 0; i < defaultSimpleTokenLength; i++ {
|
|
bInt, err := rand.Int(rand.Reader, big.NewInt(int64(len(letters))))
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
ret[i] = letters[bInt.Int64()]
|
|
}
|
|
|
|
return string(ret), nil
|
|
}
|
|
|
|
func (as *authStore) assignSimpleTokenToUser(username, token string) {
|
|
as.simpleTokensMu.Lock()
|
|
|
|
_, ok := as.simpleTokens[token]
|
|
if ok {
|
|
plog.Panicf("token %s is alredy used", token)
|
|
}
|
|
|
|
as.simpleTokens[token] = username
|
|
as.simpleTokensMu.Unlock()
|
|
}
|