mongodb/db/security_commands.cpp

// security_commands.cpp
// security.cpp links with both dbgrid and db.  this file db only -- at least for now.

// security.cpp

#include "stdafx.h"
#include "security.h"
#include "../util/md5.hpp"
#include "json.h" 
#include "pdfile.h"
#include "db.h"
#include "dbhelpers.h"
#include "commands.h"
#include "jsobj.h"

namespace mongo {

/* authentication

   system.users contains 
     { user : <username>, pwd : <pwd_digest>, ... }

   getnonce sends nonce to client

   client then sends { authenticate:1, nonce:<nonce_str>, user:<username>, key:<key> }

   where <key> is md5(<nonce_str><username><pwd_digest_str>) as a string
*/

    boost::thread_specific_ptr<nonce> lastNonce;

    class CmdGetNonce : public Command {
    public:
        virtual bool requiresAuth() { return false; }
        virtual bool logTheOp() {
            return false;
        }
        virtual bool slaveOk() {
            return true;
        }
        CmdGetNonce() : Command("getnonce") {}
        bool run(const char *ns, BSONObj& cmdObj, string& errmsg, BSONObjBuilder& result, bool fromRepl) {
            nonce *n = new nonce(security.getNonce());
            stringstream ss;
            ss << hex << *n;
            result.append("nonce", ss.str() );
            lastNonce.reset(n);
            return true;
        }
    } cmdGetNonce;

    class CmdLogout : public Command {
    public:
        virtual bool logTheOp() {
            return false;
        }
        virtual bool slaveOk() {
            return true;
        }
        CmdLogout() : Command("logout") {}
        bool run(const char *ns, BSONObj& cmdObj, string& errmsg, BSONObjBuilder& result, bool fromRepl) {
            // database->name is the one we are logging out...
            AuthenticationInfo *ai = authInfo.get();
            assert( ai ); 
            ai->logout(database->name.c_str());
            return true;
        }
    } cmdLogout;
    
    class CmdAuthenticate : public Command {
    public:
        virtual bool requiresAuth() { return false; }
        virtual bool logTheOp() {
            return false;
        }
        virtual bool slaveOk() {
            return true;
        }
        CmdAuthenticate() : Command("authenticate") {}
        bool run(const char *ns, BSONObj& cmdObj, string& errmsg, BSONObjBuilder& result, bool fromRepl) {
            log(1) << " authenticate: " << cmdObj << endl;

            string user = cmdObj.getStringField("user");
            string key = cmdObj.getStringField("key");
            string received_nonce = cmdObj.getStringField("nonce");
            
            if( user.empty() || key.empty() || received_nonce.empty() ) { 
                log() << "field missing/wrong type in received authenticate command " << database->name << '\n';                log() << "field missing/wrong type in received authenticate command " << database->name << '\n';
                errmsg = "auth fails";
                sleepmillis(10);
                return false;
            }
            
            stringstream digestBuilder;

            {
                nonce *ln = lastNonce.release();
                digestBuilder << hex << *ln;
                
                if( ln == 0 || digestBuilder.str() != received_nonce ) {
                    log() << "auth: bad nonce received. could be a driver bug or a security attack. db:" << database->name << '\n';                log() << "field missing/wr " << database->name << '\n';
                    errmsg = "auth fails";
                    sleepmillis(30);
                    return false;
                }
            }

            static BSONObj userPattern = fromjson("{\"user\":1}");
            string systemUsers = database->name + ".system.users";
            OCCASIONALLY Helpers::ensureIndex(systemUsers.c_str(), userPattern, "user_1");

            BSONObj userObj;
            {
                BSONObjBuilder b;
                b << "user" << user;
                BSONObj query = b.done();
                if( !Helpers::findOne(systemUsers.c_str(), query, userObj) ) { 
                    log() << "auth: couldn't find user " << user << ", " << systemUsers << '\n';
                    errmsg = "auth fails";
                    return false;
                }
            }
            
            md5digest d;
            {
                
                string pwd = userObj.getStringField("pwd");
                digestBuilder << user << pwd;
                string done = digestBuilder.str();
                
                md5_state_t st;
                md5_init(&st);
                md5_append(&st, (const md5_byte_t *) done.c_str(), done.size());
                md5_finish(&st, d);
            }
            
            string computed = digestToString( d );
            
            if ( key != computed ){
                log() << "auth: key mismatch " << user << ", ns:" << ns << '\n';
                errmsg = "auth fails";
                return false;
            }

            AuthenticationInfo *ai = authInfo.get();
            assert( ai );
            ai->authorize(database->name.c_str());
            return true;
        }
    } cmdAuthenticate;
    
} // namespace mongo
suppress a couple compiler warnings 2009-01-19 01:13:12 +01:00			`// security_commands.cpp`
			`// security.cpp links with both dbgrid and db. this file db only -- at least for now.`

			`// security.cpp`

			`#include "stdafx.h"`
			`#include "security.h"`
			`#include "../util/md5.hpp"`
			`#include "json.h"`
			`#include "pdfile.h"`
			`#include "db.h"`
			`#include "dbhelpers.h"`
			`#include "commands.h"`
			`#include "jsobj.h"`

			`namespace mongo {`

			`/* authentication`

			`system.users contains`
getnonce now returns a prettier nonce string -- hex digits as a string instead of double as a string. 2009-01-21 21:06:13 +01:00			`{ user : <username>, pwd : <pwd_digest>, ... }`
suppress a couple compiler warnings 2009-01-19 01:13:12 +01:00
			`getnonce sends nonce to client`

getnonce now returns a prettier nonce string -- hex digits as a string instead of double as a string. 2009-01-21 21:06:13 +01:00			`client then sends { authenticate:1, nonce:<nonce_str>, user:<username>, key:<key> }`
suppress a couple compiler warnings 2009-01-19 01:13:12 +01:00
getnonce now returns a prettier nonce string -- hex digits as a string instead of double as a string. 2009-01-21 21:06:13 +01:00			`where <key> is md5(<nonce_str><username><pwd_digest_str>) as a string`
suppress a couple compiler warnings 2009-01-19 01:13:12 +01:00			`*/`

getnonce now returns a prettier nonce string -- hex digits as a string instead of double as a string. 2009-01-21 21:06:13 +01:00			`boost::thread_specific_ptr<nonce> lastNonce;`
suppress a couple compiler warnings 2009-01-19 01:13:12 +01:00
			`class CmdGetNonce : public Command {`
			`public:`
basic security 2009-01-19 02:31:33 +01:00			`virtual bool requiresAuth() { return false; }`
suppress a couple compiler warnings 2009-01-19 01:13:12 +01:00			`virtual bool logTheOp() {`
			`return false;`
			`}`
			`virtual bool slaveOk() {`
			`return true;`
			`}`
			`CmdGetNonce() : Command("getnonce") {}`
			`bool run(const char *ns, BSONObj& cmdObj, string& errmsg, BSONObjBuilder& result, bool fromRepl) {`
getnonce now returns a prettier nonce string -- hex digits as a string instead of double as a string. 2009-01-21 21:06:13 +01:00			`nonce *n = new nonce(security.getNonce());`
using strings 2009-01-20 17:37:15 +01:00			`stringstream ss;`
getnonce now returns a prettier nonce string -- hex digits as a string instead of double as a string. 2009-01-21 21:06:13 +01:00			`ss << hex << *n;`
using strings 2009-01-20 17:37:15 +01:00			`result.append("nonce", ss.str() );`
getnonce now returns a prettier nonce string -- hex digits as a string instead of double as a string. 2009-01-21 21:06:13 +01:00			`lastNonce.reset(n);`
suppress a couple compiler warnings 2009-01-19 01:13:12 +01:00			`return true;`
			`}`
			`} cmdGetNonce;`

			`class CmdLogout : public Command {`
			`public:`
			`virtual bool logTheOp() {`
			`return false;`
			`}`
			`virtual bool slaveOk() {`
			`return true;`
			`}`
			`CmdLogout() : Command("logout") {}`
			`bool run(const char *ns, BSONObj& cmdObj, string& errmsg, BSONObjBuilder& result, bool fromRepl) {`
			`// database->name is the one we are logging out...`
basic security 2009-01-19 02:31:33 +01:00			`AuthenticationInfo *ai = authInfo.get();`
			`assert( ai );`
			`ai->logout(database->name.c_str());`
suppress a couple compiler warnings 2009-01-19 01:13:12 +01:00			`return true;`
			`}`
			`} cmdLogout;`
changed verbose to logLevel and added log(int) 2009-01-20 20:30:59 +01:00
suppress a couple compiler warnings 2009-01-19 01:13:12 +01:00			`class CmdAuthenticate : public Command {`
			`public:`
basic security 2009-01-19 02:31:33 +01:00			`virtual bool requiresAuth() { return false; }`
suppress a couple compiler warnings 2009-01-19 01:13:12 +01:00			`virtual bool logTheOp() {`
			`return false;`
			`}`
			`virtual bool slaveOk() {`
			`return true;`
			`}`
			`CmdAuthenticate() : Command("authenticate") {}`
			`bool run(const char *ns, BSONObj& cmdObj, string& errmsg, BSONObjBuilder& result, bool fromRepl) {`
changed verbose to logLevel and added log(int) 2009-01-20 20:30:59 +01:00			`log(1) << " authenticate: " << cmdObj << endl;`

suppress a couple compiler warnings 2009-01-19 01:13:12 +01:00			`string user = cmdObj.getStringField("user");`
using strings 2009-01-20 17:37:15 +01:00			`string key = cmdObj.getStringField("key");`
getnonce now returns a prettier nonce string -- hex digits as a string instead of double as a string. 2009-01-21 21:06:13 +01:00			`string received_nonce = cmdObj.getStringField("nonce");`
using strings 2009-01-20 17:37:15 +01:00
getnonce now returns a prettier nonce string -- hex digits as a string instead of double as a string. 2009-01-21 21:06:13 +01:00			`if( user.empty() \|\| key.empty() \|\| received_nonce.empty() ) {`
suppress a couple compiler warnings 2009-01-19 01:13:12 +01:00			`log() << "field missing/wrong type in received authenticate command " << database->name << '\n'; log() << "field missing/wrong type in received authenticate command " << database->name << '\n';`
			`errmsg = "auth fails";`
			`sleepmillis(10);`
			`return false;`
			`}`
using strings 2009-01-20 17:37:15 +01:00
			`stringstream digestBuilder;`
suppress a couple compiler warnings 2009-01-19 01:13:12 +01:00
			`{`
getnonce now returns a prettier nonce string -- hex digits as a string instead of double as a string. 2009-01-21 21:06:13 +01:00			`nonce *ln = lastNonce.release();`
			`digestBuilder << hex << *ln;`
using strings 2009-01-20 17:37:15 +01:00
getnonce now returns a prettier nonce string -- hex digits as a string instead of double as a string. 2009-01-21 21:06:13 +01:00			`if( ln == 0 \|\| digestBuilder.str() != received_nonce ) {`
suppress a couple compiler warnings 2009-01-19 01:13:12 +01:00			`log() << "auth: bad nonce received. could be a driver bug or a security attack. db:" << database->name << '\n'; log() << "field missing/wr " << database->name << '\n';`
			`errmsg = "auth fails";`
			`sleepmillis(30);`
			`return false;`
			`}`
			`}`

			`static BSONObj userPattern = fromjson("{\"user\":1}");`
			`string systemUsers = database->name + ".system.users";`
			`OCCASIONALLY Helpers::ensureIndex(systemUsers.c_str(), userPattern, "user_1");`

			`BSONObj userObj;`
			`{`
			`BSONObjBuilder b;`
			`b << "user" << user;`
			`BSONObj query = b.done();`
			`if( !Helpers::findOne(systemUsers.c_str(), query, userObj) ) {`
			`log() << "auth: couldn't find user " << user << ", " << systemUsers << '\n';`
			`errmsg = "auth fails";`
			`return false;`
			`}`
			`}`
using strings 2009-01-20 17:37:15 +01:00
suppress a couple compiler warnings 2009-01-19 01:13:12 +01:00			`md5digest d;`
			`{`
using strings 2009-01-20 17:37:15 +01:00
			`string pwd = userObj.getStringField("pwd");`
			`digestBuilder << user << pwd;`
			`string done = digestBuilder.str();`

suppress a couple compiler warnings 2009-01-19 01:13:12 +01:00			`md5_state_t st;`
			`md5_init(&st);`
using strings 2009-01-20 17:37:15 +01:00			`md5_append(&st, (const md5_byte_t *) done.c_str(), done.size());`
suppress a couple compiler warnings 2009-01-19 01:13:12 +01:00			`md5_finish(&st, d);`
			`}`
using strings 2009-01-20 17:37:15 +01:00
			`string computed = digestToString( d );`

			`if ( key != computed ){`
suppress a couple compiler warnings 2009-01-19 01:13:12 +01:00			`log() << "auth: key mismatch " << user << ", ns:" << ns << '\n';`
			`errmsg = "auth fails";`
			`return false;`
			`}`

basic security 2009-01-19 02:31:33 +01:00			`AuthenticationInfo *ai = authInfo.get();`
			`assert( ai );`
			`ai->authorize(database->name.c_str());`
suppress a couple compiler warnings 2009-01-19 01:13:12 +01:00			`return true;`
			`}`
			`} cmdAuthenticate;`
using strings 2009-01-20 17:37:15 +01:00
suppress a couple compiler warnings 2009-01-19 01:13:12 +01:00			`} // namespace mongo`