diff options
| -rw-r--r-- | src/mongo/shell/db.js | 8 | ||||
| -rw-r--r-- | src/mongo/shell/dbshell.cpp | 23 | ||||
| -rw-r--r-- | src/mongo/shell/shell_options.cpp | 33 | ||||
| -rw-r--r-- | src/mongo/shell/shell_options.h | 2 |
4 files changed, 54 insertions, 12 deletions
diff --git a/src/mongo/shell/db.js b/src/mongo/shell/db.js index 2bf1d0b85fa..8c75ed21d4f 100644 --- a/src/mongo/shell/db.js +++ b/src/mongo/shell/db.js @@ -1178,6 +1178,7 @@ DB.prototype.__pwHash = function( nonce, username, pass ) { } DB.prototype._defaultAuthenticationMechanism = "MONGODB-CR"; +DB.prototype._defaultGssapiServiceName = null; DB.prototype._authOrThrow = function () { var params; @@ -1201,6 +1202,13 @@ DB.prototype._authOrThrow = function () { throw Error("Do not override db field on db.auth(). Use getMongo().auth(), instead."); } + if (params.mechanism == "GSSAPI" && + params.serviceName == null && + this._defaultGssapiServiceName != null) { + + params.serviceName = this._defaultGssapiServiceName; + } + params.db = this.getName(); var good = this.getMongo().auth(params); if (good) { diff --git a/src/mongo/shell/dbshell.cpp b/src/mongo/shell/dbshell.cpp index 38e2a2017a7..b00ef67e522 100644 --- a/src/mongo/shell/dbshell.cpp +++ b/src/mongo/shell/dbshell.cpp @@ -699,34 +699,45 @@ int _main( int argc, char* argv[], char **envp ) { // }()) stringstream authStringStream; authStringStream << "(function() { " << endl; - if ( !shellGlobalParams.authenticationMechanism.empty() ) { + if (!shellGlobalParams.authenticationMechanism.empty()) { authStringStream << "DB.prototype._defaultAuthenticationMechanism = \"" << - shellGlobalParams.authenticationMechanism << "\";" << endl; + escape(shellGlobalParams.authenticationMechanism) << "\";" << endl; + } + + if (!shellGlobalParams.gssapiServiceName.empty()) { + authStringStream << "DB.prototype._defaultGssapiServiceName = \"" << + escape(shellGlobalParams.gssapiServiceName) << "\";" << endl; } if (!shellGlobalParams.nodb && shellGlobalParams.username.size()) { - authStringStream << "var username = \"" << shellGlobalParams.username << "\";" << endl; + authStringStream << "var username = \"" << escape(shellGlobalParams.username) << "\";" << + endl; if (shellGlobalParams.usingPassword) { - authStringStream << "var password = \"" << shellGlobalParams.password << "\";" << endl; + authStringStream << "var password = \"" << escape(shellGlobalParams.password) << "\";" + << endl; } if (shellGlobalParams.authenticationDatabase.empty()) { authStringStream << "var authDb = db;" << endl; } else { authStringStream << "var authDb = db.getSiblingDB(\"" - << shellGlobalParams.authenticationDatabase << "\");" << endl; + << escape(shellGlobalParams.authenticationDatabase) << "\");" << endl; } authStringStream << "authDb._authOrThrow({ " << saslCommandUserFieldName << ": username "; if (shellGlobalParams.usingPassword) { authStringStream << ", " << saslCommandPasswordFieldName << ": password "; } + + if (!shellGlobalParams.gssapiHostName.empty()) { + authStringStream << ", " << saslCommandServiceHostnameFieldName << ": \"" + << escape(shellGlobalParams.gssapiHostName) << '"' << endl; + } authStringStream << "});" << endl; } authStringStream << "}())"; mongo::shell_utils::_dbAuth = authStringStream.str(); - mongo::ScriptEngine::setConnectCallback( mongo::shell_utils::onConnect ); mongo::ScriptEngine::setup(); mongo::globalScriptEngine->setScopeInitCallback( mongo::shell_utils::initScope ); diff --git a/src/mongo/shell/shell_options.cpp b/src/mongo/shell/shell_options.cpp index 2832989ffe3..906b0b8a106 100644 --- a/src/mongo/shell/shell_options.cpp +++ b/src/mongo/shell/shell_options.cpp @@ -32,6 +32,7 @@ #include "mongo/base/status.h" #include "mongo/bson/util/builder.h" +#include "mongo/client/sasl_client_authenticate.h" #include "mongo/db/server_options.h" #include "mongo/shell/shell_utils.h" #include "mongo/util/mongoutils/str.h" @@ -63,21 +64,33 @@ namespace mongo { options->addOptionChaining("eval", "eval", moe::String, "evaluate javascript"); - options->addOptionChaining("username", "username,u", moe::String, + moe::OptionSection authenticationOptions("Authentication Options"); + + authenticationOptions.addOptionChaining("username", "username,u", moe::String, "username for authentication"); - options->addOptionChaining("password", "password,p", moe::String, + authenticationOptions.addOptionChaining("password", "password,p", moe::String, "password for authentication") .setImplicit(moe::Value(std::string(""))); - options->addOptionChaining("authenticationDatabase", "authenticationDatabase", moe::String, - "user source (defaults to dbname)") + authenticationOptions.addOptionChaining("authenticationDatabase", "authenticationDatabase", + moe::String, "user source (defaults to dbname)") .setDefault(moe::Value(std::string(""))); - options->addOptionChaining("authenticationMechanism", "authenticationMechanism", - moe::String, "authentication mechanism") + authenticationOptions.addOptionChaining("authenticationMechanism", + "authenticationMechanism", moe::String, "authentication mechanism") .setDefault(moe::Value(std::string("MONGODB-CR"))); + authenticationOptions.addOptionChaining("gssapiServiceName", "gssapiServiceName", + moe::String, + "Service name to use when authenticating using GSSAPI/Kerberos") + .setDefault(moe::Value(std::string(saslDefaultServiceName))); + + authenticationOptions.addOptionChaining("gssapiHostName", "gssapiHostName", moe::String, + "Remote host name to use for purpose of GSSAPI/Kerberos authentication"); + + options->addSection(authenticationOptions); + options->addOptionChaining("help", "help,h", moe::Switch, "show this usage information"); options->addOptionChaining("version", "version", moe::Switch, "show version information"); @@ -203,6 +216,14 @@ namespace mongo { params["authenticationMechanism"].as<string>(); } + if (params.count("gssapiServiceName")) { + shellGlobalParams.gssapiServiceName = params["gssapiServiceName"].as<string>(); + } + + if (params.count("gssapiHostName")) { + shellGlobalParams.gssapiHostName = params["gssapiHostName"].as<string>(); + } + if (params.count("shell")) { shellGlobalParams.runShell = true; } diff --git a/src/mongo/shell/shell_options.h b/src/mongo/shell/shell_options.h index 12d0ed5c89c..1d4a74a8f34 100644 --- a/src/mongo/shell/shell_options.h +++ b/src/mongo/shell/shell_options.h @@ -53,6 +53,8 @@ namespace mongo { bool usingPassword; std::string authenticationMechanism; std::string authenticationDatabase; + std::string gssapiServiceName; + std::string gssapiHostName; bool runShell; bool nodb; |