diff options
author | Spencer Jackson <spencer.jackson@mongodb.com> | 2015-10-14 18:15:45 -0400 |
---|---|---|
committer | Spencer Jackson <spencer.jackson@mongodb.com> | 2015-10-14 18:15:45 -0400 |
commit | e7189d7af091983e9eedc1ca30bc7f1d8e136951 (patch) | |
tree | 7dc501fd140033c0388fef8031284b24d23304c9 /src/mongo/client/sasl_sspi_options.cpp | |
parent | a8242b99c2455d2c95ae529d8717b268d1fbf024 (diff) | |
download | mongo-e7189d7af091983e9eedc1ca30bc7f1d8e136951.tar.gz |
SERVER-2421 SERVER-17739 Add FQDN canonicalization for serverStatus and SPNs
Diffstat (limited to 'src/mongo/client/sasl_sspi_options.cpp')
-rw-r--r-- | src/mongo/client/sasl_sspi_options.cpp | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/src/mongo/client/sasl_sspi_options.cpp b/src/mongo/client/sasl_sspi_options.cpp new file mode 100644 index 00000000000..f392f5b5412 --- /dev/null +++ b/src/mongo/client/sasl_sspi_options.cpp @@ -0,0 +1,85 @@ +/** + * Copyright (C) 2015 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. + */ + +#ifdef _WIN32 + +#include "mongo/platform/basic.h" + +#include "mongo/client/sasl_sspi_options.h" + +#include <string> +#include <vector> + +#include "mongo/base/status.h" +#include "mongo/util/options_parser/startup_options.h" +#include "mongo/util/options_parser/startup_option_init.h" + +namespace mongo { + +SASLSSPIGlobalParams saslSSPIGlobalParams; + +Status addSASLSSPIOptions(moe::OptionSection* options) { + moe::OptionSection sspiOptions("Kerberos Options"); + sspiOptions.addOptionChaining("security.sspiHostnameCanonicalization", + "sspiHostnameCanonicalization", + moe::String, + "DNS resolution strategy to use for hostname canonicalization. " + "May be one of: {none, forward, forwardAndReverse}") + .setDefault(moe::Value(std::string("none"))); + return options->addSection(sspiOptions); +} + +Status storeSASLSSPIOptions(const moe::Environment& params) { + if (params.count("security.sspiHostnameCanonicalization")) { + if (params["security.sspiHostnameCanonicalization"].as<std::string>() == "none") { + saslSSPIGlobalParams.canonicalization = HostnameCanonicalizationMode::kNone; + } else if (params["security.sspiHostnameCanonicalization"].as<std::string>() == "forward") { + saslSSPIGlobalParams.canonicalization = HostnameCanonicalizationMode::kForward; + } else if (params["security.sspiHostnameCanonicalization"].as<std::string>() == + "forwardAndReverse") { + saslSSPIGlobalParams.canonicalization = + HostnameCanonicalizationMode::kForwardAndReverse; + } else { + return Status(ErrorCodes::InvalidOptions, + "Unrecognized sspiHostnameCanonicalization option"); + } + } + return Status::OK(); +} + +MONGO_MODULE_STARTUP_OPTIONS_REGISTER(SASLSSPIOptions)(InitializerContext* context) { + return addSASLSSPIOptions(&moe::startupOptions); +} + +MONGO_STARTUP_OPTIONS_STORE(SASLSSPIOptions)(InitializerContext* context) { + return storeSASLSSPIOptions(moe::startupOptionsParsed); +} + +} // namespace mongo + +#endif // ifdef _WIN32 |