SERVER-44858 Implement speculative sasl auth

create mode 100644 jstests/auth/speculative-auth-replset.js create mode 100644 jstests/auth/speculative-sasl-start.js create mode 100644 jstests/ssl/speculative-auth-replset.js create mode 100644 jstests/ssl/speculative-authenticate.js create mode 100644 src/mongo/db/auth/sasl_commands.h create mode 100644 src/mongo/db/s/balancer/core_options_stub.cpp
author: Sara Golemon <sara.golemon@mongodb.com> 2019-12-04 17:12:10 +0000
committer: Evergreen Agent <no-reply@evergreen.mongodb.com> 2020-02-12 19:16:45 +0000
commit: 812c8338f496da3f43174330e37f07f0aad442d3 (patch)
tree: 80baa88c0eb7aec60fe1d199b27308deae87d49c /src/mongo/client/authenticate.h
parent: 37d1ef0d02582ac95a2adf835a341e0ead12abb3 (diff)
download: mongo-812c8338f496da3f43174330e37f07f0aad442d3.tar.gz
1 files changed, 35 insertions, 0 deletions
diff --git a/src/mongo/client/authenticate.h b/src/mongo/client/authenticate.h
index 5578cb27f53..326b3c1fc5d 100644
--- a/src/mongo/client/authenticate.h
+++ b/src/mongo/client/authenticate.h
@@ -30,11 +30,14 @@
 #pragma once
 
 #include <functional>
+#include <memory>
 #include <string>
 
 #include "mongo/base/status_with.h"
 #include "mongo/base/string_data.h"
 #include "mongo/bson/bsonobj.h"
+#include "mongo/client/mongo_uri.h"
+#include "mongo/client/sasl_client_session.h"
 #include "mongo/db/auth/user_name.h"
 #include "mongo/executor/remote_command_response.h"
 #include "mongo/rpc/op_msg.h"
@@ -67,6 +70,9 @@ constexpr auto kMechanismScramSha256 = "SCRAM-SHA-256"_sd;
 constexpr auto kMechanismMongoAWS = "MONGODB-AWS"_sd;
 constexpr auto kInternalAuthFallbackMechanism = kMechanismScramSha1;
 
+constexpr auto kSpeculativeAuthenticate = "speculativeAuthenticate"_sd;
+constexpr auto kAuthenticateCommand = "authenticate"_sd;
+
 /**
  * Authenticate a user.
  *
@@ -168,5 +174,34 @@ StringData getSaslCommandUserDBFieldName();
  */
 StringData getSaslCommandUserFieldName();
 
+/**
+ * Which type of speculative authentication was performed (if any).
+ */
+enum class SpeculativeAuthType {
+    kNone,
+    kAuthenticate,
+    kSaslStart,
+};
+
+/**
+ * Constructs a "speculativeAuthenticate" or "speculativeSaslStart"
+ * payload for an isMaster request based on a given URI.
+ */
+SpeculativeAuthType speculateAuth(BSONObjBuilder* isMasterRequest,
+                                  const MongoURI& uri,
+                                  std::shared_ptr<SaslClientSession>* saslClientSession);
+
+/**
+ * Constructs a "speculativeAuthenticate" or "speculativeSaslStart"
+ * payload for an isMaster request using internal (intracluster) authentication.
+ */
+SpeculativeAuthType speculateInternalAuth(BSONObjBuilder* isMasterRequest,
+                                          std::shared_ptr<SaslClientSession>* saslClientSession);
+
+/**
+ * Returns the AuthDB used by internal authentication.
+ */
+std::string getInternalAuthDB();
+
 }  // namespace auth
 }  // namespace mongo
author	Sara Golemon <sara.golemon@mongodb.com>	2019-12-04 17:12:10 +0000
committer	Evergreen Agent <no-reply@evergreen.mongodb.com>	2020-02-12 19:16:45 +0000
commit	812c8338f496da3f43174330e37f07f0aad442d3 (patch)
tree	80baa88c0eb7aec60fe1d199b27308deae87d49c /src/mongo/client/authenticate.h
parent	37d1ef0d02582ac95a2adf835a341e0ead12abb3 (diff)
download	mongo-812c8338f496da3f43174330e37f07f0aad442d3.tar.gz