MongoDB  2.7.0
Classes | Public Types | Public Member Functions | List of all members
mongo::SaslClientSession Class Reference

Implementation of the client side of a SASL authentication conversation. More...

#include <sasl_client_session.h>

Public Types

enum  Parameter {
  parameterServiceName = 0, parameterServiceHostname, parameterMechanism, parameterUser,
  parameterPassword, numParameters
}
 Identifiers of parameters used to configure a SaslClientSession.
 

Public Member Functions

void setParameter (Parameter id, const StringData &value)
 Sets the parameter identified by "id" to "value". More...
 
bool hasParameter (Parameter id)
 Returns true if "id" identifies a parameter previously set by a call to setParameter().
 
StringData getParameter (Parameter id)
 Returns the value of a previously set parameter. More...
 
sasl_secret_t * getPasswordAsSecret ()
 Returns the value of the parameterPassword parameter in the form of a sasl_secret_t, used by the Cyrus SASL library's SASL_CB_PASS callback. More...
 
Status initialize ()
 Initializes a session for use. More...
 
Status step (const StringData &inputData, std::string *outputData)
 Takes one step of the SASL protocol on behalf of the client. More...
 
bool isDone () const
 Returns true if the authentication completed successfully.
 

Detailed Description

Implementation of the client side of a SASL authentication conversation.

To use, create an instance, then use setParameter() to configure the authentication parameters. Once all parameters are set, call initialize() to initialize the client state machine. Finally, use repeated calls to step() to generate messages to send to the server and process server responses.

The required parameters vary by mechanism, but all mechanisms require parameterServiceName, parameterServiceHostname, parameterMechanism and parameterUser. All of the required parameters must be UTF-8 encoded strings with no embedded NUL characters. The parameterPassword parameter is not constrained.

Member Function Documentation

StringData mongo::SaslClientSession::getParameter ( Parameter  id)

Returns the value of a previously set parameter.

If parameter "id" was never set, returns an empty StringData. Note that a parameter may be explicitly set to StringData(), so use hasParameter() to distinguish those cases.

The session object owns the storage behind the returned StringData, which will remain valid until setParameter() is called with the same value of "id", or the session object goes out of scope.

sasl_secret_t * mongo::SaslClientSession::getPasswordAsSecret ( )

Returns the value of the parameterPassword parameter in the form of a sasl_secret_t, used by the Cyrus SASL library's SASL_CB_PASS callback.

The session object owns the storage referenced by the returned sasl_secret_t*, which will remain in scope according to the same rules as given for getParameter(), above.

Status mongo::SaslClientSession::initialize ( )

Initializes a session for use.

Call exactly once, after setting any parameters you intend to set via setParameter().

void mongo::SaslClientSession::setParameter ( Parameter  id,
const StringData &  value 
)

Sets the parameter identified by "id" to "value".

The value of "id" must be one of the legal values of Parameter less than numParameters. May be called repeatedly for the same value of "id", with the last "value" replacing previous values.

The session object makes and owns a copy of the data in "value".

Status mongo::SaslClientSession::step ( const StringData &  inputData,
std::string *  outputData 
)

Takes one step of the SASL protocol on behalf of the client.

Caller should provide data from the server side of the conversation in "inputData", or an empty StringData() if none is available. If the client should make a response to the server, stores the response into "*outputData".

Returns Status::OK() on success. Any other return value indicates a failed authentication, though the specific return value may provide insight into the cause of the failure (e.g., ProtocolError, AuthenticationFailed).

In the event that this method returns Status::OK(), consult the value of isDone() to determine if the conversation has completed. When step() returns Status::OK() and isDone() returns true, authentication has completed successfully.


The documentation for this class was generated from the following files: