void CmdAuthenticate::authenticate(const string& dbname, const string& user, const bool readOnly) {
AuthenticationInfo *ai = ClientInfo::get()->getAuthenticationInfo();
if ( readOnly ) {
ai->authorizeReadOnly( dbname , user );
}
else {
ai->authorize( dbname , user );
}
}
void CmdAuthenticate::authenticate(const string& dbname, const string& user, const bool readOnly) {
ClientBasic* c = ClientBasic::getCurrent();
assert(c);
AuthenticationInfo *ai = c->getAuthenticationInfo();
if ( readOnly ) {
ai->authorizeReadOnly( dbname , user );
}
else {
ai->authorize( dbname , user );
}
}
bool run(const char *ns, BSONObj& cmdObj, string& errmsg, BSONObjBuilder& result, bool fromRepl) {
log(1) << " authenticate: " << cmdObj << endl;
string user = cmdObj.getStringField("user");
string key = cmdObj.getStringField("key");
string received_nonce = cmdObj.getStringField("nonce");
if( user.empty() || key.empty() || received_nonce.empty() ) {
log() << "field missing/wrong type in received authenticate command "
<< cc().database()->name
<< endl;
errmsg = "auth fails";
sleepmillis(10);
return false;
}
stringstream digestBuilder;
{
bool reject = false;
nonce *ln = lastNonce.release();
if ( ln == 0 ) {
reject = true;
} else {
digestBuilder << hex << *ln;
reject = digestBuilder.str() != received_nonce;
}
if ( reject ) {
log() << "auth: bad nonce received or getnonce not called. could be a driver bug or a security attack. db:" << cc().database()->name << endl;
errmsg = "auth fails";
sleepmillis(30);
return false;
}
}
static BSONObj userPattern = fromjson("{\"user\":1}");
string systemUsers = cc().database()->name + ".system.users";
OCCASIONALLY Helpers::ensureIndex(systemUsers.c_str(), userPattern, false, "user_1");
BSONObj userObj;
{
BSONObjBuilder b;
b << "user" << user;
BSONObj query = b.done();
if( !Helpers::findOne(systemUsers.c_str(), query, userObj) ) {
log() << "auth: couldn't find user " << user << ", " << systemUsers << endl;
errmsg = "auth fails";
return false;
}
}
md5digest d;
{
string pwd = userObj.getStringField("pwd");
digestBuilder << user << pwd;
string done = digestBuilder.str();
md5_state_t st;
md5_init(&st);
md5_append(&st, (const md5_byte_t *) done.c_str(), done.size());
md5_finish(&st, d);
}
string computed = digestToString( d );
if ( key != computed ){
log() << "auth: key mismatch " << user << ", ns:" << ns << endl;
errmsg = "auth fails";
return false;
}
AuthenticationInfo *ai = cc().getAuthenticationInfo();
if ( userObj[ "readOnly" ].isBoolean() && userObj[ "readOnly" ].boolean() ) {
if ( readLockSupported() ){
ai->authorizeReadOnly( cc().database()->name.c_str() );
}
else {
log() << "warning: old version of boost, read-only users not supported" << endl;
ai->authorize( cc().database()->name.c_str() );
}
} else {
ai->authorize( cc().database()->name.c_str() );
}
return true;
}
