JAVA-2385: Set javax.security.sasl.Sasl#MAX_BUFFER property to "0" in GSSAPIAuthenticator in order to work around a strict check in the Windows implementation of GSSAPI in the MongoDB server.

jyemin · jyemin · commit 26d4bcedc61b · 2016-12-02T11:15:38.000-05:00
diff --git a/driver-core/src/main/com/mongodb/MongoCredential.java b/driver-core/src/main/com/mongodb/MongoCredential.java
@@ -104,17 +104,29 @@ public final class MongoCredential {
      */
     public static final String CANONICALIZE_HOST_NAME_KEY = "CANONICALIZE_HOST_NAME";
 
-    /*
-     * Mechanism property key for overriding the SasClient properties for GSSAPI authentication.
+    /**
+     * Mechanism property key for overriding the SaslClient properties for GSSAPI authentication.
+     *
+     * The value of this property must be a {@code Map<String, Object>}.  In most cases there is no need to set this mechanism property.
+     * But if an application does:
+     * <ul>
+     * <li>Generally it must set the {@link javax.security.sasl.Sasl#CREDENTIALS} property to an instance of
+     * {@link org.ietf.jgss.GSSCredential}.</li>
+     * <li>It's recommended that it set the {@link javax.security.sasl.Sasl#MAX_BUFFER} property to "0" to ensure compatibility with all
+     * versions of MongoDB.</li>
+     * </ul>
      *
      * @see #createGSSAPICredential(String)
      * @see #withMechanismProperty(String, Object)
+     * @see javax.security.sasl.Sasl
+     * @see javax.security.sasl.Sasl#CREDENTIALS
+     * @see javax.security.sasl.Sasl#MAX_BUFFER
      * @since 3.3
      */
     public static final String JAVA_SASL_CLIENT_PROPERTIES_KEY = "JAVA_SASL_CLIENT_PROPERTIES";
 
-    /*
-     * Mechanism property key for overriding the {@link javax.security.Subject} under which GSSAPI authentication executes.
+    /**
+     * Mechanism property key for overriding the {@link javax.security.auth.Subject} under which GSSAPI authentication executes.
      *
      * @see #createGSSAPICredential(String)
      * @see #withMechanismProperty(String, Object)
diff --git a/driver-core/src/main/com/mongodb/connection/GSSAPIAuthenticator.java b/driver-core/src/main/com/mongodb/connection/GSSAPIAuthenticator.java
@@ -65,6 +65,7 @@ protected SaslClient createSaslClient(final ServerAddress serverAddress) {
             Map<String, Object> saslClientProperties = getCredential().getMechanismProperty(JAVA_SASL_CLIENT_PROPERTIES_KEY, null);
             if (saslClientProperties == null) {
                 saslClientProperties = new HashMap<String, Object>();
+                saslClientProperties.put(Sasl.MAX_BUFFER, "0");
                 saslClientProperties.put(Sasl.CREDENTIALS, getGSSCredential(credential.getUserName()));
             }
 

Original file line number	Diff line number	Diff line change
`@@ -65,6 +65,7 @@ protected SaslClient createSaslClient(final ServerAddress serverAddress) {`
`65`	`65`	`Map<String, Object> saslClientProperties = getCredential().getMechanismProperty(JAVA_SASL_CLIENT_PROPERTIES_KEY, null);`
`66`	`66`	`if (saslClientProperties == null) {`
`67`	`67`	`saslClientProperties = new HashMap<String, Object>();`
	`68`	`+ saslClientProperties.put(Sasl.MAX_BUFFER, "0");`
`68`	`69`	`saslClientProperties.put(Sasl.CREDENTIALS, getGSSCredential(credential.getUserName()));`
`69`	`70`	`}`
`70`	`71`