diff options
Diffstat (limited to 'src/mongo/db/auth/sasl_scramsha1_server_conversation.h')
-rw-r--r-- | src/mongo/db/auth/sasl_scramsha1_server_conversation.h | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/src/mongo/db/auth/sasl_scramsha1_server_conversation.h b/src/mongo/db/auth/sasl_scramsha1_server_conversation.h new file mode 100644 index 00000000000..aa3d3f844ae --- /dev/null +++ b/src/mongo/db/auth/sasl_scramsha1_server_conversation.h @@ -0,0 +1,82 @@ +/* + * Copyright (C) 2014 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects for + * all of the code used other than as permitted herein. If you modify file(s) + * with this exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do so, + * delete this exception statement from your version. If you delete this + * exception statement from all source files in the program, then also delete + * it in the license file. + */ + +#pragma once + +#include <boost/scoped_ptr.hpp> +#include <string> +#include <vector> + +#include "mongo/base/disallow_copying.h" +#include "mongo/base/status.h" +#include "mongo/base/string_data.h" +#include "mongo/db/auth/sasl_conversation.h" + +namespace mongo { + /** + * Server side authentication session for SASL PLAIN. + */ + class SaslSCRAMSHA1ServerConversation : public SaslConversation { + MONGO_DISALLOW_COPYING(SaslSCRAMSHA1ServerConversation); + public: + /** + * Implements the server side of a SASL PLAIN mechanism session. + **/ + explicit SaslSCRAMSHA1ServerConversation(SaslAuthenticationSession* saslAuthSession); + + virtual ~SaslSCRAMSHA1ServerConversation() {}; + + /** + * Take one step in a SCRAM-SHA-1 conversation. + * + * @return !Status::OK() if auth failed. The boolean part indicates if the + * authentication conversation is finished or not. + * + **/ + virtual StatusWith<bool> step(const StringData& inputData, std::string* outputData); + + private: + /** + * Parse client-first-message and generate server-first-message + **/ + StatusWith<bool> _firstStep(std::vector<std::string>& input, std::string* outputData); + + /** + * Parse client-final-message and generate server-final-message + **/ + StatusWith<bool> _secondStep(const std::vector<string>& input, std::string* outputData); + + int _step; + std::string _authMessage; + User::CredentialData _creds; + + // client and server nonce concatenated + std::string _nonce; + }; + +} // namespace mongo |