Feat[MQB]: add authentication with basic logic

[emelialei88]

Handing authentication logic on the broker side:

• Added authentication protocol.
• Introduced a new AuthenticationEvent event type.
• Implemented the authenticator component to handle authentication logic, using AuthenticationContext to encapsulate relevant context data.
• Updated InitialConnectionHandler to handle the authentication flow.

At this stage, we only handle incoming authentication requests and always allow them to succeed. Outbound, reverse authentication requests initiated by a broker, and re-authentication are not supported.

We also updated the unit test m_bmqstoragetool_cslprinter.t to align with changes made by bascodegen.

[pniedzielski]

Fine to have preconditions, but they aren't preconditions if they're not documented in the function contract: The behavior of this function is undefined unless .... Otherwise, how would a caller of this function know it will crash if !context->d_initialConnectionContext_p->isIncoming() && !context->d_isReversed? We'd be lying to them.

Second concern: are these preconditions checked or enforced by the caller? I think they are, but the second one below has me worried. Is there any way we could get a bad message over the wire from a client and crash?

[emelialei88]

I'm not sure I understand the second concern.
isIncoming is set by us when TcpSessionFactory receives an incoming call (true) or sending an outbound message (false).
For negotiation, (and it should be the same for authentication),d_isReversed is default to be false unless we receive an reversed connection request (type bmqp_ctrlmsg::NegotiationMessage ::SELECTION_INDEX_REVERSE_CONNECTION_REQUEST) or we're about to send out a reverse connection request.

[pniedzielski]

I am a little concerned about logging arbitrary data that we get from the network, but I think the operator<< for authenticateRequest as generated is fine with this. This is another place where base64 may help compress the logs.

[emelialei88]

I could get rid of printing the data, but sometime maybe we just want to debug and see what it is. Is setting it to debug mode still not okay?

[dorjesinpo]

We need to at least document/comment how are we going to enforce authentication. Is AuthenticationContext going to have a state/status that someone (InitialConnectionHandler? ClientSession?) is going to check?

[dorjesinpo]

Is this a response from broker (used to be negotiation message)?
And we do need to log/dump the blob

[emelialei88]

And we do need to log/dump the blob

Is this a question? Do you mean we need to keep the error log of event or I should log even there's not an error?

[dorjesinpo]

And we do need to log/dump the blob

Is this a question? Do you mean we need to keep the error log of event or I should log even there's not an error?

I think, it would be helpful; to log/dump the blob when there is an error (rc != 0). Seems like we had this in the previous version of the code

[dorjesinpo]

looks good as is and we could merge it. but would be good to outline how we move forward

[dorjesinpo]

checking return value would look good

[dorjesinpo]

Will there be a case when brokers receive AuthenticationResponse? If so, need a comment.

[dorjesinpo]

making a note. when it becomes asynchronous, we need to

1. handle authentication failure in the auth thread (how? by disconnecting the channel?)
2. to make sure there is an authentication timeout and somebody enforces it

[dorjesinpo]

We need a check to reject negotiation message in between authentication request and authentication response.
Also a check to reject (another) authentication request in between authentication request and authentication response.
This could be checking InitialConnectionContext::d_authenticationCtxSp although explicit state would be better (we may need more checks or a mini FSM even)

[dorjesinpo]

What would we give to Client/Admin/ClusterNode session for future authorization(s) if Authenticator::handleAuthentication was never called? What's the plan? Can we document it?

[pniedzielski]

Because this is going in the integration branch, let's merge. We'll eventually make a PR into main with somethings from the integration branch, so it's not a big issue if this isn't fully fleshed out yet.