mongodb · kevinAlbs · Nov 15, 2024 · Nov 14, 2024 · Nov 14, 2024 · Nov 14, 2024
@@ -157,6 +157,7 @@ echo "Authenticating using PLAIN"
 LD_LIBRARY_PATH="${openssl_lib_prefix}" "${ping}" "mongodb://${auth_plain:?}@${auth_host}/?authMechanism=PLAIN&${c_timeout}"
 
 echo "Authenticating using default auth mechanism"
+# Though the auth source is named "mongodb-cr", authentication uses the default mechanism (currently SCRAM-SHA-1).
 LD_LIBRARY_PATH="${openssl_lib_prefix}" "${ping}" "mongodb://${auth_mongodbcr:?}@${auth_host}/mongodb-cr?${c_timeout}"
 
 if [[ "${sasl}" != "OFF" ]]; then

@@ -931,179 +931,6 @@ _cluster_run_hello (mongoc_cluster_t *cluster,
 }
 
 
-/*
- *--------------------------------------------------------------------------
- *
- * _mongoc_cluster_build_basic_auth_digest --
- *
- *       Computes the Basic Authentication digest using the credentials
- *       configured for @cluster and the @nonce provided.
- *
- *       The result should be freed by the caller using bson_free() when
- *       they are finished with it.
- *
- * Returns:
- *       A newly allocated string containing the digest.
- *
- * Side effects:
- *       None.
- *
- *--------------------------------------------------------------------------
- */
-
-static char *
-_mongoc_cluster_build_basic_auth_digest (mongoc_cluster_t *cluster, const char *nonce)
-{
-   const char *username;
-   const char *password;
-   char *password_digest;
-   char *password_md5;
-   char *digest_in;
-   char *ret;
-
-   ENTRY;
-
-   /*
-    * The following generates the digest to be used for basic authentication
-    * with a MongoDB server. More information on the format can be found
-    * at the following location:
-    *
-    * https://www.mongodb.com/docs/meta-driver/latest/legacy/
-    *   implement-authentication-in-driver/
-    */
-
-   BSON_ASSERT (cluster);
-   BSON_ASSERT (cluster->uri);
-
-   username = mongoc_uri_get_username (cluster->uri);
-   password = mongoc_uri_get_password (cluster->uri);
-   password_digest = bson_strdup_printf ("%s:mongo:%s", username, password);
-   password_md5 = _mongoc_hex_md5 (password_digest);
-   digest_in = bson_strdup_printf ("%s%s%s", nonce, username, password_md5);
-   ret = _mongoc_hex_md5 (digest_in);
-   bson_free (digest_in);
-   bson_free (password_md5);
-   bson_free (password_digest);
-
-   RETURN (ret);
-}
-
-
-/*
- *--------------------------------------------------------------------------
- *
- * _mongoc_cluster_auth_node_cr --
- *
- *       Performs authentication of @node using the credentials provided
- *       when configuring the @cluster instance.
- *
- *       This is the Challenge-Response mode of authentication.
- *
- * Returns:
- *       true if authentication was successful; otherwise false and
- *       @error is set.
- *
- * Side effects:
- *       None.
- *
- *--------------------------------------------------------------------------
- */
-
-static bool
-_mongoc_cluster_auth_node_cr (mongoc_cluster_t *cluster,
-                              mongoc_stream_t *stream,
-                              mongoc_server_description_t *sd,
-                              bson_error_t *error)
-{
-   mongoc_cmd_parts_t parts;
-   bson_iter_t iter;
-   const char *auth_source;
-   bson_t command;
-   bson_t reply;
-   char *digest;
-   char *nonce;
-   bool ret;
-   mongoc_server_stream_t *server_stream;
-   mc_shared_tpld td;
-
-   ENTRY;
-
-   BSON_ASSERT (cluster);
-   BSON_ASSERT (stream);
-
-   if (!(auth_source = mongoc_uri_get_auth_source (cluster->uri)) || (*auth_source == '\0')) {
-      auth_source = "admin";
-   }
-
-   /*
-    * To authenticate a node using basic authentication, we need to first
-    * get the nonce from the server. We use that to hash our password which
-    * is sent as a reply to the server. If everything went good we get a
-    * success notification back from the server.
-    */
-
-   /*
-    * Execute the getnonce command to fetch the nonce used for generating
-    * md5 digest of our password information.
-    */
-   bson_init (&command);
-   bson_append_int32 (&command, "getnonce", 8, 1);
-   mongoc_cmd_parts_init (&parts, cluster->client, auth_source, MONGOC_QUERY_SECONDARY_OK, &command);
-   parts.prohibit_lsid = true;
-
-   td = mc_tpld_take_ref (cluster->client->topology);
-   server_stream = _mongoc_cluster_create_server_stream (td.ptr, sd, stream);
-   mc_tpld_drop_ref (&td);
-
-   if (!mongoc_cluster_run_command_parts (cluster, server_stream, &parts, &reply, error)) {
-      mongoc_server_stream_cleanup (server_stream);
-      bson_destroy (&command);
-      bson_destroy (&reply);
-      RETURN (false);
-   }
-   bson_destroy (&command);
-   if (!bson_iter_init_find_case (&iter, &reply, "nonce")) {
-      bson_set_error (error, MONGOC_ERROR_CLIENT, MONGOC_ERROR_CLIENT_GETNONCE, "Invalid reply from getnonce");
-      bson_destroy (&reply);
-      RETURN (false);
-   }
-
-   /*
-    * Build our command to perform the authentication.
-    */
-   nonce = bson_iter_dup_utf8 (&iter, NULL);
-   digest = _mongoc_cluster_build_basic_auth_digest (cluster, nonce);
-   bson_init (&command);
-   bson_append_int32 (&command, "authenticate", 12, 1);
-   bson_append_utf8 (&command, "user", 4, mongoc_uri_get_username (cluster->uri), -1);
-   bson_append_utf8 (&command, "nonce", 5, nonce, -1);
-   bson_append_utf8 (&command, "key", 3, digest, -1);
-   bson_destroy (&reply);
-   bson_free (nonce);
-   bson_free (digest);
-
-   /*
-    * Execute the authenticate command. mongoc_cluster_run_command_private
-    * checks for {ok: 1} in the response.
-    */
-   mongoc_cmd_parts_init (&parts, cluster->client, auth_source, MONGOC_QUERY_SECONDARY_OK, &command);
-   parts.prohibit_lsid = true;
-   ret = mongoc_cluster_run_command_parts (cluster, server_stream, &parts, &reply, error);
-
-   if (!ret) {
-      /* error->message is already set */
-      error->domain = MONGOC_ERROR_CLIENT;
-      error->code = MONGOC_ERROR_CLIENT_AUTHENTICATE;
-   }
-
-   mongoc_server_stream_cleanup (server_stream);
-   bson_destroy (&command);
-   bson_destroy (&reply);
-
-   RETURN (ret);
-}
-
-
 /*
  *--------------------------------------------------------------------------
  *
@@ -1779,9 +1606,7 @@ _mongoc_cluster_auth_node (mongoc_cluster_t *cluster,
       }
    }
 
-   if (0 == strcasecmp (mechanism, "MONGODB-CR")) {
-      ret = _mongoc_cluster_auth_node_cr (cluster, stream, sd, error);
-   } else if (0 == strcasecmp (mechanism, "MONGODB-X509")) {
+   if (0 == strcasecmp (mechanism, "MONGODB-X509")) {
       ret = _mongoc_cluster_auth_node_x509 (cluster, stream, sd, error);
    } else if (0 == strcasecmp (mechanism, "SCRAM-SHA-1")) {
       ret = _mongoc_cluster_auth_node_scram_sha_1 (cluster, stream, sd, error);

@@ -1961,7 +1961,7 @@ mongoc_uri_get_auth_source (const mongoc_uri_t *uri)
    /* Auth spec:
     * "For GSSAPI and MONGODB-X509 authMechanisms the authSource defaults to
     * $external. For PLAIN the authSource defaults to the database name if
-    * supplied on the connection string or $external. For MONGODB-CR,
+    * supplied on the connection string or $external. For
     * SCRAM-SHA-1 and SCRAM-SHA-256 authMechanisms, the authSource defaults to
     * the database name if supplied on the connection string or admin."
     */

@@ -1986,7 +1986,16 @@ test_should_be_skipped (const test_skip_t *skips, const char *description)
 {
    if (skips) {
       for (const test_skip_t *iter = skips; iter->description != NULL; iter++) {
-         if (0 == strcmp (description, iter->description)) {
+         if (iter->check_substring) {
+            if (NULL != strstr (description, iter->description)) {
+               fprintf (stderr,
+                        "  - %s SKIPPED (contains '%s'), due to reason: %s\n",
+                        description,
+                        iter->description,
+                        iter->reason);
+               return true;
+            }
+         } else if (0 == strcmp (description, iter->description)) {
             fprintf (stderr, "  - %s SKIPPED, due to reason: %s\n", description, iter->reason);
             return true;
          }

@@ -32,6 +32,7 @@ typedef void (*test_hook) (void *test);
 
 typedef struct {
    const char *description;
+   bool check_substring; // If true, check that `description` matches a substring of the test description.
    const char *reason;
 } test_skip_t;