blob: 02cf79e93982125dc3ef79fc70fcb365c3ee32df [file] [log] [blame]
Todd Lipconb1a283f2010-09-28 00:11:01 +00001A Thrift SASL message shall be a byte array of the following form:
Bryan Duxburyd4837122010-09-08 00:06:35 +00002
Bryan Duxburyd4837122010-09-08 00:06:35 +00003| 1-byte status code | 4-byte payload length | variable-length payload |
4
5The length fields shall be interpreted as integers, with the high byte sent
6first. This indicates the length of the field immediately following it, not
7including the status code or the length bytes.
8
9The possible status codes are:
10
110x01 - START - Hello, let's go on a date.
120x02 - OK - Everything's been going alright so far, let's see each other again.
130x03 - BAD - I understand what you're saying. I really do. I just don't like it. We have to break up.
140x04 - ERROR - We can't go on like this. It's like you're speaking another language.
150x05 - COMPLETE - Will you marry me?
16
17The Thrift SASL communication will proceed as follows:
18
191. The client is configured at instantiation of the transport with a single
20underlying SASL security mechanism that it supports.
21
222. The server is configured with a mapping of underlying security mechanism
23name -> mechanism options.
24
253. At connection time, the client will initiate communication by sending the
Todd Lipconb1a283f2010-09-28 00:11:01 +000026server a START message. The payload of this message will be the name of the
27underlying security mechanism that the client would like to use.
Bryan Duxburyd4837122010-09-08 00:06:35 +000028This mechanism name shall be 1-20 characters in length, and follow the
Todd Lipconb1a283f2010-09-28 00:11:01 +000029specifications for SASL mechanism names specified in RFC 2222.
Bryan Duxburyd4837122010-09-08 00:06:35 +000030
314. The server receives this message and, if the mechanism name provided is
32among the set of mechanisms this server transport is configured to accept,
33appropriate initialization of the underlying security mechanism may take place.
34If the mechanism name is not one which the server is configured to support, the
35server shall return the BAD byte, followed by a 4-byte, potentially zero-value
36message length, followed by the potentially zero-length payload which may be a
37status code or message indicating failure. No further communication may take
38place via this transport. If the mechanism name is one which the server
39supports, then proceed to step 5.
40
Todd Lipconb1a283f2010-09-28 00:11:01 +0000415. Following the START message, the client must send another message containing
42the "initial response" of the chosen SASL implementation. The client may send
43this message piggy-backed on the "START" message of step 3. The message type
44of this message must be either "OK" or "COMPLETE", depending on whether the
45SASL implementation indicates that this side of the authentication has been
46satisfied.
47
486. The server then provides the byte array of the payload received to its
Bryan Duxburyd4837122010-09-08 00:06:35 +000049underlying security mechanism. A challenge is generated by the underlying
50security mechanism on the server, and this is used as the payload for a message
51sent to the client. This message shall consist of an OK byte, followed by the
52non-zero message length word, followed by the payload.
53
Todd Lipconb1a283f2010-09-28 00:11:01 +0000547. The client receives this message from the server and passes the payload to
Bryan Duxburyd4837122010-09-08 00:06:35 +000055its underlying security mechanism to generate a response. The client then sends
56the server an OK byte, followed by the non-zero-value length of the response,
57followed by the bytes of the response as the payload.
58
Todd Lipconb1a283f2010-09-28 00:11:01 +0000598. Steps 6 and 7 are repeated until both security mechanisms are satisfied with
Bryan Duxburyd4837122010-09-08 00:06:35 +000060the challenge/response exchange. When either side has completed its security
61protocol, its next message shall be the COMPLETE byte, followed by a 4-byte
62potentially zero-value length word, followed by a potentially zero-length
63payload. This payload will be empty except for those underlying security
64mechanisms which provide additional data with success.
65
66If at any point in time either side is able to interpret the challenge or
67response sent by the other, but is dissatisfied with the contents thereof, this
68side should send the other a BAD byte, followed by a 4-byte potentially
69zero-value length word, followed by an optional, potentially zero-length
70message encoded in UTF-8 indicating failure. This message should be passed to
71the protocol above the thrift transport by whatever mechanism is appropriate
72and idiomatic for the particular language these thrift bindings are for.
73
74If at any point in time either side fails to interpret the challenge or
75response sent by the other, this side should send the other an ERROR byte,
76followed by a 4-byte potentially zero-value length word, followed by an
77optional, potentially zero-length message encoded in UTF-8. This message should
78be passed to the protocol above the thrift transport by whatever mechanism is
79appropriate and idiomatic for the particular language these thrift bindings are
80for.
81
Todd Lipconb1a283f2010-09-28 00:11:01 +000082If step 8 completes successfully, then the communication is considered
Bryan Duxburyd4837122010-09-08 00:06:35 +000083authenticated and subsequent communication may commence.
84
Todd Lipconb1a283f2010-09-28 00:11:01 +000085If step 8 fails to complete successfully, then no further communication may
Bryan Duxburyd4837122010-09-08 00:06:35 +000086take place via this transport.
87
888. All writes to the underlying transport must be prefixed by the 4-byte length
89of the payload data, followed by the payload. All reads from this transport
90should read the 4-byte length word, then read the full quantity of bytes
91specified by this length word.
92
Todd Lipconb1a283f2010-09-28 00:11:01 +000093If no SASL QOP (quality of protection) is negotiated during steps 6 and 7, then
Bryan Duxburyd4837122010-09-08 00:06:35 +000094all subsequent writes to/reads from this transport are written/read unaltered,
95save for the length prefix, to the underlying transport.
96
97If a SASL QOP is negotiated, then this must be used by the Thrift transport for
98all subsequent communication. This is done by wrapping subsequent writes to the
99transport using the underlying security mechanism, and unwrapping subsequent
100reads from the underlying transport. Note that in this case, the length prefix
101of the write to the underlying transport is the length of the data after it has
102been wrapped by the underlying security mechanism. Note that the complete
103message must be read before giving this data to the underlying security
104mechanism for unwrapping.
105
106If at any point in time reading of a message fails either because of a
107malformed length word or failure to unwrap by the underlying security
108mechanism, then all further communication on this transport must cease.