Class: Mongo::Auth::Gssapi::Conversation Private

Inherits:

SaslConversationBase

• Object
• ConversationBase
• SaslConversationBase
• Mongo::Auth::Gssapi::Conversation

Defined in:

lib/mongo/auth/gssapi/conversation.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Defines behaviour around a single Kerberos conversation between the client and the server.

Since:

• 2.0.0

Constant Summary

START_MESSAGE =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

The base client first message.

Since:

• 2.0.0

{ saslStart: 1, autoAuthorize: 1 }.freeze

CONTINUE_MESSAGE =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

The base client continue message.

Since:

• 2.0.0

{ saslContinue: 1 }.freeze

Constants inherited from SaslConversationBase

SaslConversationBase::CLIENT_CONTINUE_MESSAGE, SaslConversationBase::CLIENT_FIRST_MESSAGE

Instance Attribute Summary

• #authenticator ⇒ Authenticator readonly private

  Authenticator The native SASL authenticator.

• #id ⇒ Integer readonly private

  Get the id of the conversation.

Attributes inherited from ConversationBase

#connection, #user

Instance Method Summary

• #client_first_document ⇒ Object private
• #continue(reply_document, connection) ⇒ Protocol::Query private

  Continue the conversation.

• #finalize(connection) ⇒ Object private
• #initialize(user, connection, **opts) ⇒ Conversation constructor private

  Create the new conversation.

• #process_continue_response(reply_document) ⇒ Object private

Methods inherited from SaslConversationBase

#start

Methods inherited from ConversationBase

#speculative_auth_document

Constructor Details

#initialize(user, connection, **opts) ⇒ Conversation

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Create the new conversation.

Examples:

Create the new conversation.

Conversation.new(user, 'test.example.com')

Parameters:

• user (Auth::User) —

  The user to converse about.

• connection (Mongo::Connection) —

  The connection to authenticate over.

Since:

• 2.0.0

# File 'lib/mongo/auth/gssapi/conversation.rb', line 41

def initialize(user, connection, **opts)
  super
  host = connection.address.host
  unless defined?(Mongo::GssapiNative)
    require 'mongo_kerberos'
  end
  @authenticator = Mongo::GssapiNative::Authenticator.new(
    user.name,
    host,
    user.auth_mech_properties[:service_name] || 'mongodb',
    user.auth_mech_properties[:canonicalize_host_name] || false,
  )
end

Instance Attribute Details

#authenticator ⇒ Authenticator (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns authenticator The native SASL authenticator.

Returns:

• (Authenticator) —

  authenticator The native SASL authenticator.

Since:

• 2.0.0

# File 'lib/mongo/auth/gssapi/conversation.rb', line 56

def authenticator
  @authenticator
end

#id ⇒ Integer (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get the id of the conversation.

Returns:

• (Integer) —

  The conversation id.

Since:

• 2.0.0

# File 'lib/mongo/auth/gssapi/conversation.rb', line 61

def id
  @id
end

Instance Method Details

#client_first_document ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Since:

• 2.0.0

# File 'lib/mongo/auth/gssapi/conversation.rb', line 63

def client_first_document
  start_token = authenticator.initialize_challenge
  START_MESSAGE.merge(mechanism: Gssapi::MECHANISM, payload: start_token)
end

#continue(reply_document, connection) ⇒ Protocol::Query

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Continue the conversation.

Parameters:

• reply_document (BSON::Document) —

  The reply document of the previous message.

Returns:

• (Protocol::Query) —

  The next query to execute.

Since:

• 2.0.0

# File 'lib/mongo/auth/gssapi/conversation.rb', line 74

def continue(reply_document, connection)
  @id = reply_document['conversationId']
  payload = reply_document['payload']

  continue_token = authenticator.evaluate_challenge(payload)
  selector = CONTINUE_MESSAGE.merge(payload: continue_token, conversationId: id)

  Protocol::Query.new(
    Auth::EXTERNAL,
    Database::COMMAND,
    selector,
    limit: 1,
  )
end

#finalize(connection) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Since:

• 2.0.0

# File 'lib/mongo/auth/gssapi/conversation.rb', line 95

def finalize(connection)
  selector = CONTINUE_MESSAGE.merge(payload: @continue_token, conversationId: id)

  Protocol::Query.new(
    Auth::EXTERNAL,
    Database::COMMAND,
    selector,
    limit: 1,
  )
end

#process_continue_response(reply_document) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Since:

• 2.0.0

# File 'lib/mongo/auth/gssapi/conversation.rb', line 89

def process_continue_response(reply_document)
  payload = reply_document['payload']

  @continue_token = authenticator.evaluate_challenge(payload)
end