Status doSaslStart(const Client* client, SaslAuthenticationSession* session, const std::string& db, const BSONObj& cmdObj, BSONObjBuilder* result) { bool autoAuthorize = false; Status status = bsonExtractBooleanFieldWithDefault( cmdObj, saslCommandAutoAuthorizeFieldName, autoAuthorizeDefault, &autoAuthorize); if (!status.isOK()) return status; std::string mechanism; status = extractMechanism(cmdObj, &mechanism); if (!status.isOK()) return status; if (!sequenceContains(saslGlobalParams.authenticationMechanisms, mechanism) && mechanism != "SCRAM-SHA-1") { // Always allow SCRAM-SHA-1 to pass to the first sasl step since we need to // handle internal user authentication, SERVER-16534 result->append(saslCommandMechanismListFieldName, saslGlobalParams.authenticationMechanisms); return Status(ErrorCodes::BadValue, mongoutils::str::stream() << "Unsupported mechanism " << mechanism); } status = session->start( db, mechanism, saslGlobalParams.serviceName, saslGlobalParams.hostName, 1, autoAuthorize); if (!status.isOK()) return status; return doSaslStep(client, session, cmdObj, result); }
Status doSaslContinue(SaslAuthenticationSession* session, const BSONObj& cmdObj, BSONObjBuilder* result) { int64_t conversationId = 0; Status status = extractConversationId(cmdObj, &conversationId); if (!status.isOK()) return status; if (conversationId != session->getConversationId()) return Status(ErrorCodes::ProtocolError, "sasl: Mismatched conversation id"); return doSaslStep(session, cmdObj, result); }
Status doSaslStart(SaslAuthenticationSession* session, const std::string& db, const BSONObj& cmdObj, BSONObjBuilder* result) { bool autoAuthorize = false; Status status = bsonExtractBooleanFieldWithDefault(cmdObj, saslCommandAutoAuthorizeFieldName, autoAuthorizeDefault, &autoAuthorize); if (!status.isOK()) return status; std::string mechanism; status = extractMechanism(cmdObj, &mechanism); if (!status.isOK()) return status; if (!sequenceContains(saslGlobalParams.authenticationMechanisms, mechanism)) { result->append(saslCommandMechanismListFieldName, saslGlobalParams.authenticationMechanisms); return Status(ErrorCodes::BadValue, mongoutils::str::stream() << "Unsupported mechanism " << mechanism); } status = session->start(db, mechanism, saslGlobalParams.serviceName, saslGlobalParams.hostName, 1, autoAuthorize); if (!status.isOK()) return status; return doSaslStep(session, cmdObj, result); }