diff options
author | Andrew Morrow <acm@mongodb.com> | 2018-03-28 11:59:39 -0400 |
---|---|---|
committer | Andrew Morrow <acm@mongodb.com> | 2018-03-29 12:15:39 -0400 |
commit | 73a74e4ba33af61b2f102ddf11e674ee30dc2768 (patch) | |
tree | ec11fffd096488f006e9e3a6f33ff4b80c1315fe /src/mongo/db/auth | |
parent | 45c86eb7be9a2ce2ffd112f22f7cdc131d35b0aa (diff) | |
download | mongo-73a74e4ba33af61b2f102ddf11e674ee30dc2768.tar.gz |
SERVER-33980 Reduce dependencies for embedded commands
Diffstat (limited to 'src/mongo/db/auth')
-rw-r--r-- | src/mongo/db/auth/SConscript | 18 | ||||
-rw-r--r-- | src/mongo/db/auth/sasl_command_constants.h | 91 | ||||
-rw-r--r-- | src/mongo/db/auth/sasl_commands.cpp | 1 | ||||
-rw-r--r-- | src/mongo/db/auth/sasl_scram_server_conversation.cpp | 3 | ||||
-rw-r--r-- | src/mongo/db/auth/sasl_scram_server_conversation.h | 3 | ||||
-rw-r--r-- | src/mongo/db/auth/security_key.cpp | 2 |
6 files changed, 110 insertions, 8 deletions
diff --git a/src/mongo/db/auth/SConscript b/src/mongo/db/auth/SConscript index e3afcfc79d9..eaebe1cc5d2 100644 --- a/src/mongo/db/auth/SConscript +++ b/src/mongo/db/auth/SConscript @@ -104,13 +104,17 @@ env.Library( ] ) -env.Library('authcommon', - ['internal_user_auth.cpp'], - LIBDEPS=[ - '$BUILD_DIR/mongo/base', - '$BUILD_DIR/mongo/bson/mutable/mutable_bson', - '$BUILD_DIR/mongo/bson/util/bson_extract', - ]) +env.Library( + target='authcommon', + source=[ + 'internal_user_auth.cpp', + ], + LIBDEPS=[ + '$BUILD_DIR/mongo/base', + '$BUILD_DIR/mongo/bson/mutable/mutable_bson', + '$BUILD_DIR/mongo/bson/util/bson_extract', + ], +) env.Library('authorization_manager_global', [ diff --git a/src/mongo/db/auth/sasl_command_constants.h b/src/mongo/db/auth/sasl_command_constants.h new file mode 100644 index 00000000000..7603cea4df5 --- /dev/null +++ b/src/mongo/db/auth/sasl_command_constants.h @@ -0,0 +1,91 @@ +/** + * Copyright (C) 2018 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. + */ + +#pragma once + +#include "mongo/base/string_data.h" + +namespace mongo { + +/// String name of the saslStart command. +constexpr auto saslStartCommandName = "saslStart"_sd; + +/// String name of the saslContinue command. +constexpr auto saslContinueCommandName = "saslContinue"_sd; + +/// Name of the saslStart parameter indicating that the server should automatically grant the +/// connection all privileges associated with the user after successful authentication. +constexpr auto saslCommandAutoAuthorizeFieldName = "autoAuthorize"_sd; + +/// Name of the field containing the conversation identifier in server respones and saslContinue +/// commands. +constexpr auto saslCommandConversationIdFieldName = "conversationId"_sd; + +/// Name of the field that indicates whether or not the server believes authentication has +/// completed successfully. +constexpr auto saslCommandDoneFieldName = "done"_sd; + +/// Name of parameter to saslStart command indiciating the client's desired sasl mechanism. +constexpr auto saslCommandMechanismFieldName = "mechanism"_sd; + +/// In the event that saslStart supplies an unsupported mechanism, the server responds with a +/// field by this name, with a list of supported mechanisms. +constexpr auto saslCommandMechanismListFieldName = "supportedMechanisms"_sd; + +/// Field containing password information for saslClientAuthenticate(). +constexpr auto saslCommandPasswordFieldName = "pwd"_sd; + +/// Field containing sasl payloads passed to and from the server. +constexpr auto saslCommandPayloadFieldName = "payload"_sd; + +/// Field containing the string identifier of the user to authenticate in +/// saslClientAuthenticate(). +constexpr auto saslCommandUserFieldName = "user"_sd; + +/// Field containing the string identifier of the database containing credential information, +/// or "$external" if the credential information is stored outside of the mongo cluster. +constexpr auto saslCommandUserDBFieldName = "db"_sd; + +/// Field overriding the FQDN of the hostname hosting the mongodb srevice in +/// saslClientAuthenticate(). +constexpr auto saslCommandServiceHostnameFieldName = "serviceHostname"_sd; + +/// Field overriding the name of the mongodb service saslClientAuthenticate(). +constexpr auto saslCommandServiceNameFieldName = "serviceName"_sd; + +/// Default database against which sasl authentication commands should run. +constexpr auto saslDefaultDBName = "$external"_sd; + +/// Default sasl service name, "mongodb". +constexpr auto saslDefaultServiceName = "mongodb"_sd; + +// Field whose value should be set to true if the field in saslCommandPasswordFieldName needs to +// be digested. +constexpr auto saslCommandDigestPasswordFieldName = "digestPassword"_sd; + +} // namespace mongo diff --git a/src/mongo/db/auth/sasl_commands.cpp b/src/mongo/db/auth/sasl_commands.cpp index 43f75bdb83c..ef9bcc68285 100644 --- a/src/mongo/db/auth/sasl_commands.cpp +++ b/src/mongo/db/auth/sasl_commands.cpp @@ -44,6 +44,7 @@ #include "mongo/db/auth/authorization_session.h" #include "mongo/db/auth/authz_manager_external_state_mock.h" #include "mongo/db/auth/authz_session_external_state_mock.h" +#include "mongo/db/auth/sasl_command_constants.h" #include "mongo/db/auth/sasl_options.h" #include "mongo/db/client.h" #include "mongo/db/commands.h" diff --git a/src/mongo/db/auth/sasl_scram_server_conversation.cpp b/src/mongo/db/auth/sasl_scram_server_conversation.cpp index 65720d6d383..25cc6659247 100644 --- a/src/mongo/db/auth/sasl_scram_server_conversation.cpp +++ b/src/mongo/db/auth/sasl_scram_server_conversation.cpp @@ -344,6 +344,9 @@ StatusWith<std::tuple<bool, std::string>> SaslSCRAMServerMechanism<Policy>::_sec return std::make_tuple(false, sb.str()); } +template class SaslSCRAMServerMechanism<SCRAMSHA1Policy>; +template class SaslSCRAMServerMechanism<SCRAMSHA256Policy>; + MONGO_INITIALIZER_WITH_PREREQUISITES(SASLSCRAMServerMechanism, ("CreateSASLServerMechanismRegistry")) (::mongo::InitializerContext* context) { diff --git a/src/mongo/db/auth/sasl_scram_server_conversation.h b/src/mongo/db/auth/sasl_scram_server_conversation.h index 33713258028..8338fc3e676 100644 --- a/src/mongo/db/auth/sasl_scram_server_conversation.h +++ b/src/mongo/db/auth/sasl_scram_server_conversation.h @@ -88,6 +88,9 @@ private: std::string _nonce; }; +extern template class SaslSCRAMServerMechanism<SCRAMSHA1Policy>; +extern template class SaslSCRAMServerMechanism<SCRAMSHA256Policy>; + template <typename ScramMechanism> class SCRAMServerFactory : public MakeServerFactory<ScramMechanism> { public: diff --git a/src/mongo/db/auth/security_key.cpp b/src/mongo/db/auth/security_key.cpp index 3e14d65c00e..a9d6f86c2ad 100644 --- a/src/mongo/db/auth/security_key.cpp +++ b/src/mongo/db/auth/security_key.cpp @@ -37,7 +37,6 @@ #include <vector> #include "mongo/base/status_with.h" -#include "mongo/client/sasl_client_authenticate.h" #include "mongo/crypto/mechanism_scram.h" #include "mongo/crypto/sha1_block.h" #include "mongo/db/auth/action_set.h" @@ -45,6 +44,7 @@ #include "mongo/db/auth/authorization_manager.h" #include "mongo/db/auth/internal_user_auth.h" #include "mongo/db/auth/privilege.h" +#include "mongo/db/auth/sasl_command_constants.h" #include "mongo/db/auth/sasl_options.h" #include "mongo/db/auth/security_file.h" #include "mongo/db/auth/user.h" |