bool CmdSaslStart::run(OperationContext* txn, const std::string& db, BSONObj& cmdObj, int options, std::string& ignored, BSONObjBuilder& result) { Client* client = Client::getCurrent(); AuthenticationSession::set(client, std::unique_ptr<AuthenticationSession>()); std::string mechanism; if (!extractMechanism(cmdObj, &mechanism).isOK()) { return false; } SaslAuthenticationSession* session = SaslAuthenticationSession::create(AuthorizationSession::get(client), db, mechanism); std::unique_ptr<AuthenticationSession> sessionGuard(session); session->setOpCtxt(txn); Status status = doSaslStart(client, session, db, cmdObj, &result); appendCommandStatus(result, status); if (session->isDone()) { audit::logAuthentication(client, session->getMechanism(), UserName(session->getPrincipalId(), db), status.code()); } else { AuthenticationSession::swap(client, sessionGuard); } return status.isOK(); }
Status doSaslStart(const Client* client, SaslAuthenticationSession* session, const std::string& db, const BSONObj& cmdObj, BSONObjBuilder* result) { bool autoAuthorize = false; Status status = bsonExtractBooleanFieldWithDefault( cmdObj, saslCommandAutoAuthorizeFieldName, autoAuthorizeDefault, &autoAuthorize); if (!status.isOK()) return status; std::string mechanism; status = extractMechanism(cmdObj, &mechanism); if (!status.isOK()) return status; if (!sequenceContains(saslGlobalParams.authenticationMechanisms, mechanism) && mechanism != "SCRAM-SHA-1") { // Always allow SCRAM-SHA-1 to pass to the first sasl step since we need to // handle internal user authentication, SERVER-16534 result->append(saslCommandMechanismListFieldName, saslGlobalParams.authenticationMechanisms); return Status(ErrorCodes::BadValue, mongoutils::str::stream() << "Unsupported mechanism " << mechanism); } status = session->start( db, mechanism, saslGlobalParams.serviceName, saslGlobalParams.hostName, 1, autoAuthorize); if (!status.isOK()) return status; return doSaslStep(client, session, cmdObj, result); }
bool CmdSaslStart::run(OperationContext* txn, const std::string& db, BSONObj& cmdObj, int options, std::string& ignored, BSONObjBuilder& result, bool fromRepl) { ClientBasic* client = ClientBasic::getCurrent(); client->resetAuthenticationSession(NULL); std::string mechanism; if (!extractMechanism(cmdObj, &mechanism).isOK()) { return false; } SaslAuthenticationSession* session = SaslAuthenticationSession::create(client->getAuthorizationSession(), mechanism); boost::scoped_ptr<AuthenticationSession> sessionGuard(session); session->setOpCtxt(txn); Status status = doSaslStart(session, db, cmdObj, &result); addStatus(status, &result); if (session->isDone()) { audit::logAuthentication( client, session->getMechanism(), UserName(session->getPrincipalId(), db), status.code()); } else { client->swapAuthenticationSession(sessionGuard); } return status.isOK(); }
Status doSaslStart(SaslAuthenticationSession* session, const std::string& db, const BSONObj& cmdObj, BSONObjBuilder* result) { bool autoAuthorize = false; Status status = bsonExtractBooleanFieldWithDefault(cmdObj, saslCommandAutoAuthorizeFieldName, autoAuthorizeDefault, &autoAuthorize); if (!status.isOK()) return status; std::string mechanism; status = extractMechanism(cmdObj, &mechanism); if (!status.isOK()) return status; if (!sequenceContains(saslGlobalParams.authenticationMechanisms, mechanism)) { result->append(saslCommandMechanismListFieldName, saslGlobalParams.authenticationMechanisms); return Status(ErrorCodes::BadValue, mongoutils::str::stream() << "Unsupported mechanism " << mechanism); } status = session->start(db, mechanism, saslGlobalParams.serviceName, saslGlobalParams.hostName, 1, autoAuthorize); if (!status.isOK()) return status; return doSaslStep(session, cmdObj, result); }