CDRIVER-404 Implement SCRAM-SHA-1 SASL Mechanism

Implements Scram Sha1 for the c driver

Author: hanumantmk

.gitignore

@@ -23,6 +23,7 @@ depcomp
 .DS_Store
 echo-server
 example-client
+example-scram
 example-gridfs
 example-matcher
 filter-bsondump

doc/mongoc_rand.page

@@ -0,0 +1,55 @@
+<?xml version="1.0"?>
+
+<page id="mongoc_rand"
+      type="guide"
+      style="class"
+      xmlns="http://projectmallard.org/1.0/"
+      xmlns:api="http://projectmallard.org/experimental/api/"
+      xmlns:ui="http://projectmallard.org/experimental/ui/">
+
+  <info>
+    <link type="guide" xref="index#api-reference" />
+  </info>
+
+  <title>mongoc_rand</title>
+  <subtitle>MongoDB Random Number Generator</subtitle>
+
+  <section id="description">
+    <title>Synopsis</title>
+    <synopsis><code mime="text/x-csrc"><![CDATA[void
+mongoc_rand_add (const void *buf,
+                 int         num,
+                 doubel      entropy);
+
+void
+mongoc_rand_seed (const void *buf,
+                  int         num);
+
+int
+mongoc_rand_status (void);]]></code></synopsis>
+  </section>
+
+  <section id="description">
+    <title>Description</title>
+    <p>The <code>mongoc_rand</code> family of functions provide access to the low level randomness primitives used by the MongoDB C Driver.  In particular, they control the creation of cryptographically strong pseudo-random bytes required by some security mechanisms.</p>
+
+    <p>While we can usually pull enough entropy from the environment, you may be required to seed the PRNG manually depending on your OS, hardware and other entropy consumers running on the same system.</p>
+  </section>
+
+  <section id="entropy">
+    <title>Entropy</title>
+
+    <p><code>mongoc_rand_add</code> and <code>mongoc_rand_seed</code> allow the user to directly provide entropy.  They differ insofar as <code>mongoc_rand_seed</code> requires that each bit provided is fully random.  <code>mongoc_rand_add</code> allows the user to specify the degree of randomness in the provided bytes as well.</p>
+  </section>
+
+  <section id="status">
+    <title>Status</title>
+
+    <p>The <code>mongoc_rand_status</code> function allows the user to check the status of the mongoc PRNG.  This can be used to guarantee sufficient entropy at program startup, rather than waiting for runtime errors to occur.</p>
+  </section>
+
+  <links type="topic" groups="function" style="2column">
+    <title>Functions</title>
+  </links>
+
+</page>

doc/mongoc_rand_add.page

@@ -0,0 +1,39 @@
+<?xml version="1.0"?>
+
+<page xmlns="http://projectmallard.org/1.0/"
+      type="topic"
+      style="function"
+      xmlns:api="http://projectmallard.org/experimental/api/"
+      xmlns:ui="http://projectmallard.org/experimental/ui/"
+      id="mongoc_rand_add">
+
+
+  <info>
+    <link type="guide" xref="mongoc_rand" group="function"/>
+  </info>
+  <title>mongoc_rand_add()</title>
+
+  <section id="synopsis">
+    <title>Synopsis</title>
+    <synopsis><code mime="text/x-csrc"><![CDATA[void
+mongoc_rand_add(const void *buf,
+                int         num,
+                double      entropy);
+]]></code></synopsis>
+  </section>
+
+  <section id="description">
+    <title>Description</title>
+    <p>Mixes num bytes of data into the mongoc random number generator.  Entropy specifies a lower bound estimate of the randomness contained in buf.</p>
+  </section>
+
+  <section id="parameters">
+    <title>Parameters</title>
+    <table>
+      <tr><td><p>buf</p></td><td><p>A buffer.</p></td></tr>
+      <tr><td><p>num</p></td><td><p>An int of number of bytes in buf.</p></td></tr>
+      <tr><td><p>entropy</p></td><td><p>A double of randomness estimate in buf.</p></td></tr>
+    </table>
+  </section>
+
+</page>

doc/mongoc_rand_seed.page

@@ -0,0 +1,37 @@
+<?xml version="1.0"?>
+
+<page xmlns="http://projectmallard.org/1.0/"
+      type="topic"
+      style="function"
+      xmlns:api="http://projectmallard.org/experimental/api/"
+      xmlns:ui="http://projectmallard.org/experimental/ui/"
+      id="mongoc_rand_seed">
+
+
+  <info>
+    <link type="guide" xref="mongoc_rand" group="function"/>
+  </info>
+  <title>mongoc_rand_seed()</title>
+
+  <section id="synopsis">
+    <title>Synopsis</title>
+    <synopsis><code mime="text/x-csrc"><![CDATA[void
+mongoc_rand_seed(const void *buf,
+                 int         num);
+]]></code></synopsis>
+  </section>
+
+  <section id="description">
+    <title>Description</title>
+    <p>Seeds the mongoc random number generator with num bytes of entropy.</p>
+  </section>
+
+  <section id="parameters">
+    <title>Parameters</title>
+    <table>
+      <tr><td><p>buf</p></td><td><p>A buffer.</p></td></tr>
+      <tr><td><p>num</p></td><td><p>An int of number of bytes in buf.</p></td></tr>
+    </table>
+  </section>
+
+</page>

doc/mongoc_rand_status.page

@@ -0,0 +1,33 @@
+<?xml version="1.0"?>
+
+<page xmlns="http://projectmallard.org/1.0/"
+      type="topic"
+      style="function"
+      xmlns:api="http://projectmallard.org/experimental/api/"
+      xmlns:ui="http://projectmallard.org/experimental/ui/"
+      id="mongoc_rand_status">
+
+
+  <info>
+    <link type="guide" xref="mongoc_rand" group="function"/>
+  </info>
+  <title>mongoc_rand_status()</title>
+
+  <section id="synopsis">
+    <title>Synopsis</title>
+    <synopsis><code mime="text/x-csrc"><![CDATA[int
+mongoc_rand_status(void);
+]]></code></synopsis>
+  </section>
+
+  <section id="description">
+    <title>Description</title>
+    <p>The status of the mongoc random number generator.</p>
+  </section>
+
+  <section id="return">
+    <title>Returns</title>
+    <p>Returns 1 if the PRNG has been seeded with enough data, 0 otherwise.</p>
+  </section>
+
+</page>

examples/Makefile.am

@@ -29,6 +29,11 @@ example_client_SOURCES = examples/example-client.c
 example_client_CFLAGS = $(EXAMPLE_CFLAGS)
 example_client_LDADD = $(EXAMPLE_LDADD)
 
+noinst_PROGRAMS += example-scram
+example_scram_SOURCES = examples/example-scram.c
+example_scram_CFLAGS = $(EXAMPLE_CFLAGS)
+example_scram_LDADD = $(EXAMPLE_LDADD)
+
 noinst_PROGRAMS += mongoc-ping
 mongoc_ping_SOURCES = examples/mongoc-ping.c
 mongoc_ping_CFLAGS = $(EXAMPLE_CFLAGS)

examples/example-scram.c

@@ -0,0 +1,106 @@
+/* gcc example.c -o example $(pkg-config --cflags --libs libmongoc-1.0) */
+
+/* ./example-scram */
+
+#include <mongoc.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+int
+main (int   argc,
+      char *argv[])
+{
+   mongoc_client_t *client = NULL;
+   mongoc_database_t *database = NULL;
+   mongoc_collection_t *collection = NULL;
+   mongoc_cursor_t *cursor = NULL;
+   bson_error_t error;
+   const char *uristr = "mongodb://127.0.0.1/";
+   const char *authuristr;
+   bson_t roles;
+   bson_t query;
+   const bson_t *doc;
+
+   if (argc != 2) {
+      printf("%s - [implicit|scram|cr]\n", argv[0]);
+      return 1;
+   }
+
+   if (strcmp(argv[1], "implicit") == 0) {
+      authuristr = "mongodb://user,=:[email protected]/test";
+   } else if (strcmp(argv[1], "scram") == 0) {
+      authuristr = "mongodb://user,=:[email protected]/test?authMechanism=SCRAM-SHA-1";
+   } else if (strcmp(argv[1], "cr") == 0) {
+      authuristr = "mongodb://user,=:[email protected]/test?authMechanism=MONGODB-CR";
+   } else {
+      printf("%s - [implicit|scram|cr]\n", argv[0]);
+   }
+
+   mongoc_init ();
+
+   bson_init (&roles);
+   bson_init (&query);
+
+   client = mongoc_client_new (uristr);
+
+   if (!client) {
+      fprintf (stderr, "Failed to parse URI.\n");
+      goto CLEANUP;
+   }
+
+   database = mongoc_client_get_database (client, "test");
+
+   BCON_APPEND (&roles,
+                "0", "{", "role", "root", "db", "admin", "}");
+
+   mongoc_database_add_user (database, "user,=", "pass", &roles, NULL, &error);
+
+   mongoc_database_destroy (database);
+   database = NULL;
+
+   mongoc_client_destroy (client);
+   client = NULL;
+
+   client = mongoc_client_new (authuristr);
+
+   if (!client) {
+      fprintf (stderr, "failed to parse SCRAM uri\n");
+      goto CLEANUP;
+   }
+
+   collection = mongoc_client_get_collection (client, "test", "test");
+
+   cursor = mongoc_collection_find (collection, 0, 0, 0, 0, &query, NULL, NULL);
+
+   mongoc_cursor_next (cursor, &doc);
+
+   if (mongoc_cursor_error (cursor, &error)) {
+      fprintf (stderr, "Auth error: %s\n", error.message);
+      goto CLEANUP;
+   }
+
+CLEANUP:
+
+   bson_destroy (&roles);
+   bson_destroy (&query);
+
+   if (collection) {
+      mongoc_collection_destroy (collection);
+   }
+
+   if (database) {
+      mongoc_database_destroy (database);
+   }
+
+   if (client) {
+      mongoc_client_destroy (client);
+   }
+
+   if (cursor) {
+      mongoc_cursor_destroy (cursor);
+   }
+
+   mongoc_cleanup ();
+
+   return EXIT_SUCCESS;
+}

src/libmongoc.symbols

@@ -139,6 +139,9 @@ mongoc_log_level_str
 mongoc_log_set_handler
 mongoc_matcher_destroy
 mongoc_matcher_match
+mongoc_rand_seed
+mongoc_rand_add
+mongoc_rand_status
 mongoc_matcher_new
 mongoc_read_prefs_add_tag
 mongoc_read_prefs_copy

src/mongoc/Makefile.am

@@ -19,6 +19,7 @@ MONGOC_DEF_FILES = \
 INST_H_FILES = \
 	src/mongoc/mongoc.h \
 	src/mongoc/mongoc-array-private.h \
+	src/mongoc/mongoc-b64-private.h \
 	src/mongoc/mongoc-buffer-private.h \
 	src/mongoc/mongoc-bulk-operation-private.h \
 	src/mongoc/mongoc-bulk-operation.h \
@@ -62,6 +63,7 @@ INST_H_FILES = \
 	src/mongoc/mongoc-read-prefs.h \
 	src/mongoc/mongoc-rpc-private.h \
 	src/mongoc/mongoc-sasl-private.h \
+	src/mongoc/mongoc-scram-private.h \
 	src/mongoc/mongoc-socket.h \
 	src/mongoc/mongoc-ssl-private.h \
 	src/mongoc/mongoc-stream-buffered.h \
@@ -81,6 +83,8 @@ INST_H_FILES = \
 
 if ENABLE_SSL
 INST_H_FILES += \
+	src/mongoc/mongoc-rand.h \
+	src/mongoc/mongoc-rand-private.h \
 	src/mongoc/mongoc-stream-tls.h \
 	src/mongoc/mongoc-ssl.h
 endif
@@ -125,6 +129,8 @@ MONGOC_SOURCES_SHARED += \
 
 if ENABLE_SSL
 MONGOC_SOURCES_SHARED += \
+	src/mongoc/mongoc-rand.c \
+	src/mongoc/mongoc-scram.c \
 	src/mongoc/mongoc-stream-tls.c \
 	src/mongoc/mongoc-ssl.c
 endif