[CDRIVER-783] Add support for SASL plugins Created: 07/Aug/15 Updated: 03/May/17 Resolved: 20/Nov/15 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | auth |
| Affects Version/s: | None |
| Fix Version/s: | TBD |
| Type: | New Feature | Priority: | Major - P3 |
| Reporter: | Kevin Liew | Assignee: | A. Jesse Jiryu Davis |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||
| Epic Link: | Native SASL | ||||||||||||||||||||
| Description |
|
As of Cyrus-SASL 2.1.18, SASL_PATH cannot be used to set the plugin directory. |
| Comments |
| Comment by A. Jesse Jiryu Davis [ 20/Nov/15 ] | |
|
Great, thanks for letting us know! | |
| Comment by Kevin Liew [ 20/Nov/15 ] | |
|
Hi Jesse, sasl_set_path works. Thanks | |
| Comment by A. Jesse Jiryu Davis [ 03/Sep/15 ] | |
|
Note: using sasl_set_path, if the driver is compiled with GCC, will require additionally that the driver is compiled something like:
... to prevent mongoc_init from being called before main. This is yet another argument for doing | |
| Comment by A. Jesse Jiryu Davis [ 02/Sep/15 ] | |
|
Hi Kevin, I believe the default SASL plugin path for Cyrus SASL is C:\CMU\bin\sasl2 on Windows. (And it's /usr/lib/sasl2 on Unix.) I think Cyrus SASL might provide the hook you need, without anything special from the C Driver. Can you include "sasl/sasl.h" in your code and call something like:
Call it before mongoc_init (). http://fossies.org/dox/cyrus-sasl-2.1.26/lib_2common_8c_source.html#l00205 | |
| Comment by Kevin Liew [ 18/Aug/15 ] | |
|
Is the default SASL plugin path known? There is no documentation regarding | |
| Comment by Hannes Magnusson [ 11/Aug/15 ] | |
|
OK, so you really do want to get the SASL_CB_GETPATH callback? | |
| Comment by Kevin Liew [ 11/Aug/15 ] | |
|
We will distribute one compiled driver to our users who choose between MIT Kerberos or Windows Active Directory by setting a registry variable. Our use case requires a function that can be called during run-time to set the sasl plugin path before initializing the sasl client. | |
| Comment by Hannes Magnusson [ 11/Aug/15 ] | |
|
Ah OK. Currently you can compile the driver, with GSSAPI support, as long the plugin is installed in the expected "default path". I don't think we would want to expose the actual SASL_CB_GETPATH callback, but instead we could provide a configure setting, --with-sasl-plugins-dir, which you could provide and point to the path we would provide to SASL_CB_GETPATH? Considering this is isn't a blocker (you can compile it properly) I don't believe we will be able to implement this before 1.2. | |
| Comment by Kevin Liew [ 07/Aug/15 ] | |
|
We want to be able to use a GSSAPI plugin for either Windows Active Directory, or MIT Kerberos depending on the user's configuration. Cyrus-Sasl uses the first plugin it finds in a directory, so we need to have the plugins in separate directories. Thus we would like the plugin path to be controllable at runtime. | |
| Comment by Kevin Liew [ 07/Aug/15 ] | |
|
The use case is: connecting a Windows client to a UNIX MIT Kerberos server. | |
| Comment by Kevin Liew [ 07/Aug/15 ] | |
|
Previously SASL_PATH could be used to set the plugin directory path, but it was removed from the Cyrus-Sasl libraries and cannot be used any longer. Now the plugin path must be set by the SASL_CB_GETPATH callback before sasl_client_init. We are asking for a function to set the sasl plugin path because Windows needs a plugin to use GSSAPI. | |
| Comment by Hannes Magnusson [ 07/Aug/15 ] | |
|
I'm a littlebit confused over what exactly you are asking for. The MongoDB C driver doesn't actively allow you, or disallow, setting SASL_PATH, nor do I think we should. As for which SASL plugins we support, we only support the mechanisms the MongoDB server supports... You wouldn't gain much if the driver supported more mechanisms without the server doing so too. | |
| Comment by Kevin Liew [ 07/Aug/15 ] | |
|
Information on SASL_PATH: |