▽

Package auth

Constants

const (
    // SCRAMSHA1 holds the mechanism name "SCRAM-SHA-1"
    SCRAMSHA1 = "SCRAM-SHA-1"

    // SCRAMSHA256 holds the mechanism name "SCRAM-SHA-256"
    SCRAMSHA256 = "SCRAM-SHA-256"
)

GSSAPI is the mechanism name for GSSAPI.

const GSSAPI = "GSSAPI"

MONGODBCR is the mechanism name for MONGODB-CR.

The MONGODB-CR authentication mechanism is deprecated in MongoDB 3.6 and removed in MongoDB 4.0.

const MONGODBCR = "MONGODB-CR"

MongoDBAWS is the mechanism name for MongoDBAWS.

const MongoDBAWS = "MONGODB-AWS"

MongoDBX509 is the mechanism name for MongoDBX509.

const MongoDBX509 = "MONGODB-X509"

PLAIN is the mechanism name for PLAIN.

const PLAIN = "PLAIN"

func ConductSaslConversation ¶

func ConductSaslConversation(ctx context.Context, cfg *Config, authSource string, client SaslClient) error

ConductSaslConversation runs a full SASL conversation to authenticate the given connection.

func Handshaker ¶

func Handshaker(h driver.Handshaker, options *HandshakeOptions) driver.Handshaker

Handshaker creates a connection handshaker for the given authenticator.

func RegisterAuthenticatorFactory ¶

func RegisterAuthenticatorFactory(name string, factory AuthenticatorFactory)

RegisterAuthenticatorFactory registers the authenticator factory.

type Authenticator ¶

Authenticator handles authenticating a connection.

type Authenticator interface {
    // Auth authenticates the connection.
    Auth(context.Context, *Config) error
}

func CreateAuthenticator ¶

func CreateAuthenticator(name string, cred *Cred) (Authenticator, error)

CreateAuthenticator creates an authenticator.

type AuthenticatorFactory ¶

AuthenticatorFactory constructs an authenticator.

type AuthenticatorFactory func(cred *Cred) (Authenticator, error)

type Config ¶

Config holds the information necessary to perform an authentication attempt.

type Config struct {
    Description   description.Server
    Connection    driver.Connection
    ClusterClock  *session.ClusterClock
    HandshakeInfo driver.HandshakeInformation
    ServerAPI     *driver.ServerAPIOptions
    HTTPClient    *http.Client
}

type Cred ¶

Cred is a user's credential.

type Cred struct {
    Source      string
    Username    string
    Password    string
    PasswordSet bool
    Props       map[string]string
}

type DefaultAuthenticator ¶

DefaultAuthenticator uses SCRAM-SHA-1 or MONGODB-CR depending on the server version.

type DefaultAuthenticator struct {
    Cred *Cred
    // contains filtered or unexported fields
}

func (*DefaultAuthenticator) Auth ¶

func (a *DefaultAuthenticator) Auth(ctx context.Context, cfg *Config) error

Auth authenticates the connection.

func (*DefaultAuthenticator) CreateSpeculativeConversation ¶

func (a *DefaultAuthenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)

CreateSpeculativeConversation creates a speculative conversation for SCRAM authentication.

type Error ¶

Error is an error that occurred during authentication.

type Error struct {
    // contains filtered or unexported fields
}

func (*Error) Error ¶

func (e *Error) Error() string

func (*Error) Inner ¶

func (e *Error) Inner() error

Inner returns the wrapped error.

func (*Error) Message ¶

func (e *Error) Message() string

Message returns the message.

func (*Error) Unwrap ¶

func (e *Error) Unwrap() error

Unwrap returns the underlying error.

type ExtraOptionsSaslClient ¶

ExtraOptionsSaslClient is a SaslClient that appends options to the saslStart command.

type ExtraOptionsSaslClient interface {
    StartCommandOptions() bsoncore.Document
}

type HandshakeOptions ¶

HandshakeOptions packages options that can be passed to the Handshaker() function. DBUser is optional but must be of the form <dbname.username>; if non-empty, then the connection will do SASL mechanism negotiation.

type HandshakeOptions struct {
    AppName               string
    Authenticator         Authenticator
    Compressors           []string
    DBUser                string
    PerformAuthentication func(description.Server) bool
    ClusterClock          *session.ClusterClock
    ServerAPI             *driver.ServerAPIOptions
    LoadBalanced          bool
    HTTPClient            *http.Client
}

type MongoDBAWSAuthenticator ¶

MongoDBAWSAuthenticator uses AWS-IAM credentials over SASL to authenticate a connection.

type MongoDBAWSAuthenticator struct {
    // contains filtered or unexported fields
}

func (*MongoDBAWSAuthenticator) Auth ¶

func (a *MongoDBAWSAuthenticator) Auth(ctx context.Context, cfg *Config) error

Auth authenticates the connection.

type MongoDBCRAuthenticator ¶

MongoDBCRAuthenticator uses the MONGODB-CR algorithm to authenticate a connection.

The MONGODB-CR authentication mechanism is deprecated in MongoDB 3.6 and removed in MongoDB 4.0.

type MongoDBCRAuthenticator struct {
    DB       string
    Username string
    Password string
}

func (*MongoDBCRAuthenticator) Auth ¶

func (a *MongoDBCRAuthenticator) Auth(ctx context.Context, cfg *Config) error

Auth authenticates the connection.

The MONGODB-CR authentication mechanism is deprecated in MongoDB 3.6 and removed in MongoDB 4.0.

type MongoDBX509Authenticator ¶

MongoDBX509Authenticator uses X.509 certificates over TLS to authenticate a connection.

type MongoDBX509Authenticator struct {
    User string
}

func (*MongoDBX509Authenticator) Auth ¶

func (a *MongoDBX509Authenticator) Auth(ctx context.Context, cfg *Config) error

Auth authenticates the provided connection by conducting an X509 authentication conversation.

func (*MongoDBX509Authenticator) CreateSpeculativeConversation ¶

func (a *MongoDBX509Authenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)

CreateSpeculativeConversation creates a speculative conversation for X509 authentication.

type PlainAuthenticator ¶

PlainAuthenticator uses the PLAIN algorithm over SASL to authenticate a connection.

type PlainAuthenticator struct {
    Username string
    Password string
}

func (*PlainAuthenticator) Auth ¶

func (a *PlainAuthenticator) Auth(ctx context.Context, cfg *Config) error

Auth authenticates the connection.

type SaslClient ¶

SaslClient is the client piece of a sasl conversation.

type SaslClient interface {
    Start() (string, []byte, error)
    Next(challenge []byte) ([]byte, error)
    Completed() bool
}

type SaslClientCloser ¶

SaslClientCloser is a SaslClient that has resources to clean up.

type SaslClientCloser interface {
    SaslClient
    Close()
}

type ScramAuthenticator ¶

ScramAuthenticator uses the SCRAM algorithm over SASL to authenticate a connection.

type ScramAuthenticator struct {
    // contains filtered or unexported fields
}

func (*ScramAuthenticator) Auth ¶

func (a *ScramAuthenticator) Auth(ctx context.Context, cfg *Config) error

Auth authenticates the provided connection by conducting a full SASL conversation.

func (*ScramAuthenticator) CreateSpeculativeConversation ¶

func (a *ScramAuthenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)

CreateSpeculativeConversation creates a speculative conversation for SCRAM authentication.

type SpeculativeAuthenticator ¶

SpeculativeAuthenticator represents an authenticator that supports speculative authentication.

type SpeculativeAuthenticator interface {
    CreateSpeculativeConversation() (SpeculativeConversation, error)
}

type SpeculativeConversation ¶

SpeculativeConversation represents an authentication conversation that can be merged with the initial connection handshake.

FirstMessage method returns the first message to be sent to the server. This message will be included in the initial hello command.

Finish takes the server response to the initial message and conducts the remainder of the conversation to authenticate the provided connection.

type SpeculativeConversation interface {
    FirstMessage() (bsoncore.Document, error)
    Finish(ctx context.Context, cfg *Config, firstResponse bsoncore.Document) error
}

Subdirectories