diff options
author | Sara Golemon <sara.golemon@mongodb.com> | 2019-12-04 17:12:10 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2020-02-12 19:16:45 +0000 |
commit | 812c8338f496da3f43174330e37f07f0aad442d3 (patch) | |
tree | 80baa88c0eb7aec60fe1d199b27308deae87d49c /src/mongo/client/authenticate.h | |
parent | 37d1ef0d02582ac95a2adf835a341e0ead12abb3 (diff) | |
download | mongo-812c8338f496da3f43174330e37f07f0aad442d3.tar.gz |
SERVER-44858 Implement speculative sasl auth
create mode 100644 jstests/auth/speculative-auth-replset.js
create mode 100644 jstests/auth/speculative-sasl-start.js
create mode 100644 jstests/ssl/speculative-auth-replset.js
create mode 100644 jstests/ssl/speculative-authenticate.js
create mode 100644 src/mongo/db/auth/sasl_commands.h
create mode 100644 src/mongo/db/s/balancer/core_options_stub.cpp
Diffstat (limited to 'src/mongo/client/authenticate.h')
-rw-r--r-- | src/mongo/client/authenticate.h | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/src/mongo/client/authenticate.h b/src/mongo/client/authenticate.h index 5578cb27f53..326b3c1fc5d 100644 --- a/src/mongo/client/authenticate.h +++ b/src/mongo/client/authenticate.h @@ -30,11 +30,14 @@ #pragma once #include <functional> +#include <memory> #include <string> #include "mongo/base/status_with.h" #include "mongo/base/string_data.h" #include "mongo/bson/bsonobj.h" +#include "mongo/client/mongo_uri.h" +#include "mongo/client/sasl_client_session.h" #include "mongo/db/auth/user_name.h" #include "mongo/executor/remote_command_response.h" #include "mongo/rpc/op_msg.h" @@ -67,6 +70,9 @@ constexpr auto kMechanismScramSha256 = "SCRAM-SHA-256"_sd; constexpr auto kMechanismMongoAWS = "MONGODB-AWS"_sd; constexpr auto kInternalAuthFallbackMechanism = kMechanismScramSha1; +constexpr auto kSpeculativeAuthenticate = "speculativeAuthenticate"_sd; +constexpr auto kAuthenticateCommand = "authenticate"_sd; + /** * Authenticate a user. * @@ -168,5 +174,34 @@ StringData getSaslCommandUserDBFieldName(); */ StringData getSaslCommandUserFieldName(); +/** + * Which type of speculative authentication was performed (if any). + */ +enum class SpeculativeAuthType { + kNone, + kAuthenticate, + kSaslStart, +}; + +/** + * Constructs a "speculativeAuthenticate" or "speculativeSaslStart" + * payload for an isMaster request based on a given URI. + */ +SpeculativeAuthType speculateAuth(BSONObjBuilder* isMasterRequest, + const MongoURI& uri, + std::shared_ptr<SaslClientSession>* saslClientSession); + +/** + * Constructs a "speculativeAuthenticate" or "speculativeSaslStart" + * payload for an isMaster request using internal (intracluster) authentication. + */ +SpeculativeAuthType speculateInternalAuth(BSONObjBuilder* isMasterRequest, + std::shared_ptr<SaslClientSession>* saslClientSession); + +/** + * Returns the AuthDB used by internal authentication. + */ +std::string getInternalAuthDB(); + } // namespace auth } // namespace mongo |