auth

package
v1.12.0-alpha1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 24, 2023 License: Apache-2.0 Imports: 23 Imported by: 68

Documentation

Overview

Package auth is not for public use.

The API for packages in the 'private' directory have no stability guarantee.

The packages within the 'private' directory would normally be put into an 'internal' directory to prohibit their use outside the 'mongo' directory. However, some MongoDB tools require very low-level access to the building blocks of a driver, so we have placed them under 'private' to allow these packages to be imported by projects that need them.

These package APIs may be modified in backwards-incompatible ways at any time.

You are strongly discouraged from directly using any packages under 'private'.

Index

Constants

View Source
const (
	// SCRAMSHA1 holds the mechanism name "SCRAM-SHA-1"
	SCRAMSHA1 = "SCRAM-SHA-1"

	// SCRAMSHA256 holds the mechanism name "SCRAM-SHA-256"
	SCRAMSHA256 = "SCRAM-SHA-256"
)
View Source
const GSSAPI = "GSSAPI"

GSSAPI is the mechanism name for GSSAPI.

View Source
const MONGODBCR = "MONGODB-CR"

MONGODBCR is the mechanism name for MONGODB-CR.

The MONGODB-CR authentication mechanism is deprecated in MongoDB 3.6 and removed in MongoDB 4.0.

View Source
const MongoDBAWS = "MONGODB-AWS"

MongoDBAWS is the mechanism name for MongoDBAWS.

View Source
const MongoDBX509 = "MONGODB-X509"

MongoDBX509 is the mechanism name for MongoDBX509.

View Source
const PLAIN = "PLAIN"

PLAIN is the mechanism name for PLAIN.

Variables

This section is empty.

Functions

func ConductSaslConversation

func ConductSaslConversation(ctx context.Context, cfg *Config, authSource string, client SaslClient) error

ConductSaslConversation runs a full SASL conversation to authenticate the given connection.

func Handshaker

func Handshaker(h driver.Handshaker, options *HandshakeOptions) driver.Handshaker

Handshaker creates a connection handshaker for the given authenticator.

func RegisterAuthenticatorFactory

func RegisterAuthenticatorFactory(name string, factory AuthenticatorFactory)

RegisterAuthenticatorFactory registers the authenticator factory.

Types

type Authenticator

type Authenticator interface {
	// Auth authenticates the connection.
	Auth(context.Context, *Config) error
}

Authenticator handles authenticating a connection.

func CreateAuthenticator

func CreateAuthenticator(name string, cred *Cred) (Authenticator, error)

CreateAuthenticator creates an authenticator.

type AuthenticatorFactory

type AuthenticatorFactory func(cred *Cred) (Authenticator, error)

AuthenticatorFactory constructs an authenticator.

type Config added in v1.4.0

type Config struct {
	Description   description.Server
	Connection    driver.Connection
	ClusterClock  *session.ClusterClock
	HandshakeInfo driver.HandshakeInformation
	ServerAPI     *driver.ServerAPIOptions
	HTTPClient    *http.Client
}

Config holds the information necessary to perform an authentication attempt.

type Cred

type Cred struct {
	Source      string
	Username    string
	Password    string
	PasswordSet bool
	Props       map[string]string
}

Cred is a user's credential.

type DefaultAuthenticator

type DefaultAuthenticator struct {
	Cred *Cred
	// contains filtered or unexported fields
}

DefaultAuthenticator uses SCRAM-SHA-1 or MONGODB-CR depending on the server version.

func (*DefaultAuthenticator) Auth

func (a *DefaultAuthenticator) Auth(ctx context.Context, cfg *Config) error

Auth authenticates the connection.

func (*DefaultAuthenticator) CreateSpeculativeConversation added in v1.4.0

func (a *DefaultAuthenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)

CreateSpeculativeConversation creates a speculative conversation for SCRAM authentication.

type Error

type Error struct {
	// contains filtered or unexported fields
}

Error is an error that occurred during authentication.

func (*Error) Error

func (e *Error) Error() string

func (*Error) Inner

func (e *Error) Inner() error

Inner returns the wrapped error.

func (*Error) Message

func (e *Error) Message() string

Message returns the message.

func (*Error) Unwrap added in v1.4.0

func (e *Error) Unwrap() error

Unwrap returns the underlying error.

type ExtraOptionsSaslClient added in v1.4.0

type ExtraOptionsSaslClient interface {
	StartCommandOptions() bsoncore.Document
}

ExtraOptionsSaslClient is a SaslClient that appends options to the saslStart command.

type HandshakeOptions

type HandshakeOptions struct {
	AppName               string
	Authenticator         Authenticator
	Compressors           []string
	DBUser                string
	PerformAuthentication func(description.Server) bool
	ClusterClock          *session.ClusterClock
	ServerAPI             *driver.ServerAPIOptions
	LoadBalanced          bool
	HTTPClient            *http.Client
}

HandshakeOptions packages options that can be passed to the Handshaker() function. DBUser is optional but must be of the form <dbname.username>; if non-empty, then the connection will do SASL mechanism negotiation.

type MongoDBAWSAuthenticator added in v1.4.0

type MongoDBAWSAuthenticator struct {
	// contains filtered or unexported fields
}

MongoDBAWSAuthenticator uses AWS-IAM credentials over SASL to authenticate a connection.

func (*MongoDBAWSAuthenticator) Auth added in v1.4.0

func (a *MongoDBAWSAuthenticator) Auth(ctx context.Context, cfg *Config) error

Auth authenticates the connection.

type MongoDBCRAuthenticator

type MongoDBCRAuthenticator struct {
	DB       string
	Username string
	Password string
}

MongoDBCRAuthenticator uses the MONGODB-CR algorithm to authenticate a connection.

The MONGODB-CR authentication mechanism is deprecated in MongoDB 3.6 and removed in MongoDB 4.0.

func (*MongoDBCRAuthenticator) Auth

func (a *MongoDBCRAuthenticator) Auth(ctx context.Context, cfg *Config) error

Auth authenticates the connection.

The MONGODB-CR authentication mechanism is deprecated in MongoDB 3.6 and removed in MongoDB 4.0.

type MongoDBX509Authenticator

type MongoDBX509Authenticator struct {
	User string
}

MongoDBX509Authenticator uses X.509 certificates over TLS to authenticate a connection.

func (*MongoDBX509Authenticator) Auth

Auth authenticates the provided connection by conducting an X509 authentication conversation.

func (*MongoDBX509Authenticator) CreateSpeculativeConversation added in v1.4.0

func (a *MongoDBX509Authenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)

CreateSpeculativeConversation creates a speculative conversation for X509 authentication.

type PlainAuthenticator

type PlainAuthenticator struct {
	Username string
	Password string
}

PlainAuthenticator uses the PLAIN algorithm over SASL to authenticate a connection.

func (*PlainAuthenticator) Auth

func (a *PlainAuthenticator) Auth(ctx context.Context, cfg *Config) error

Auth authenticates the connection.

type SaslClient

type SaslClient interface {
	Start() (string, []byte, error)
	Next(challenge []byte) ([]byte, error)
	Completed() bool
}

SaslClient is the client piece of a sasl conversation.

type SaslClientCloser

type SaslClientCloser interface {
	SaslClient
	Close()
}

SaslClientCloser is a SaslClient that has resources to clean up.

type ScramAuthenticator

type ScramAuthenticator struct {
	// contains filtered or unexported fields
}

ScramAuthenticator uses the SCRAM algorithm over SASL to authenticate a connection.

func (*ScramAuthenticator) Auth

func (a *ScramAuthenticator) Auth(ctx context.Context, cfg *Config) error

Auth authenticates the provided connection by conducting a full SASL conversation.

func (*ScramAuthenticator) CreateSpeculativeConversation added in v1.4.0

func (a *ScramAuthenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)

CreateSpeculativeConversation creates a speculative conversation for SCRAM authentication.

type SpeculativeAuthenticator added in v1.4.0

type SpeculativeAuthenticator interface {
	CreateSpeculativeConversation() (SpeculativeConversation, error)
}

SpeculativeAuthenticator represents an authenticator that supports speculative authentication.

type SpeculativeConversation added in v1.4.0

type SpeculativeConversation interface {
	FirstMessage() (bsoncore.Document, error)
	Finish(ctx context.Context, cfg *Config, firstResponse bsoncore.Document) error
}

SpeculativeConversation represents an authentication conversation that can be merged with the initial connection handshake.

FirstMessage method returns the first message to be sent to the server. This message will be included in the initial hello command.

Finish takes the server response to the initial message and conducts the remainder of the conversation to authenticate the provided connection.

Directories

Path Synopsis
internal
awsv4
Package awsv4 implements signing for AWS V4 signer with static credentials, and is based on and modified from code in the package aws-sdk-go.
Package awsv4 implements signing for AWS V4 signer with static credentials, and is based on and modified from code in the package aws-sdk-go.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL