CDRIVER-2000 Implement sasl logger and fail early on unsupported mechanism

Author: bjori

src/mongoc/mongoc-cluster-sasl.c

@@ -174,7 +174,9 @@ _mongoc_cluster_auth_node_sasl (mongoc_cluster_t *cluster,
    _mongoc_sasl_init (&sasl);
 
    if ((mechanism = mongoc_uri_get_auth_mechanism (cluster->uri))) {
-      _mongoc_sasl_set_mechanism (&sasl, mechanism);
+      if (!_mongoc_sasl_set_mechanism (&sasl, mechanism, error)) {
+         goto failure;
+      }
    }
 
    _mongoc_sasl_set_pass (&sasl, mongoc_uri_get_password (cluster->uri));

src/mongoc/mongoc-init.c

@@ -45,6 +45,7 @@
 
 #ifdef MONGOC_ENABLE_SASL_CYRUS
 #include <sasl/sasl.h>
+#include "mongoc-sasl-private.h"
 
 static void *
 mongoc_sasl_mutex_alloc (void)
@@ -88,6 +89,12 @@ mongoc_sasl_mutex_free (void *mutex)
 
 static MONGOC_ONCE_FUN (_mongoc_do_init)
 {
+#ifdef MONGOC_ENABLE_SASL_CYRUS
+   int status;
+   sasl_callback_t callbacks[] = {
+      {SASL_CB_LOG, SASL_CALLBACK_FN (_mongoc_sasl_log), NULL},
+      {SASL_CB_LIST_END}};
+#endif
 #ifdef MONGOC_ENABLE_SSL_OPENSSL
    _mongoc_openssl_init ();
 #elif defined(MONGOC_ENABLE_SSL_LIBRESSL)
@@ -106,8 +113,8 @@ static MONGOC_ONCE_FUN (_mongoc_do_init)
                    mongoc_sasl_mutex_unlock,
                    mongoc_sasl_mutex_free);
 
-   /* TODO: logging callback? */
-   sasl_client_init (NULL);
+   status = sasl_client_init (callbacks);
+   BSON_ASSERT (status == SASL_OK);
 #endif
 
    _mongoc_counters_init ();

src/mongoc/mongoc-sasl-private.h

@@ -48,20 +48,28 @@ struct _mongoc_sasl_t {
 };
 
 
+#ifndef SASL_CALLBACK_FN
+#define SASL_CALLBACK_FN(_f) ((int (*) (void)) (_f))
+#endif
+
 void
 _mongoc_sasl_init (mongoc_sasl_t *sasl);
 void
 _mongoc_sasl_set_pass (mongoc_sasl_t *sasl, const char *pass);
 void
 _mongoc_sasl_set_user (mongoc_sasl_t *sasl, const char *user);
-void
-_mongoc_sasl_set_mechanism (mongoc_sasl_t *sasl, const char *mechanism);
+bool
+_mongoc_sasl_set_mechanism (mongoc_sasl_t *sasl,
+                            const char *mechanism,
+                            bson_error_t *error);
 void
 _mongoc_sasl_set_service_name (mongoc_sasl_t *sasl, const char *service_name);
 void
 _mongoc_sasl_set_service_host (mongoc_sasl_t *sasl, const char *service_host);
 void
 _mongoc_sasl_set_properties (mongoc_sasl_t *sasl, const mongoc_uri_t *uri);
+int
+_mongoc_sasl_log (mongoc_sasl_t *sasl, int level, const char *message);
 void
 _mongoc_sasl_destroy (mongoc_sasl_t *sasl);
 bool

src/mongoc/mongoc-sasl.c

@@ -25,18 +25,54 @@
 #include "mongoc-util-private.h"
 #include "mongoc-trace-private.h"
 
+#undef MONGOC_LOG_DOMAIN
+#define MONGOC_LOG_DOMAIN "CYRUS-SASL"
 
-#ifndef SASL_CALLBACK_FN
-#define SASL_CALLBACK_FN(_f) ((int (*) (void)) (_f))
-#endif
+int
+_mongoc_sasl_log (mongoc_sasl_t *sasl, int level, const char *message)
+{
+   TRACE ("SASL Log; level=%d: message=%s", level, message);
+   return SASL_OK;
+}
 
-void
-_mongoc_sasl_set_mechanism (mongoc_sasl_t *sasl, const char *mechanism)
+bool
+_mongoc_sasl_set_mechanism (mongoc_sasl_t *sasl,
+                            const char *mechanism,
+                            bson_error_t *error)
 {
+   bson_string_t *str = bson_string_new ("");
+   const char **mechs = sasl_global_listmech ();
+   int i = 0;
+   bool ok = false;
+
    BSON_ASSERT (sasl);
 
-   bson_free (sasl->mechanism);
-   sasl->mechanism = mechanism ? bson_strdup (mechanism) : NULL;
+   for (i = 0; mechs[i]; i++) {
+      if (!strcmp (mechs[i], mechanism)) {
+         ok = true;
+         break;
+      }
+      bson_string_append (str, mechs[i]);
+      if (mechs[i + 1]) {
+         bson_string_append (str, ",");
+      }
+   }
+
+   if (ok) {
+      bson_free (sasl->mechanism);
+      sasl->mechanism = mechanism ? bson_strdup (mechanism) : NULL;
+   } else {
+      bson_set_error (error,
+                      MONGOC_ERROR_SASL,
+                      SASL_NOMECH,
+                      "SASL Failure: Unsupported mechanism by client: %s. "
+                      "Available mechanisms: %s",
+                      mechanism,
+                      str->str);
+   }
+
+   bson_string_free (str, 0);
+   return ok;
 }
 
 
@@ -73,7 +109,7 @@ _mongoc_sasl_set_pass (mongoc_sasl_t *sasl, const char *pass)
 
 static int
 _mongoc_sasl_canon_user (sasl_conn_t *conn,
-                         void *context,
+                         mongoc_sasl_t *sasl,
                          const char *in,
                          unsigned inlen,
                          unsigned flags,
@@ -246,6 +282,11 @@ _mongoc_sasl_is_failure (int status, bson_error_t *error)
 {
    bool ret = (status < 0);
 
+   TRACE ("Got status: %d ok is %d, continue=%d interact=%d\n",
+          status,
+          SASL_OK,
+          SASL_CONTINUE,
+          SASL_INTERACT);
    if (ret) {
       switch (status) {
       case SASL_NOMEM:
@@ -323,12 +364,16 @@ _mongoc_sasl_start (mongoc_sasl_t *sasl,
 
    status = sasl_client_new (
       service_name, service_host, NULL, NULL, sasl->callbacks, 0, &sasl->conn);
+   TRACE ("Created new sasl client %s",
+          status == SASL_OK ? "successfully" : "UNSUCCESSFULLY");
    if (_mongoc_sasl_is_failure (status, error)) {
       return false;
    }
 
    status = sasl_client_start (
       sasl->conn, sasl->mechanism, &sasl->interact, &raw, &raw_len, &mechanism);
+   TRACE ("Started the sasl client %s",
+          status == SASL_CONTINUE ? "successfully" : "UNSUCCESSFULLY");
    if (_mongoc_sasl_is_failure (status, error)) {
       return false;
    }
@@ -400,8 +445,11 @@ _mongoc_sasl_step (mongoc_sasl_t *sasl,
       return false;
    }
 
+   TRACE ("%s", "Running client_step");
    status = sasl_client_step (
       sasl->conn, (char *) outbuf, *outbuflen, &sasl->interact, &raw, &rawlen);
+   TRACE ("%s sent a client step",
+          status == SASL_OK ? "Successfully" : "UNSUCCESSFULLY");
    if (_mongoc_sasl_is_failure (status, error)) {
       return false;
    }