1
/* Copyright 2012 10gen Inc.
3
* Licensed under the Apache License, Version 2.0 (the "License");
4
* you may not use this file except in compliance with the License.
5
* You may obtain a copy of the License at
7
* http://www.apache.org/licenses/LICENSE-2.0
9
* Unless required by applicable law or agreed to in writing, software
10
* distributed under the License is distributed on an "AS IS" BASIS,
11
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
* See the License for the specific language governing permissions and
13
* limitations under the License.
16
#include <boost/scoped_array.hpp>
17
#include <sasl/sasl.h>
21
#include "mongo/base/disallow_copying.h"
22
#include "mongo/base/status.h"
23
#include "mongo/base/string_data.h"
28
* Implementation of the client side of a SASL authentication conversation.
30
* To use, create an instance, then use setParameter() to configure the authentication
31
* parameters. Once all parameters are set, call initialize() to initialize the client state
32
* machine. Finally, use repeated calls to step() to generate messages to send to the server
33
* and process server responses.
35
* The required parameters vary by mechanism, but all mechanisms require parameterServiceName,
36
* parameterServiceHostname, parameterMechanism and parameterUser. All of the required
37
* parameters must be UTF-8 encoded strings with no embedded NUL characters. The
38
* parameterPassword parameter is not constrained.
40
class SaslClientSession {
41
MONGO_DISALLOW_COPYING(SaslClientSession);
44
* Identifiers of parameters used to configure a SaslClientSession.
47
parameterServiceName = 0,
48
parameterServiceHostname,
52
numParameters // Must be last
59
* Sets the parameter identified by "id" to "value".
61
* The value of "id" must be one of the legal values of Parameter less than numParameters.
62
* May be called repeatedly for the same value of "id", with the last "value" replacing
65
* The session object makes and owns a copy of the data in "value".
67
void setParameter(Parameter id, const StringData& value);
70
* Returns true if "id" identifies a parameter previously set by a call to setParameter().
72
bool hasParameter(Parameter id);
75
* Returns the value of a previously set parameter.
77
* If parameter "id" was never set, returns an empty StringData. Note that a parameter may
78
* be explicitly set to StringData(), so use hasParameter() to distinguish those cases.
80
* The session object owns the storage behind the returned StringData, which will remain
81
* valid until setParameter() is called with the same value of "id", or the session object
84
StringData getParameter(Parameter id);
87
* Returns the value of the parameterPassword parameter in the form of a sasl_secret_t, used
88
* by the Cyrus SASL library's SASL_CB_PASS callback. The session object owns the storage
89
* referenced by the returned sasl_secret_t*, which will remain in scope according to the
90
* same rules as given for getParameter(), above.
92
sasl_secret_t* getPasswordAsSecret();
95
* Initializes a session for use.
97
* Call exactly once, after setting any parameters you intend to set via setParameter().
102
* Takes one step of the SASL protocol on behalf of the client.
104
* Caller should provide data from the server side of the conversation in "inputData", or an
105
* empty StringData() if none is available. If the client should make a response to the
106
* server, stores the response into "*outputData".
108
* Returns Status::OK() on success. Any other return value indicates a failed
109
* authentication, though the specific return value may provide insight into the cause of
110
* the failure (e.g., ProtocolError, AuthenticationFailed).
112
* In the event that this method returns Status::OK(), consult the value of isDone() to
113
* determine if the conversation has completed. When step() returns Status::OK() and
114
* isDone() returns true, authentication has completed successfully.
116
Status step(const StringData& inputData, std::string* outputData);
119
* Returns true if the authentication completed successfully.
121
bool isDone() const { return _done; }
125
* Buffer object that owns data for a single parameter.
128
boost::scoped_array<char> data;
132
/// Maximum number of Cyrus SASL callbacks stored in _callbacks.
133
static const int maxCallbacks = 4;
135
/// Underlying Cyrus SASL library connection object.
136
sasl_conn_t* _saslConnection;
138
/// Callbacks registered on _saslConnection for providing the Cyrus SASL library with
139
/// parameter values, etc.
140
sasl_callback_t _callbacks[maxCallbacks];
142
/// Buffers for each of the settable parameters.
143
DataBuffer _parameters[numParameters];
145
/// Number of successfully completed conversation steps.