authenticateSASL performs all of the required requests to authenticate this connection. If any step fails, this function returns with an error. A nil error indicates successful authentication.
(ctx context.Context, pc *protocol.Conn, mechanism sasl.Mechanism)
| 1286 | // connection. If any step fails, this function returns with an error. A nil |
| 1287 | // error indicates successful authentication. |
| 1288 | func authenticateSASL(ctx context.Context, pc *protocol.Conn, mechanism sasl.Mechanism) error { |
| 1289 | if err := saslHandshakeRoundTrip(pc, mechanism.Name()); err != nil { |
| 1290 | return err |
| 1291 | } |
| 1292 | |
| 1293 | sess, state, err := mechanism.Start(ctx) |
| 1294 | if err != nil { |
| 1295 | return err |
| 1296 | } |
| 1297 | |
| 1298 | for completed := false; !completed; { |
| 1299 | challenge, err := saslAuthenticateRoundTrip(pc, state) |
| 1300 | if err != nil { |
| 1301 | if errors.Is(err, io.EOF) { |
| 1302 | // the broker may communicate a failed exchange by closing the |
| 1303 | // connection (esp. in the case where we're passing opaque sasl |
| 1304 | // data over the wire since there's no protocol info). |
| 1305 | return SASLAuthenticationFailed |
| 1306 | } |
| 1307 | |
| 1308 | return err |
| 1309 | } |
| 1310 | |
| 1311 | completed, state, err = sess.Next(ctx, challenge) |
| 1312 | if err != nil { |
| 1313 | return err |
| 1314 | } |
| 1315 | } |
| 1316 | |
| 1317 | return nil |
| 1318 | } |
| 1319 | |
| 1320 | // saslHandshake sends the SASL handshake message. This will determine whether |
| 1321 | // the Mechanism is supported by the cluster. If it's not, this function will |
no test coverage detected