diff options
Diffstat (limited to 'src/mongo/db/auth/README.md')
-rw-r--r-- | src/mongo/db/auth/README.md | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/src/mongo/db/auth/README.md b/src/mongo/db/auth/README.md index 4487fcbec2c..fce577a7b78 100644 --- a/src/mongo/db/auth/README.md +++ b/src/mongo/db/auth/README.md @@ -74,10 +74,12 @@ at runtime. `SASL` mechanisms define a method of communication between a client does not, however, define where the user credentials can be stored. With some `SASL` mechanisms, `PLAIN` for example, the credentials can be stored in the database itself or in `LDAP`. -Before running authentication, the server sets an empty -[`AuthenticationSession`](https://github.com/mongodb/mongo/blob/r4.4.0/src/mongo/db/auth/authentication_session.h) -on the `Client`. During the first step of authentication, the client invokes `{saslStart: ...}`, -which reaches +Before running authentication, the server initializes an +[`AuthenticationSession`](https://github.com/mongodb/mongo/blob/master/src/mongo/db/auth/authentication_session.h) +on the `Client`. This session persists information between authentications steps and is released +when authentication concludes, either successfully or unsuccessfully. + +During the first step of authentication, the client invokes `{saslStart: ...}`, which reaches [`doSaslStart`](https://github.com/mongodb/mongo/blob/r4.4.0/src/mongo/db/auth/sasl_commands.cpp#L237-L242) which gets the mechanism used and performs the actual authentication by calling the step function (inherited from @@ -91,12 +93,10 @@ closes the session. If, after the first SASL step, there is more work to be done, the client sends a [`CMDSaslContinue`](https://github.com/mongodb/mongo/blob/r4.4.0/src/mongo/db/auth/sasl_commands.cpp#L98) -to the server with whatever extra information the server requested. The server then retrieves the -former -[`AuthenticationSession`](https://github.com/mongodb/mongo/blob/r4.4.0/src/mongo/db/auth/authentication_session.h) -from the current client and performs another SASL step. The server then sends the client a similar -reply as it did from the `SASLStart` command. The `SASLContinue` phase repeats until the client is -either authenticated or an error is encountered. +to the server with whatever extra information the server requested. The server then performs another +SASL step. The server then sends the client a similar reply as it did from the `SASLStart` command. +The `SASLContinue` phase repeats until the client is either authenticated or an error is +encountered. #### Speculative Authentication @@ -639,6 +639,7 @@ Refer to the following links for definitions of the Classes referenced in this d | Class | File | Description | | --- | --- | --- | | `ActionType` | [mongo/db/auth/action\_type.h](https://github.com/mongodb/mongo/blob/r4.4.0/src/mongo/db/auth/action_type.h) | High level categories of actions which may be performed against a given resource (e.g. `find`, `insert`, `update`, etc...) | +| `AuthenticationSession` | [mongo/db/auth/authentication\_session.h](https://github.com/mongodb/mongo/blob/master/src/mongo/db/auth/authentication_session.h) | Session object to persist Authentication state | | `AuthorizationManager` | [mongo/db/auth/authorization\_manager.h](https://github.com/mongodb/mongo/blob/r4.4.0/src/mongo/db/auth/authorization_manager.h) | Interface to external state providers | | `AuthorizationSession` | [mongo/db/auth/authorization\_session.h](https://github.com/mongodb/mongo/blob/r4.4.0/src/mongo/db/auth/authorization_session.h) | Representation of currently authenticated and authorized users on the `Client` connection | | `AuthzManagerExternalStateLocal` | [.../authz\_manager\_external\_state\_local.h](https://github.com/mongodb/mongo/blob/r4.4.0/src/mongo/db/auth/authz_manager_external_state_local.h) | `Local` implementation of user/role provider | |