summaryrefslogtreecommitdiff
path: root/src/mongo/db/auth/sasl_options.cpp
diff options
context:
space:
mode:
authorSpencer Jackson <spencer.jackson@mongodb.com>2018-12-12 13:05:57 -0500
committerSpencer Jackson <spencer.jackson@mongodb.com>2019-01-10 18:59:20 -0500
commitbc5ac036a39627b9b2637665e7ac38853d049754 (patch)
treece789bbe14d8e4780ae4b231e85487ada3423953 /src/mongo/db/auth/sasl_options.cpp
parentc1bc93bc4e903fd1ea5eb035023d5054c6c86497 (diff)
downloadmongo-bc5ac036a39627b9b2637665e7ac38853d049754.tar.gz
SERVER-38483 Convert options in sasl_options.cpp to IDL
Diffstat (limited to 'src/mongo/db/auth/sasl_options.cpp')
-rw-r--r--src/mongo/db/auth/sasl_options.cpp207
1 files changed, 7 insertions, 200 deletions
diff --git a/src/mongo/db/auth/sasl_options.cpp b/src/mongo/db/auth/sasl_options.cpp
index ab6152d7556..703c7ac07d9 100644
--- a/src/mongo/db/auth/sasl_options.cpp
+++ b/src/mongo/db/auth/sasl_options.cpp
@@ -28,216 +28,23 @@
* it in the license file.
*/
-#define MONGO_LOG_DEFAULT_COMPONENT ::mongo::logger::LogComponent::kAccessControl
-
#include "mongo/db/auth/sasl_options.h"
+#include "mongo/db/auth/sasl_options_gen.h"
-#include "mongo/base/status.h"
-#include "mongo/db/server_parameters.h"
-#include "mongo/util/log.h"
-#include "mongo/util/mongoutils/str.h"
-#include "mongo/util/net/socket_utils.h"
-#include "mongo/util/options_parser/startup_option_init.h"
-#include "mongo/util/options_parser/startup_options.h"
+#include "mongo/util/text.h"
namespace mongo {
+const std::vector<std::string> SASLGlobalParams::kDefaultAuthenticationMechanisms =
+ std::vector<std::string>{"MONGODB-X509", "SCRAM-SHA-1", "SCRAM-SHA-256"};
SASLGlobalParams saslGlobalParams;
-// For backward compatability purposes, "scramIterationCount" refers to the SHA-1 variant.
-// The SHA-256 variant, as well as all future parameters, will use their specific name.
-constexpr auto scramSHA1IterationCountServerParameter = "scramIterationCount"_sd;
-constexpr auto scramSHA256IterationCountServerParameter = "scramSHA256IterationCount"_sd;
-
-const int defaultScramSHA1IterationCount = 10000;
-const int minimumScramSHA1IterationCount = 5000;
-
-const int defaultScramSHA256IterationCount = 15000;
-const int minimumScramSHA256IterationCount = 5000;
-
SASLGlobalParams::SASLGlobalParams() {
- // Authentication mechanisms supported by default.
- authenticationMechanisms.push_back("MONGODB-X509");
- authenticationMechanisms.push_back("SCRAM-SHA-1");
- authenticationMechanisms.push_back("SCRAM-SHA-256");
-
- // Default iteration count for SCRAM authentication.
- scramSHA1IterationCount.store(defaultScramSHA1IterationCount);
- scramSHA256IterationCount.store(defaultScramSHA256IterationCount);
+ scramSHA1IterationCount.store(kScramIterationCountDefault);
+ scramSHA256IterationCount.store(kScramSHA256IterationCountDefault);
+ authenticationMechanisms = kDefaultAuthenticationMechanisms;
// Default value for auth failed delay
authFailedDelay.store(0);
}
-
-Status addSASLOptions(moe::OptionSection* options) {
- moe::OptionSection saslOptions("SASL Options");
-
- saslOptions
- .addOptionChaining("security.authenticationMechanisms",
- "",
- moe::StringVector,
- "List of supported authentication mechanisms. "
- "Default is SCRAM-SHA-1 and MONGODB-X509.")
- .setSources(moe::SourceYAMLConfig);
-
- saslOptions
- .addOptionChaining(
- "security.sasl.hostName", "", moe::String, "Fully qualified server domain name")
- .setSources(moe::SourceYAMLConfig);
-
- saslOptions
- .addOptionChaining("security.sasl.serviceName",
- "",
- moe::String,
- "Registered name of the service using SASL")
- .setSources(moe::SourceYAMLConfig);
-
- saslOptions
- .addOptionChaining("security.sasl.saslauthdSocketPath",
- "",
- moe::String,
- "Path to Unix domain socket file for saslauthd")
- .setSources(moe::SourceYAMLConfig);
-
- Status ret = options->addSection(saslOptions);
- if (!ret.isOK()) {
- log() << "Failed to add sasl option section: " << ret.toString();
- return ret;
- }
-
- return Status::OK();
-}
-
-Status storeSASLOptions(const moe::Environment& params) {
- bool haveAuthenticationMechanisms = false;
- bool haveHostName = false;
- bool haveServiceName = false;
- bool haveAuthdPath = false;
- bool haveScramSHA1IterationCount = false;
- bool haveScramSHA256IterationCount = false;
- int scramSHA1IterationCount = defaultScramSHA1IterationCount;
-
- // Check our setParameter options first so that these values can be properly overridden via
- // the command line even though the options have different names.
- if (params.count("setParameter")) {
- std::map<std::string, std::string> parameters =
- params["setParameter"].as<std::map<std::string, std::string>>();
- for (std::map<std::string, std::string>::iterator parametersIt = parameters.begin();
- parametersIt != parameters.end();
- parametersIt++) {
- if (parametersIt->first == "authenticationMechanisms") {
- haveAuthenticationMechanisms = true;
- } else if (parametersIt->first == "saslHostName") {
- haveHostName = true;
- } else if (parametersIt->first == "saslServiceName") {
- haveServiceName = true;
- } else if (parametersIt->first == "saslauthdPath") {
- haveAuthdPath = true;
- } else if (parametersIt->first == scramSHA1IterationCountServerParameter) {
- haveScramSHA1IterationCount = true;
- // If the value here is non-numeric, atoi() will fail to parse.
- // We can ignore that error since the ExportedServerParameter
- // will catch it for us.
- scramSHA1IterationCount = atoi(parametersIt->second.c_str());
- } else if (parametersIt->first == scramSHA256IterationCountServerParameter) {
- haveScramSHA256IterationCount = true;
- }
- }
- }
-
- if (params.count("security.authenticationMechanisms") && !haveAuthenticationMechanisms) {
- saslGlobalParams.authenticationMechanisms =
- params["security.authenticationMechanisms"].as<std::vector<std::string>>();
- }
- if (params.count("security.sasl.hostName") && !haveHostName) {
- saslGlobalParams.hostName = params["security.sasl.hostName"].as<std::string>();
- }
- if (params.count("security.sasl.serviceName") && !haveServiceName) {
- saslGlobalParams.serviceName = params["security.sasl.serviceName"].as<std::string>();
- }
- if (params.count("security.sasl.saslauthdSocketPath") && !haveAuthdPath) {
- saslGlobalParams.authdPath = params["security.sasl.saslauthdSocketPath"].as<std::string>();
- }
- if (params.count("security.sasl.scramIterationCount") && !haveScramSHA1IterationCount) {
- scramSHA1IterationCount = params["security.sasl.scramIterationCount"].as<int>();
- saslGlobalParams.scramSHA1IterationCount.store(scramSHA1IterationCount);
- }
- if (!haveScramSHA256IterationCount) {
- if (params.count("security.sasl.scramSHA256IterationCount")) {
- saslGlobalParams.scramSHA256IterationCount.store(
- params["security.sasl.scramSHA256IterationCount"].as<int>());
- } else {
- // If scramSHA256IterationCount isn't provided explicitly,
- // then fall back on scramIterationCount if it is greater than
- // the default scramSHA256IterationCount.
- saslGlobalParams.scramSHA256IterationCount.store(
- std::max<int>(scramSHA1IterationCount, defaultScramSHA256IterationCount));
- }
- }
-
- if (saslGlobalParams.hostName.empty())
- saslGlobalParams.hostName = getHostNameCached();
- if (saslGlobalParams.serviceName.empty())
- saslGlobalParams.serviceName = "mongodb";
-
- return Status::OK();
-}
-
-MONGO_MODULE_STARTUP_OPTIONS_REGISTER(SASLOptions)(InitializerContext* context) {
- return addSASLOptions(&moe::startupOptions);
-}
-
-MONGO_STARTUP_OPTIONS_STORE(SASLOptions)(InitializerContext* context) {
- return storeSASLOptions(moe::startupOptionsParsed);
-}
-
-// SASL Startup Parameters, making them settable via setParameter on the command line or in the
-// legacy INI config file. None of these parameters are modifiable at runtime.
-ExportedServerParameter<std::vector<std::string>, ServerParameterType::kStartupOnly>
- SASLAuthenticationMechanismsSetting(ServerParameterSet::getGlobal(),
- "authenticationMechanisms",
- &saslGlobalParams.authenticationMechanisms);
-
-ExportedServerParameter<std::string, ServerParameterType::kStartupOnly> SASLHostNameSetting(
- ServerParameterSet::getGlobal(), "saslHostName", &saslGlobalParams.hostName);
-
-ExportedServerParameter<std::string, ServerParameterType::kStartupOnly> SASLServiceNameSetting(
- ServerParameterSet::getGlobal(), "saslServiceName", &saslGlobalParams.serviceName);
-
-ExportedServerParameter<std::string, ServerParameterType::kStartupOnly> SASLAuthdPathSetting(
- ServerParameterSet::getGlobal(), "saslauthdPath", &saslGlobalParams.authdPath);
-
-class ExportedScramIterationCountParameter
- : public ExportedServerParameter<int, ServerParameterType::kStartupAndRuntime> {
-public:
- ExportedScramIterationCountParameter(StringData name, AtomicWord<int>* value, int minimum)
- : ExportedServerParameter<int, ServerParameterType::kStartupAndRuntime>(
- ServerParameterSet::getGlobal(), name.toString(), value),
- _minimum(minimum) {}
-
- virtual Status validate(const int& newValue) {
- if (newValue < _minimum) {
- return Status(
- ErrorCodes::BadValue,
- mongoutils::str::stream() << "Invalid value for SCRAM iteration count: " << newValue
- << " is less than the minimum SCRAM iteration count, "
- << _minimum);
- }
-
- return Status::OK();
- }
-
-private:
- int _minimum;
-};
-
-ExportedScramIterationCountParameter scramSHA1IterationCountParam(
- scramSHA1IterationCountServerParameter,
- &saslGlobalParams.scramSHA1IterationCount,
- minimumScramSHA1IterationCount);
-ExportedScramIterationCountParameter scramSHA256IterationCountParam(
- scramSHA256IterationCountServerParameter,
- &saslGlobalParams.scramSHA256IterationCount,
- minimumScramSHA256IterationCount);
-
} // namespace mongo
View Lorry Controller Status