MCPcopy
hub / github.com/segmentio/kafka-go / authenticateSASL

Method authenticateSASL

dialer.go:309–339  ·  dialer.go::Dialer.authenticateSASL

authenticateSASL performs all of the required requests to authenticate this connection. If any step fails, this function returns with an error. A nil error indicates successful authentication. In case of error, this function *does not* close the connection. That is the responsibility of the call

(ctx context.Context, conn *Conn)

Source from the content-addressed store, hash-verified

307// In case of error, this function *does not* close the connection. That is the
308// responsibility of the caller.
309func (d *Dialer) authenticateSASL(ctx context.Context, conn *Conn) error {
310 if err := conn.saslHandshake(d.SASLMechanism.Name()); err != nil {
311 return fmt.Errorf("SASL handshake failed: %w", err)
312 }
313
314 sess, state, err := d.SASLMechanism.Start(ctx)
315 if err != nil {
316 return fmt.Errorf("SASL authentication process could not be started: %w", err)
317 }
318
319 for completed := false; !completed; {
320 challenge, err := conn.saslAuthenticate(state)
321 switch {
322 case err == nil:
323 case errors.Is(err, io.EOF):
324 // the broker may communicate a failed exchange by closing the
325 // connection (esp. in the case where we're passing opaque sasl
326 // data over the wire since there's no protocol info).
327 return SASLAuthenticationFailed
328 default:
329 return err
330 }
331
332 completed, state, err = sess.Next(ctx, challenge)
333 if err != nil {
334 return fmt.Errorf("SASL authentication process has failed: %w", err)
335 }
336 }
337
338 return nil
339}
340
341func (d *Dialer) dialContext(ctx context.Context, network string, addr string) (net.Conn, error) {
342 address, err := lookupHost(ctx, addr, d.Resolver)

Callers 1

connectMethod · 0.95

Calls 5

saslHandshakeMethod · 0.80
saslAuthenticateMethod · 0.80
NameMethod · 0.65
StartMethod · 0.65
NextMethod · 0.65

Tested by

no test coverage detected