bool CmdSaslStart::run(OperationContext* txn,
const std::string& db,
BSONObj& cmdObj,
int options,
std::string& ignored,
BSONObjBuilder& result) {
Client* client = Client::getCurrent();
AuthenticationSession::set(client, std::unique_ptr<AuthenticationSession>());
std::string mechanism;
if (!extractMechanism(cmdObj, &mechanism).isOK()) {
return false;
}
SaslAuthenticationSession* session =
SaslAuthenticationSession::create(AuthorizationSession::get(client), db, mechanism);
std::unique_ptr<AuthenticationSession> sessionGuard(session);
session->setOpCtxt(txn);
Status status = doSaslStart(client, session, db, cmdObj, &result);
appendCommandStatus(result, status);
if (session->isDone()) {
audit::logAuthentication(client,
session->getMechanism(),
UserName(session->getPrincipalId(), db),
status.code());
} else {
AuthenticationSession::swap(client, sessionGuard);
}
return status.isOK();
}
bool CmdSaslStart::run(OperationContext* txn,
const std::string& db,
BSONObj& cmdObj,
int options,
std::string& ignored,
BSONObjBuilder& result,
bool fromRepl) {
ClientBasic* client = ClientBasic::getCurrent();
client->resetAuthenticationSession(NULL);
SaslAuthenticationSession* session =
SaslAuthenticationSession::create(client->getAuthorizationSession());
boost::scoped_ptr<AuthenticationSession> sessionGuard(session);
session->setOpCtxt(txn);
Status status = doSaslStart(session, db, cmdObj, &result);
addStatus(status, &result);
if (session->isDone()) {
audit::logAuthentication(
client,
session->getMechanism(),
UserName(session->getPrincipalId(), db),
status.code());
}
else {
client->swapAuthenticationSession(sessionGuard);
}
return status.isOK();
}
bool CmdSaslContinue::run(OperationContext* txn,
const std::string& db,
BSONObj& cmdObj,
int options,
std::string& ignored,
BSONObjBuilder& result,
bool fromRepl) {
ClientBasic* client = ClientBasic::getCurrent();
boost::scoped_ptr<AuthenticationSession> sessionGuard(NULL);
client->swapAuthenticationSession(sessionGuard);
if (!sessionGuard || sessionGuard->getType() != AuthenticationSession::SESSION_TYPE_SASL) {
addStatus(Status(ErrorCodes::ProtocolError, "No SASL session state found"), &result);
return false;
}
SaslAuthenticationSession* session =
static_cast<SaslAuthenticationSession*>(sessionGuard.get());
// Authenticating the __system@local user to the admin database on mongos is required
// by the auth passthrough test suite.
if (session->getAuthenticationDatabase() != db && !Command::testCommandsEnabled) {
addStatus(Status(ErrorCodes::ProtocolError,
"Attempt to switch database target during SASL authentication."),
&result);
return false;
}
session->setOpCtxt(txn);
Status status = doSaslContinue(session, cmdObj, &result);
addStatus(status, &result);
if (session->isDone()) {
audit::logAuthentication(
client,
session->getMechanism(),
UserName(session->getPrincipalId(), db),
status.code());
}
else {
client->swapAuthenticationSession(sessionGuard);
}
return status.isOK();
}
bool CmdSaslContinue::run(OperationContext* opCtx,
const std::string& db,
const BSONObj& cmdObj,
BSONObjBuilder& result) {
Client* client = Client::getCurrent();
std::unique_ptr<AuthenticationSession> sessionGuard;
AuthenticationSession::swap(client, sessionGuard);
if (!sessionGuard || sessionGuard->getType() != AuthenticationSession::SESSION_TYPE_SASL) {
return appendCommandStatus(
result, Status(ErrorCodes::ProtocolError, "No SASL session state found"));
}
SaslAuthenticationSession* session =
static_cast<SaslAuthenticationSession*>(sessionGuard.get());
// Authenticating the __system@local user to the admin database on mongos is required
// by the auth passthrough test suite.
if (session->getAuthenticationDatabase() != db && !Command::testCommandsEnabled) {
return appendCommandStatus(
result,
Status(ErrorCodes::ProtocolError,
"Attempt to switch database target during SASL authentication."));
}
session->setOpCtxt(opCtx);
Status status = doSaslContinue(client, session, cmdObj, &result);
appendCommandStatus(result, status);
if (session->isDone()) {
audit::logAuthentication(client,
session->getMechanism(),
UserName(session->getPrincipalId(), db),
status.code());
} else {
AuthenticationSession::swap(client, sessionGuard);
}
return status.isOK();
}
