CDRIVER-299 Add native GSSAPI (SSPI) support on Windows

Author: bjori

CMakeLists.txt

@@ -9,7 +9,10 @@ set (ENABLE_SSL AUTO CACHE STRING
      case-sensitive. The default is \"AUTO\". Note\ that SCRAM-SHA-1 is
      required for authenticating to MongoDB 3.0 and later.")
 
-option(ENABLE_SASL "Use Cyrus SASL library for Kerberos." ON)
+set (ENABLE_SASL AUTO CACHE STRING
+     "Enable SASL authentication (Kerberos).\ Options are \"CYRUS\" to use Cyrus
+     SASL, \"SSPI\" to use Windows Native SSPI, \"AUTO\",\ or \"OFF\". These
+     options are case-sensitive.")
 option(ENABLE_TESTS "Build MongoDB C Driver tests." ON)
 option(ENABLE_EXAMPLES "Build MongoDB C Driver examples." ON)
 option(ENABLE_AUTOMATIC_INIT_AND_CLEANUP "Enable automatic init and cleanup (GCC only)" ON)
@@ -118,15 +121,35 @@ if (ENABLE_CRYPTO_SYSTEM_PROFILE)
    endif ()
 endif ()
 
-if (ENABLE_SASL)
-   include(FindSASL2)
-endif ()
-if (ENABLE_SASL AND SASL2_FOUND)
-   set (MONGOC_ENABLE_SASL 1)
+if (NOT (ENABLE_SASL STREQUAL CYRUS
+         OR ENABLE_SASL STREQUAL SSPI
+         OR ENABLE_SASL STREQUAL AUTO
+         OR ENABLE_SASL STREQUAL OFF))
+   message (FATAL_ERROR
+      "ENABLE_SASL option must be CYRUS, SSPI, AUTO, or OFF")
+endif()
+
+set (MONGOC_HAVE_SASL_CLIENT_DONE 0)
+if (NOT ENABLE_SASL STREQUAL OFF)
+   if (ENABLE_SASL STREQUAL AUTO OR ENABLE_SASL STREQUAL CYRUS)
+      include(FindSASL2)
+   endif()
+
+   if (SASL2_FOUND)
+      set (MONGOC_ENABLE_SASL 1)
+      set (MONGOC_ENABLE_SASL_CYRUS 1)
+      set (MONGOC_ENABLE_SASL_SSPI 0)
+   else ((ENABLE_SASL STREQUAL SSPI OR ENABLE_SASL STREQUAL AUTO) AND WIN32)
+      set (MONGOC_ENABLE_SASL 1)
+      set (MONGOC_ENABLE_SASL_CYRUS 0)
+      set (MONGOC_ENABLE_SASL_SSPI 1)
+   endif ()
 else ()
-   set (MONGOC_HAVE_SASL_CLIENT_DONE 0)
    set (MONGOC_ENABLE_SASL 0)
-endif ()
+   set (MONGOC_ENABLE_SASL_CYRUS 0)
+   set (MONGOC_ENABLE_SASL_SSPI 0)
+endif()
+
 
 if (ENABLE_AUTOMATIC_INIT_AND_CLEANUP)
    set (MONGOC_NO_AUTOMATIC_GLOBALS 0)
@@ -380,9 +403,18 @@ endif () # ENABLE_SSL
 
 
 if (MONGOC_ENABLE_SASL)
-   set (SOURCES ${SOURCES} ${SOURCE_DIR}/src/mongoc/mongoc-sasl.c)
-   set(LIBS ${LIBS} ${SASL2_LIBRARY})
-   include_directories(${SASL2_INCLUDE_DIR})
+   set (SOURCES ${SOURCES} ${SOURCE_DIR}/src/mongoc/mongoc-cluster-sasl.c)
+   if (MONGOC_ENABLE_SASL_CYRUS)
+      message (STATUS "Compiling against Cyrus SASL")
+      set (SOURCES ${SOURCES} ${SOURCE_DIR}/src/mongoc/mongoc-sasl.c)
+      set (LIBS ${LIBS} ${SASL2_LIBRARY})
+      include_directories(${SASL2_INCLUDE_DIR})
+   elseif (MONGOC_ENABLE_SASL_SSPI)
+      message (STATUS "Compiling against Windows SSPI")
+      set (SOURCES ${SOURCES} ${SOURCE_DIR}/src/mongoc/mongoc-cluster-sspi.c)
+      set (SOURCES ${SOURCES} ${SOURCE_DIR}/src/mongoc/mongoc-sspi.c)
+      set (LIBS ${LIBS} secur32.lib crypt32.lib Shlwapi.lib)
+   endif()
 endif()
 
 add_library(mongoc_shared SHARED ${SOURCES} ${HEADERS})

build/autotools/CheckSasl.m4

@@ -54,6 +54,8 @@ AC_SUBST(SASL_LIBS)
 dnl Let mongoc-config.h.in know about SASL status.
 if test "$sasl_mode" != "no" ; then
   AC_SUBST(MONGOC_ENABLE_SASL, 1)
+  AC_SUBST(MONGOC_ENABLE_SASL_CYRUS, 1)
+  AC_SUBST(MONGOC_ENABLE_SASL_SSPI, 0)
 
   AC_CHECK_LIB([sasl2],[sasl_client_done],
                [have_sasl_client_done=yes],
@@ -67,5 +69,7 @@ if test "$sasl_mode" != "no" ; then
 
 else
   AC_SUBST(MONGOC_ENABLE_SASL, 0)
+  AC_SUBST(MONGOC_ENABLE_SASL_CYRUS, 0)
+  AC_SUBST(MONGOC_ENABLE_SASL_SSPI, 0)
   AC_SUBST(MONGOC_HAVE_SASL_CLIENT_DONE, 0)
 fi

src/mongoc/Makefile.am

@@ -69,6 +69,8 @@ NOINST_H_FILES = \
 	src/mongoc/mongoc-client-pool-private.h \
 	src/mongoc/mongoc-client-private.h \
 	src/mongoc/mongoc-cluster-private.h \
+	src/mongoc/mongoc-cluster-sasl-private.h \
+	src/mongoc/mongoc-cluster-sspi-private.h \
 	src/mongoc/mongoc-collection-private.h \
 	src/mongoc/mongoc-counters-private.h \
 	src/mongoc/mongoc-cursor-array-private.h \
@@ -99,6 +101,7 @@ NOINST_H_FILES = \
 	src/mongoc/mongoc-read-prefs-private.h \
 	src/mongoc/mongoc-rpc-private.h \
 	src/mongoc/mongoc-sasl-private.h \
+	src/mongoc/mongoc-sspi-private.h \
 	src/mongoc/mongoc-scram-private.h \
 	src/mongoc/mongoc-server-description-private.h \
 	src/mongoc/mongoc-server-stream-private.h \
@@ -253,6 +256,7 @@ endif
 endif
 
 if ENABLE_SASL
+MONGOC_SOURCES_SHARED += src/mongoc/mongoc-cluster-sasl.c
 MONGOC_SOURCES_SHARED += src/mongoc/mongoc-sasl.c
 endif
 

src/mongoc/mongoc-cluster-sasl-private.h

@@ -0,0 +1,39 @@
+/*
+ * Copyright 2017 MongoDB, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MONGOC_CLUSTER_SASL_PRIVATE_H
+#define MONGOC_CLUSTER_SASL_PRIVATE_H
+
+#if !defined(MONGOC_COMPILATION)
+#error "Only <mongoc.h> can be included directly."
+#endif
+
+#include "mongoc-config.h"
+#include "mongoc-cluster-private.h"
+#include <bson.h>
+
+bool
+_mongoc_cluster_auth_node_sasl (mongoc_cluster_t *cluster,
+                                mongoc_stream_t *stream,
+                                const char *hostname,
+                                bson_error_t *error);
+bool
+_mongoc_cluster_get_canonicalized_name (mongoc_cluster_t *cluster,    /* IN */
+                                        mongoc_stream_t *node_stream, /* IN */
+                                        char *name,                   /* OUT */
+                                        size_t namelen,               /* IN */
+                                        bson_error_t *error);         /* OUT */
+#endif /* MONGOC_CLUSTER_SASL_PRIVATE_H */