summaryrefslogtreecommitdiff
path: root/src/mongo/db/auth/sasl_scramsha1_server_conversation.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/mongo/db/auth/sasl_scramsha1_server_conversation.h')
-rw-r--r--src/mongo/db/auth/sasl_scramsha1_server_conversation.h82
1 files changed, 82 insertions, 0 deletions
diff --git a/src/mongo/db/auth/sasl_scramsha1_server_conversation.h b/src/mongo/db/auth/sasl_scramsha1_server_conversation.h
new file mode 100644
index 00000000000..aa3d3f844ae
--- /dev/null
+++ b/src/mongo/db/auth/sasl_scramsha1_server_conversation.h
@@ -0,0 +1,82 @@
+/*
+ * Copyright (C) 2014 MongoDB Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * As a special exception, the copyright holders give permission to link the
+ * code of portions of this program with the OpenSSL library under certain
+ * conditions as described in each individual source file and distribute
+ * linked combinations including the program with the OpenSSL library. You
+ * must comply with the GNU Affero General Public License in all respects for
+ * all of the code used other than as permitted herein. If you modify file(s)
+ * with this exception, you may extend this exception to your version of the
+ * file(s), but you are not obligated to do so. If you do not wish to do so,
+ * delete this exception statement from your version. If you delete this
+ * exception statement from all source files in the program, then also delete
+ * it in the license file.
+ */
+
+#pragma once
+
+#include <boost/scoped_ptr.hpp>
+#include <string>
+#include <vector>
+
+#include "mongo/base/disallow_copying.h"
+#include "mongo/base/status.h"
+#include "mongo/base/string_data.h"
+#include "mongo/db/auth/sasl_conversation.h"
+
+namespace mongo {
+ /**
+ * Server side authentication session for SASL PLAIN.
+ */
+ class SaslSCRAMSHA1ServerConversation : public SaslConversation {
+ MONGO_DISALLOW_COPYING(SaslSCRAMSHA1ServerConversation);
+ public:
+ /**
+ * Implements the server side of a SASL PLAIN mechanism session.
+ **/
+ explicit SaslSCRAMSHA1ServerConversation(SaslAuthenticationSession* saslAuthSession);
+
+ virtual ~SaslSCRAMSHA1ServerConversation() {};
+
+ /**
+ * Take one step in a SCRAM-SHA-1 conversation.
+ *
+ * @return !Status::OK() if auth failed. The boolean part indicates if the
+ * authentication conversation is finished or not.
+ *
+ **/
+ virtual StatusWith<bool> step(const StringData& inputData, std::string* outputData);
+
+ private:
+ /**
+ * Parse client-first-message and generate server-first-message
+ **/
+ StatusWith<bool> _firstStep(std::vector<std::string>& input, std::string* outputData);
+
+ /**
+ * Parse client-final-message and generate server-final-message
+ **/
+ StatusWith<bool> _secondStep(const std::vector<string>& input, std::string* outputData);
+
+ int _step;
+ std::string _authMessage;
+ User::CredentialData _creds;
+
+ // client and server nonce concatenated
+ std::string _nonce;
+ };
+
+} // namespace mongo