diff options
author | Andreas <agralius@gmail.com> | 2014-08-13 12:10:38 -0400 |
---|---|---|
committer | Andreas <agralius@gmail.com> | 2014-08-28 13:20:25 -0400 |
commit | e6a8e256ca73e7596d9f8b7b3a3b00d8c08f6554 (patch) | |
tree | cc5ca0887015b6c8d09bdc932756faaac8df3c24 /src/mongo/db/auth/sasl_options.cpp | |
parent | ca6a26760c2150736562f49201fcb7b4de5e53f1 (diff) | |
download | mongo-e6a8e256ca73e7596d9f8b7b3a3b00d8c08f6554.tar.gz |
SERVER-7596 Native SCRAM-SHA-1 server side support
Diffstat (limited to 'src/mongo/db/auth/sasl_options.cpp')
-rw-r--r-- | src/mongo/db/auth/sasl_options.cpp | 165 |
1 files changed, 165 insertions, 0 deletions
diff --git a/src/mongo/db/auth/sasl_options.cpp b/src/mongo/db/auth/sasl_options.cpp new file mode 100644 index 00000000000..40fc536656c --- /dev/null +++ b/src/mongo/db/auth/sasl_options.cpp @@ -0,0 +1,165 @@ +/* + * Copyright (C) 2013 10gen Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects for + * all of the code used other than as permitted herein. If you modify file(s) + * with this exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do so, + * delete this exception statement from your version. If you delete this + * exception statement from all source files in the program, then also delete + * it in the license file. + */ + +#define MONGO_LOG_DEFAULT_COMPONENT ::mongo::logger::LogComponent::kAccessControl + +#include "mongo/db/auth/sasl_options.h" + +#include "mongo/base/status.h" +#include "mongo/db/server_parameters.h" +#include "mongo/util/log.h" +#include "mongo/util/options_parser/startup_option_init.h" +#include "mongo/util/options_parser/startup_options.h" + +namespace mongo { + + SASLGlobalParams saslGlobalParams; + + // Authentication mechanisms supported by default + SASLGlobalParams::SASLGlobalParams() { + authenticationMechanisms.push_back("MONGODB-CR"); + authenticationMechanisms.push_back("MONGODB-X509"); + authenticationMechanisms.push_back("SCRAM-SHA-1"); + } + + Status addSASLOptions(moe::OptionSection* options) { + + moe::OptionSection saslOptions("SASL Options"); + + saslOptions.addOptionChaining("security.authenticationMechanisms", "", + moe::StringVector, "List of supported authentication mechanisms. " + "Default is MONGODB-CR, SCRAM-SHA-1 and MONGODB-X509.") + .setSources(moe::SourceYAMLConfig); + + saslOptions.addOptionChaining("security.sasl.hostName", "", moe::String, + "Fully qualified server domain name") + .setSources(moe::SourceYAMLConfig); + + saslOptions.addOptionChaining("security.sasl.serviceName", "", moe::String, + "Registered name of the service using SASL") + .setSources(moe::SourceYAMLConfig); + + saslOptions.addOptionChaining("security.sasl.saslauthdSocketPath", "", moe::String, + "Path to Unix domain socket file for saslauthd") + .setSources(moe::SourceYAMLConfig); + + Status ret = options->addSection(saslOptions); + if (!ret.isOK()) { + log() << "Failed to add sasl option section: " << ret.toString(); + return ret; + } + + return Status::OK(); + } + + Status storeSASLOptions(const moe::Environment& params) { + + bool haveAuthenticationMechanisms = false; + bool haveHostName = false; + bool haveServiceName = false; + bool haveAuthdPath = false; + + // Check our setParameter options first so that these values can be properly overridden via + // the command line even though the options have different names. + if (params.count("setParameter")) { + std::map<std::string, std::string> parameters = + params["setParameter"].as<std::map<std::string, std::string> >(); + for (std::map<std::string, std::string>::iterator parametersIt = parameters.begin(); + parametersIt != parameters.end(); parametersIt++) { + if (parametersIt->first == "authenticationMechanisms") { + haveAuthenticationMechanisms = true; + } + else if (parametersIt->first == "saslHostName") { + haveHostName = true; + } + else if (parametersIt->first == "saslServiceName") { + haveServiceName = true; + } + else if (parametersIt->first == "saslauthdPath") { + haveAuthdPath = true; + } + } + } + + if (params.count("security.authenticationMechanisms") && + !haveAuthenticationMechanisms) { + saslGlobalParams.authenticationMechanisms = + params["security.authenticationMechanisms"].as<std::vector<std::string> >(); + } + if (params.count("security.sasl.hostName") && !haveHostName) { + saslGlobalParams.hostName = + params["security.sasl.hostName"].as<std::string>(); + } + if (params.count("security.sasl.serviceName") && !haveServiceName) { + saslGlobalParams.serviceName = + params["security.sasl.serviceName"].as<std::string>(); + } + if (params.count("security.sasl.saslauthdSocketPath") && !haveAuthdPath) { + saslGlobalParams.authdPath = + params["security.sasl.saslauthdSocketPath"].as<std::string>(); + } + + return Status::OK(); + } + + MONGO_MODULE_STARTUP_OPTIONS_REGISTER(SASLOptions)(InitializerContext* context) { + return addSASLOptions(&moe::startupOptions); + } + + MONGO_STARTUP_OPTIONS_STORE(SASLOptions)(InitializerContext* context) { + return storeSASLOptions(moe::startupOptionsParsed); + } + + // SASL Startup Parameters, making them settable via setParameter on the command line or in the + // legacy INI config file. None of these parameters are modifiable at runtime. + ExportedServerParameter<std::vector<std::string> > SASLAuthenticationMechanismsSetting( + ServerParameterSet::getGlobal(), + "authenticationMechanisms", + &saslGlobalParams.authenticationMechanisms, + true, // Change at startup + false); // Change at runtime + + ExportedServerParameter<std::string> SASLHostNameSetting(ServerParameterSet::getGlobal(), + "saslHostName", + &saslGlobalParams.hostName, + true, // Change at startup + false); // Change at runtime + + ExportedServerParameter<std::string> SASLServiceNameSetting(ServerParameterSet::getGlobal(), + "saslServiceName", + &saslGlobalParams.serviceName, + true, // Change at startup + false); // Change at runtime + + ExportedServerParameter<std::string> SASLAuthdPathSetting(ServerParameterSet::getGlobal(), + "saslauthdPath", + &saslGlobalParams.authdPath, + true, // Change at startup + false); // Change at runtime + +} // namespace mongo |