db/security_commands.cpp

// security_commands.cpp
/*
 *    Copyright (C) 2010 10gen Inc.
 *
 *    This program is free software: you can redistribute it and/or  modify
 *    it under the terms of the GNU Affero General Public License, version 3,
 *    as published by the Free Software Foundation.
 *
 *    This program is distributed in the hope that it will be useful,
 *    but WITHOUT ANY WARRANTY; without even the implied warranty of
 *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *    GNU Affero General Public License for more details.
 *
 *    You should have received a copy of the GNU Affero General Public License
 *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

// security.cpp links with both dbgrid and db.  this file db only -- at least for now.

// security.cpp

#include "pch.h"
#include "security.h"
#include "../util/md5.hpp"
#include "json.h"
#include "pdfile.h"
#include "db.h"
#include "dbhelpers.h"
#include "commands.h"
#include "jsobj.h"
#include "client.h"

namespace mongo {

    /* authentication

       system.users contains
         { user : <username>, pwd : <pwd_digest>, ... }

       getnonce sends nonce to client

       client then sends { authenticate:1, nonce64:<nonce_str>, user:<username>, key:<key> }

       where <key> is md5(<nonce_str><username><pwd_digest_str>) as a string
    */

    boost::thread_specific_ptr<nonce64> lastNonce;

    class CmdGetNonce : public Command {
    public:
        virtual bool requiresAuth() { return false; }
        virtual bool logTheOp() { return false; }
        virtual bool slaveOk() const {
            return true;
        }
        void help(stringstream& h) const { h << "internal"; }
        virtual LockType locktype() const { return NONE; }
        CmdGetNonce() : Command("getnonce") {}
        bool run(const string&, BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl) {
            nonce64 *n = new nonce64(Security::getNonce());
            stringstream ss;
            ss << hex << *n;
            result.append("nonce", ss.str() );
            lastNonce.reset(n);
            return true;
        }
    } cmdGetNonce;

    CmdLogout cmdLogout;

    bool CmdAuthenticate::run(const string& dbname , BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl) {
        log() << " authenticate: " << cmdObj << endl;

        string user = cmdObj.getStringField("user");
        string key = cmdObj.getStringField("key");
        string received_nonce = cmdObj.getStringField("nonce");

        if( user.empty() || key.empty() || received_nonce.empty() ) {
            log() << "field missing/wrong type in received authenticate command "
                  << dbname
                  << endl;
            errmsg = "auth fails";
            sleepmillis(10);
            return false;
        }

        stringstream digestBuilder;

        {
            bool reject = false;
            nonce64 *ln = lastNonce.release();
            if ( ln == 0 ) {
                reject = true;
                log(1) << "auth: no lastNonce" << endl;
            }
            else {
                digestBuilder << hex << *ln;
                reject = digestBuilder.str() != received_nonce;
                if ( reject ) log(1) << "auth: different lastNonce" << endl;
            }

            if ( reject ) {
                log() << "auth: bad nonce received or getnonce not called. could be a driver bug or a security attack. db:" << dbname << endl;
                errmsg = "auth fails";
                sleepmillis(30);
                return false;
            }
        }

        BSONObj userObj;
        string pwd;
        if (!getUserObj(dbname, user, userObj, pwd)) {
            errmsg = "auth fails";
            return false;
        }

        md5digest d;
        {
            digestBuilder << user << pwd;
            string done = digestBuilder.str();

            md5_state_t st;
            md5_init(&st);
            md5_append(&st, (const md5_byte_t *) done.c_str(), done.size());
            md5_finish(&st, d);
        }

        string computed = digestToString( d );

        if ( key != computed ) {
            log() << "auth: key mismatch " << user << ", ns:" << dbname << endl;
            errmsg = "auth fails";
            return false;
        }

        authenticate(dbname, user, userObj[ "readOnly" ].isBoolean() && userObj[ "readOnly" ].boolean());

        return true;
    }

    CmdAuthenticate cmdAuthenticate;

} // namespace mongo
suppress a couple compiler warnings 2009-01-18 19:13:12 -05:00			`// security_commands.cpp`
Add license headers to .cpp & .h files that lacked them. MINOR 2010-02-09 16:48:21 -05:00			`/*`
			`* Copyright (C) 2010 10gen Inc.`
			`*`
			`* This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License, version 3,`
			`* as published by the Free Software Foundation.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`

suppress a couple compiler warnings 2009-01-18 19:13:12 -05:00			`// security.cpp links with both dbgrid and db. this file db only -- at least for now.`

			`// security.cpp`

stdafx->pch 2010-04-27 15:27:52 -04:00			`#include "pch.h"`
suppress a couple compiler warnings 2009-01-18 19:13:12 -05:00			`#include "security.h"`
			`#include "../util/md5.hpp"`
ran astyle SERVER-2304 2011-01-04 00:40:41 -05:00			`#include "json.h"`
suppress a couple compiler warnings 2009-01-18 19:13:12 -05:00			`#include "pdfile.h"`
			`#include "db.h"`
			`#include "dbhelpers.h"`
			`#include "commands.h"`
			`#include "jsobj.h"`
make lasterror threadsafe rename Connection -> Client lasterror code easier to read bunch of windows warnings eliminated 2009-10-12 15:12:16 -04:00			`#include "client.h"`
suppress a couple compiler warnings 2009-01-18 19:13:12 -05:00
			`namespace mongo {`

ran astyle SERVER-2304 2011-01-04 00:40:41 -05:00			`/* authentication`
suppress a couple compiler warnings 2009-01-18 19:13:12 -05:00
ran astyle SERVER-2304 2011-01-04 00:40:41 -05:00			`system.users contains`
			`{ user : <username>, pwd : <pwd_digest>, ... }`
suppress a couple compiler warnings 2009-01-18 19:13:12 -05:00
ran astyle SERVER-2304 2011-01-04 00:40:41 -05:00			`getnonce sends nonce to client`
suppress a couple compiler warnings 2009-01-18 19:13:12 -05:00
clean up nonce implementation 2011-06-05 18:13:18 -04:00			`client then sends { authenticate:1, nonce64:<nonce_str>, user:<username>, key:<key> }`
suppress a couple compiler warnings 2009-01-18 19:13:12 -05:00
ran astyle SERVER-2304 2011-01-04 00:40:41 -05:00			`where <key> is md5(<nonce_str><username><pwd_digest_str>) as a string`
			`*/`
suppress a couple compiler warnings 2009-01-18 19:13:12 -05:00
clean up nonce implementation 2011-06-05 18:13:18 -04:00			`boost::thread_specific_ptr<nonce64> lastNonce;`
suppress a couple compiler warnings 2009-01-18 19:13:12 -05:00
			`class CmdGetNonce : public Command {`
			`public:`
basic security 2009-01-18 20:31:33 -05:00			`virtual bool requiresAuth() { return false; }`
cleaning 2010-08-16 09:00:58 -04:00			`virtual bool logTheOp() { return false; }`
/_commands in the http interface 2010-04-23 15:50:49 -04:00			`virtual bool slaveOk() const {`
suppress a couple compiler warnings 2009-01-18 19:13:12 -05:00			`return true;`
			`}`
more /_commands 2010-04-23 16:41:56 -04:00			`void help(stringstream& h) const { h << "internal"; }`
/_commands in the http interface 2010-04-23 15:50:49 -04:00			`virtual LockType locktype() const { return NONE; }`
suppress a couple compiler warnings 2009-01-18 19:13:12 -05:00			`CmdGetNonce() : Command("getnonce") {}`
change command api to allow command options SERVER-3405 2011-07-18 14:25:18 -04:00			`bool run(const string&, BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl) {`
clean up nonce implementation 2011-06-05 18:13:18 -04:00			`nonce64 *n = new nonce64(Security::getNonce());`
using strings 2009-01-20 11:37:15 -05:00			`stringstream ss;`
getnonce now returns a prettier nonce string -- hex digits as a string instead of double as a string. 2009-01-21 15:06:13 -05:00			`ss << hex << *n;`
using strings 2009-01-20 11:37:15 -05:00			`result.append("nonce", ss.str() );`
getnonce now returns a prettier nonce string -- hex digits as a string instead of double as a string. 2009-01-21 15:06:13 -05:00			`lastNonce.reset(n);`
suppress a couple compiler warnings 2009-01-18 19:13:12 -05:00			`return true;`
			`}`
			`} cmdGetNonce;`

split security into s-only, d-only, and common SERVER-921 2011-06-22 13:21:02 -04:00			`CmdLogout cmdLogout;`
ran astyle SERVER-2304 2011-01-04 00:40:41 -05:00
change command api to allow command options SERVER-3405 2011-07-18 14:25:18 -04:00			`bool CmdAuthenticate::run(const string& dbname , BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl) {`
split security into s-only, d-only, and common SERVER-921 2011-06-22 13:21:02 -04:00			`log() << " authenticate: " << cmdObj << endl;`

			`string user = cmdObj.getStringField("user");`
			`string key = cmdObj.getStringField("key");`
			`string received_nonce = cmdObj.getStringField("nonce");`

			`if( user.empty() \|\| key.empty() \|\| received_nonce.empty() ) {`
			`log() << "field missing/wrong type in received authenticate command "`
			`<< dbname`
			`<< endl;`
			`errmsg = "auth fails";`
			`sleepmillis(10);`
suppress a couple compiler warnings 2009-01-18 19:13:12 -05:00			`return false;`
			`}`
ran astyle SERVER-2304 2011-01-04 00:40:41 -05:00
split security into s-only, d-only, and common SERVER-921 2011-06-22 13:21:02 -04:00			`stringstream digestBuilder;`
rs auth 2010-12-27 16:05:40 -05:00
split security into s-only, d-only, and common SERVER-921 2011-06-22 13:21:02 -04:00			`{`
			`bool reject = false;`
			`nonce64 *ln = lastNonce.release();`
			`if ( ln == 0 ) {`
			`reject = true;`
			`log(1) << "auth: no lastNonce" << endl;`
rs auth 2010-12-27 16:05:40 -05:00			`}`
			`else {`
split security into s-only, d-only, and common SERVER-921 2011-06-22 13:21:02 -04:00			`digestBuilder << hex << *ln;`
			`reject = digestBuilder.str() != received_nonce;`
			`if ( reject ) log(1) << "auth: different lastNonce" << endl;`
suppress a couple compiler warnings 2009-01-18 19:13:12 -05:00			`}`
rs auth 2010-12-27 16:05:40 -05:00
split security into s-only, d-only, and common SERVER-921 2011-06-22 13:21:02 -04:00			`if ( reject ) {`
			`log() << "auth: bad nonce received or getnonce not called. could be a driver bug or a security attack. db:" << dbname << endl;`
suppress a couple compiler warnings 2009-01-18 19:13:12 -05:00			`errmsg = "auth fails";`
split security into s-only, d-only, and common SERVER-921 2011-06-22 13:21:02 -04:00			`sleepmillis(30);`
suppress a couple compiler warnings 2009-01-18 19:13:12 -05:00			`return false;`
			`}`
split security into s-only, d-only, and common SERVER-921 2011-06-22 13:21:02 -04:00			`}`
suppress a couple compiler warnings 2009-01-18 19:13:12 -05:00
split security into s-only, d-only, and common SERVER-921 2011-06-22 13:21:02 -04:00			`BSONObj userObj;`
			`string pwd;`
			`if (!getUserObj(dbname, user, userObj, pwd)) {`
			`errmsg = "auth fails";`
			`return false;`
			`}`
ran astyle SERVER-2304 2011-01-04 00:40:41 -05:00
split security into s-only, d-only, and common SERVER-921 2011-06-22 13:21:02 -04:00			`md5digest d;`
			`{`
			`digestBuilder << user << pwd;`
			`string done = digestBuilder.str();`

			`md5_state_t st;`
			`md5_init(&st);`
			`md5_append(&st, (const md5_byte_t *) done.c_str(), done.size());`
			`md5_finish(&st, d);`
			`}`

			`string computed = digestToString( d );`

			`if ( key != computed ) {`
			`log() << "auth: key mismatch " << user << ", ns:" << dbname << endl;`
			`errmsg = "auth fails";`
			`return false;`
suppress a couple compiler warnings 2009-01-18 19:13:12 -05:00			`}`
split security into s-only, d-only, and common SERVER-921 2011-06-22 13:21:02 -04:00
			`authenticate(dbname, user, userObj[ "readOnly" ].isBoolean() && userObj[ "readOnly" ].boolean());`

			`return true;`
			`}`

			`CmdAuthenticate cmdAuthenticate;`
ran astyle SERVER-2304 2011-01-04 00:40:41 -05:00
suppress a couple compiler warnings 2009-01-18 19:13:12 -05:00			`} // namespace mongo`