Skip to content
Browse files

CSHARP-603: Reverted commits 6f33dd through 95cba9. They were pushed …

…by accident before the work was completed.
  • Loading branch information...
1 parent 95cba9d commit 715f1fd3d78f2c79a0ee69f3e3e36e1bf216d55d rstam committed Dec 24, 2012
Showing with 210 additions and 4,043 deletions.
  1. +192 −16 MongoDB.Driver/Communication/MongoConnection.cs
  2. +1 −1 MongoDB.Driver/Communication/MongoServerInstance.cs
  3. +0 −136 MongoDB.Driver/Communication/Security/Gsasl/Gsasl.cs
  4. +0 −92 MongoDB.Driver/Communication/Security/Gsasl/GsaslContext.cs
  5. +0 −45 MongoDB.Driver/Communication/Security/Gsasl/GsaslException.cs
  6. +0 −47 MongoDB.Driver/Communication/Security/Gsasl/GsaslProperty.cs
  7. +0 −132 MongoDB.Driver/Communication/Security/Gsasl/GsaslSession.cs
  8. +0 −18 MongoDB.Driver/Communication/Security/IAuthenticationStore.cs
  9. +0 −26 MongoDB.Driver/Communication/Security/ISaslMechanism.cs
  10. +0 −23 MongoDB.Driver/Communication/Security/ISaslStep.cs
  11. +0 −181 MongoDB.Driver/Communication/Security/LegacyAuthenticationStore.cs
  12. +0 −120 MongoDB.Driver/Communication/Security/Mechanisms/AbstractGsaslMechanism.cs
  13. +0 −83 MongoDB.Driver/Communication/Security/Mechanisms/CramMD5Mechanism.cs
  14. +0 −69 MongoDB.Driver/Communication/Security/Mechanisms/GsaslCramMD5Mechanism.cs
  15. +0 −52 MongoDB.Driver/Communication/Security/Mechanisms/GsaslGssApiMechanism.cs
  16. +0 −197 MongoDB.Driver/Communication/Security/Mechanisms/SspiMechanism.cs
  17. +0 −611 MongoDB.Driver/Communication/Security/MongoConnection.cs
  18. +0 −44 MongoDB.Driver/Communication/Security/MongoSecurityException.cs
  19. +0 −119 MongoDB.Driver/Communication/Security/SaslAuthenticationStore.cs
  20. +0 −49 MongoDB.Driver/Communication/Security/SaslCompletionStep.cs
  21. +0 −108 MongoDB.Driver/Communication/Security/SaslConversation.cs
  22. +0 −47 MongoDB.Driver/Communication/Security/SaslInitiationStep.cs
  23. +0 −69 MongoDB.Driver/Communication/Security/Sspi/AuthIdentity.cs
  24. +0 −22 MongoDB.Driver/Communication/Security/Sspi/AuthIdentityFlag.cs
  25. +0 −26 MongoDB.Driver/Communication/Security/Sspi/DataRepresentation.cs
  26. +0 −22 MongoDB.Driver/Communication/Security/Sspi/EncryptQualityOfProtection.cs
  27. +0 −22 MongoDB.Driver/Communication/Security/Sspi/QueryContextAttribute.cs
  28. +0 −82 MongoDB.Driver/Communication/Security/Sspi/SecurityBuffer.cs
  29. +0 −163 MongoDB.Driver/Communication/Security/Sspi/SecurityBufferDescriptor.cs
  30. +0 −38 MongoDB.Driver/Communication/Security/Sspi/SecurityBufferType.cs
  31. +0 −359 MongoDB.Driver/Communication/Security/Sspi/SecurityContext.cs
  32. +0 −21 MongoDB.Driver/Communication/Security/Sspi/SecurityCredentialUse.cs
  33. +0 −112 MongoDB.Driver/Communication/Security/Sspi/SecurityCredentials.cs
  34. +0 −23 MongoDB.Driver/Communication/Security/Sspi/SecurityPackageContextSizes.cs
  35. +0 −32 MongoDB.Driver/Communication/Security/Sspi/SspiContextFlags.cs
  36. +0 −53 MongoDB.Driver/Communication/Security/Sspi/SspiHandle.cs
  37. +0 −18 MongoDB.Driver/Communication/Security/Sspi/SspiPackage.cs
  38. +0 −306 MongoDB.Driver/Communication/Security/Sspi/Win32.cs
  39. +0 −45 MongoDB.Driver/Communication/Security/Sspi/Win32Exception.cs
  40. +0 −18 MongoDB.Driver/MongoAuthenticationType.cs
  41. +0 −188 MongoDB.Driver/MongoClientIdentity.cs
  42. +0 −20 MongoDB.Driver/MongoClientSettings.cs
  43. +0 −38 MongoDB.Driver/MongoDB.Driver.csproj
  44. +2 −2 MongoDB.Driver/MongoServer.cs
  45. +1 −22 MongoDB.Driver/MongoServerSettings.cs
  46. +0 −10 MongoDB.Driver/MongoUrl.cs
  47. +14 −81 MongoDB.Driver/MongoUrlBuilder.cs
  48. +0 −35 MongoDB.DriverUnitTests/MongoUrlBuilderTests.cs
View
208 MongoDB.Driver/Communication/MongoConnection.cs
@@ -26,8 +26,6 @@
using MongoDB.Bson;
using MongoDB.Bson.IO;
using MongoDB.Bson.Serialization;
-using MongoDB.Driver.Security;
-using MongoDB.Driver.Communication.Security;
namespace MongoDB.Driver.Internal
{
@@ -56,7 +54,6 @@ public enum MongoConnectionState
public class MongoConnection
{
// private fields
- private readonly IAuthenticationStore _authenticationStore;
private object _connectionLock = new object();
private MongoServerInstance _serverInstance;
private MongoConnectionPool _connectionPool;
@@ -68,28 +65,23 @@ public class MongoConnection
private DateTime _lastUsedAt; // set every time the connection is Released
private int _messageCounter;
private int _requestId;
+ private Dictionary<string, Authentication> _authentications = new Dictionary<string, Authentication>();
// constructors
internal MongoConnection(MongoConnectionPool connectionPool)
- : this(connectionPool.ServerInstance)
{
+ _serverInstance = connectionPool.ServerInstance;
_connectionPool = connectionPool;
_generationId = connectionPool.GenerationId;
+ _createdAt = DateTime.UtcNow;
+ _state = MongoConnectionState.Initial;
}
internal MongoConnection(MongoServerInstance serverInstance)
{
_serverInstance = serverInstance;
_createdAt = DateTime.UtcNow;
_state = MongoConnectionState.Initial;
- if (serverInstance.Settings.Identity != null)
- {
- _authenticationStore = new SaslAuthenticationStore(this, serverInstance.Settings.Identity);
- }
- else
- {
- _authenticationStore = new LegacyAuthenticationStore(this);
- }
}
// public properties
@@ -162,13 +154,133 @@ public MongoConnectionState State
internal void Authenticate(string databaseName, MongoCredentials credentials)
{
if (_state == MongoConnectionState.Closed) { throw new InvalidOperationException("Connection is closed."); }
- _authenticationStore.Authenticate(databaseName, credentials);
+ lock (_connectionLock)
+ {
+ var nonceCommand = new CommandDocument("getnonce", 1);
+ var commandResult = RunCommand(databaseName, QueryFlags.None, nonceCommand, false);
+ if (!commandResult.Ok)
+ {
+ throw new MongoAuthenticationException(
+ "Error getting nonce for authentication.",
+ new MongoCommandException(commandResult));
+ }
+
+ var nonce = commandResult.Response["nonce"].AsString;
+ var passwordDigest = MongoUtils.Hash(credentials.Username + ":mongo:" + credentials.Password);
+ var digest = MongoUtils.Hash(nonce + credentials.Username + passwordDigest);
+ var authenticateCommand = new CommandDocument
+ {
+ { "authenticate", 1 },
+ { "user", credentials.Username },
+ { "nonce", nonce },
+ { "key", digest }
+ };
+
+ commandResult = RunCommand(databaseName, QueryFlags.None, authenticateCommand, false);
+ if (!commandResult.Ok)
+ {
+ var message = string.Format("Invalid credentials for database '{0}'.", databaseName);
+ throw new MongoAuthenticationException(
+ message,
+ new MongoCommandException(commandResult));
+ }
+
+ var authentication = new Authentication(credentials);
+ _authentications.Add(databaseName, authentication);
+ }
}
+ // check whether the connection can be used with the given database (and credentials)
+ // the following are the only valid authentication states for a connection:
+ // 1. the connection is not authenticated against any database
+ // 2. the connection has a single authentication against the admin database (with a particular set of credentials)
+ // 3. the connection has one or more authentications against any databases other than admin
+ // (with the restriction that a particular database can only be authenticated against once and therefore with only one set of credentials)
+
+ // assume that IsAuthenticated was called first and returned false
internal bool CanAuthenticate(string databaseName, MongoCredentials credentials)
{
if (_state == MongoConnectionState.Closed) { throw new InvalidOperationException("Connection is closed."); }
- return _authenticationStore.CanAuthenticate(databaseName, credentials);
+ if (databaseName == null)
+ {
+ return true;
+ }
+
+ if (_authentications.Count == 0)
+ {
+ // a connection with no existing authentications can authenticate anything
+ return true;
+ }
+ else
+ {
+ // a connection with existing authentications can't be used without credentials
+ if (credentials == null)
+ {
+ return false;
+ }
+
+ // a connection with existing authentications can't be used with new admin credentials
+ if (credentials.Admin)
+ {
+ return false;
+ }
+
+ // a connection with an existing authentication to the admin database can't be used with any other credentials
+ if (_authentications.ContainsKey("admin"))
+ {
+ return false;
+ }
+
+ // a connection with an existing authentication to a database can't authenticate for the same database again
+ if (_authentications.ContainsKey(databaseName))
+ {
+ return false;
+ }
+
+ return true;
+ }
+ }
+
+ internal void CheckAuthentication(string databaseName, MongoCredentials credentials)
+ {
+ if (_state == MongoConnectionState.Closed) { throw new InvalidOperationException("Connection is closed."); }
+ if (credentials == null)
+ {
+ if (_authentications.Count != 0)
+ {
+ throw new InvalidOperationException("Connection requires credentials.");
+ }
+ }
+ else
+ {
+ var authenticationDatabaseName = credentials.Admin ? "admin" : databaseName;
+ Authentication authentication;
+ if (_authentications.TryGetValue(authenticationDatabaseName, out authentication))
+ {
+ if (authentication.Credentials != credentials)
+ {
+ // this shouldn't happen because a connection would have been chosen from the connection pool only if it was viable
+ if (authenticationDatabaseName == "admin")
+ {
+ throw new MongoInternalException("Connection already authenticated to the admin database with different credentials.");
+ }
+ else
+ {
+ throw new MongoInternalException("Connection already authenticated to the database with different credentials.");
+ }
+ }
+ authentication.LastUsed = DateTime.UtcNow;
+ }
+ else
+ {
+ if (authenticationDatabaseName == "admin" && _authentications.Count != 0)
+ {
+ // this shouldn't happen because a connection would have been chosen from the connection pool only if it was viable
+ throw new MongoInternalException("The connection cannot be authenticated against the admin database because it is already authenticated against other databases.");
+ }
+ Authenticate(authenticationDatabaseName, credentials);
+ }
+ }
}
internal void Close()
@@ -200,7 +312,31 @@ internal void Close()
internal bool IsAuthenticated(string databaseName, MongoCredentials credentials)
{
if (_state == MongoConnectionState.Closed) { throw new InvalidOperationException("Connection is closed."); }
- return _authenticationStore.IsAuthenticated(databaseName, credentials);
+ if (databaseName == null)
+ {
+ return true;
+ }
+
+ lock (_connectionLock)
+ {
+ if (credentials == null)
+ {
+ return _authentications.Count == 0;
+ }
+ else
+ {
+ var authenticationDatabaseName = credentials.Admin ? "admin" : databaseName;
+ Authentication authentication;
+ if (_authentications.TryGetValue(authenticationDatabaseName, out authentication))
+ {
+ return credentials == authentication.Credentials;
+ }
+ else
+ {
+ return false;
+ }
+ }
+ }
}
internal bool IsExpired()
@@ -213,7 +349,19 @@ internal bool IsExpired()
internal void Logout(string databaseName)
{
if (_state == MongoConnectionState.Closed) { throw new InvalidOperationException("Connection is closed."); }
- _authenticationStore.Logout(databaseName);
+ lock (_connectionLock)
+ {
+ var logoutCommand = new CommandDocument("logout", 1);
+ var commandResult = RunCommand(databaseName, QueryFlags.None, logoutCommand, false);
+ if (!commandResult.Ok)
+ {
+ throw new MongoAuthenticationException(
+ "Error logging off.",
+ new MongoCommandException(commandResult));
+ }
+
+ _authentications.Remove(databaseName);
+ }
}
internal void Open()
@@ -485,5 +633,33 @@ private HandleExceptionAction DetermineAction(Exception ex)
return HandleExceptionAction.CloseConnection; // this should always be the default action
}
+
+ // private nested classes
+ // keeps track of what credentials were used with a given database
+ // and when that database was last used on this connection
+ private class Authentication
+ {
+ // private fields
+ private MongoCredentials _credentials;
+ private DateTime _lastUsed;
+
+ // constructors
+ public Authentication(MongoCredentials credentials)
+ {
+ _credentials = credentials;
+ _lastUsed = DateTime.UtcNow;
+ }
+
+ public MongoCredentials Credentials
+ {
+ get { return _credentials; }
+ }
+
+ public DateTime LastUsed
+ {
+ get { return _lastUsed; }
+ set { _lastUsed = value; }
+ }
+ }
}
}
View
2 MongoDB.Driver/Communication/MongoServerInstance.cs
@@ -389,7 +389,7 @@ internal MongoConnection AcquireConnection(string databaseName, MongoCredentials
try
{
- connection.Authenticate(databaseName, credentials); // will authenticate if necessary
+ connection.CheckAuthentication(databaseName, credentials); // will authenticate if necessary
}
catch (MongoAuthenticationException)
{
View
136 MongoDB.Driver/Communication/Security/Gsasl/Gsasl.cs
@@ -1,136 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Runtime.ConstrainedExecution;
-using System.Runtime.InteropServices;
-using System.Security;
-using System.Text;
-
-namespace MongoDB.Driver.Security.Gsasl
-{
- internal static class Gsasl
- {
- // public constants
- public const int GSASL_OK = 0;
- public const int GSASL_NEEDS_MORE = 1;
- public const int GSASL_UNKNOWN_MECHANISM = 2;
- public const int GSASL_MECHANISM_CALLED_TOO_MANY_TIMES = 3;
- public const int GSASL_MALLOC_ERROR = 7;
- public const int GSASL_BASE64_ERROR = 8;
- public const int GSASL_CRYPTO_ERROR = 9;
- public const int GSASL_SASLPREP_ERROR = 29;
- public const int GSASL_MECHANISM_PARSE_ERROR = 30;
- public const int GSASL_AUTHENTICATION_ERROR = 31;
- public const int GSASL_INTEGRITY_ERROR = 33;
- public const int GSASL_NO_CLIENT_CODE = 35;
- public const int GSASL_NO_SERVER_CODE = 36;
- public const int GSASL_NO_CALLBACK = 51;
- public const int GSASL_NO_ANONYMOUS_TOKEN = 52;
- public const int GSASL_NO_AUTHID = 53;
- public const int GSASL_NO_AUTHZID = 54;
- public const int GSASL_NO_PASSWORD = 55;
- public const int GSASL_NO_PASSCODE = 56;
- public const int GSASL_NO_PIN = 57;
- public const int GSASL_NO_SERVICE = 58;
- public const int GSASL_NO_HOSTNAME = 59;
- public const int GSASL_NO_CB_TLS_UNIQUE = 65;
- public const int GSASL_NO_SAML20_IDP_IDENTIFIER = 66;
- public const int GSASL_NO_SAML20_REDIRECT_URL = 67;
- public const int GSASL_NO_OPENID20_REDIRECT_URL = 68;
-
- // public static methods
- /// <summary>
- /// Gets the description of an error code.
- /// </summary>
- /// <param name="error">The error.</param>
- /// <returns>The description.</returns>
- public static string GetError(int error)
- {
- var messagePtr = gsasl_strerror(error);
- return Marshal.PtrToStringAnsi(messagePtr);
- }
-
- /// <summary>
- /// Begins a GsaslSession.
- /// </summary>
- /// <param name="context">The context.</param>
- /// <param name="mechanism">The mechanism.</param>
- /// <param name="session">The session.</param>
- /// <returns>A result code.</returns>
- [DllImport("libgsasl-7.dll", CharSet = CharSet.Ansi)]
- public static extern int gsasl_client_start(
- GsaslContext context,
- [MarshalAs(UnmanagedType.LPStr)]string mechanism,
- out GsaslSession session);
-
- /// <summary>
- /// Frees a GsaslContext.
- /// </summary>
- /// <param name="context">The context.</param>
- [DllImport("libgsasl-7.dll", CharSet = CharSet.Ansi)]
- [SuppressUnmanagedCodeSecurity]
- [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
- public static extern void gsasl_done(IntPtr context);
-
- /// <summary>
- /// Frees a GsaslSession.
- /// </summary>
- /// <param name="session">The session.</param>
- [DllImport("libgsasl-7.dll", CharSet = CharSet.Ansi)]
- [SuppressUnmanagedCodeSecurity]
- [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
- public static extern void gsasl_finish (IntPtr session);
-
- /// <summary>
- /// Frees memory allocated by libgsasl.
- /// </summary>
- /// <param name="ptr">The PTR.</param>
- [DllImport("libgsasl-7.dll", CharSet = CharSet.Ansi)]
- public static extern void gsasl_free(IntPtr ptr);
-
- /// <summary>
- /// Initiates a GsaslContext.
- /// </summary>
- /// <param name="context">The context.</param>
- /// <returns></returns>
- [DllImport("libgsasl-7.dll", CharSet = CharSet.Ansi)]
- public static extern int gsasl_init(out GsaslContext context);
-
- /// <summary>
- /// Sets a property on a GsaslSession.
- /// </summary>
- /// <param name="session">The session.</param>
- /// <param name="prop">The prop.</param>
- /// <param name="value">The value.</param>
- [DllImport("libgsasl-7.dll", CharSet = CharSet.Ansi)]
- public static extern void gsasl_property_set(
- GsaslSession session,
- GsaslProperty prop,
- [MarshalAs(UnmanagedType.LPStr)]string value);
-
- /// <summary>
- /// Steps through the state machine.
- /// </summary>
- /// <param name="session">The session.</param>
- /// <param name="input">The input.</param>
- /// <param name="input_len">The input_len.</param>
- /// <param name="output">The output.</param>
- /// <param name="output_len">The output_len.</param>
- /// <returns></returns>
- [DllImport("libgsasl-7.dll", CharSet = CharSet.Ansi)]
- public static extern int gsasl_step(
- GsaslSession session,
- IntPtr input,
- int input_len,
- out IntPtr output,
- out int output_len);
-
- /// <summary>
- /// Gets a description for the error code.
- /// </summary>
- /// <param name="err">The err.</param>
- /// <returns>A string describing the error.</returns>
- [DllImport("libgsasl-7.dll", CharSet = CharSet.Ansi)]
- public static extern IntPtr gsasl_strerror(int err);
- }
-}
View
92 MongoDB.Driver/Communication/Security/Gsasl/GsaslContext.cs
@@ -1,92 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Runtime.InteropServices;
-using System.Text;
-
-namespace MongoDB.Driver.Security.Gsasl
-{
- /// <summary>
- /// A handle to a gsasl context.
- /// </summary>
- internal class GsaslContext : SafeHandle
- {
- // constructors
- /// <summary>
- /// Initializes a new instance of the <see cref="GsaslContext" /> class.
- /// </summary>
- public GsaslContext()
- : base(IntPtr.Zero, true)
- {
- }
-
- // public static methods
- /// <summary>
- /// Initializes this instance.
- /// </summary>
- /// <returns></returns>
- /// <exception cref="System.Exception">Unable to initialize context.</exception>
- public static GsaslContext Initialize()
- {
- GsaslContext context;
- var rc = Gsasl.gsasl_init(out context);
- if (rc != Gsasl.GSASL_OK)
- {
- var message = Gsasl.GetError(rc);
- throw new GsaslException(rc, message);
- }
-
- return context;
- }
-
- // public properties
- /// <summary>
- /// When overridden in a derived class, gets a value indicating whether the handle value is invalid.
- /// </summary>
- /// <returns>true if the handle value is invalid; otherwise, false.</returns>
- /// <PermissionSet>
- /// <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="UnmanagedCode" />
- /// </PermissionSet>
- public override bool IsInvalid
- {
- get { return base.IsClosed || handle == IntPtr.Zero; }
- }
-
- // public methods
- /// <summary>
- /// Begins the session.
- /// </summary>
- /// <param name="mechanism">The mechanism.</param>
- /// <returns>A GsaslSession.</returns>
- /// <exception cref="System.Exception">Unable to being session.</exception>
- public GsaslSession BeginSession(string mechanism)
- {
- GsaslSession session;
- var rc = Gsasl.gsasl_client_start(
- this,
- mechanism,
- out session);
-
- if (rc != Gsasl.GSASL_OK)
- {
- var message = Gsasl.GetError(rc);
- throw new GsaslException(rc, message);
- }
-
- return session;
- }
-
- // protected methods
- /// <summary>
- /// When overridden in a derived class, executes the code required to free the handle.
- /// </summary>
- /// <returns>
- /// true if the handle is released successfully; otherwise, in the event of a catastrophic failure, false. In this case, it generates a releaseHandleFailed MDA Managed Debugging Assistant.
- /// </returns>
- protected override bool ReleaseHandle()
- {
- Gsasl.gsasl_done(handle);
- return true;
- }
- }
-}
View
45 MongoDB.Driver/Communication/Security/Gsasl/GsaslException.cs
@@ -1,45 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Runtime.Serialization;
-using System.Text;
-
-namespace MongoDB.Driver.Security.Gsasl
-{
- /// <summary>
- /// Thrown from a gsasl wrapped operation.
- /// </summary>
- [Serializable]
- public class GsaslException : Exception
- {
- /// <summary>
- /// Initializes a new instance of the <see cref="GsaslException" /> class.
- /// </summary>
- /// <param name="errorCode">The error code.</param>
- public GsaslException(int errorCode)
- {
- HResult = errorCode;
- }
-
- /// <summary>
- /// Initializes a new instance of the <see cref="GsaslException" /> class.
- /// </summary>
- /// <param name="errorCode">The error code.</param>
- /// <param name="message">The message.</param>
- public GsaslException(int errorCode, string message)
- : base(message)
- {
- HResult = errorCode;
- }
-
- /// <summary>
- /// Initializes a new instance of the <see cref="GsaslException" /> class.
- /// </summary>
- /// <param name="info">The info.</param>
- /// <param name="context">The context.</param>
- protected GsaslException(SerializationInfo info, StreamingContext context)
- : base(info, context)
- {
- }
- }
-}
View
47 MongoDB.Driver/Communication/Security/Gsasl/GsaslProperty.cs
@@ -1,47 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-
-namespace MongoDB.Driver.Security.Gsasl
-{
- /// <summary>
- /// Valid properties used in a GsaslSession.
- /// </summary>
- internal enum GsaslProperty
- {
- GSASL_AUTHID = 1,
- GSASL_AUTHZID = 2,
- GSASL_PASSWORD = 3,
- GSASL_ANONYMOUS_TOKEN = 4,
- GSASL_SERVICE = 5,
- GSASL_HOSTNAME = 6,
- GSASL_GSSAPI_DISPLAY_NAME = 7,
- GSASL_PASSCODE = 8,
- GSASL_SUGGESTED_PIN = 9,
- GSASL_PIN = 10,
- GSASL_REALM = 11,
- GSASL_DIGEST_MD5_HASHED_PASSWORD = 12,
- GSASL_QOPS = 13,
- GSASL_QOP = 14,
- GSASL_SCRAM_ITER = 15,
- GSASL_SCRAM_SALT = 16,
- GSASL_SCRAM_SALTED_PASSWORD = 17,
- GSASL_CB_TLS_UNIQUE = 18,
- GSASL_SAML20_IDP_IDENTIFIER = 19,
- GSASL_SAML20_REDIRECT_URL = 20,
- GSASL_OPENID20_REDIRECT_URL = 21,
- GSASL_OPENID20_OUTCOME_DATA = 22,
- /* Client callbacks. */
- GSASL_SAML20_AUTHENTICATE_IN_BROWSER = 250,
- GSASL_OPENID20_AUTHENTICATE_IN_BROWSER = 251,
- /* Server validation callback properties. */
- GSASL_VALIDATE_SIMPLE = 500,
- GSASL_VALIDATE_EXTERNAL = 501,
- GSASL_VALIDATE_ANONYMOUS = 502,
- GSASL_VALIDATE_GSSAPI = 503,
- GSASL_VALIDATE_SECURID = 504,
- GSASL_VALIDATE_SAML20 = 505,
- GSASL_VALIDATE_OPENID20 = 506
- }
-}
View
132 MongoDB.Driver/Communication/Security/Gsasl/GsaslSession.cs
@@ -1,132 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Runtime.InteropServices;
-using System.Text;
-
-namespace MongoDB.Driver.Security.Gsasl
-{
- /// <summary>
- /// A handle to a gsasl session.
- /// </summary>
- internal class GsaslSession : SafeHandle
- {
- // private fields
- private bool _isComplete;
-
- // constructors
- /// <summary>
- /// Initializes a new instance of the <see cref="GsaslSession" /> class.
- /// </summary>
- public GsaslSession()
- : base(IntPtr.Zero, true)
- {
- }
-
- // public properties
- /// <summary>
- /// Gets a value indicating whether this instance is complete.
- /// </summary>
- /// <value>
- /// <c>true</c> if this instance is complete; otherwise, <c>false</c>.
- /// </value>
- public bool IsComplete
- {
- get { return _isComplete; }
- }
-
- /// <summary>
- /// When overridden in a derived class, gets a value indicating whether the handle value is invalid.
- /// </summary>
- /// <returns>true if the handle value is invalid; otherwise, false.</returns>
- /// <PermissionSet>
- /// <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="UnmanagedCode" />
- /// </PermissionSet>
- public override bool IsInvalid
- {
- get { return base.IsClosed || handle == IntPtr.Zero; }
- }
-
- // public methods
- /// <summary>
- /// Sets the property.
- /// </summary>
- /// <param name="name">The name.</param>
- /// <param name="value">The value.</param>
- /// <exception cref="MongoSecurityException"></exception>
- public void SetProperty(string name, string value)
- {
- if(!name.StartsWith("GSASL_", StringComparison.InvariantCultureIgnoreCase))
- {
- name = "GSASL_" + name;
- }
-
- GsaslProperty prop;
- try
- {
- prop = (GsaslProperty)Enum.Parse(typeof(GsaslProperty), name, true);
- }
- catch (ArgumentException)
- {
- throw new MongoSecurityException(string.Format("The name {0} is not a valid name.", name));
- }
-
- Gsasl.gsasl_property_set(this, prop, value);
- }
-
- /// <summary>
- /// Steps the specified input.
- /// </summary>
- /// <param name="input">The input.</param>
- /// <returns>The output bytes to be sent to the server.</returns>
- /// <exception cref="System.Exception"></exception>
- public byte[] Step(byte[] input)
- {
- IntPtr inputPtr = IntPtr.Zero;
- IntPtr outputPtr = IntPtr.Zero;
- int outputLength;
- try
- {
- inputPtr = Marshal.AllocHGlobal(input.Length);
- Marshal.Copy(input, 0, inputPtr, input.Length);
-
- var rc = Gsasl.gsasl_step(this, inputPtr, input.Length, out outputPtr, out outputLength);
- if (rc != Gsasl.GSASL_OK && rc != Gsasl.GSASL_NEEDS_MORE)
- {
- var message = Gsasl.GetError(rc);
- throw new GsaslException(rc, message);
- }
-
- _isComplete = rc == Gsasl.GSASL_OK;
-
- var output = new byte[outputLength];
- Marshal.Copy(outputPtr, output, 0, output.Length);
- return output;
- }
- finally
- {
- if (inputPtr != IntPtr.Zero)
- {
- Marshal.FreeHGlobal(inputPtr);
- }
- if (outputPtr != IntPtr.Zero)
- {
- Gsasl.gsasl_free(outputPtr);
- }
- }
- }
-
- // protected methods
- /// <summary>
- /// When overridden in a derived class, executes the code required to free the handle.
- /// </summary>
- /// <returns>
- /// true if the handle is released successfully; otherwise, in the event of a catastrophic failure, false. In this case, it generates a releaseHandleFailed MDA Managed Debugging Assistant.
- /// </returns>
- protected override bool ReleaseHandle()
- {
- Gsasl.gsasl_finish(handle);
- return true;
- }
- }
-}
View
18 MongoDB.Driver/Communication/Security/IAuthenticationStore.cs
@@ -1,18 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-
-namespace MongoDB.Driver.Communication.Security
-{
- internal interface IAuthenticationStore
- {
- void Authenticate(string databaseName, MongoCredentials credentials);
-
- bool CanAuthenticate(string databaseName, MongoCredentials credentials);
-
- bool IsAuthenticated(string databaseName, MongoCredentials credentials);
-
- void Logout(string databaseName);
- }
-}
View
26 MongoDB.Driver/Communication/Security/ISaslMechanism.cs
@@ -1,26 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-
-namespace MongoDB.Driver.Security
-{
- /// <summary>
- /// A mechanism used to converse with the server.
- /// </summary>
- internal interface ISaslMechanism
- {
- /// <summary>
- /// Gets the name of the mechanism.
- /// </summary>
- string Name { get; }
-
- /// <summary>
- /// Transitions to the next step in the conversation.
- /// </summary>
- /// <param name="conversation">The conversation.</param>
- /// <param name="input">The input.</param>
- /// <returns>An ISaslStep.</returns>
- ISaslStep Transition(SaslConversation conversation, byte[] input);
- }
-}
View
23 MongoDB.Driver/Communication/Security/ISaslStep.cs
@@ -1,23 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-
-namespace MongoDB.Driver.Security
-{
- internal interface ISaslStep
- {
- /// <summary>
- /// Gets the output from the transition. The output will be used to send back to the server.
- /// </summary>
- byte[] Output { get; }
-
- /// <summary>
- /// Transitions to the next step in the conversation.
- /// </summary>
- /// <param name="conversation">The conversation.</param>
- /// <param name="input">The input.</param>
- /// <returns>An ISaslStep.</returns>
- ISaslStep Transition(SaslConversation conversation, byte[] input);
- }
-}
View
181 MongoDB.Driver/Communication/Security/LegacyAuthenticationStore.cs
@@ -1,181 +0,0 @@
-using MongoDB.Driver.Internal;
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-
-namespace MongoDB.Driver.Communication.Security
-{
- internal class LegacyAuthenticationStore : IAuthenticationStore
- {
- private readonly Dictionary<string, Authentication> _authentications = new Dictionary<string, Authentication>();
- private readonly MongoConnection _connection;
-
- public LegacyAuthenticationStore(MongoConnection connection)
- {
- _authentications = new Dictionary<string, Authentication>();
- _connection = connection;
- }
-
- public void Authenticate(string databaseName, MongoCredentials credentials)
- {
- if (!CanAuthenticate(databaseName, credentials))
- {
- throw new InvalidOperationException("Database cannot be authenticated using this connection. Ensure that CanAuthenticate is called before calling Authenticate.");
- }
-
- if (databaseName == null || credentials == null)
- {
- // nothing to do...
- return;
- }
-
- var nonceCommand = new CommandDocument("getnonce", 1);
- var commandResult = _connection.RunCommand(databaseName, QueryFlags.None, nonceCommand, false);
- if (!commandResult.Ok)
- {
- throw new MongoAuthenticationException(
- "Error getting nonce for authentication.",
- new MongoCommandException(commandResult));
- }
-
- var nonce = commandResult.Response["nonce"].AsString;
- var passwordDigest = MongoUtils.Hash(credentials.Username + ":mongo:" + credentials.Password);
- var digest = MongoUtils.Hash(nonce + credentials.Username + passwordDigest);
- var authenticateCommand = new CommandDocument
- {
- { "authenticate", 1 },
- { "user", credentials.Username },
- { "nonce", nonce },
- { "key", digest }
- };
-
- commandResult = _connection.RunCommand(databaseName, QueryFlags.None, authenticateCommand, false);
- if (!commandResult.Ok)
- {
- var message = string.Format("Invalid credentials for database '{0}'.", databaseName);
- throw new MongoAuthenticationException(
- message,
- new MongoCommandException(commandResult));
- }
- }
-
- // check whether the connection can be used with the given database (and credentials)
- // the following are the only valid authentication states for a connection:
- // 1. the connection is not authenticated against any database
- // 2. the connection has a single authentication against the admin database (with a particular set of credentials)
- // 3. the connection has one or more authentications against any databases other than admin
- // (with the restriction that a particular database can only be authenticated against once and therefore with only one set of credentials)
-
- // assume that IsAuthenticated was called first and returned false
- public bool CanAuthenticate(string databaseName, MongoCredentials credentials)
- {
- if (databaseName == null)
- {
- return true;
- }
-
- if (_authentications.Count == 0)
- {
- // a connection with no existing authentications can authenticate anything
- return true;
- }
- else
- {
- // a connection with existing authentications can't be used without credentials
- if (credentials == null)
- {
- return false;
- }
-
- // a connection with existing authentications can't be used with new admin credentials
- if (credentials.Admin)
- {
- return false;
- }
-
- // a connection with an existing authentication to the admin database can't be used with any other credentials
- if (_authentications.ContainsKey("admin"))
- {
- return false;
- }
-
- // a connection with an existing authentication to a database can't authenticate for the same database again
- if (_authentications.ContainsKey(databaseName))
- {
- return false;
- }
-
- return true;
- }
- }
-
- public bool IsAuthenticated(string databaseName, MongoCredentials credentials)
- {
- if (databaseName == null)
- {
- return true;
- }
-
- if (credentials == null)
- {
- return _authentications.Count == 0;
- }
- else
- {
- var authenticationDatabaseName = credentials.Admin ? "admin" : databaseName;
- Authentication authentication;
- if (_authentications.TryGetValue(authenticationDatabaseName, out authentication))
- {
- return credentials == authentication.Credentials;
- }
- else
- {
- return false;
- }
- }
- }
-
- public void Logout(string databaseName)
- {
- var logoutCommand = new CommandDocument("logout", 1);
- var commandResult = _connection.RunCommand(databaseName, QueryFlags.None, logoutCommand, false);
- if (!commandResult.Ok)
- {
- throw new MongoAuthenticationException(
- "Error logging off.",
- new MongoCommandException(commandResult));
- }
-
- _authentications.Remove(databaseName);
- }
-
- // nested classes
- // keeps track of what credentials were used with a given database
- // and when that database was last used on this connection
- private class Authentication
- {
- // private fields
- private MongoCredentials _credentials;
- private DateTime _lastUsed;
-
- // constructors
- public Authentication(MongoCredentials credentials)
- {
- _credentials = credentials;
- _lastUsed = DateTime.UtcNow;
- }
-
- public MongoCredentials Credentials
- {
- get { return _credentials; }
- }
-
- public DateTime LastUsed
- {
- get { return _lastUsed; }
- set { _lastUsed = value; }
- }
- }
- }
-}
View
120 MongoDB.Driver/Communication/Security/Mechanisms/AbstractGsaslMechanism.cs
@@ -1,120 +0,0 @@
-using MongoDB.Driver.Security.Gsasl;
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-
-namespace MongoDB.Driver.Security.Mechanisms
-{
- /// <summary>
- /// A base class for implementing a mechanism using Libgsasl.
- /// </summary>
- internal abstract class AbstractGsaslMechanism : ISaslMechanism
- {
- // private fields
- private readonly string _name;
-
- // constructors
- /// <summary>
- /// Initializes a new instance of the <see cref="AbstractGsaslMechanism" /> class.
- /// </summary>
- /// <param name="name">The name.</param>
- protected AbstractGsaslMechanism(string name)
- {
- _name = name;
- }
-
- // public properties
- /// <summary>
- /// Gets the name of the mechanism.
- /// </summary>
- public string Name
- {
- get { return _name; }
- }
-
- // public methods
- /// <summary>
- /// Transitions to the next step in the conversation.
- /// </summary>
- /// <param name="conversation">The conversation.</param>
- /// <param name="input">The input.</param>
- /// <returns>An ISaslStep.</returns>
- /// <exception cref="MongoSecurityException">Unable to initialize context.</exception>
- public ISaslStep Transition(SaslConversation conversation, byte[] input)
- {
- GsaslContext context;
- try
- {
- context = GsaslContext.Initialize();
- conversation.RegisterUnmanagedResourceForDisposal(context);
- }
- catch (GsaslException ex)
- {
- throw new MongoSecurityException("Unable to initialize context.", ex);
- }
-
- GsaslSession session;
- try
- {
- session = context.BeginSession(Name);
- conversation.RegisterUnmanagedResourceForDisposal(session);
- }
- catch (GsaslException ex)
- {
- throw new MongoSecurityException("Unable to start a session.", ex);
- }
-
- foreach (var property in GetProperties())
- {
- session.SetProperty(property.Key, property.Value);
- }
-
- return new LibgsaslAuthenticateStep(session, null)
- .Transition(conversation, input);
- }
-
- // protected methods
- /// <summary>
- /// Gets the properties that should be used in the specified mechanism.
- /// </summary>
- /// <returns>The properties.</returns>
- protected abstract IEnumerable<KeyValuePair<string, string>> GetProperties();
-
- // nested classes
- private class LibgsaslAuthenticateStep : ISaslStep
- {
- private readonly byte[] _output;
- private GsaslSession _session;
-
- public LibgsaslAuthenticateStep(GsaslSession session, byte[] output)
- {
- _session = session;
- _output = output;
- }
-
- public byte[] Output
- {
- get { return _output; }
- }
-
- public ISaslStep Transition(SaslConversation conversation, byte[] input)
- {
- try
- {
- var output = _session.Step(input);
- if (_session.IsComplete)
- {
- return new SaslCompletionStep(output);
- }
-
- return new LibgsaslAuthenticateStep(_session, output);
- }
- catch (GsaslException ex)
- {
- throw new MongoSecurityException("Unable to authenticate.", ex);
- }
- }
- }
- }
-}
View
83 MongoDB.Driver/Communication/Security/Mechanisms/CramMD5Mechanism.cs
@@ -1,83 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Net;
-using System.Security.Cryptography;
-using System.Text;
-
-namespace MongoDB.Driver.Security.Mechanisms
-{
- /// <summary>
- /// A mechanism implementing the CRAM-MD5 sasl specification.
- /// </summary>
- internal class CramMD5Mechanism : ISaslMechanism
- {
- // private fields
- private readonly string _databaseName;
- private readonly NetworkCredential _credential;
-
- // constructors
- /// <summary>
- /// Initializes a new instance of the <see cref="CramMD5Mechanism" /> class.
- /// </summary>
- /// <param name="databaseName">Name of the database.</param>
- /// <param name="credential">The credential.</param>
- public CramMD5Mechanism(string databaseName, NetworkCredential credential)
- {
- _databaseName = databaseName;
- _credential = credential;
- }
-
- // private static methods
- private static string ToHexString(byte[] buff)
- {
- StringBuilder builder = new StringBuilder();
-
- for (int i = 0; i < buff.Length; i++)
- {
- builder.Append(buff[i].ToString("x2"));
- }
-
- return builder.ToString();
- }
-
- // public properties
- /// <summary>
- /// Gets the name of the mechanism.
- /// </summary>
- public string Name
- {
- get { return "CRAM-MD5"; }
- }
-
- // public methods
- /// <summary>
- /// Transitions to the next step in the conversation.
- /// </summary>
- /// <param name="conversation">The conversation.</param>
- /// <param name="input">The input.</param>
- /// <returns>An ISaslStep.</returns>
- public ISaslStep Transition(SaslConversation conversation, byte[] input)
- {
- var mongoPassword = _credential.UserName + ":mongo:" + _credential.Password;
- byte[] password;
- using (var md5 = MD5.Create())
- {
- password = md5.ComputeHash(Encoding.UTF8.GetBytes(mongoPassword));
- var temp = ToHexString(password);
- password = Encoding.ASCII.GetBytes(temp);
- }
-
- byte[] digest;
- using (var hmacMd5 = new HMACMD5(password))
- {
- digest = hmacMd5.ComputeHash(input);
- }
-
- var response = _databaseName + "$" + _credential.UserName + " " + ToHexString(digest);
- var outBytes = Encoding.ASCII.GetBytes(response);
-
- return new SaslCompletionStep(outBytes);
- }
- }
-}
View
69 MongoDB.Driver/Communication/Security/Mechanisms/GsaslCramMD5Mechanism.cs
@@ -1,69 +0,0 @@
-using MongoDB.Driver.Security.Gsasl;
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Net;
-using System.Security.Cryptography;
-using System.Text;
-
-namespace MongoDB.Driver.Security.Mechanisms
-{
- /// <summary>
- /// A mechanism implementing the CRAM-MD5 sasl specification.
- /// </summary>
- internal class GsaslCramMD5Mechanism : AbstractGsaslMechanism
- {
- // private fields
- private readonly NetworkCredential _credential;
- private readonly string _databaseName;
-
- // constructors
- /// <summary>
- /// Initializes a new instance of the <see cref="GsaslCramMD5Mechanism" /> class.
- /// </summary>
- /// <param name="databaseName">Name of the database.</param>
- /// <param name="credential">The credential.</param>
- public GsaslCramMD5Mechanism(string databaseName, NetworkCredential credential)
- : base("CRAM-MD5")
- {
- _databaseName = databaseName;
- _credential = credential;
- }
-
- // protected methods
- /// <summary>
- /// Gets the properties that should be used in the specified mechanism.
- /// </summary>
- /// <returns>The properties.</returns>
- protected override IEnumerable<KeyValuePair<string, string>> GetProperties()
- {
- yield return new KeyValuePair<string, string>("AUTHID", CreateUsername());
- yield return new KeyValuePair<string, string>("PASSWORD", CreatePassword());
- }
-
- // private methods
- private string CreatePassword()
- {
- var mongoPassword = _credential.UserName + ":mongo:" + _credential.Password;
- byte[] password;
- using (var md5 = MD5.Create())
- {
- password = md5.ComputeHash(Encoding.UTF8.GetBytes(mongoPassword));
- }
-
- StringBuilder builder = new StringBuilder();
-
- for (int i = 0; i < password.Length; i++)
- {
- builder.Append(password[i].ToString("x2"));
- }
-
- return builder.ToString();
- }
-
- private string CreateUsername()
- {
- return _databaseName + "$" + _credential.UserName;
- }
- }
-}
View
52 MongoDB.Driver/Communication/Security/Mechanisms/GsaslGssApiMechanism.cs
@@ -1,52 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Net;
-using System.Text;
-
-namespace MongoDB.Driver.Security.Mechanisms
-{
- /// <summary>
- /// A mechanism implementing the GssApi specification.
- /// </summary>
- internal class GsaslGssApiMechanism : AbstractGsaslMechanism
- {
- // private fields
- private readonly string _authorizationId;
- private readonly MongoClientIdentity _identity;
- private readonly string _servicePrincipalName;
-
- // constructors
- /// <summary>
- /// Initializes a new instance of the <see cref="GsaslGssApiMechanism" /> class.
- /// </summary>
- /// <param name="serverName">Name of the server.</param>
- /// <param name="identity">The identity.</param>
- public GsaslGssApiMechanism(string serverName, MongoClientIdentity identity)
- : base("GSSAPI")
- {
- _authorizationId = identity.Username;
- _servicePrincipalName = "mongodb/" + serverName;
- _identity = identity;
- }
-
- // protected methods
- /// <summary>
- /// Gets the properties that should be used in the specified mechanism.
- /// </summary>
- /// <returns>The properties.</returns>
- protected override IEnumerable<KeyValuePair<string, string>> GetProperties()
- {
- yield return new KeyValuePair<string, string>("AUTHZID", _authorizationId);
- yield return new KeyValuePair<string, string>("AUTHID", _identity.Username);
- yield return new KeyValuePair<string, string>("PASSWORD", _identity.Password); // TODO: fix this to be secure
- var atIndex = _identity.Username.LastIndexOf("@");
- if (atIndex != -1 && atIndex != _identity.Username.Length - 1)
- {
- var realm = _identity.Username.Substring(atIndex + 1);
- yield return new KeyValuePair<string, string>("REALM", realm);
- }
- yield return new KeyValuePair<string, string>("SERVICE", _servicePrincipalName);
- }
- }
-}
View
197 MongoDB.Driver/Communication/Security/Mechanisms/SspiMechanism.cs
@@ -1,197 +0,0 @@
-using MongoDB.Driver.Security.Sspi;
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Net;
-using System.Text;
-
-namespace MongoDB.Driver.Security.Mechanisms
-{
- /// <summary>
- /// A mechanism implementing the GSS API specification on Windows utilizing the native sspi libraries.
- /// </summary>
- internal class SspiMechanism : ISaslMechanism
- {
- // private fields
- private readonly string _authorizationId;
- private readonly MongoClientIdentity _identity;
- private readonly string _servicePrincipalName;
-
- // constructors
- /// <summary>
- /// Initializes a new instance of the <see cref="SspiMechanism" /> class.
- /// </summary>
- /// <param name="serverName">Name of the server.</param>
- /// <param name="identity">The identity.</param>
- public SspiMechanism(string serverName, MongoClientIdentity identity)
- {
- _authorizationId = identity.Username;
- _servicePrincipalName = "mongodb/" + serverName;
- _identity = identity;
- }
-
- // properties
- /// <summary>
- /// Gets the name of the mechanism.
- /// </summary>
- public string Name
- {
- get { return "GSSAPI"; }
- }
-
- // public methods
- /// <summary>
- /// Transitions to the next step in the conversation.
- /// </summary>
- /// <param name="conversation">The conversation.</param>
- /// <param name="input">The input.</param>
- /// <returns>An ISaslStep.</returns>
- public ISaslStep Transition(SaslConversation conversation, byte[] input)
- {
- SecurityCredentials securityCredentials;
- try
- {
- securityCredentials = SecurityCredentials.Acquire(SspiPackage.Kerberos, _identity);
- conversation.RegisterUnmanagedResourceForDisposal(securityCredentials);
- }
- catch (Win32Exception ex)
- {
- throw new MongoSecurityException("Unable to acquire security credentials.", ex);
- }
-
- byte[] output;
- SecurityContext context;
- try
- {
- context = SecurityContext.Initialize(securityCredentials, _servicePrincipalName, input, out output);
- }
- catch (Win32Exception ex)
- {
- if (!(_identity is SystemMongoClientIdentity))
- {
- throw new MongoSecurityException("Unable to initialize security context. Ensure the username and password are correct.", ex);
- }
- else
- {
- throw new MongoSecurityException("Unable to initialize security context.", ex);
- }
- }
-
- if (!context.IsInitialized)
- {
- return new SspiInitializeStep(_servicePrincipalName, _authorizationId, context, output);
- }
-
- return new SspiNegotiateStep(_authorizationId, context, output);
- }
-
- // nested classes
- private class SspiInitializeStep : ISaslStep
- {
- private readonly string _authorizationId;
- private readonly SecurityContext _context;
- private readonly byte[] _output;
- private readonly string _servicePrincipalName;
-
- public SspiInitializeStep(string servicePrincipalName, string authorizationId, SecurityContext context, byte[] output)
- {
- _servicePrincipalName = servicePrincipalName;
- _authorizationId = authorizationId;
- _context = context;
- _output = output ?? new byte[0];
- }
-
- public byte[] Output
- {
- get { return _output; }
- }
-
- public ISaslStep Transition(SaslConversation conversation, byte[] input)
- {
- byte[] output;
- try
- {
- _context.Initialize(_servicePrincipalName, input, out output);
- }
- catch (Win32Exception ex)
- {
- throw new MongoSecurityException("Unable to initialize security context", ex);
- }
-
- if (!_context.IsInitialized)
- {
- return new SspiInitializeStep(_servicePrincipalName, _authorizationId, _context, output);
- }
-
- return new SspiNegotiateStep(_authorizationId, _context, output);
- }
- }
-
- private class SspiNegotiateStep : ISaslStep
- {
- private readonly string _authorizationId;
- private readonly SecurityContext _context;
- private readonly byte[] _output;
-
- public SspiNegotiateStep(string authorizationId, SecurityContext context, byte[] output)
- {
- _authorizationId = authorizationId;
- _context = context;
- _output = output ?? new byte[0];
- }
-
- public byte[] Output
- {
- get { return _output; }
- }
-
- public ISaslStep Transition(SaslConversation conversation, byte[] input)
- {
- if (input == null || input.Length != 32) //RFC specifies this must be 4 octets
- {
- throw new MongoSecurityException("Invalid server response.");
- }
-
- byte[] decryptedBytes;
- try
- {
- _context.DecryptMessage(0, input, out decryptedBytes);
- }
- catch (Win32Exception ex)
- {
- throw new MongoSecurityException("Unabled to decrypt message.", ex);
- }
-
- int length = 4;
- if (_authorizationId != null)
- {
- length += _authorizationId.Length;
- }
-
- input = new byte[length];
- input[0] = 0x1; // NO_PROTECTION
- input[1] = 0x0; // NO_PROTECTION
- input[2] = 0x0; // NO_PROTECTION
- input[3] = 0x0; // NO_PROTECTION
-
- if (_authorizationId != null)
- {
- var authorizationIdBytes = Encoding.UTF8.GetBytes(_authorizationId);
- authorizationIdBytes.CopyTo(input, 4);
- }
-
- byte[] output;
- try
- {
- _context.EncryptMessage(input, out output);
- }
- catch(Win32Exception ex)
- {
- throw new MongoSecurityException("Unabled to encrypt message.", ex);
- }
-
- return new SaslCompletionStep(output);
- }
- }
- }
-}
View
611 MongoDB.Driver/Communication/Security/MongoConnection.cs
@@ -1,611 +0,0 @@
-///* Copyright 2010-2012 10gen Inc.
-//*
-//* Licensed under the Apache License, Version 2.0 (the "License");
-//* you may not use this file except in compliance with the License.
-//* You may obtain a copy of the License at
-//*
-//* http://www.apache.org/licenses/LICENSE-2.0
-//*
-//* Unless required by applicable law or agreed to in writing, software
-//* distributed under the License is distributed on an "AS IS" BASIS,
-//* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//* See the License for the specific language governing permissions and
-//* limitations under the License.
-//*/
-
-//using System;
-//using System.Collections.Generic;
-//using System.IO;
-//using System.Linq;
-//using System.Net;
-//using System.Net.Security;
-//using System.Net.Sockets;
-//using System.Security.Cryptography.X509Certificates;
-//using System.Text;
-
-//using MongoDB.Bson;
-//using MongoDB.Bson.IO;
-//using MongoDB.Bson.Serialization;
-//using MongoDB.Driver.Security;
-
-//namespace MongoDB.Driver.Internal
-//{
-// /// <summary>
-// /// Represents the state of a connection.
-// /// </summary>
-// public enum MongoConnectionState
-// {
-// /// <summary>
-// /// The connection has not yet been initialized.
-// /// </summary>
-// Initial,
-// /// <summary>
-// /// The connection is open.
-// /// </summary>
-// Open,
-// /// <summary>
-// /// The connection is closed.
-// /// </summary>
-// Closed
-// }
-
-// /// <summary>
-// /// Represents a connection to a MongoServerInstance.
-// /// </summary>
-// public class MongoConnection
-// {
-// // private fields
-// private object _connectionLock = new object();
-// private MongoServerInstance _serverInstance;
-// private MongoConnectionPool _connectionPool;
-// private int _generationId; // the generationId of the connection pool at the time this connection was created
-// private MongoConnectionState _state;
-// private TcpClient _tcpClient;
-// private Stream _stream; // either a NetworkStream or an SslStream wrapping a NetworkStream
-// private DateTime _createdAt;
-// private DateTime _lastUsedAt; // set every time the connection is Released
-// private int _messageCounter;
-// private int _requestId;
-// private Dictionary<string, Authentication> _authentications = new Dictionary<string, Authentication>();
-
-// // constructors
-// internal MongoConnection(MongoConnectionPool connectionPool)
-// {
-// _serverInstance = connectionPool.ServerInstance;
-// _connectionPool = connectionPool;
-// _generationId = connectionPool.GenerationId;
-// _createdAt = DateTime.UtcNow;
-// _state = MongoConnectionState.Initial;
-// }
-
-// internal MongoConnection(MongoServerInstance serverInstance)
-// {
-// _serverInstance = serverInstance;
-// _createdAt = DateTime.UtcNow;
-// _state = MongoConnectionState.Initial;
-// }
-
-// // public properties
-// /// <summary>
-// /// Gets the connection pool that this connection belongs to.
-// /// </summary>
-// public MongoConnectionPool ConnectionPool
-// {
-// get { return _connectionPool; }
-// }
-
-// /// <summary>
-// /// Gets the DateTime that this connection was created at.
-// /// </summary>
-// public DateTime CreatedAt
-// {
-// get { return _createdAt; }
-// }
-
-// /// <summary>
-// /// Gets the generation of the connection pool that this connection belongs to.
-// /// </summary>
-// public int GenerationId
-// {
-// get { return _generationId; }
-// }
-
-// /// <summary>
-// /// Gets the DateTime that this connection was last used at.
-// /// </summary>
-// public DateTime LastUsedAt
-// {
-// get { return _lastUsedAt; }
-// internal set { _lastUsedAt = value; }
-// }
-
-// /// <summary>
-// /// Gets a count of the number of messages that have been sent using this connection.
-// /// </summary>
-// public int MessageCounter
-// {
-// get { return _messageCounter; }
-// }
-
-// /// <summary>
-// /// Gets the RequestId of the last message sent on this connection.
-// /// </summary>
-// public int RequestId
-// {
-// get { return _requestId; }
-// }
-
-// /// <summary>
-// /// Gets the server instance this connection is connected to.
-// /// </summary>
-// public MongoServerInstance ServerInstance
-// {
-// get { return _serverInstance; }
-// }
-
-// /// <summary>
-// /// Gets the state of this connection.
-// /// </summary>
-// public MongoConnectionState State
-// {
-// get { return _state; }
-// }
-
-// // internal methods
-// internal void Authenticate(MongoDatabase database)
-// {
-// if (_state == MongoConnectionState.Closed) { throw new InvalidOperationException("Connection is closed."); }
-// if (!CanAuthenticate(database))
-// {
-// throw new InvalidOperationException("Database cannot be authenticated using this connection. Ensure that CanAuthenticate is called before calling Authenticate.");
-// }
-
-// if (database.Credentials == null)
-// {
-// return;
-// }
-
-// Authentication authentication;
-// if (_authentications.TryGetValue(database.Name, out authentication))
-// {
-// authentication.LastUsed = DateTime.UtcNow;
-// }
-// else
-// {
-// if (database.Credentials.CredentialsType == MongoCredentialsType.Legacy)
-// {
-// new LegacyAuthenticator().Authenticate(this, database.Name, database.Credentials);
-// }
-// else
-// {
-// new SaslAuthenticator().Authenticate(this, database.Name, database.Credentials);
-// }
-
-// authentication = new Authentication(database.Credentials);
-// _authentications.Add(database.Name, authentication);
-// }
-// }
-
-// // check whether the connection can be used with the given database (and credentials)
-// // the following are the only valid authentication states for a connection:
-// // 1. the connection is not authenticated against any database
-// // 2. the connection has a single authentication against the admin database (with a particular set of credentials)
-// // 3. the connection has one or more authentications against any databases other than admin
-// // (with the restriction that a particular database can only be authenticated against once and therefore with only one set of credentials)
-// // assume that IsAuthenticated was called first and returned false
-// internal bool CanAuthenticate(MongoDatabase database)
-// {
-// if (_state == MongoConnectionState.Closed) { throw new InvalidOperationException("Connection is closed."); }
-// if (database == null)
-// {
-// return true;
-// }
-
-// if (_authentications.Count == 0)
-// {
-// // a connection with no existing authentications can authenticate anything
-// return true;
-// }
-// else
-// {
-// // a connection with existing authentications can't be used without credentials
-// if (database.Credentials == null)
-// {
-// return false;
-// }
-
-// // a connection with existing authentications can't be used with new admin credentials
-// if (database.Credentials.Admin)
-// {
-// return false;
-// }
-
-// // a connection with an existing authentication to the admin database can't be used with any other credentials
-// if (_authentications.ContainsKey("admin"))
-// {
-// return false;
-// }
-
-// // a connection with an existing authentication to a database can't authenticate for the same database again
-// if (_authentications.ContainsKey(database.Name))
-// {
-// return false;
-// }
-
-// return true;
-// }
-// }
-
-// internal void Close()
-// {
-// lock (_connectionLock)
-// {
-// if (_state != MongoConnectionState.Closed)
-// {
-// if (_stream != null)
-// {
-// try { _stream.Close(); }
-// catch { } // ignore exceptions
-// _stream = null;
-// }
-// if (_tcpClient != null)
-// {
-// if (_tcpClient.Connected)
-// {
-// // even though MSDN says TcpClient.Close doesn't close the underlying socket
-// // it actually does (as proven by disassembling TcpClient and by experimentation)
-// try { _tcpClient.Close(); }
-// catch { } // ignore exceptions
-// }
-// _tcpClient = null;
-// }
-// _state = MongoConnectionState.Closed;
-// }
-// }
-// }
-
-// internal bool IsAuthenticated(MongoDatabase database)
-// {
-// if (_state == MongoConnectionState.Closed) { throw new InvalidOperationException("Connection is closed."); }
-// if (database == null)
-// {
-// return true;
-// }
-
-// lock (_connectionLock)
-// {
-// if (database.Credentials == null)
-// {
-// return _authentications.Count == 0;
-// }
-// else
-// {
-// var authenticationDatabaseName = database.Credentials.Admin ? "admin" : database.Name;
-// Authentication authentication;
-// if (_authentications.TryGetValue(authenticationDatabaseName, out authentication))
-// {
-// return database.Credentials == authentication.Credentials;
-// }
-// else
-// {
-// return false;
-// }
-// }
-// }
-// }
-
-// internal void Logout(string databaseName)
-// {
-// if (_state == MongoConnectionState.Closed) { throw new InvalidOperationException("Connection is closed."); }
-// lock (_connectionLock)
-// {
-// var logoutCommand = new CommandDocument("logout", 1);
-// var commandResult = RunCommand(databaseName, QueryFlags.None, logoutCommand, false);
-// if (!commandResult.Ok)
-// {
-// throw new MongoAuthenticationException(
-// "Error logging off.",
-// new MongoCommandException(commandResult));
-// }
-
-// _authentications.Remove(databaseName);
-// }
-// }
-
-// internal void Open()
-// {
-// if (_state != MongoConnectionState.Initial)
-// {
-// throw new InvalidOperationException("Open called more than once.");
-// }
-
-// var ipEndPoint = _serverInstance.GetIPEndPoint();
-// var tcpClient = new TcpClient(ipEndPoint.AddressFamily);
-// tcpClient.NoDelay = true; // turn off Nagle
-// tcpClient.ReceiveBufferSize = MongoDefaults.TcpReceiveBufferSize;
-// tcpClient.SendBufferSize = MongoDefaults.TcpSendBufferSize;
-// tcpClient.Connect(ipEndPoint);
-
-// var stream = (Stream)tcpClient.GetStream();
-// if (_serverInstance.Server.Settings.UseSsl)
-// {
-// SslStream sslStream;
-// if (_serverInstance.Server.Settings.VerifySslCertificate)
-// {
-// sslStream = new SslStream(stream, false); // don't leave inner stream open
-// }
-// else
-// {
-// sslStream = new SslStream(stream, false, AcceptAnyCertificate, null); // don't leave inner stream open
-// }
-
-// try
-// {
-// sslStream.AuthenticateAsClient(_serverInstance.Address.Host);
-// }
-// catch
-// {
-// try { stream.Close(); }
-// catch { } // ignore exceptions
-// try { tcpClient.Close(); }
-// catch { } // ignore exceptions
-// throw;
-// }
-// stream = sslStream;
-// }
-
-// _tcpClient = tcpClient;
-// _stream = stream;
-// _state = MongoConnectionState.Open;
-// }
-
-// // this is a low level method that doesn't require a MongoServer
-// // so it can be used while connecting to a MongoServer
-// internal CommandResult RunCommand(
-// string databaseName,
-// QueryFlags queryFlags,
-// CommandDocument command,
-// bool throwOnError)
-// {
-// var commandName = command.GetElement(0).Name;
-
-// var writerSettings = new BsonBinaryWriterSettings
-// {
-// GuidRepresentation = GuidRepresentation.Unspecified,
-// MaxDocumentSize = _serverInstance.MaxDocumentSize
-// };
-// using (var message = new MongoQueryMessage(writerSettings, databaseName + ".$cmd", queryFlags, 0, 1, command, null))
-// {
-// SendMessage(message, null, databaseName); // write concern doesn't apply to queries
-// }
-
-// var readerSettings = new BsonBinaryReaderSettings
-// {
-// GuidRepresentation = GuidRepresentation.Unspecified,
-// MaxDocumentSize = _serverInstance.MaxDocumentSize
-// };
-// var reply = ReceiveMessage<BsonDocument>(readerSettings, null);
-// if (reply.NumberReturned == 0)
-// {
-// var message = string.Format("Command '{0}' failed. No response returned.", commandName);
-// throw new MongoCommandException(message);
-// }
-
-// var commandResult = new CommandResult(command, reply.Documents[0]);
-// if (throwOnError && !commandResult.Ok)
-// {
-// throw new MongoCommandException(commandResult);
-// }
-
-// return commandResult;
-// }
-
-// internal MongoReplyMessage<TDocument> ReceiveMessage<TDocument>(
-// BsonBinaryReaderSettings readerSettings,
-// IBsonSerializationOptions serializationOptions)
-// {
-// if (_state == MongoConnectionState.Closed) { throw new InvalidOperationException("Connection is closed."); }
-// lock (_connectionLock)
-// {
-// try
-// {
-// using (var buffer = new BsonBuffer())
-// {
-// var networkStream = GetNetworkStream();
-// var readTimeout = (int)_serverInstance.Server.Settings.SocketTimeout.TotalMilliseconds;
-// if (readTimeout != 0)
-// {
-// networkStream.ReadTimeout = readTimeout;
-// }
-// buffer.LoadFrom(networkStream);
-// var reply = new MongoReplyMessage<TDocument>(readerSettings);
-// reply.ReadFrom(buffer, serializationOptions);
-// return reply;
-// }
-// }
-// catch (Exception ex)
-// {
-// HandleException(ex);
-// throw;
-// }
-// }
-// }
-
-// internal WriteConcernResult SendMessage(MongoRequestMessage message, WriteConcern writeConcern, string databaseName)
-// {
-// if (_state == MongoConnectionState.Closed) { throw new InvalidOperationException("Connection is closed."); }
-// lock (_connectionLock)
-// {
-// _requestId = message.RequestId;
-
-// message.WriteToBuffer();
-// CommandDocument getLastErrorCommand = null;
-// if (writeConcern != null && !writeConcern.FireAndForget)
-// {
-// var fsync = (writeConcern.FSync == null) ? null : (BsonValue)writeConcern.FSync;
-// var journal = (writeConcern.Journal == null) ? null : (BsonValue)writeConcern.Journal;
-// var w = (writeConcern.W == null) ? null : writeConcern.W.ToBsonValue();
-// var wTimeout = (writeConcern.WTimeout == null) ? null : (BsonValue)(int)writeConcern.WTimeout.Value.TotalMilliseconds;
-
-// getLastErrorCommand = new CommandDocument
-// {
-// { "getlasterror", 1 }, // use all lowercase for backward compatibility
-// { "fsync", fsync, fsync != null },
-// { "j", journal, journal != null },
-// { "w", w, w != null },
-// { "wtimeout", wTimeout, wTimeout != null }
-// };
-// // piggy back on network transmission for message
-// using (var getLastErrorMessage = new MongoQueryMessage(message.Buffer, message.WriterSettings, databaseName + ".$cmd", QueryFlags.None, 0, 1, getLastErrorCommand, null))
-// {
-// getLastErrorMessage.WriteToBuffer();
-// }
-// }
-
-// try
-// {
-// var networkStream = GetNetworkStream();
-// var writeTimeout = (int)_serverInstance.Server.Settings.SocketTimeout.TotalMilliseconds;
-// if (writeTimeout != 0)
-// {
-// networkStream.WriteTimeout = writeTimeout;
-// }
-// message.Buffer.WriteTo(networkStream);
-// _messageCounter++;
-// }
-// catch (Exception ex)
-// {
-// HandleException(ex);
-// throw;
-// }
-
-// WriteConcernResult writeConcernResult = null;
-// if (writeConcern != null && !writeConcern.FireAndForget)
-// {
-// var readerSettings = new BsonBinaryReaderSettings
-// {
-// GuidRepresentation = message.WriterSettings.GuidRepresentation,
-// MaxDocumentSize = _serverInstance.MaxDocumentSize
-// };
-// var replyMessage = ReceiveMessage<BsonDocument>(readerSettings, null);
-// var getLastErrorResponse = replyMessage.Documents[0];
-// writeConcernResult = new WriteConcernResult();
-// writeConcernResult.Initialize(getLastErrorCommand, getLastErrorResponse);
-
-// if (!writeConcernResult.Ok)
-// {
-// var errorMessage = string.Format(
-// "WriteConcern detected an error '{0}'. (response was {1}).",
-// writeConcernResult.ErrorMessage, getLastErrorResponse.ToJson());
-// throw new WriteConcernException(errorMessage, writeConcernResult);
-// }
-// if (writeConcernResult.HasLastErrorMessage)
-// {
-// var errorMessage = string.Format(
-// "WriteConcern detected an error '{0}'. (Response was {1}).",
-// writeConcernResult.LastErrorMessage, getLastErrorResponse.ToJson());
-// throw new WriteConcernException(errorMessage, writeConcernResult);
-// }
-// }
-
-// return writeConcernResult;
-// }
-// }
-
-// // private methods
-// private bool AcceptAnyCertificate(
-// object sender,
-// X509Certificate certificate,
-// X509Chain chain,
-// SslPolicyErrors sslPolicyErrors
-// )
-// {
-// return true;
-// }
-
-// private Stream GetNetworkStream()
-// {
-// if (_state == MongoConnectionState.Initial)
-// {
-// Open();
-// }
-// return _stream;
-// }
-
-// private void HandleException(Exception ex)
-// {
-// // there are three possible situations:
-// // 1. we can keep using the connection
-// // 2. just this one connection needs to be closed
-// // 3. the whole connection pool needs to be cleared
-
-// switch (DetermineAction(ex))
-// {
-// case HandleExceptionAction.KeepConnection:
-// break;
-// case HandleExceptionAction.CloseConnection:
-// Close();
-// break;
-// case HandleExceptionAction.ClearConnectionPool:
-// Close();
-// if (_connectionPool != null)
-// {
-// _connectionPool.Clear();
-// }
-// break;
-// default:
-// throw new MongoInternalException("Invalid HandleExceptionAction");
-// }
-
-// // forces a call to VerifyState before the next message is sent to this server instance
-// // this is a bit drastic but at least it's safe (and perhaps we can optimize a bit in the future)
-// _serverInstance.SetState(MongoServerState.Unknown);
-// }
-
-// private enum HandleExceptionAction
-// {
-// KeepConnection,
-// CloseConnection,
-// ClearConnectionPool
-// }
-
-// private HandleExceptionAction DetermineAction(Exception ex)
-// {
-// // TODO: figure out when to return KeepConnection or ClearConnectionPool (if ever)
-
-// // don't return ClearConnectionPool unless you are *sure* it is the right action
-// // definitely don't make ClearConnectionPool the default action
-// // returning ClearConnectionPool frequently can result in Connect/Disconnect storms
-
-// return HandleExceptionAction.CloseConnection; // this should always be the default action
-// }
-
-// // private nested classes
-// // keeps track of what credentials were used with a given database
-// // and when that database was last used on this connection
-// private class Authentication
-// {
-// // private fields
-// private MongoCredentials _credentials;
-// private DateTime _lastUsed;
-
-// // constructors
-// public Authentication(MongoCredentials credentials)
-// {
-// _credentials = credentials;
-// _lastUsed = DateTime.UtcNow;
-// }
-
-// public MongoCredentials Credentials
-// {
-// get { return _credentials; }
-// }
-
-// public DateTime LastUsed
-// {
-// get { return _lastUsed; }
-// set { _lastUsed = value; }
-// }
-// }
-// }
-//}
View
44 MongoDB.Driver/Communication/Security/MongoSecurityException.cs
@@ -1,44 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Runtime.Serialization;
-using System.Text;
-
-namespace MongoDB.Driver.Security
-{
- /// <summary>
- /// An exception thrown during login and privilege negotiation.
- /// </summary>
- [Serializable]
- public class MongoSecurityException : MongoException
- {
- /// <summary>
- /// Initializes a new instance of the <see cref="MongoSecurityException" /> class.
- /// </summary>
- /// <param name="message">The message.</param>
- public MongoSecurityException(string message)
- : base(message)
- {
- }
-
- /// <summary>
- /// Initializes a new instance of the <see cref="MongoSecurityException" /> class.
- /// </summary>
- /// <param name="message">The message.</param>
- /// <param name="inner">The inner.</param>
- public MongoSecurityException(string message, Exception inner)
- : base(message, inner)
- {
- }
-
- /// <summary>
- /// Initializes a new instance of the <see cref="MongoSecurityException" /> class.
- /// </summary>
- /// <param name="info">The info.</param>
- /// <param name="context">The context.</param>
- protected MongoSecurityException(SerializationInfo info, StreamingContext context)
- : base(info, context)
- {
- }
- }
-}
View
119 MongoDB.Driver/Communication/Security/SaslAuthenticationStore.cs
@@ -1,119 +0,0 @@
-using MongoDB.Driver.Internal;
-using MongoDB.Driver.Security;
-using MongoDB.Driver.Security.Mechanisms;
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-
-namespace MongoDB.Driver.Communication.Security
-{
- internal class SaslAuthenticationStore : IAuthenticationStore
- {
- private readonly MongoConnection _connection;
- private readonly MongoClientIdentity _identity;
- private bool _isAuthenticated;
-
- public SaslAuthenticationStore(MongoConnection connection, MongoClientIdentity identity)
- {
- _connection = connection;
- _identity = identity;
- _isAuthenticated = _identity == null;
- }
-
- public void Authenticate(string databaseName, MongoCredentials credentials)
- {
- if (_identity != null && !_isAuthenticated)
- {
- Authenticate();
- _isAuthenticated = true;
- }
- }
-
- public bool CanAuthenticate(string databaseName, MongoCredentials credentials)
- {
- // we can always authenticate a sasl connection...
- return true;
- }
-
- public bool IsAuthenticated(string databaseName, MongoCredentials credentials)
- {
- return _isAuthenticated;
- }
-
- public void Logout(string databaseName)
- {
- // do nothing
- }
-
- // private methods
- private void Authenticate()
- {
- using (var conversation = new SaslConversation())
- {
- var mechanism = GetMechanism(_connection, _identity.Realm, _identity);
- var currentStep = conversation.Initiate(mechanism);
-
- var command = new CommandDocument
- {
- { "saslStart", 1 },
- { "mechanism", mechanism.Name },
- { "payload", currentStep.Output }
- };
-
- while (true)
- {
- var result = _connection.RunCommand(_identity.Realm, QueryFlags.SlaveOk, command, true);
- var code = result.Response["code"].AsInt32;
- if (code != 0)
- {
- HandleError(result, code);
- }
- if (result.Response["done"].AsBoolean)
- {
- break;
- }
-
- currentStep = currentStep.Transition(conversation, result.Response["payload"].AsByteArray);
-
- command = new CommandDocument
- {
- { "saslContinue", 1 },
- { "conversationId", result.Response["conversationId"].AsInt32 },
- { "payload", currentStep.Output }
- };
- }
- }
- }
-
- private ISaslMechanism GetMechanism(MongoConnection connection, string databaseName, MongoClientIdentity identity)
- {
- // TODO: provide an override to force the use of gsasl.
- bool useGsasl = !Environment.OSVersion.Platform.ToString().Contains("Win");
-
- switch (identity.AuthenticationType)
- {
- case MongoAuthenticationType.GSSAPI:
- if (useGsasl)
- {
- return new GsaslGssApiMechanism(
- connection.ServerInstance.Address.Host,
- identity);
- }
- else
- {
- return new SspiMechanism(
- connection.ServerInstance.Address.Host,
- identity);
- }
- }
-
- throw new NotSupportedException(string.Format("Unsupported credentials type {0}.", identity.AuthenticationType));
- }
-
- private void HandleError(CommandResult result, int code)
- {
- throw new MongoException(string.Format("Error: {0} - {1}", code, result.Response["errmsg"].AsString));
- }
- }
-}
View
49 MongoDB.Driver/Communication/Security/SaslCompletionStep.cs
@@ -1,49 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-
-namespace MongoDB.Driver.Security
-{
- /// <summary>