SERVER-33980 Reduce dependencies for embedded commands

6 files changed, 110 insertions, 8 deletions

diff --git a/src/mongo/db/auth/SConscript b/src/mongo/db/auth/SConscript
index e3afcfc79d9..eaebe1cc5d2 100644
--- a/src/mongo/db/auth/SConscript
+++ b/src/mongo/db/auth/SConscript
@@ -104,13 +104,17 @@ env.Library(
     ]
 )
 
-env.Library('authcommon',
-            ['internal_user_auth.cpp'],
-            LIBDEPS=[
-                '$BUILD_DIR/mongo/base',
-                '$BUILD_DIR/mongo/bson/mutable/mutable_bson',
-                '$BUILD_DIR/mongo/bson/util/bson_extract',
-            ])
+env.Library(
+    target='authcommon',
+    source=[
+        'internal_user_auth.cpp',
+    ],
+    LIBDEPS=[
+        '$BUILD_DIR/mongo/base',
+        '$BUILD_DIR/mongo/bson/mutable/mutable_bson',
+        '$BUILD_DIR/mongo/bson/util/bson_extract',
+    ],
+)
 
 env.Library('authorization_manager_global',
             [
diff --git a/src/mongo/db/auth/sasl_command_constants.h b/src/mongo/db/auth/sasl_command_constants.h
new file mode 100644
index 00000000000..7603cea4df5
--- /dev/null
+++ b/src/mongo/db/auth/sasl_command_constants.h
@@ -0,0 +1,91 @@
+/**
+ *    Copyright (C) 2018 MongoDB Inc.
+ *
+ *    This program is free software: you can redistribute it and/or  modify
+ *    it under the terms of the GNU Affero General Public License, version 3,
+ *    as published by the Free Software Foundation.
+ *
+ *    This program is distributed in the hope that it will be useful,
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *    GNU Affero General Public License for more details.
+ *
+ *    You should have received a copy of the GNU Affero General Public License
+ *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ *    As a special exception, the copyright holders give permission to link the
+ *    code of portions of this program with the OpenSSL library under certain
+ *    conditions as described in each individual source file and distribute
+ *    linked combinations including the program with the OpenSSL library. You
+ *    must comply with the GNU Affero General Public License in all respects
+ *    for all of the code used other than as permitted herein. If you modify
+ *    file(s) with this exception, you may extend this exception to your
+ *    version of the file(s), but you are not obligated to do so. If you do not
+ *    wish to do so, delete this exception statement from your version. If you
+ *    delete this exception statement from all source files in the program,
+ *    then also delete it in the license file.
+ */
+
+#pragma once
+
+#include "mongo/base/string_data.h"
+
+namespace mongo {
+
+/// String name of the saslStart command.
+constexpr auto saslStartCommandName = "saslStart"_sd;
+
+/// String name of the saslContinue command.
+constexpr auto saslContinueCommandName = "saslContinue"_sd;
+
+/// Name of the saslStart parameter indicating that the server should automatically grant the
+/// connection all privileges associated with the user after successful authentication.
+constexpr auto saslCommandAutoAuthorizeFieldName = "autoAuthorize"_sd;
+
+/// Name of the field containing the conversation identifier in server respones and saslContinue
+/// commands.
+constexpr auto saslCommandConversationIdFieldName = "conversationId"_sd;
+
+/// Name of the field that indicates whether or not the server believes authentication has
+/// completed successfully.
+constexpr auto saslCommandDoneFieldName = "done"_sd;
+
+/// Name of parameter to saslStart command indiciating the client's desired sasl mechanism.
+constexpr auto saslCommandMechanismFieldName = "mechanism"_sd;
+
+/// In the event that saslStart supplies an unsupported mechanism, the server responds with a
+/// field by this name, with a list of supported mechanisms.
+constexpr auto saslCommandMechanismListFieldName = "supportedMechanisms"_sd;
+
+/// Field containing password information for saslClientAuthenticate().
+constexpr auto saslCommandPasswordFieldName = "pwd"_sd;
+
+/// Field containing sasl payloads passed to and from the server.
+constexpr auto saslCommandPayloadFieldName = "payload"_sd;
+
+/// Field containing the string identifier of the user to authenticate in
+/// saslClientAuthenticate().
+constexpr auto saslCommandUserFieldName = "user"_sd;
+
+/// Field containing the string identifier of the database containing credential information,
+/// or "$external" if the credential information is stored outside of the mongo cluster.
+constexpr auto saslCommandUserDBFieldName = "db"_sd;
+
+/// Field overriding the FQDN of the hostname hosting the mongodb srevice in
+/// saslClientAuthenticate().
+constexpr auto saslCommandServiceHostnameFieldName = "serviceHostname"_sd;
+
+/// Field overriding the name of the mongodb service saslClientAuthenticate().
+constexpr auto saslCommandServiceNameFieldName = "serviceName"_sd;
+
+/// Default database against which sasl authentication commands should run.
+constexpr auto saslDefaultDBName = "$external"_sd;
+
+/// Default sasl service name, "mongodb".
+constexpr auto saslDefaultServiceName = "mongodb"_sd;
+
+// Field whose value should be set to true if the field in saslCommandPasswordFieldName needs to
+// be digested.
+constexpr auto saslCommandDigestPasswordFieldName = "digestPassword"_sd;
+
+}  // namespace mongo
diff --git a/src/mongo/db/auth/sasl_commands.cpp b/src/mongo/db/auth/sasl_commands.cpp
index 43f75bdb83c..ef9bcc68285 100644
--- a/src/mongo/db/auth/sasl_commands.cpp
+++ b/src/mongo/db/auth/sasl_commands.cpp
@@ -44,6 +44,7 @@
 #include "mongo/db/auth/authorization_session.h"
 #include "mongo/db/auth/authz_manager_external_state_mock.h"
 #include "mongo/db/auth/authz_session_external_state_mock.h"
+#include "mongo/db/auth/sasl_command_constants.h"
 #include "mongo/db/auth/sasl_options.h"
 #include "mongo/db/client.h"
 #include "mongo/db/commands.h"
diff --git a/src/mongo/db/auth/sasl_scram_server_conversation.cpp b/src/mongo/db/auth/sasl_scram_server_conversation.cpp
index 65720d6d383..25cc6659247 100644
--- a/src/mongo/db/auth/sasl_scram_server_conversation.cpp
+++ b/src/mongo/db/auth/sasl_scram_server_conversation.cpp
@@ -344,6 +344,9 @@ StatusWith<std::tuple<bool, std::string>> SaslSCRAMServerMechanism<Policy>::_sec
     return std::make_tuple(false, sb.str());
 }
 
+template class SaslSCRAMServerMechanism<SCRAMSHA1Policy>;
+template class SaslSCRAMServerMechanism<SCRAMSHA256Policy>;
+
 MONGO_INITIALIZER_WITH_PREREQUISITES(SASLSCRAMServerMechanism,
                                      ("CreateSASLServerMechanismRegistry"))
 (::mongo::InitializerContext* context) {
diff --git a/src/mongo/db/auth/sasl_scram_server_conversation.h b/src/mongo/db/auth/sasl_scram_server_conversation.h
index 33713258028..8338fc3e676 100644
--- a/src/mongo/db/auth/sasl_scram_server_conversation.h
+++ b/src/mongo/db/auth/sasl_scram_server_conversation.h
@@ -88,6 +88,9 @@ private:
     std::string _nonce;
 };
 
+extern template class SaslSCRAMServerMechanism<SCRAMSHA1Policy>;
+extern template class SaslSCRAMServerMechanism<SCRAMSHA256Policy>;
+
 template <typename ScramMechanism>
 class SCRAMServerFactory : public MakeServerFactory<ScramMechanism> {
 public:
diff --git a/src/mongo/db/auth/security_key.cpp b/src/mongo/db/auth/security_key.cpp
index 3e14d65c00e..a9d6f86c2ad 100644
--- a/src/mongo/db/auth/security_key.cpp
+++ b/src/mongo/db/auth/security_key.cpp
@@ -37,7 +37,6 @@
 #include <vector>
 
 #include "mongo/base/status_with.h"
-#include "mongo/client/sasl_client_authenticate.h"
 #include "mongo/crypto/mechanism_scram.h"
 #include "mongo/crypto/sha1_block.h"
 #include "mongo/db/auth/action_set.h"
@@ -45,6 +44,7 @@
 #include "mongo/db/auth/authorization_manager.h"
 #include "mongo/db/auth/internal_user_auth.h"
 #include "mongo/db/auth/privilege.h"
+#include "mongo/db/auth/sasl_command_constants.h"
 #include "mongo/db/auth/sasl_options.h"
 #include "mongo/db/auth/security_file.h"
 #include "mongo/db/auth/user.h"