summaryrefslogtreecommitdiff
path: root/src/mongo/db/auth/native_sasl_authentication_session.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/mongo/db/auth/native_sasl_authentication_session.cpp')
-rw-r--r--src/mongo/db/auth/native_sasl_authentication_session.cpp186
1 files changed, 86 insertions, 100 deletions
diff --git a/src/mongo/db/auth/native_sasl_authentication_session.cpp b/src/mongo/db/auth/native_sasl_authentication_session.cpp
index e2392beacd3..9566ba37487 100644
--- a/src/mongo/db/auth/native_sasl_authentication_session.cpp
+++ b/src/mongo/db/auth/native_sasl_authentication_session.cpp
@@ -52,122 +52,108 @@
namespace mongo {
- using std::unique_ptr;
+using std::unique_ptr;
namespace {
- SaslAuthenticationSession* createNativeSaslAuthenticationSession(
- AuthorizationSession* authzSession,
- const std::string& mechanism) {
- return new NativeSaslAuthenticationSession(authzSession);
- }
-
- MONGO_INITIALIZER(NativeSaslServerCore)(InitializerContext* context) {
- if (saslGlobalParams.hostName.empty())
- saslGlobalParams.hostName = getHostNameCached();
- if (saslGlobalParams.serviceName.empty())
- saslGlobalParams.serviceName = "mongodb";
-
- SaslAuthenticationSession::create = createNativeSaslAuthenticationSession;
- return Status::OK();
- }
-
- // PostSaslCommands is reversely dependent on CyrusSaslCommands having been run
- MONGO_INITIALIZER_WITH_PREREQUISITES(PostSaslCommands,
- ("NativeSaslServerCore"))
- (InitializerContext*) {
-
- AuthorizationManager authzManager(stdx::make_unique<AuthzManagerExternalStateMock>());
- std::unique_ptr<AuthorizationSession> authzSession =
- authzManager.makeAuthorizationSession();
-
- for (size_t i = 0; i < saslGlobalParams.authenticationMechanisms.size(); ++i) {
- const std::string& mechanism = saslGlobalParams.authenticationMechanisms[i];
- if (mechanism == "MONGODB-CR" || mechanism == "MONGODB-X509") {
- // Not a SASL mechanism; no need to smoke test built-in mechanisms.
- continue;
- }
- unique_ptr<SaslAuthenticationSession>
- session(SaslAuthenticationSession::create(authzSession.get(), mechanism));
- Status status = session->start("test",
- mechanism,
- saslGlobalParams.serviceName,
- saslGlobalParams.hostName,
- 1,
- true);
- if (!status.isOK())
- return status;
+SaslAuthenticationSession* createNativeSaslAuthenticationSession(AuthorizationSession* authzSession,
+ const std::string& mechanism) {
+ return new NativeSaslAuthenticationSession(authzSession);
+}
+
+MONGO_INITIALIZER(NativeSaslServerCore)(InitializerContext* context) {
+ if (saslGlobalParams.hostName.empty())
+ saslGlobalParams.hostName = getHostNameCached();
+ if (saslGlobalParams.serviceName.empty())
+ saslGlobalParams.serviceName = "mongodb";
+
+ SaslAuthenticationSession::create = createNativeSaslAuthenticationSession;
+ return Status::OK();
+}
+
+// PostSaslCommands is reversely dependent on CyrusSaslCommands having been run
+MONGO_INITIALIZER_WITH_PREREQUISITES(PostSaslCommands, ("NativeSaslServerCore"))
+(InitializerContext*) {
+ AuthorizationManager authzManager(stdx::make_unique<AuthzManagerExternalStateMock>());
+ std::unique_ptr<AuthorizationSession> authzSession = authzManager.makeAuthorizationSession();
+
+ for (size_t i = 0; i < saslGlobalParams.authenticationMechanisms.size(); ++i) {
+ const std::string& mechanism = saslGlobalParams.authenticationMechanisms[i];
+ if (mechanism == "MONGODB-CR" || mechanism == "MONGODB-X509") {
+ // Not a SASL mechanism; no need to smoke test built-in mechanisms.
+ continue;
}
-
- return Status::OK();
- }
-} //namespace
-
- NativeSaslAuthenticationSession::NativeSaslAuthenticationSession(
- AuthorizationSession* authzSession) :
- SaslAuthenticationSession(authzSession),
- _mechanism("") {
+ unique_ptr<SaslAuthenticationSession> session(
+ SaslAuthenticationSession::create(authzSession.get(), mechanism));
+ Status status = session->start(
+ "test", mechanism, saslGlobalParams.serviceName, saslGlobalParams.hostName, 1, true);
+ if (!status.isOK())
+ return status;
}
- NativeSaslAuthenticationSession::~NativeSaslAuthenticationSession() {}
+ return Status::OK();
+}
+} // namespace
- Status NativeSaslAuthenticationSession::start(StringData authenticationDatabase,
- StringData mechanism,
- StringData serviceName,
- StringData serviceHostname,
- int64_t conversationId,
- bool autoAuthorize) {
- fassert(18626, conversationId > 0);
+NativeSaslAuthenticationSession::NativeSaslAuthenticationSession(AuthorizationSession* authzSession)
+ : SaslAuthenticationSession(authzSession), _mechanism("") {}
- if (_conversationId != 0) {
- return Status(ErrorCodes::AlreadyInitialized,
- "Cannot call start() twice on same NativeSaslAuthenticationSession.");
- }
+NativeSaslAuthenticationSession::~NativeSaslAuthenticationSession() {}
- _authenticationDatabase = authenticationDatabase.toString();
- _mechanism = mechanism.toString();
- _serviceName = serviceName.toString();
- _serviceHostname = serviceHostname.toString();
- _conversationId = conversationId;
- _autoAuthorize = autoAuthorize;
+Status NativeSaslAuthenticationSession::start(StringData authenticationDatabase,
+ StringData mechanism,
+ StringData serviceName,
+ StringData serviceHostname,
+ int64_t conversationId,
+ bool autoAuthorize) {
+ fassert(18626, conversationId > 0);
- if (mechanism == "PLAIN") {
- _saslConversation.reset(new SaslPLAINServerConversation(this));
- }
- else if (mechanism == "SCRAM-SHA-1") {
- _saslConversation.reset(new SaslSCRAMSHA1ServerConversation(this));
- }
- else {
- return Status(ErrorCodes::BadValue,
- mongoutils::str::stream() << "SASL mechanism " << mechanism <<
- " is not supported");
- }
+ if (_conversationId != 0) {
+ return Status(ErrorCodes::AlreadyInitialized,
+ "Cannot call start() twice on same NativeSaslAuthenticationSession.");
+ }
- return Status::OK();
+ _authenticationDatabase = authenticationDatabase.toString();
+ _mechanism = mechanism.toString();
+ _serviceName = serviceName.toString();
+ _serviceHostname = serviceHostname.toString();
+ _conversationId = conversationId;
+ _autoAuthorize = autoAuthorize;
+
+ if (mechanism == "PLAIN") {
+ _saslConversation.reset(new SaslPLAINServerConversation(this));
+ } else if (mechanism == "SCRAM-SHA-1") {
+ _saslConversation.reset(new SaslSCRAMSHA1ServerConversation(this));
+ } else {
+ return Status(ErrorCodes::BadValue,
+ mongoutils::str::stream() << "SASL mechanism " << mechanism
+ << " is not supported");
}
- Status NativeSaslAuthenticationSession::step(StringData inputData,
- std::string* outputData) {
- if (!_saslConversation) {
- return Status(ErrorCodes::BadValue,
- mongoutils::str::stream() <<
- "The authentication session has not been properly initialized");
- }
+ return Status::OK();
+}
- StatusWith<bool> status = _saslConversation->step(inputData, outputData);
- if (status.isOK()) {
- _done = status.getValue();
- } else {
- _done = true;
- }
- return status.getStatus();
+Status NativeSaslAuthenticationSession::step(StringData inputData, std::string* outputData) {
+ if (!_saslConversation) {
+ return Status(ErrorCodes::BadValue,
+ mongoutils::str::stream()
+ << "The authentication session has not been properly initialized");
}
- std::string NativeSaslAuthenticationSession::getPrincipalId() const {
- return _saslConversation->getPrincipalId();
+ StatusWith<bool> status = _saslConversation->step(inputData, outputData);
+ if (status.isOK()) {
+ _done = status.getValue();
+ } else {
+ _done = true;
}
+ return status.getStatus();
+}
- const char* NativeSaslAuthenticationSession::getMechanism() const {
- return _mechanism.c_str();
- }
+std::string NativeSaslAuthenticationSession::getPrincipalId() const {
+ return _saslConversation->getPrincipalId();
+}
+
+const char* NativeSaslAuthenticationSession::getMechanism() const {
+ return _mechanism.c_str();
+}
} // namespace mongo
View Lorry Controller Status