Documentation

Overview

    Package auth is not for public use.

    The API for packages in the 'private' directory have no stability guarantee.

    The packages within the 'private' directory would normally be put into an 'internal' directory to prohibit their use outside the 'mongo' directory. However, some MongoDB tools require very low-level access to the building blocks of a driver, so we have placed them under 'private' to allow these packages to be imported by projects that need them.

    These package APIs may be modified in backwards-incompatible ways at any time.

    You are strongly discouraged from directly using any packages under 'private'.

    Index

    Constants

    View Source
    const (
    	// SCRAMSHA1 holds the mechanism name "SCRAM-SHA-1"
    	SCRAMSHA1 = "SCRAM-SHA-1"
    
    	// SCRAMSHA256 holds the mechanism name "SCRAM-SHA-256"
    	SCRAMSHA256 = "SCRAM-SHA-256"
    )
    View Source
    const GSSAPI = "GSSAPI"

      GSSAPI is the mechanism name for GSSAPI.

      View Source
      const MONGODBCR = "MONGODB-CR"

        MONGODBCR is the mechanism name for MONGODB-CR.

        The MONGODB-CR authentication mechanism is deprecated in MongoDB 4.0.

        View Source
        const MongoDBAWS = "MONGODB-AWS"

          MongoDBAWS is the mechanism name for MongoDBAWS.

          View Source
          const MongoDBX509 = "MONGODB-X509"

            MongoDBX509 is the mechanism name for MongoDBX509.

            View Source
            const PLAIN = "PLAIN"

              PLAIN is the mechanism name for PLAIN.

              Variables

              This section is empty.

              Functions

              func ConductSaslConversation

              func ConductSaslConversation(ctx context.Context, cfg *Config, authSource string, client SaslClient) error

                ConductSaslConversation runs a full SASL conversation to authenticate the given connection.

                func Handshaker

                func Handshaker(h driver.Handshaker, options *HandshakeOptions) driver.Handshaker

                  Handshaker creates a connection handshaker for the given authenticator.

                  func RegisterAuthenticatorFactory

                  func RegisterAuthenticatorFactory(name string, factory AuthenticatorFactory)

                    RegisterAuthenticatorFactory registers the authenticator factory.

                    Types

                    type Authenticator

                    type Authenticator interface {
                    	// Auth authenticates the connection.
                    	Auth(context.Context, *Config) error
                    }

                      Authenticator handles authenticating a connection.

                      func CreateAuthenticator

                      func CreateAuthenticator(name string, cred *Cred) (Authenticator, error)

                        CreateAuthenticator creates an authenticator.

                        type AuthenticatorFactory

                        type AuthenticatorFactory func(cred *Cred) (Authenticator, error)

                          AuthenticatorFactory constructs an authenticator.

                          type Config

                          type Config struct {
                          	Description  description.Server
                          	Connection   driver.Connection
                          	ClusterClock *session.ClusterClock
                          }

                            Config holds the information necessary to perform an authentication attempt.

                            type Cred

                            type Cred struct {
                            	Source      string
                            	Username    string
                            	Password    string
                            	PasswordSet bool
                            	Props       map[string]string
                            }

                              Cred is a user's credential.

                              type DefaultAuthenticator

                              type DefaultAuthenticator struct {
                              	Cred *Cred
                              	// contains filtered or unexported fields
                              }

                                DefaultAuthenticator uses SCRAM-SHA-1 or MONGODB-CR depending on the server version.

                                func (*DefaultAuthenticator) Auth

                                func (a *DefaultAuthenticator) Auth(ctx context.Context, cfg *Config) error

                                  Auth authenticates the connection.

                                  func (*DefaultAuthenticator) CreateSpeculativeConversation

                                  func (a *DefaultAuthenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)

                                    CreateSpeculativeConversation creates a speculative conversation for SCRAM authentication.

                                    type Error

                                    type Error struct {
                                    	// contains filtered or unexported fields
                                    }

                                      Error is an error that occurred during authentication.

                                      func (*Error) Error

                                      func (e *Error) Error() string

                                      func (*Error) Inner

                                      func (e *Error) Inner() error

                                        Inner returns the wrapped error.

                                        func (*Error) Message

                                        func (e *Error) Message() string

                                          Message returns the message.

                                          func (*Error) Unwrap

                                          func (e *Error) Unwrap() error

                                            Unwrap returns the underlying error.

                                            type ExtraOptionsSaslClient

                                            type ExtraOptionsSaslClient interface {
                                            	StartCommandOptions() bsoncore.Document
                                            }

                                              ExtraOptionsSaslClient is a SaslClient that appends options to the saslStart command.

                                              type HandshakeOptions

                                              type HandshakeOptions struct {
                                              	AppName               string
                                              	Authenticator         Authenticator
                                              	Compressors           []string
                                              	DBUser                string
                                              	PerformAuthentication func(description.Server) bool
                                              	ClusterClock          *session.ClusterClock
                                              }

                                                HandshakeOptions packages options that can be passed to the Handshaker() function. DBUser is optional but must be of the form <dbname.username>; if non-empty, then the connection will do SASL mechanism negotiation.

                                                type MongoDBAWSAuthenticator

                                                type MongoDBAWSAuthenticator struct {
                                                	// contains filtered or unexported fields
                                                }

                                                  MongoDBAWSAuthenticator uses AWS-IAM credentials over SASL to authenticate a connection.

                                                  func (*MongoDBAWSAuthenticator) Auth

                                                  func (a *MongoDBAWSAuthenticator) Auth(ctx context.Context, cfg *Config) error

                                                    Auth authenticates the connection.

                                                    type MongoDBCRAuthenticator

                                                    type MongoDBCRAuthenticator struct {
                                                    	DB       string
                                                    	Username string
                                                    	Password string
                                                    }

                                                      MongoDBCRAuthenticator uses the MONGODB-CR algorithm to authenticate a connection.

                                                      The MONGODB-CR authentication mechanism is deprecated in MongoDB 4.0.

                                                      func (*MongoDBCRAuthenticator) Auth

                                                      func (a *MongoDBCRAuthenticator) Auth(ctx context.Context, cfg *Config) error

                                                        Auth authenticates the connection.

                                                        The MONGODB-CR authentication mechanism is deprecated in MongoDB 4.0.

                                                        type MongoDBX509Authenticator

                                                        type MongoDBX509Authenticator struct {
                                                        	User string
                                                        }

                                                          MongoDBX509Authenticator uses X.509 certificates over TLS to authenticate a connection.

                                                          func (*MongoDBX509Authenticator) Auth

                                                            Auth authenticates the provided connection by conducting an X509 authentication conversation.

                                                            func (*MongoDBX509Authenticator) CreateSpeculativeConversation

                                                            func (a *MongoDBX509Authenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)

                                                              CreateSpeculativeConversation creates a speculative conversation for X509 authentication.

                                                              type PlainAuthenticator

                                                              type PlainAuthenticator struct {
                                                              	Username string
                                                              	Password string
                                                              }

                                                                PlainAuthenticator uses the PLAIN algorithm over SASL to authenticate a connection.

                                                                func (*PlainAuthenticator) Auth

                                                                func (a *PlainAuthenticator) Auth(ctx context.Context, cfg *Config) error

                                                                  Auth authenticates the connection.

                                                                  type SaslClient

                                                                  type SaslClient interface {
                                                                  	Start() (string, []byte, error)
                                                                  	Next(challenge []byte) ([]byte, error)
                                                                  	Completed() bool
                                                                  }

                                                                    SaslClient is the client piece of a sasl conversation.

                                                                    type SaslClientCloser

                                                                    type SaslClientCloser interface {
                                                                    	SaslClient
                                                                    	Close()
                                                                    }

                                                                      SaslClientCloser is a SaslClient that has resources to clean up.

                                                                      type ScramAuthenticator

                                                                      type ScramAuthenticator struct {
                                                                      	// contains filtered or unexported fields
                                                                      }

                                                                        ScramAuthenticator uses the SCRAM algorithm over SASL to authenticate a connection.

                                                                        func (*ScramAuthenticator) Auth

                                                                        func (a *ScramAuthenticator) Auth(ctx context.Context, cfg *Config) error

                                                                          Auth authenticates the provided connection by conducting a full SASL conversation.

                                                                          func (*ScramAuthenticator) CreateSpeculativeConversation

                                                                          func (a *ScramAuthenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)

                                                                            CreateSpeculativeConversation creates a speculative conversation for SCRAM authentication.

                                                                            type SpeculativeAuthenticator

                                                                            type SpeculativeAuthenticator interface {
                                                                            	CreateSpeculativeConversation() (SpeculativeConversation, error)
                                                                            }

                                                                              SpeculativeAuthenticator represents an authenticator that supports speculative authentication.

                                                                              type SpeculativeConversation

                                                                              type SpeculativeConversation interface {
                                                                              	FirstMessage() (bsoncore.Document, error)
                                                                              	Finish(ctx context.Context, cfg *Config, firstResponse bsoncore.Document) error
                                                                              }

                                                                                SpeculativeConversation represents an authentication conversation that can be merged with the initial connection handshake.

                                                                                FirstMessage method returns the first message to be sent to the server. This message will be included in the initial isMaster command.

                                                                                Finish takes the server response to the initial message and conducts the remainder of the conversation to authenticate the provided connection.