This repository has been archived by the owner. It is now read-only.
Permalink
Browse files

mongo-sync: Drop OpenSSL dependency, use glib's checksums instead.

Instead of using OpenSSL's MD5 functions, use glib's GChecksum
capabilities instead.  This effectively halves the library's
dependencies, and authentication becomes a built-in functionality,
always, instead of being optional.
  • Loading branch information...
1 parent 372c74c commit e2e953857a09260407525ee831acfe78b7c1097a @algernon committed Jun 28, 2011
View
5 NEWS
@@ -20,6 +20,11 @@ Combining the powers of bson_find() and bson_cursor_find_next(), this
new function can find a key anywhere in a BSON object, yet, maintains
the ability to continue a previous scan.
+** Removed dependency on OpenSSL
+Instead of using OpenSSL's MD5 functions, use the checksum
+capabilities of glib 2.16 and newer. This halves the dependencies of
+the library!
+
* 0.1.1 - <2011-06-16 Thu>
** Cursor-based query iterator API
View
@@ -36,9 +36,8 @@ Requirements
------------
Apart from `glib`_, there are no other hard dependencies. Though, one
-will need `OpenSSL`_ for authentication support, and `Perl`_ (with a
-suitable version of Test::Harness, along with the prove utility) to
-run the test suite.
+`Perl`_ (with a suitable version of Test::Harness, along with the
+prove utility) to run the test suite.
To build the documentation, `Doxygen`_ will be needed too.
@@ -63,6 +62,5 @@ LICENSE).
.. _MongoDB: http://www.mongodb.org/
.. _glib: http://developer.gnome.org/glib/
-.. _OpenSSL: http://www.openssl.org/
.. _Perl: http://www.perl.org/
.. _Doxygen: http://www.stack.nl/~dimitri/doxygen/
View
@@ -12,8 +12,7 @@ VERSION="0.1.1"
dnl ***************************************************************************
dnl dependencies
-GLIB_MIN_VERSION="2.12.0"
-OPENSSL_MIN_VERSION="0.9.8"
+GLIB_MIN_VERSION="2.16.0"
dnl ***************************************************************************
dnl Initial setup
@@ -22,9 +21,6 @@ AM_INIT_AUTOMAKE($PACKAGE, $VERSION, no-define)
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
AM_CONFIG_HEADER(config.h)
-AC_ARG_ENABLE(ssl,
- [ --enable-ssl Enable OpenSSL support (for authentication).],,enable_ssl="auto")
-
AC_ARG_WITH([versioned-symbols], AC_HELP_STRING([--with-versioned-symbols],[Use versioned symbols]),[dnl
vsymldflags="-Wl,--version-script,\${srcdir}/libmongo-client.ver -Wl,-O1"
],[vsymldflags=])
@@ -111,26 +107,6 @@ if test "x$blb_cv_glib_sane" = "xno"; then
AC_MSG_ERROR([Glib headers inconsistent with current compiler setting. You might be using 32 bit Glib with a 64 bit compiler, check PKG_CONFIG_PATH])
fi
-dnl ***************************************************************************
-dnl OpenSSL headers/libraries
-dnl ***************************************************************************
-
-# openssl is needed for:
-# * authentication support
-
-if test "x$enable_ssl" = "xauto" || test "x$enable_ssl" = "xyes"; then
- PKG_CHECK_MODULES(OPENSSL, openssl >= $OPENSSL_MIN_VERSION,, OPENSSL_LIBS="")
-
- if test "x$OPENSSL_LIBS" != "x"; then
- if test "x$enable_ssl" = "xauto"; then
- enable_ssl="yes"
- fi
- fi
- if test "x$OPENSSL_LIBS" = "x" && test "x$enable_ssl" = "xyes"; then
- AC_ERROR([OpenSSL not found!])
- fi
-fi
-
dnl ***************************************************************************
dnl misc features to be enabled
dnl ***************************************************************************
@@ -148,18 +124,6 @@ fi
AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [package name])
AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [version number])
-if test "x$enable_ssl" = "xyes"; then
- d_enable_auth=1
- openssl_pc="openssl"
-else
- openssl_pc=""
- d_enable_auth=0
-fi
-
-AC_DEFINE_UNQUOTED(ENABLE_AUTH, $d_enable_auth, [OpenSSL was detected, compiling with auth support])
-
-AC_SUBST(openssl_pc)
-
AC_OUTPUT(
Doxyfile
Makefile
View
@@ -3,8 +3,8 @@ LMC_REVISION = 0
LMC_AGE = 1
lib_LTLIBRARIES = libmongo-client.la
-libmongo_client_la_LIBADD = @GLIB_LIBS@ @OPENSSL_LIBS@
-libmongo_client_la_CFLAGS = @GLIB_CFLAGS@ @OPENSSL_CFLAGS@
+libmongo_client_la_LIBADD = @GLIB_LIBS@
+libmongo_client_la_CFLAGS = @GLIB_CFLAGS@
libmongo_client_la_LDFLAGS = -version-info ${LMC_CURRENT}:${LMC_REVISION}:${LMC_AGE} @vsymldflags@
libmongo_client_la_SOURCES = \
@@ -7,6 +7,6 @@ Name: libmongo-client
Version: @VERSION@
Description: MongoDB client library
URL: https://github.com/algernon/libmongo-client
-Requires.private: glib-2.0 @openssl_pc@
+Requires.private: glib-2.0
Libs: -L${libdir} -lmongo-client
Cflags: -I${includedir}/mongo-client
View
@@ -27,10 +27,6 @@
#include <string.h>
#include <unistd.h>
-#if ENABLE_AUTH
-#include <openssl/md5.h>
-#endif
-
mongo_sync_connection *
mongo_sync_connect (const gchar *host, gint port,
gboolean slaveok)
@@ -1279,36 +1275,20 @@ mongo_sync_cmd_ping (mongo_sync_connection *conn)
return TRUE;
}
-#if ENABLE_AUTH
-static void
-digest2hex (guint8 digest[16], guint8 hex_digest[33])
+static gchar *
+_pass_digest (const gchar *user, const gchar *pw)
{
- static const char hex[16] =
- {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
- 'a', 'b', 'c', 'd', 'e', 'f'};
- int i;
+ GChecksum *chk;
+ gchar *digest;
- for (i = 0; i < 16; i++)
- {
- hex_digest[2 * i] = hex[(digest[i] & 0xf0) >> 4];
- hex_digest[2 * i + 1] = hex[digest[i] & 0x0f];
- }
- hex_digest[32] = '\0';
-}
+ chk = g_checksum_new (G_CHECKSUM_MD5);
+ g_checksum_update (chk, (const guchar *)user, -1);
+ g_checksum_update (chk, (const guchar *)":mongo:", 7);
+ g_checksum_update (chk, (const guchar *)pw, -1);
+ digest = g_strdup (g_checksum_get_string (chk));
+ g_checksum_free (chk);
-static void
-_pass_digest (const gchar *user, const gchar *pw,
- guint8 hex_digest[33])
-{
- MD5_CTX mc;
- guint8 digest[16];
-
- MD5_Init (&mc);
- MD5_Update (&mc, (const void *)user, strlen (user));
- MD5_Update (&mc, (const void *)":mongo:", 7);
- MD5_Update (&mc, (const void *)pw, strlen (pw));
- MD5_Final (digest, &mc);
- digest2hex (digest, hex_digest);
+ return digest;
}
gboolean
@@ -1319,7 +1299,7 @@ mongo_sync_cmd_user_add (mongo_sync_connection *conn,
{
bson *s, *u;
gchar *userns;
- guint8 hex_digest[33];
+ gchar *hex_digest;
if (!db || !user || !pw)
{
@@ -1329,7 +1309,7 @@ mongo_sync_cmd_user_add (mongo_sync_connection *conn,
userns = g_strconcat (db, ".system.users", NULL);
- _pass_digest (user, pw, hex_digest);
+ hex_digest = _pass_digest (user, pw);
s = bson_build (BSON_TYPE_STRING, "user", user, -1,
BSON_TYPE_NONE);
@@ -1339,6 +1319,7 @@ mongo_sync_cmd_user_add (mongo_sync_connection *conn,
BSON_TYPE_NONE),
BSON_TYPE_NONE);
bson_finish (u);
+ g_free (hex_digest);
if (!mongo_sync_cmd_update (conn, userns, MONGO_WIRE_FLAG_UPDATE_UPSERT,
s, u))
@@ -1405,9 +1386,9 @@ mongo_sync_cmd_authenticate (mongo_sync_connection *conn,
gchar *nonce;
bson_cursor *c;
- MD5_CTX mc;
- guint8 digest[16];
- guint8 hex_digest[33];
+ GChecksum *chk;
+ gchar *hex_digest;
+ const gchar *digest;
if (!db || !user || !pw)
{
@@ -1460,24 +1441,26 @@ mongo_sync_cmd_authenticate (mongo_sync_connection *conn,
bson_free (b);
/* Generate the password digest. */
- _pass_digest (user, pw, hex_digest);
+ hex_digest = _pass_digest (user, pw);
/* Generate the key */
- MD5_Init (&mc);
- MD5_Update (&mc, (const void *)nonce, strlen (nonce));
- MD5_Update (&mc, (const void *)user, strlen (user));
- MD5_Update (&mc, (const void *)hex_digest, 32);
- MD5_Final (digest, &mc);
- digest2hex (digest, hex_digest);
+ chk = g_checksum_new (G_CHECKSUM_MD5);
+ g_checksum_update (chk, (const guchar *)nonce, -1);
+ g_checksum_update (chk, (const guchar *)user, -1);
+ g_checksum_update (chk, (const guchar *)hex_digest, -1);
+ g_free (hex_digest);
+
+ digest = g_checksum_get_string (chk);
/* Run the authenticate command. */
b = bson_build (BSON_TYPE_INT32, "authenticate", 1,
BSON_TYPE_STRING, "user", user, -1,
BSON_TYPE_STRING, "nonce", nonce, -1,
- BSON_TYPE_STRING, "key", hex_digest, -1,
+ BSON_TYPE_STRING, "key", digest, -1,
BSON_TYPE_NONE);
bson_finish (b);
g_free (nonce);
+ g_checksum_free (chk);
p = mongo_sync_cmd_custom (conn, db, b);
if (!p)
@@ -1493,36 +1476,6 @@ mongo_sync_cmd_authenticate (mongo_sync_connection *conn,
return TRUE;
}
-#else
-gboolean
-mongo_sync_cmd_user_add (mongo_sync_connection *conn,
- const gchar *db,
- const gchar *user,
- const gchar *pw)
-{
- errno = ENOTSUP;
- return FALSE;
-}
-
-gboolean
-mongo_sync_cmd_user_remove (mongo_sync_connection *conn,
- const gchar *db,
- const gchar *user)
-{
- errno = ENOTSUP;
- return FALSE;
-}
-
-gboolean
-mongo_sync_cmd_authenticate (mongo_sync_connection *conn,
- const gchar *db,
- const gchar *user,
- const gchar *pw)
-{
- errno = ENOTSUP;
- return FALSE;
-}
-#endif
static GString *
_mongo_index_gen_name (const bson *key)
@@ -6,7 +6,6 @@
#include <sys/socket.h>
#include "libmongo-private.h"
-#if ENABLE_AUTH
void
test_mongo_sync_cmd_authenticate_net_secondary (void)
{
@@ -111,18 +110,3 @@ test_mongo_sync_cmd_authenticate (void)
}
RUN_TEST (17, mongo_sync_cmd_authenticate);
-#else
-void
-test_mongo_sync_cmd_authenticate (void)
-{
- errno = 0;
- if (mongo_sync_cmd_authenticate (NULL, NULL, NULL, NULL) != FALSE)
- fail ("mongo_sync_authenticate() with NULLs should fail");
- else
- ok (errno == ENOTSUP,
- "mongo_sync_authenticate() should fail with ENOTSUP "
- "when authentication is not compiled in");
-}
-
-RUN_TEST (1, mongo_sync_cmd_authenticate);
-#endif
@@ -6,7 +6,6 @@
#include <sys/socket.h>
#include "libmongo-private.h"
-#if ENABLE_AUTH
void
test_mongo_sync_cmd_user_add_net_secondary (void)
{
@@ -94,18 +93,3 @@ test_mongo_sync_cmd_user_add (void)
}
RUN_TEST (12, mongo_sync_cmd_user_add);
-#else
-void
-test_mongo_sync_cmd_user_add (void)
-{
- errno = 0;
- if (mongo_sync_cmd_user_add (NULL, NULL, NULL, NULL) != FALSE)
- fail ("mongo_sync_user_add() with NULLs should fail");
- else
- ok (errno == ENOTSUP,
- "mongo_sync_user_add() should fail with ENOTSUP when authentication "
- "is not compiled in");
-}
-
-RUN_TEST (1, mongo_sync_cmd_user_add);
-#endif
@@ -6,7 +6,6 @@
#include <sys/socket.h>
#include "libmongo-private.h"
-#if ENABLE_AUTH
void
test_mongo_sync_cmd_user_remove_net_secondary (void)
{
@@ -91,18 +90,3 @@ test_mongo_sync_cmd_user_remove (void)
}
RUN_TEST (10, mongo_sync_cmd_user_remove);
-#else
-void
-test_mongo_sync_cmd_user_remove (void)
-{
- errno = 0;
- if (mongo_sync_cmd_user_remove (NULL, NULL, NULL) != FALSE)
- fail ("mongo_sync_user_remove() with NULLs should fail");
- else
- ok (errno == ENOTSUP,
- "mongo_sync_user_remove() should fail with ENOTSUP when "
- "authentication is not compiled in");
-}
-
-RUN_TEST (1, mongo_sync_cmd_user_remove);
-#endif

0 comments on commit e2e9538

Please sign in to comment.