Skip to content

Feat[MQB]: Add Authenticator and InitialConnectionContext #1004

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

Feat[MQB]: Add Authenticator and InitialConnectionContext #1004

wants to merge 10 commits into from

Conversation

@emelialei88
Copy link
Collaborator

@emelialei88 emelialei88 commented Oct 24, 2025
edited
Loading

This PR introduces several refactors and preparations for upcoming authentication support:

  • Adds an Authenticator class to encapsulate authentication logic.
  • Migrates connection initialization logic from InitialConnectionHandler to InitialConnectionContext. Note that InitialConnectionHandler will be deprecated and removed in a future update.

At this stage, TcpSessionFactory still relies on InitialConnectionHandler for negotiation, while InitialConnectionContext primarily serves as a data holder. Authentication logic has not yet been integrated into the broker. When we are ready, InitialConnectionHandler::handleInitialConnection called in TcpSessionFactory will be replaced by InitialConnectionContext::handleInitialConnection as the entrance to initial connection.

@emelialei88 emelialei88 requested a review from a team as a code owner October 24, 2025 19:53
@emelialei88 emelialei88 marked this pull request as draft October 24, 2025 20:58
@678098 678098 self-assigned this Nov 6, 2025
@678098 678098 self-requested a review November 6, 2025 16:05
@emelialei88 emelialei88 force-pushed the authn/change-negotiator branch from 0816869 to 788d0eb Compare November 11, 2025 18:22
@emelialei88 emelialei88 force-pushed the authn/change-negotiator branch from d2c4c40 to ea2450d Compare November 12, 2025 18:51
@emelialei88
fix some comments
e09bf62 
Signed-off-by: Emelia Lei <[email protected]>
@emelialei88 emelialei88 marked this pull request as ready for review November 12, 2025 19:38
@emelialei88
another fix for solaris
e6d1789 
Signed-off-by: Emelia Lei <[email protected]>
dorjesinpo
dorjesinpo requested changes Nov 14, 2025
View reviewed changes
Copy link
Collaborator

@dorjesinpo dorjesinpo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

interim review.
we have pairs of the following:
decodeInitialConnectionMessage,
scheduleRead,
readCallback
readBlob,
processBlob,
complete
... in both InitialConnectionHandler and InitialConnectionContext.

The point of FSM-like state management is that everything happens in handleEvent and there is only one place where we call complete
Otherwise, we can't rely on controlling actions by the state

Is it possible to engage handleEvent immediately in InitialConnectionHandler::handleInitialConnection and call InitialConnectionContext::complete from handleEvent only.

We seem to have InitialConnectionContext::handleInitialConnection but we call InitialConnectionHandler::handleInitialConnection instead which does not seem to support auth?

src/groups/mqb/mqbnet/mqbnet_tcpsessionfactory.cpp
this,
initialConnectionContext,
context_wp,
channel,
Copy link
Collaborator

@dorjesinpo dorjesinpo Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment below is unclear. What mutex is meant by "we can't have mutex?

src/groups/mqb/mqbnet/mqbnet_initialconnectioncontext.cpp
}

if (rc != rc_SUCCESS || d_state == InitialConnectionState::e_NEGOTIATED) {
BALL_LOG_INFO << "Finished initial connection with rc = " << rc
Copy link
Collaborator

@dorjesinpo dorjesinpo Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if rc != rc_SUCCESS then d_state can remain InitialConnectionState::e_NEGOTIATED. Probably, not a problem since the object is about to get destructed

src/groups/mqb/mqbnet/mqbnet_tcpsessionfactory.cpp
context));

// Register as observer of the channel to get the 'onClose'
bsl::weak_ptr<InitialConnectionContext> context_wp =
Copy link
Collaborator

@dorjesinpo dorjesinpo Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the motivation behind the use of weak_ptr?

src/groups/mqb/mqba/mqba_authenticator.cpp

// For anonymous authentication, skip sending the response and proceed
// directly to the next negotiation step.
if (isDefaultAuthn) {
Copy link
Collaborator

@dorjesinpo dorjesinpo Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor, if isReauthn, there is no need for authenticationResponse

src/groups/mqb/mqbnet/mqbnet_authenticationcontext.cpp
bslmt::LockGuard<bslmt::Mutex> guard(&d_mutex); // LOCKED

if (d_state != AuthenticationState::e_AUTHENTICATING) {
errorDescription << "State not AUTHENTICATING (was " << d_state << ")";
Copy link
Collaborator

@dorjesinpo dorjesinpo Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

was -> is

@dorjesinpo dorjesinpo assigned emelialei88 and unassigned dorjesinpo Nov 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dorjesinpo dorjesinpo dorjesinpo requested changes

@678098 678098 Awaiting requested review from 678098

Requested changes must be addressed to merge this pull request.

Assignees

@678098 678098

@emelialei88 emelialei88

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@emelialei88 @dorjesinpo @678098