Feat[MQB]: Make authentication workflow use plugins

[emelialei88]

This PR apply plugin into authentication and reauthentication when we as a broker receives authentication requests from clients.

• Added component rawclient to support integration test test_authn.py.
• Added plugin bmqauthnbasic for testing. It uses "basic" as mechanism and creates an in-memory map for username and password.
• Used plugin to authenticate and reauthenticate.
  • Authenticator is managed by TransportManager and referred to by InitialConnectionContext.
  • When sending response, we use the same encoding type as the one used by the client AuthenticationRequest.
  • Authentication with plugin is performed in a separate thread, and the channel is closed when there's a failure.
  • When AuthenticationContext is created during initial connection, create a reauthenticateCb to be called when a client session later receives an AuthenticationEvent.
  • Use AuthenticationContext::State to indicate the state of authentication. This is used as to make sure only one authentication is run for a given context, and when a channel closes, no more reauthentication timer will be scheduled.
• Default authentication credential:
  • Credential = mechanism + identity
  • When we receive a ClientIdentity prior to any AuthenticateRequest, we use default credential to authenticate, unless it's explicitly set to Disallow.
  • Added AnonyPassAuthenticator (implementing mqbplug::Authenticator) and the corresponding factory and result under mqbauthn as default Authenticator.
• A minor refactor to clarify the responsibility
  • Have TransportManager instead of InitialConnectionHandler own the Negotiator.
• Added a timer to disconnect when the authenticated lifetime expires.
• Added InitialConnectionContext::State to indicate the state of initial connection.

[pniedzielski]

partial review

[pniedzielski]

This and the DESTROY_OBJ change below look important. Is this because we use stats in our auth controller?

[emelialei88]

Not yet. This change is made since StatController starts first before AuthenticationController, so when stopping I wanted to have them in reverse order.

[dorjesinpo]

We may need to revisit the reason for shared_from, see my big comment
Few other comments.

[dorjesinpo]

Suggested change

	mqbnet::InitialConnectionEvent::Enum input;
	mqbnet::InitialConnectionEvent::Enum event = InitialConnectionEvent::e_ERROR;

And remove all input = InitialConnectionEvent::e_ERROR;

[dorjesinpo]

Suggested change

input = InitialConnectionEvent::e_ERROR;

[dorjesinpo]

safer way is to explicitly specify the e_DEFAULT_AUTHENTICATING case as an argument to Authenticator::handleAuthentication and not read the state which the FSM can potentially change.
Or, introduce Authenticator::handleDefaultAuthentication.
Or, make a decision on something other than the state, something immutable. For example, authenticationMsg.
Notice how InitialConnectionContext calls d_authenticator_p->anonymousCredential(), can it be done by the authenticator itself?

[dorjesinpo]

seems like we do not need it!

[dorjesinpo]

better to use less generic error category (e_CANCELED?)

[dorjesinpo]

// executed by one of the *IO* threads

[dorjesinpo]

minor. why not check the status before calling readBlob?

[dorjesinpo]

if using enum rc_SUCCESS, let's use it everywhere

[dorjesinpo]

Possibly already made suggestion to initialize rc with rc_ERROR.
Easier to explicitly set rc_SUCCESS than making sure we don't handle error without rc = rc_ERROR;

[dorjesinpo]

// executed by *ANY* thread

[emelialei88]

integration/authn-authz branch will be used as a temporary workspace and it will not be merged into main. Separate smaller PRs will be created.