From ec21a024fc60dd3355d2b1b8f93a2420406bdc48 Mon Sep 17 00:00:00 2001
From: Bret McGuire <bret.mcguire@datastax.com>
Date: Mon, 22 Jan 2024 14:34:10 -0600
Subject: [PATCH] Log if we see an unexpected authenticator but still return
 SASL as the default

---
 proxycore/auth.go       | 19 ++++++++++++-------
 proxycore/clientconn.go |  2 +-
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/proxycore/auth.go b/proxycore/auth.go
index 3ad400f..42a3947 100644
--- a/proxycore/auth.go
+++ b/proxycore/auth.go
@@ -17,10 +17,12 @@ package proxycore
 import (
 	"bytes"
 	"fmt"
+
+	"go.uber.org/zap"
 )
 
 type Authenticator interface {
-	InitialResponse(authenticator string) ([]byte, error)
+	InitialResponse(authenticator string, c *ClientConn) ([]byte, error)
 	EvaluateChallenge(token []byte) ([]byte, error)
 	Success(token []byte) error
 }
@@ -35,14 +37,17 @@ const dseAuthenticator = "com.datastax.bdp.cassandra.auth.DseAuthenticator"
 const passwordAuthenticator = "org.apache.cassandra.auth.PasswordAuthenticator"
 const astraAuthenticator = "org.apache.cassandra.auth.AstraAuthenticator"
 
-func (d *passwordAuth) InitialResponse(authenticator string) ([]byte, error) {
-	switch authenticator {
-	case dseAuthenticator:
+func (d *passwordAuth) InitialResponse(authenticator string, c *ClientConn) ([]byte, error) {
+	if authenticator == dseAuthenticator {
 		return []byte("PLAIN"), nil
-	case passwordAuthenticator, astraAuthenticator:
-		return d.makeToken(), nil
 	}
-	return nil, fmt.Errorf("unknown authenticator: %v", authenticator)
+	// We'll return a SASL response but if we're seeing an authenticator we're unfamiliar with at least log
+	// that information here
+	if (authenticator != passwordAuthenticator) && (authenticator != astraAuthenticator) {
+		c.logger.Info("observed unknown authenticator, treating as SASL",
+			zap.String("authenticator", authenticator))
+	}
+	return d.makeToken(), nil
 }
 
 func (d *passwordAuth) EvaluateChallenge(token []byte) ([]byte, error) {
diff --git a/proxycore/clientconn.go b/proxycore/clientconn.go
index fc0d684..be92774 100644
--- a/proxycore/clientconn.go
+++ b/proxycore/clientconn.go
@@ -152,7 +152,7 @@ func (c *ClientConn) registerForEvents(ctx context.Context, version primitive.Pr
 }
 
 func (c *ClientConn) authInitialResponse(ctx context.Context, version primitive.ProtocolVersion, auth Authenticator, authenticate *message.Authenticate) error {
-	token, err := auth.InitialResponse(authenticate.Authenticator)
+	token, err := auth.InitialResponse(authenticate.Authenticator, c)
 	if err != nil {
 		return err
 	}