Merge pull request #4 from Fatsoma/adapt-to-mongodb-v5-sasl-changes

adapt to mongodb v5
Fatsoma · Apr 5, 2024 · 9c60f00 · 9c60f00
2 parents 1c248a5 + 6bcd1cc
commit 9c60f00
Showing 1 changed file with 37 additions and 7 deletions.
diff --git a/auth.go b/auth.go
@@ -77,6 +77,18 @@ type saslCmd struct {
 	Payload        []byte
 }
 
+type saslStartCmd struct {
+	Start     int    `bson:"saslStart,omitempty"`
+	Mechanism string `bson:"mechanism,omitempty"`
+	Payload   []byte
+}
+
+type saslContinueCmd struct {
+	Continue       int `bson:"saslContinue,omitempty"`
+	ConversationId int `bson:"conversationId,omitempty"`
+	Payload        []byte
+}
+
 type saslResult struct {
 	Ok    bool `bson:"ok"`
 	NotOk bool `bson:"code"` // Server <= 2.3.2 returns ok=1 & code>0 on errors (WTF?)
@@ -309,9 +321,30 @@ func (socket *mongoSocket) loginSASL(cred Credential) error {
 	lock(true)
 	defer lock(false)
 
-	start := 1
-	cmd := saslCmd{}
+	startStep, _, err := sasl.Step([]byte{})
+	if err != nil {
+		return err
+	}
+
+	lock(false)
 	res := saslResult{}
+	startCmd := saslStartCmd{
+		Start:     1,
+		Mechanism: cred.Mechanism,
+		Payload:   startStep,
+	}
+	err = socket.loginRun(cred.Source, &startCmd, &res, func() error {
+		// See the comment on lock for why this is necessary.
+		lock(true)
+		if !res.Ok || res.NotOk {
+			return fmt.Errorf("server returned error on SASL authentication step: %s", res.ErrMsg)
+		}
+		return nil
+	})
+	if err != nil {
+		return err
+	}
+	cmd := saslContinueCmd{}
 	for {
 		payload, done, err := sasl.Step(res.Payload)
 		if err != nil {
@@ -324,14 +357,11 @@ func (socket *mongoSocket) loginSASL(cred Credential) error {
 		}
 		lock(false)
 
-		cmd = saslCmd{
-			Start:          start,
-			Continue:       1 - start,
+		cmd = saslContinueCmd{
+			Continue:       1,
 			ConversationId: res.ConversationId,
-			Mechanism:      cred.Mechanism,
 			Payload:        payload,
 		}
-		start = 0
 		err = socket.loginRun(cred.Source, &cmd, &res, func() error {
 			// See the comment on lock for why this is necessary.
 			lock(true)