void _mongoc_sasl_set_properties (mongoc_sasl_t *sasl, const mongoc_uri_t *uri) { const bson_t *options; bson_iter_t iter; bson_t properties; const char *service_name = NULL; bool canonicalize = false; _mongoc_sasl_set_pass(sasl, mongoc_uri_get_password(uri)); _mongoc_sasl_set_user(sasl, mongoc_uri_get_username(uri)); options = mongoc_uri_get_options (uri); if (!mongoc_uri_get_mechanism_properties (uri, &properties)) { bson_init (&properties); } if (bson_iter_init_find_case ( &iter, options, MONGOC_URI_GSSAPISERVICENAME) && BSON_ITER_HOLDS_UTF8 (&iter)) { service_name = bson_iter_utf8 (&iter, NULL); } if (bson_iter_init_find_case (&iter, &properties, "SERVICE_NAME") && BSON_ITER_HOLDS_UTF8 (&iter)) { /* newer "authMechanismProperties" URI syntax takes precedence */ service_name = bson_iter_utf8 (&iter, NULL); } _mongoc_sasl_set_service_name (sasl, service_name); /* * Driver Authentication Spec: "Drivers MAY allow the user to request * canonicalization of the hostname. This might be required when the hosts * report different hostnames than what is used in the kerberos database. * The default is "false". * * Some underlying GSSAPI layers will do this for us, but can be disabled in * their config (krb.conf). * * See CDRIVER-323 for more information. */ if (bson_iter_init_find_case ( &iter, options, MONGOC_URI_CANONICALIZEHOSTNAME) && BSON_ITER_HOLDS_BOOL (&iter)) { canonicalize = bson_iter_bool (&iter); } if (bson_iter_init_find_case ( &iter, &properties, "CANONICALIZE_HOST_NAME") && BSON_ITER_HOLDS_UTF8 (&iter)) { /* newer "authMechanismProperties" URI syntax takes precedence */ canonicalize = !strcasecmp (bson_iter_utf8 (&iter, NULL), "true"); } sasl->canonicalize_host_name = canonicalize; bson_destroy (&properties); }
static void test_mongoc_uri_new (void) { const mongoc_host_list_t *hosts; const bson_t *options; const bson_t *credentials; bson_t properties; mongoc_uri_t *uri; bson_iter_t iter; bson_iter_t child; /* bad uris */ ASSERT(!mongoc_uri_new("mongodb://")); ASSERT(!mongoc_uri_new("mongodb://::")); ASSERT(!mongoc_uri_new("mongodb://*****:*****@localhost:27017/foo/?authSource=abcd"); ASSERT(uri); ASSERT_CMPSTR(mongoc_uri_get_username(uri), "christian"); ASSERT_CMPSTR(mongoc_uri_get_password(uri), "secret"); ASSERT_CMPSTR(mongoc_uri_get_auth_source(uri), "abcd"); mongoc_uri_destroy(uri); /* should use the default auth source and mechanism */ uri = mongoc_uri_new("mongodb://*****:*****@localhost:27017"); ASSERT(uri); ASSERT_CMPSTR(mongoc_uri_get_auth_source(uri), "admin"); ASSERT(!mongoc_uri_get_auth_mechanism(uri)); mongoc_uri_destroy(uri); /* should use the db when no authSource is specified */ uri = mongoc_uri_new("mongodb://*****:*****@localhost/foo"); ASSERT(uri); ASSERT_CMPSTR(mongoc_uri_get_auth_source(uri), "foo"); mongoc_uri_destroy(uri); /* should recognize an empty password */ uri = mongoc_uri_new("mongodb://samantha:@localhost"); ASSERT(uri); ASSERT_CMPSTR(mongoc_uri_get_username(uri), "samantha"); ASSERT_CMPSTR(mongoc_uri_get_password(uri), ""); mongoc_uri_destroy(uri); /* should recognize no password */ uri = mongoc_uri_new("mongodb://christian@localhost:27017"); ASSERT(uri); ASSERT_CMPSTR(mongoc_uri_get_username(uri), "christian"); ASSERT(!mongoc_uri_get_password(uri)); mongoc_uri_destroy(uri); /* should recognize a url escaped character in the username */ uri = mongoc_uri_new("mongodb://christian%40realm:pwd@localhost:27017"); ASSERT(uri); ASSERT_CMPSTR(mongoc_uri_get_username(uri), "christian@realm"); mongoc_uri_destroy(uri); /* while you shouldn't do this, lets test for it */ uri = mongoc_uri_new("mongodb://christian%40realm@localhost:27017/db%2ename"); ASSERT(uri); ASSERT_CMPSTR(mongoc_uri_get_database(uri), "db.name"); mongoc_uri_destroy(uri); uri = mongoc_uri_new("mongodb://christian%40realm@localhost:27017/db%2Ename"); ASSERT(uri); ASSERT_CMPSTR(mongoc_uri_get_database(uri), "db.name"); mongoc_uri_destroy(uri); uri = mongoc_uri_new("mongodb://christian%40realm@localhost:27017/?abcd=%20"); ASSERT(uri); options = mongoc_uri_get_options(uri); ASSERT(options); ASSERT(bson_iter_init_find(&iter, options, "abcd")); ASSERT(BSON_ITER_HOLDS_UTF8(&iter)); ASSERT_CMPSTR(bson_iter_utf8(&iter, NULL), " "); mongoc_uri_destroy(uri); uri = mongoc_uri_new("mongodb://christian%40realm@[::6]:27017/?abcd=%20"); ASSERT(uri); options = mongoc_uri_get_options(uri); ASSERT(options); ASSERT(bson_iter_init_find(&iter, options, "abcd")); ASSERT(BSON_ITER_HOLDS_UTF8(&iter)); ASSERT_CMPSTR(bson_iter_utf8(&iter, NULL), " "); mongoc_uri_destroy(uri); /* GSSAPI-specific options */ /* should recognize the GSSAPI mechanism, and use $external as source */ uri = mongoc_uri_new("mongodb://user%40DOMAIN.COM:password@localhost/?authMechanism=GSSAPI"); ASSERT(uri); ASSERT_CMPSTR(mongoc_uri_get_auth_mechanism(uri), "GSSAPI"); /*ASSERT_CMPSTR(mongoc_uri_get_auth_source(uri), "$external");*/ mongoc_uri_destroy(uri); /* use $external as source when db is specified */ uri = mongoc_uri_new("mongodb://user%40DOMAIN.COM:password@localhost/foo/?authMechanism=GSSAPI"); ASSERT(uri); ASSERT_CMPSTR(mongoc_uri_get_auth_source(uri), "$external"); mongoc_uri_destroy(uri); /* should not accept authSource other than $external */ ASSERT(!mongoc_uri_new("mongodb://user%40DOMAIN.COM:password@localhost/foo/?authMechanism=GSSAPI&authSource=bar")); /* should accept authMechanismProperties */ uri = mongoc_uri_new("mongodb://user%40DOMAIN.COM:password@localhost/?authMechanism=GSSAPI" "&authMechanismProperties=SERVICE_NAME:other,CANONICALIZE_HOST_NAME:true"); ASSERT(uri); credentials = mongoc_uri_get_credentials(uri); ASSERT(credentials); ASSERT(mongoc_uri_get_mechanism_properties(uri, &properties)); assert (bson_iter_init_find_case (&iter, &properties, "SERVICE_NAME") && BSON_ITER_HOLDS_UTF8 (&iter) && (0 == strcmp (bson_iter_utf8 (&iter, NULL), "other"))); assert (bson_iter_init_find_case (&iter, &properties, "CANONICALIZE_HOST_NAME") && BSON_ITER_HOLDS_UTF8 (&iter) && (0 == strcmp (bson_iter_utf8 (&iter, NULL), "true"))); mongoc_uri_destroy(uri); /* reverse order of arguments to ensure parsing still succeeds */ uri = mongoc_uri_new("mongodb://user@localhost/" "?authMechanismProperties=SERVICE_NAME:other" "&authMechanism=GSSAPI"); ASSERT(uri); mongoc_uri_destroy(uri); /* deprecated gssapiServiceName option */ uri = mongoc_uri_new("mongodb://christian%40realm.cc@localhost:27017/?authMechanism=GSSAPI&gssapiServiceName=blah"); ASSERT(uri); options = mongoc_uri_get_options(uri); ASSERT(options); assert (0 == strcmp (mongoc_uri_get_auth_mechanism (uri), "GSSAPI")); assert (0 == strcmp (mongoc_uri_get_username (uri), "*****@*****.**")); assert (bson_iter_init_find_case (&iter, options, "gssapiServiceName") && BSON_ITER_HOLDS_UTF8 (&iter) && (0 == strcmp (bson_iter_utf8 (&iter, NULL), "blah"))); mongoc_uri_destroy(uri); /* MONGODB-CR */ /* should recognize this mechanism */ uri = mongoc_uri_new("mongodb://user@localhost/?authMechanism=MONGODB-CR"); ASSERT(uri); ASSERT_CMPSTR(mongoc_uri_get_auth_mechanism(uri), "MONGODB-CR"); mongoc_uri_destroy(uri); /* X509 */ /* should recognize this mechanism, and use $external as the source */ uri = mongoc_uri_new("mongodb://user@localhost/?authMechanism=MONGODB-X509"); ASSERT(uri); ASSERT_CMPSTR(mongoc_uri_get_auth_mechanism(uri), "MONGODB-X509"); /*ASSERT_CMPSTR(mongoc_uri_get_auth_source(uri), "$external");*/ mongoc_uri_destroy(uri); /* use $external as source when db is specified */ uri = mongoc_uri_new("mongodb://CN%3DmyName%2COU%3DmyOrgUnit%2CO%3DmyOrg%2CL%3DmyLocality" "%2CST%3DmyState%2CC%3DmyCountry@localhost/foo/?authMechanism=MONGODB-X509"); ASSERT(uri); ASSERT_CMPSTR(mongoc_uri_get_auth_source(uri), "$external"); mongoc_uri_destroy(uri); /* should not accept authSource other than $external */ ASSERT(!mongoc_uri_new("mongodb://CN%3DmyName%2COU%3DmyOrgUnit%2CO%3DmyOrg%2CL%3DmyLocality" "%2CST%3DmyState%2CC%3DmyCountry@localhost/foo/?authMechanism=MONGODB-X509&authSource=bar")); /* should recognize the encoded username */ uri = mongoc_uri_new("mongodb://CN%3DmyName%2COU%3DmyOrgUnit%2CO%3DmyOrg%2CL%3DmyLocality" "%2CST%3DmyState%2CC%3DmyCountry@localhost/?authMechanism=MONGODB-X509"); ASSERT(uri); ASSERT_CMPSTR(mongoc_uri_get_username(uri), "CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry"); mongoc_uri_destroy(uri); /* PLAIN */ /* should recognize this mechanism */ uri = mongoc_uri_new("mongodb://user@localhost/?authMechanism=PLAIN"); ASSERT(uri); ASSERT_CMPSTR(mongoc_uri_get_auth_mechanism(uri), "PLAIN"); mongoc_uri_destroy(uri); /* SCRAM-SHA1 */ /* should recognize this mechanism */ uri = mongoc_uri_new("mongodb://user@localhost/?authMechanism=SCRAM-SHA1"); ASSERT(uri); ASSERT_CMPSTR(mongoc_uri_get_auth_mechanism(uri), "SCRAM-SHA1"); mongoc_uri_destroy(uri); }