void _mongoc_sasl_set_properties (mongoc_sasl_t *sasl, const mongoc_uri_t *uri) { const bson_t *options; bson_iter_t iter; bson_t properties; const char *service_name = NULL; bool canonicalize = false; _mongoc_sasl_set_pass(sasl, mongoc_uri_get_password(uri)); _mongoc_sasl_set_user(sasl, mongoc_uri_get_username(uri)); options = mongoc_uri_get_options (uri); if (!mongoc_uri_get_mechanism_properties (uri, &properties)) { bson_init (&properties); } if (bson_iter_init_find_case ( &iter, options, MONGOC_URI_GSSAPISERVICENAME) && BSON_ITER_HOLDS_UTF8 (&iter)) { service_name = bson_iter_utf8 (&iter, NULL); } if (bson_iter_init_find_case (&iter, &properties, "SERVICE_NAME") && BSON_ITER_HOLDS_UTF8 (&iter)) { /* newer "authMechanismProperties" URI syntax takes precedence */ service_name = bson_iter_utf8 (&iter, NULL); } _mongoc_sasl_set_service_name (sasl, service_name); /* * Driver Authentication Spec: "Drivers MAY allow the user to request * canonicalization of the hostname. This might be required when the hosts * report different hostnames than what is used in the kerberos database. * The default is "false". * * Some underlying GSSAPI layers will do this for us, but can be disabled in * their config (krb.conf). * * See CDRIVER-323 for more information. */ if (bson_iter_init_find_case ( &iter, options, MONGOC_URI_CANONICALIZEHOSTNAME) && BSON_ITER_HOLDS_BOOL (&iter)) { canonicalize = bson_iter_bool (&iter); } if (bson_iter_init_find_case ( &iter, &properties, "CANONICALIZE_HOST_NAME") && BSON_ITER_HOLDS_UTF8 (&iter)) { /* newer "authMechanismProperties" URI syntax takes precedence */ canonicalize = !strcasecmp (bson_iter_utf8 (&iter, NULL), "true"); } sasl->canonicalize_host_name = canonicalize; bson_destroy (&properties); }
bool _mongoc_cyrus_new_from_cluster (mongoc_cyrus_t *sasl, mongoc_cluster_t *cluster, mongoc_stream_t *stream, const char *hostname, bson_error_t *error) { const char *mechanism; char real_name[BSON_HOST_NAME_MAX + 1]; _mongoc_cyrus_init (sasl); mechanism = mongoc_uri_get_auth_mechanism (cluster->uri); if (!mechanism) { mechanism = "GSSAPI"; } if (!_mongoc_cyrus_set_mechanism (sasl, mechanism, error)) { _mongoc_cyrus_destroy (sasl); return false; } _mongoc_sasl_set_pass ((mongoc_sasl_t *) sasl, mongoc_uri_get_password (cluster->uri)); _mongoc_sasl_set_user ((mongoc_sasl_t *) sasl, mongoc_uri_get_username (cluster->uri)); _mongoc_sasl_set_properties ((mongoc_sasl_t *) sasl, cluster->uri); /* * If the URI requested canonicalizeHostname, we need to resolve the real * hostname for the IP Address and pass that to the SASL layer. Some * underlying GSSAPI layers will do this for us, but can be disabled in * their config (krb.conf). * * This allows the consumer to specify canonicalizeHostname=true in the URI * and have us do that for them. * * See CDRIVER-323 for more information. */ if (sasl->credentials.canonicalize_host_name && _mongoc_sasl_get_canonicalized_name ( stream, real_name, sizeof real_name)) { _mongoc_sasl_set_service_host ((mongoc_sasl_t *) sasl, real_name); } else { _mongoc_sasl_set_service_host ((mongoc_sasl_t *) sasl, hostname); } return true; }