diff options
author | Spencer T Brody <spencer@10gen.com> | 2013-08-27 17:20:19 -0400 |
---|---|---|
committer | Spencer T Brody <spencer@10gen.com> | 2013-08-29 17:03:18 -0400 |
commit | bfdd9917c2e2dea22a6673d45d10882d1d567362 (patch) | |
tree | 152caeb749e0bebee61e3cbff882f77417449572 | |
parent | 794646c2028da8cc4ea9db1ffd22eb1f8f2cedde (diff) | |
download | mongo-bfdd9917c2e2dea22a6673d45d10882d1d567362.tar.gz |
Create place for auth functions in client code and move password hashing there
-rw-r--r-- | src/SConscript.client | 1 | ||||
-rw-r--r-- | src/mongo/SConscript | 1 | ||||
-rw-r--r-- | src/mongo/client/auth_helpers.cpp | 41 | ||||
-rw-r--r-- | src/mongo/client/auth_helpers.h | 31 | ||||
-rw-r--r-- | src/mongo/client/dbclient.cpp | 12 | ||||
-rw-r--r-- | src/mongo/client/sasl_client_authenticate_impl.cpp | 10 | ||||
-rw-r--r-- | src/mongo/util/md5.hpp | 8 |
7 files changed, 87 insertions, 17 deletions
diff --git a/src/SConscript.client b/src/SConscript.client index 82e5d8007a0..e8952c22a17 100644 --- a/src/SConscript.client +++ b/src/SConscript.client @@ -37,6 +37,7 @@ clientSourceBasic = [ 'mongo/bson/oid.cpp', 'mongo/bson/util/bson_extract.cpp', 'mongo/buildinfo.cpp', + 'mongo/client/auth_helpers.cpp', 'mongo/client/clientAndShell.cpp', 'mongo/client/clientOnly.cpp', 'mongo/client/connpool.cpp', diff --git a/src/mongo/SConscript b/src/mongo/SConscript index d4aee164378..ba3ee98d890 100644 --- a/src/mongo/SConscript +++ b/src/mongo/SConscript @@ -225,6 +225,7 @@ commonFiles = [ "pch.cpp", "util/net/listen.cpp", "util/startup_test.cpp", "util/version.cpp", + "client/auth_helpers.cpp", "client/connpool.cpp", "client/dbclient.cpp", "client/dbclient_rs.cpp", diff --git a/src/mongo/client/auth_helpers.cpp b/src/mongo/client/auth_helpers.cpp new file mode 100644 index 00000000000..8a554f41465 --- /dev/null +++ b/src/mongo/client/auth_helpers.cpp @@ -0,0 +1,41 @@ +/* Copyright 2013 10gen Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "mongo/client/auth_helpers.h" + +#include "mongo/base/string_data.h" +#include "mongo/util/md5.hpp" + +namespace mongo { +namespace auth { + + std::string createPasswordDigest(const StringData& username, + const StringData& clearTextPassword) { + md5digest d; + { + md5_state_t st; + md5_init(&st); + md5_append(&st, (const md5_byte_t *) username.rawData(), username.size()); + md5_append(&st, (const md5_byte_t *) ":mongo:", 7 ); + md5_append(&st, + (const md5_byte_t *) clearTextPassword.rawData(), + clearTextPassword.size()); + md5_finish(&st, d); + } + return digestToString( d ); + } + +} // namespace auth +} // namespace mongo diff --git a/src/mongo/client/auth_helpers.h b/src/mongo/client/auth_helpers.h new file mode 100644 index 00000000000..d1b652a70bf --- /dev/null +++ b/src/mongo/client/auth_helpers.h @@ -0,0 +1,31 @@ +/* Copyright 2013 10gen Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include "mongo/base/string_data.h" + +namespace mongo { +namespace auth { + + /** + * Hashes the password so that it can be stored in a user object or used for MONGODB-CR + * authentication. + */ + std::string createPasswordDigest(const StringData& username, + const StringData& clearTextPassword); + +} // namespace auth +} // namespace mongo diff --git a/src/mongo/client/dbclient.cpp b/src/mongo/client/dbclient.cpp index b6fa4240d28..19e280ec8f6 100644 --- a/src/mongo/client/dbclient.cpp +++ b/src/mongo/client/dbclient.cpp @@ -19,6 +19,7 @@ #include "mongo/bson/util/bson_extract.h" #include "mongo/bson/util/builder.h" +#include "mongo/client/auth_helpers.h" #include "mongo/client/constants.h" #include "mongo/client/dbclient_rs.h" #include "mongo/client/dbclientcursor.h" @@ -525,16 +526,7 @@ namespace mongo { BSONObj getnoncecmdobj = fromjson("{getnonce:1}"); string DBClientWithCommands::createPasswordDigest( const string & username , const string & clearTextPassword ) { - md5digest d; - { - md5_state_t st; - md5_init(&st); - md5_append(&st, (const md5_byte_t *) username.data(), username.length()); - md5_append(&st, (const md5_byte_t *) ":mongo:", 7 ); - md5_append(&st, (const md5_byte_t *) clearTextPassword.data(), clearTextPassword.length()); - md5_finish(&st, d); - } - return digestToString( d ); + return auth::createPasswordDigest(username, clearTextPassword); } void DBClientWithCommands::_auth(const BSONObj& params) { diff --git a/src/mongo/client/sasl_client_authenticate_impl.cpp b/src/mongo/client/sasl_client_authenticate_impl.cpp index 7cf9b9f52b3..83e0c5ebdd0 100644 --- a/src/mongo/client/sasl_client_authenticate_impl.cpp +++ b/src/mongo/client/sasl_client_authenticate_impl.cpp @@ -27,6 +27,7 @@ #include "mongo/base/status.h" #include "mongo/base/string_data.h" #include "mongo/bson/util/bson_extract.h" +#include "mongo/client/auth_helpers.h" #include "mongo/client/sasl_client_authenticate.h" #include "mongo/client/sasl_client_session.h" #include "mongo/platform/cstdint.h" @@ -57,15 +58,14 @@ namespace { * Gets the password data from "saslParameters" and stores it to "outPassword". * * If "digestPassword" indicates that the password needs to be "digested" via - * DBClientWithCommands::createPasswordDigest(), this method takes care of that. + * auth::createPasswordDigest(), this method takes care of that. * On success, the value of "*outPassword" is always the correct value to set * as the password on the SaslClientSession. * * Returns Status::OK() on success, and ErrorCodes::NoSuchKey if the password data is not * present in "saslParameters". Other ErrorCodes returned indicate other errors. */ - Status extractPassword(DBClientWithCommands* client, - const BSONObj& saslParameters, + Status extractPassword(const BSONObj& saslParameters, bool digestPassword, std::string* outPassword) { @@ -84,7 +84,7 @@ namespace { if (!status.isOK()) return status; - *outPassword = client->createPasswordDigest(user, rawPassword); + *outPassword = auth::createPasswordDigest(user, rawPassword); } else { *outPassword = rawPassword; @@ -148,7 +148,7 @@ namespace { if (!status.isOK()) return status; - status = extractPassword(client, saslParameters, digestPassword, &value); + status = extractPassword(saslParameters, digestPassword, &value); if (status.isOK()) { session->setParameter(SaslClientSession::parameterPassword, value); } diff --git a/src/mongo/util/md5.hpp b/src/mongo/util/md5.hpp index 8974751054f..de785a04202 100644 --- a/src/mongo/util/md5.hpp +++ b/src/mongo/util/md5.hpp @@ -17,7 +17,11 @@ #pragma once -#include "md5.h" +#include "mongo/util/md5.h" + +#include <sstream> +#include <string> +#include <string.h> namespace mongo { @@ -36,7 +40,7 @@ namespace mongo { inline std::string digestToString( md5digest digest ){ static const char * letters = "0123456789abcdef"; - stringstream ss; + std::stringstream ss; for ( int i=0; i<16; i++){ unsigned char c = digest[i]; ss << letters[ ( c >> 4 ) & 0xf ] << letters[ c & 0xf ]; |