Create place for auth functions in client code and move password hashing there

7 files changed, 87 insertions, 17 deletions

diff --git a/src/SConscript.client b/src/SConscript.client
index 82e5d8007a0..e8952c22a17 100644
--- a/src/SConscript.client
+++ b/src/SConscript.client
@@ -37,6 +37,7 @@ clientSourceBasic = [
     'mongo/bson/oid.cpp',
     'mongo/bson/util/bson_extract.cpp',
     'mongo/buildinfo.cpp',
+    'mongo/client/auth_helpers.cpp',
     'mongo/client/clientAndShell.cpp',
     'mongo/client/clientOnly.cpp',
     'mongo/client/connpool.cpp',
diff --git a/src/mongo/SConscript b/src/mongo/SConscript
index d4aee164378..ba3ee98d890 100644
--- a/src/mongo/SConscript
+++ b/src/mongo/SConscript
@@ -225,6 +225,7 @@ commonFiles = [ "pch.cpp",
                 "util/net/listen.cpp",
                 "util/startup_test.cpp",
                 "util/version.cpp",
+                "client/auth_helpers.cpp",
                 "client/connpool.cpp",
                 "client/dbclient.cpp",
                 "client/dbclient_rs.cpp",
diff --git a/src/mongo/client/auth_helpers.cpp b/src/mongo/client/auth_helpers.cpp
new file mode 100644
index 00000000000..8a554f41465
--- /dev/null
+++ b/src/mongo/client/auth_helpers.cpp
@@ -0,0 +1,41 @@
+/*    Copyright 2013 10gen Inc.
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+#include "mongo/client/auth_helpers.h"
+
+#include "mongo/base/string_data.h"
+#include "mongo/util/md5.hpp"
+
+namespace mongo {
+namespace auth {
+
+    std::string createPasswordDigest(const StringData& username,
+                                     const StringData& clearTextPassword) {
+        md5digest d;
+        {
+            md5_state_t st;
+            md5_init(&st);
+            md5_append(&st, (const md5_byte_t *) username.rawData(), username.size());
+            md5_append(&st, (const md5_byte_t *) ":mongo:", 7 );
+            md5_append(&st,
+                       (const md5_byte_t *) clearTextPassword.rawData(),
+                       clearTextPassword.size());
+            md5_finish(&st, d);
+        }
+        return digestToString( d );
+    }
+
+}  // namespace auth
+}  // namespace mongo
diff --git a/src/mongo/client/auth_helpers.h b/src/mongo/client/auth_helpers.h
new file mode 100644
index 00000000000..d1b652a70bf
--- /dev/null
+++ b/src/mongo/client/auth_helpers.h
@@ -0,0 +1,31 @@
+/*    Copyright 2013 10gen Inc.
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+#pragma once
+
+#include "mongo/base/string_data.h"
+
+namespace mongo {
+namespace auth {
+
+    /**
+     * Hashes the password so that it can be stored in a user object or used for MONGODB-CR
+     * authentication.
+     */
+    std::string createPasswordDigest(const StringData& username,
+                                     const StringData& clearTextPassword);
+
+}  // namespace auth
+}  // namespace mongo
diff --git a/src/mongo/client/dbclient.cpp b/src/mongo/client/dbclient.cpp
index b6fa4240d28..19e280ec8f6 100644
--- a/src/mongo/client/dbclient.cpp
+++ b/src/mongo/client/dbclient.cpp
@@ -19,6 +19,7 @@
 
 #include "mongo/bson/util/bson_extract.h"
 #include "mongo/bson/util/builder.h"
+#include "mongo/client/auth_helpers.h"
 #include "mongo/client/constants.h"
 #include "mongo/client/dbclient_rs.h"
 #include "mongo/client/dbclientcursor.h"
@@ -525,16 +526,7 @@ namespace mongo {
     BSONObj getnoncecmdobj = fromjson("{getnonce:1}");
 
     string DBClientWithCommands::createPasswordDigest( const string & username , const string & clearTextPassword ) {
-        md5digest d;
-        {
-            md5_state_t st;
-            md5_init(&st);
-            md5_append(&st, (const md5_byte_t *) username.data(), username.length());
-            md5_append(&st, (const md5_byte_t *) ":mongo:", 7 );
-            md5_append(&st, (const md5_byte_t *) clearTextPassword.data(), clearTextPassword.length());
-            md5_finish(&st, d);
-        }
-        return digestToString( d );
+        return auth::createPasswordDigest(username, clearTextPassword);
     }
 
     void DBClientWithCommands::_auth(const BSONObj& params) {
diff --git a/src/mongo/client/sasl_client_authenticate_impl.cpp b/src/mongo/client/sasl_client_authenticate_impl.cpp
index 7cf9b9f52b3..83e0c5ebdd0 100644
--- a/src/mongo/client/sasl_client_authenticate_impl.cpp
+++ b/src/mongo/client/sasl_client_authenticate_impl.cpp
@@ -27,6 +27,7 @@
 #include "mongo/base/status.h"
 #include "mongo/base/string_data.h"
 #include "mongo/bson/util/bson_extract.h"
+#include "mongo/client/auth_helpers.h"
 #include "mongo/client/sasl_client_authenticate.h"
 #include "mongo/client/sasl_client_session.h"
 #include "mongo/platform/cstdint.h"
@@ -57,15 +58,14 @@ namespace {
      * Gets the password data from "saslParameters" and stores it to "outPassword".
      *
      * If "digestPassword" indicates that the password needs to be "digested" via
-     * DBClientWithCommands::createPasswordDigest(), this method takes care of that.
+     * auth::createPasswordDigest(), this method takes care of that.
      * On success, the value of "*outPassword" is always the correct value to set
      * as the password on the SaslClientSession.
      *
      * Returns Status::OK() on success, and ErrorCodes::NoSuchKey if the password data is not
      * present in "saslParameters".  Other ErrorCodes returned indicate other errors.
      */
-    Status extractPassword(DBClientWithCommands* client,
-                           const BSONObj& saslParameters,
+    Status extractPassword(const BSONObj& saslParameters,
                            bool digestPassword,
                            std::string* outPassword) {
 
@@ -84,7 +84,7 @@ namespace {
             if (!status.isOK())
                 return status;
 
-            *outPassword = client->createPasswordDigest(user, rawPassword);
+            *outPassword = auth::createPasswordDigest(user, rawPassword);
         }
         else {
             *outPassword = rawPassword;
@@ -148,7 +148,7 @@ namespace {
         if (!status.isOK())
             return status;
 
-        status = extractPassword(client, saslParameters, digestPassword, &value);
+        status = extractPassword(saslParameters, digestPassword, &value);
         if (status.isOK()) {
             session->setParameter(SaslClientSession::parameterPassword, value);
         }
diff --git a/src/mongo/util/md5.hpp b/src/mongo/util/md5.hpp
index 8974751054f..de785a04202 100644
--- a/src/mongo/util/md5.hpp
+++ b/src/mongo/util/md5.hpp
@@ -17,7 +17,11 @@
 
 #pragma once
 
-#include "md5.h"
+#include "mongo/util/md5.h"
+
+#include <sstream>
+#include <string>
+#include <string.h>
 
 namespace mongo {
 
@@ -36,7 +40,7 @@ namespace mongo {
     
     inline std::string digestToString( md5digest digest ){
         static const char * letters = "0123456789abcdef";
-        stringstream ss;
+        std::stringstream ss;
         for ( int i=0; i<16; i++){
             unsigned char c = digest[i];
             ss << letters[ ( c >> 4 ) & 0xf ] << letters[ c & 0xf ];