mongodb
diff --git a/‎CMakeLists.txt
Lines changed: 21 additions & 5 deletions b/‎CMakeLists.txt
Lines changed: 21 additions & 5 deletions
diff --git a/‎build/autotools/CheckSasl.m4
Lines changed: 77 additions & 33 deletions b/‎build/autotools/CheckSasl.m4
Lines changed: 77 additions & 33 deletions
diff --git a/‎examples/parse_handshake_cfg.py
Lines changed: 2 additions & 1 deletion b/‎examples/parse_handshake_cfg.py
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/mongoc/Makefile.am
Lines changed: 17 additions & 2 deletions b/‎src/mongoc/Makefile.am
Lines changed: 17 additions & 2 deletions
diff --git a/‎src/mongoc/mongoc-cluster-cyrus-private.h
Lines changed: 33 additions & 0 deletions b/‎src/mongoc/mongoc-cluster-cyrus-private.h
Lines changed: 33 additions & 0 deletions
@@ -11,8 +11,8 @@ set (ENABLE_SSL AUTO CACHE STRING
 
 set (ENABLE_SASL AUTO CACHE STRING
      "Enable SASL authentication (Kerberos).\ Options are \"CYRUS\" to use Cyrus
-     SASL, \"SSPI\" to use Windows Native SSPI, \"AUTO\",\ or \"OFF\". These
-     options are case-sensitive.")
+     SASL, \"SSPI\" to use Windows Native SSPI, \"GSSAPI\" to use macOS Native GSS,
+     \"AUTO\",\ or \"OFF\". These options are case-sensitive.")
 option(ENABLE_TESTS "Build MongoDB C Driver tests." ON)
 option(ENABLE_EXAMPLES "Build MongoDB C Driver examples." ON)
 option(ENABLE_AUTOMATIC_INIT_AND_CLEANUP "Enable automatic init and cleanup (GCC only)" ON)
@@ -164,16 +164,18 @@ if (NOT MONGOC_HAVE_ASN1_STRING_GET0_DATA)
 endif ()
 
 if (NOT (ENABLE_SASL STREQUAL CYRUS
+         OR ENABLE_SASL STREQUAL GSSAPI
          OR ENABLE_SASL STREQUAL SSPI
          OR ENABLE_SASL STREQUAL AUTO
          OR ENABLE_SASL STREQUAL OFF))
    message (FATAL_ERROR
-      "ENABLE_SASL option must be CYRUS, SSPI, AUTO, or OFF")
+      "ENABLE_SASL option must be CYRUS, GSSAPI, SSPI, AUTO, or OFF")
 endif()
 
 # Defaults.
 set (MONGOC_ENABLE_SASL 0)
 set (MONGOC_ENABLE_SASL_CYRUS 0)
+set (MONGOC_ENABLE_SASL_GSSAPI 0)
 set (MONGOC_ENABLE_SASL_SSPI 0)
 set (MONGOC_HAVE_SASL_CLIENT_DONE 0)
 
@@ -189,6 +191,9 @@ if (NOT ENABLE_SASL STREQUAL OFF)
    elseif ((ENABLE_SASL STREQUAL SSPI OR ENABLE_SASL STREQUAL AUTO) AND WIN32)
       set (MONGOC_ENABLE_SASL 1)
       set (MONGOC_ENABLE_SASL_SSPI 1)
+   elseif ((ENABLE_SASL STREQUAL GSSAPI OR ENABLE_SASL STREQUAL AUTO) AND DARWIN)
+      set (MONGOC_ENABLE_SASL 1)
+      set (MONGOC_ENABLE_SASL_GSSAPI 1)
    endif ()
 else ()
    set (MONGOC_ENABLE_SASL 0)
@@ -498,15 +503,26 @@ endif () # ENABLE_SSL
 
 if (MONGOC_ENABLE_SASL)
    set (SOURCES ${SOURCES} ${SOURCE_DIR}/src/mongoc/mongoc-cluster-sasl.c)
+   set (SOURCES ${SOURCES} ${SOURCE_DIR}/src/mongoc/mongoc-sasl.c)
    if (MONGOC_ENABLE_SASL_CYRUS)
       message (STATUS "Compiling against Cyrus SASL")
-      set (SOURCES ${SOURCES} ${SOURCE_DIR}/src/mongoc/mongoc-sasl.c)
+      set (SOURCES ${SOURCES} ${SOURCE_DIR}/src/mongoc/mongoc-cluster-cyrus.c)
+      set (SOURCES ${SOURCES} ${SOURCE_DIR}/src/mongoc/mongoc-cyrus.c)
       include_directories(${SASL_INCLUDE_DIRS})
    elseif (MONGOC_ENABLE_SASL_SSPI)
       message (STATUS "Compiling against Windows SSPI")
       set (SOURCES ${SOURCES} ${SOURCE_DIR}/src/mongoc/mongoc-cluster-sspi.c)
       set (SOURCES ${SOURCES} ${SOURCE_DIR}/src/mongoc/mongoc-sspi.c)
       set (SASL_LIBS secur32.lib crypt32.lib Shlwapi.lib)
+   elseif (MONGOC_ENABLE_SASL_GSSAPI)
+      set (SOURCES ${SOURCES} ${SOURCE_DIR}/src/mongoc/mongoc-cluster-gssapi.c)
+      set (SOURCES ${SOURCES} ${SOURCE_DIR}/src/mongoc/mongoc-gssapi.c)
+      if (APPLE)
+         message (STATUS "Compiling against macOS GSS")
+         set (LIBS ${LIBS} -framework GSS)
+      else ()
+         message (FATAL_ERROR "gssapi missing krb5-config support in cmake")
+      endif()
    endif()
 else()
    message (STATUS "SASL disabled")
@@ -649,7 +665,7 @@ endif()
 
 if (MONGOC_ENABLE_SASL)
    set(test-libmongoc-sources ${test-libmongoc-sources}
-      ${SOURCE_DIR}/tests/test-sasl.c
+      ${SOURCE_DIR}/tests/test-cyrus.c
    )
 endif ()
 
 
@@ -7,33 +7,67 @@ AC_ARG_ENABLE([sasl],
 sasl_mode=no
 
 AS_IF([test "$enable_sasl" != "no"],[
-  PKG_CHECK_MODULES(SASL, [libsasl2], [sasl_mode=sasl2], [
-    AS_IF([test "$enable_sasl" != "no"],[
-      AC_CHECK_LIB([sasl2],[sasl_client_init],[have_sasl2_lib=yes],[have_sasl2_lib=no])
-      AC_CHECK_LIB([sasl],[sasl_client_init],[have_sasl_lib=yes],[have_sasl_lib=no])
-      if test "$have_sasl_lib" = "no" -a "$have_sasl2_lib" = "no" -a "$enable_sasl" = "yes" ; then
-        AC_MSG_ERROR([You must install the Cyrus SASL libraries and development headers to enable SASL support.])
-      fi
+   AS_IF(
+      [test "$enable_sasl" = "gssapi"],
+      [
+         sasl_mode=gssapi
+         AS_IF(
+            [test "$os_darwin" = "yes"],
+            [SASL_LIBS="-framework GSS"],
+            [
+               AC_CHECK_HEADERS(
+                  [gssapi/gssapi.h],
+                  [have_gssapi_headers=yes],
+                  [have_gssapi_headers=no]
+               )
+               PKG_CHECK_MODULES(KRB5_GSSAPI,
+                  [krb5-gssapi],
+                  [have_krb5_gssapi=yes],
+                  [have_krb5_gssapi=no]
+               )
+               if test "$have_gssapi_headers" = "no" -o "$have_krb5_gssapi" = "no"; then
+                  AC_MSG_ERROR([You must install the krb5 libraries and development headers to enable GSSAPI support.])
+               fi
+               SASL_CFLAGS=$KRB5_GSSAPI_CFLAGS
+               SASL_LIBS=$KRB5_GSSAPI_LIBS
+            ]
+         )
+      ],
+      [
+         PKG_CHECK_MODULES(SASL,
+            [libsasl2],
+            [sasl_mode=sasl2],
+            [
+               AS_IF([test "$enable_sasl" != "no"],
+               [
+                  AC_CHECK_LIB([sasl2],[sasl_client_init],[have_sasl2_lib=yes],[have_sasl2_lib=no])
+                  AC_CHECK_LIB([sasl],[sasl_client_init],[have_sasl_lib=yes],[have_sasl_lib=no])
+                  if test "$have_sasl_lib" = "no" -a "$have_sasl2_lib" = "no" -a "$enable_sasl" = "yes" ; then
+                     AC_MSG_ERROR([You must install the Cyrus SASL libraries and development headers to enable SASL support.])
+                  fi
 
-      old_CFLAGS=$CFLAGS
-      CFLAGS=$SASL_CFLAGS
-      AC_CHECK_HEADER([sasl/sasl.h],[have_sasl_headers=yes],[have_sasl_headers=no])
-      if test "$have_sasl_headers" = "no" -a "$enable_sasl" = "yes" ; then
-        AC_MSG_ERROR([You must install the Cyrus SASL development headers to enable SASL support.])
-      fi
-      CFLAGS=$old_CFLAGS
+                  old_CFLAGS=$CFLAGS
+                  CFLAGS=$SASL_CFLAGS
+                  AC_CHECK_HEADER([sasl/sasl.h],[have_sasl_headers=yes],[have_sasl_headers=no])
+                  if test "$have_sasl_headers" = "no" -a "$enable_sasl" = "yes" ; then
+                     AC_MSG_ERROR([You must install the Cyrus SASL development headers to enable SASL support.])
+                  fi
+                  CFLAGS=$old_CFLAGS
 
-      if test "$have_sasl_headers" -a "$have_sasl2_lib" = "yes" ; then
-        sasl_mode=sasl2
-        SASL_LIBS=-lsasl2
-      fi
+                  if test "$have_sasl_headers" -a "$have_sasl2_lib" = "yes" ; then
+                     sasl_mode=sasl2
+                     SASL_LIBS=-lsasl2
+                  fi
 
-      if test "$have_sasl_headers" -a "$have_sasl_lib" = "yes" ; then
-        sasl_mode=sasl
-        SASL_LIBS=-lsasl
-      fi
-    ])
-  ])
+                  if test "$have_sasl_headers" -a "$have_sasl_lib" = "yes" ; then
+                     sasl_mode=sasl
+                     SASL_LIBS=-lsasl
+                  fi
+               ])
+            ]
+         )
+      ]
+   )
 ])
 
 if test "$enable_sasl" = "auto" -a "$sasl_mode" != "no"; then
@@ -48,28 +82,38 @@ if test "$enable_sasl" = "auto" -a "$sasl_mode" != "no"; then
 fi
 
 AM_CONDITIONAL([ENABLE_SASL], [test "$sasl_mode" != "no"])
+AM_CONDITIONAL([ENABLE_SASL_GSSAPI], [test "$sasl_mode" = "gssapi"])
+AM_CONDITIONAL([ENABLE_SASL_CYRUS], [test "$sasl_mode" = "sasl" -o "$sasl_mode" = "sasl2"])
+AM_CONDITIONAL([ENABLE_SASL_SSPI], false)
+
 AC_SUBST(SASL_CFLAGS)
 AC_SUBST(SASL_LIBS)
 
 dnl Let mongoc-config.h.in know about SASL status.
 if test "$sasl_mode" != "no" ; then
   AC_SUBST(MONGOC_ENABLE_SASL, 1)
-  AC_SUBST(MONGOC_ENABLE_SASL_CYRUS, 1)
   AC_SUBST(MONGOC_ENABLE_SASL_SSPI, 0)
-  
-  AC_CHECK_LIB([sasl2],[sasl_client_done],
-               [have_sasl_client_done=yes],
-               [have_sasl_client_done=no])
-
-  if test "$have_sasl_client_done" = "yes" ; then
-    AC_SUBST(MONGOC_HAVE_SASL_CLIENT_DONE, 1)
-  else
+  if test "$sasl_mode" = "gssapi" ; then
+    AC_SUBST(MONGOC_ENABLE_SASL_GSSAPI, 1)
+    AC_SUBST(MONGOC_ENABLE_SASL_CYRUS, 0)
     AC_SUBST(MONGOC_HAVE_SASL_CLIENT_DONE, 0)
+  else
+    AC_SUBST(MONGOC_ENABLE_SASL_GSSAPI, 0)
+    AC_SUBST(MONGOC_ENABLE_SASL_CYRUS, 1)
+    AC_CHECK_LIB([sasl2],[sasl_client_done],
+                 [have_sasl_client_done=yes],
+                 [have_sasl_client_done=no])
+    if test "$have_sasl_client_done" = "yes" ; then
+      AC_SUBST(MONGOC_HAVE_SASL_CLIENT_DONE, 1)
+    else
+      AC_SUBST(MONGOC_HAVE_SASL_CLIENT_DONE, 0)
+    fi
   fi
 
 else
   AC_SUBST(MONGOC_ENABLE_SASL, 0)
   AC_SUBST(MONGOC_ENABLE_SASL_CYRUS, 0)
+  AC_SUBST(MONGOC_ENABLE_SASL_GSSAPI, 0)
   AC_SUBST(MONGOC_ENABLE_SASL_SSPI, 0)
   AC_SUBST(MONGOC_HAVE_SASL_CLIENT_DONE, 0)
 fi
@@ -1,6 +1,6 @@
 import sys
 
-# Should be in EXACT same order as from mongoc-handshake-private.h.
+# Should be in EXACT same order as from src/mongoc/mongoc-handshake-private.h.
 # The values are implicit (so we assume 1st entry is 1 << 0,
 # second entry is 1 << 1 and so on).
 MD_FLAGS = [
@@ -25,6 +25,7 @@
     "MONGOC_MD_FLAG_ENABLE_COMPRESSION",
     "MONGOC_MD_FLAG_ENABLE_COMPRESSION_SNAPPY",
     "MONGOC_MD_FLAG_ENABLE_COMPRESSION_ZLIB",
+    "MONGOC_MD_FLAG_ENABLE_SASL_GSSAPI",
 ]
 
 def main():
 
@@ -72,6 +72,7 @@ NOINST_H_FILES = \
 	src/mongoc/mongoc-client-private.h \
 	src/mongoc/mongoc-cluster-private.h \
 	src/mongoc/mongoc-cluster-sasl-private.h \
+	src/mongoc/mongoc-cluster-cyrus-private.h \
 	src/mongoc/mongoc-cluster-sspi-private.h \
 	src/mongoc/mongoc-collection-private.h \
 	src/mongoc/mongoc-counters-private.h \
@@ -102,6 +103,8 @@ NOINST_H_FILES = \
 	src/mongoc/mongoc-read-concern-private.h \
 	src/mongoc/mongoc-read-prefs-private.h \
 	src/mongoc/mongoc-rpc-private.h \
+	src/mongoc/mongoc-cyrus-private.h \
+	src/mongoc/mongoc-cluster-sspi-private.h \
 	src/mongoc/mongoc-sasl-private.h \
 	src/mongoc/mongoc-sspi-private.h \
 	src/mongoc/mongoc-scram-private.h \
@@ -161,7 +164,6 @@ MONGOC_SOURCES_SHARED += \
 	src/mongoc/mongoc-client.c \
 	src/mongoc/mongoc-client-pool.c \
 	src/mongoc/mongoc-cluster.c \
-	src/mongoc/mongoc-cluster-sspi.c \
 	src/mongoc/mongoc-collection.c \
 	src/mongoc/mongoc-compression.c \
 	src/mongoc/mongoc-counters.c \
@@ -193,7 +195,6 @@ MONGOC_SOURCES_SHARED += \
 	src/mongoc/mongoc-server-stream.c \
 	src/mongoc/mongoc-set.c \
 	src/mongoc/mongoc-socket.c \
-	src/mongoc/mongoc-sspi.c \
 	src/mongoc/mongoc-stream.c \
 	src/mongoc/mongoc-stream-buffered.c \
 	src/mongoc/mongoc-stream-file.c \
@@ -263,6 +264,20 @@ if ENABLE_SASL
 MONGOC_SOURCES_SHARED += src/mongoc/mongoc-cluster-sasl.c
 MONGOC_SOURCES_SHARED += src/mongoc/mongoc-sasl.c
 endif
+if ENABLE_SASL_CYRUS
+MONGOC_SOURCES_SHARED += src/mongoc/mongoc-cluster-cyrus.c
+MONGOC_SOURCES_SHARED += src/mongoc/mongoc-cyrus.c
+endif
+
+if ENABLE_SASL_SSPI
+MONGOC_SOURCES_SHARED += src/mongoc/mongoc-cluster-sspi.c
+MONGOC_SOURCES_SHARED += src/mongoc/mongoc-sspi.c
+endif
+
+if ENABLE_SASL_GSSAPI
+MONGOC_SOURCES_SHARED += src/mongoc/mongoc-cluster-gssapi.c
+MONGOC_SOURCES_SHARED += src/mongoc/mongoc-gssapi.c
+endif
 
 EXTRA_DIST += $(MONGOC_DEF_FILES) $(NOINST_H_FILES)
 
@@ -0,0 +1,33 @@
+/*
+ * Copyright 2017 MongoDB, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MONGOC_CLUSTER_CYRUS_PRIVATE_H
+#define MONGOC_CLUSTER_CYRUS_PRIVATE_H
+
+#if !defined(MONGOC_COMPILATION)
+#error "Only <mongoc.h> can be included directly."
+#endif
+
+#include "mongoc-config.h"
+#include "mongoc-cluster-private.h"
+#include <bson.h>
+
+bool
+_mongoc_cluster_auth_node_cyrus (mongoc_cluster_t *cluster,
+                                 mongoc_stream_t *stream,
+                                 const char *hostname,
+                                 bson_error_t *error);
+#endif /* MONGOC_CLUSTER_CYRUS_PRIVATE_H */