bool CmdSaslStart::run(OperationContext* txn,
const std::string& db,
BSONObj& cmdObj,
int options,
std::string& ignored,
BSONObjBuilder& result) {
Client* client = Client::getCurrent();
AuthenticationSession::set(client, std::unique_ptr<AuthenticationSession>());
std::string mechanism;
if (!extractMechanism(cmdObj, &mechanism).isOK()) {
return false;
}
SaslAuthenticationSession* session =
SaslAuthenticationSession::create(AuthorizationSession::get(client), db, mechanism);
std::unique_ptr<AuthenticationSession> sessionGuard(session);
session->setOpCtxt(txn);
Status status = doSaslStart(client, session, db, cmdObj, &result);
appendCommandStatus(result, status);
if (session->isDone()) {
audit::logAuthentication(client,
session->getMechanism(),
UserName(session->getPrincipalId(), db),
status.code());
} else {
AuthenticationSession::swap(client, sessionGuard);
}
return status.isOK();
}
Status doSaslStart(const Client* client,
SaslAuthenticationSession* session,
const std::string& db,
const BSONObj& cmdObj,
BSONObjBuilder* result) {
bool autoAuthorize = false;
Status status = bsonExtractBooleanFieldWithDefault(
cmdObj, saslCommandAutoAuthorizeFieldName, autoAuthorizeDefault, &autoAuthorize);
if (!status.isOK())
return status;
std::string mechanism;
status = extractMechanism(cmdObj, &mechanism);
if (!status.isOK())
return status;
if (!sequenceContains(saslGlobalParams.authenticationMechanisms, mechanism) &&
mechanism != "SCRAM-SHA-1") {
// Always allow SCRAM-SHA-1 to pass to the first sasl step since we need to
// handle internal user authentication, SERVER-16534
result->append(saslCommandMechanismListFieldName,
saslGlobalParams.authenticationMechanisms);
return Status(ErrorCodes::BadValue,
mongoutils::str::stream() << "Unsupported mechanism " << mechanism);
}
status = session->start(
db, mechanism, saslGlobalParams.serviceName, saslGlobalParams.hostName, 1, autoAuthorize);
if (!status.isOK())
return status;
return doSaslStep(client, session, cmdObj, result);
}
bool CmdSaslStart::run(OperationContext* txn,
const std::string& db,
BSONObj& cmdObj,
int options,
std::string& ignored,
BSONObjBuilder& result,
bool fromRepl) {
ClientBasic* client = ClientBasic::getCurrent();
client->resetAuthenticationSession(NULL);
std::string mechanism;
if (!extractMechanism(cmdObj, &mechanism).isOK()) {
return false;
}
SaslAuthenticationSession* session =
SaslAuthenticationSession::create(client->getAuthorizationSession(), mechanism);
boost::scoped_ptr<AuthenticationSession> sessionGuard(session);
session->setOpCtxt(txn);
Status status = doSaslStart(session, db, cmdObj, &result);
addStatus(status, &result);
if (session->isDone()) {
audit::logAuthentication(
client,
session->getMechanism(),
UserName(session->getPrincipalId(), db),
status.code());
}
else {
client->swapAuthenticationSession(sessionGuard);
}
return status.isOK();
}
Status doSaslStart(SaslAuthenticationSession* session,
const std::string& db,
const BSONObj& cmdObj,
BSONObjBuilder* result) {
bool autoAuthorize = false;
Status status = bsonExtractBooleanFieldWithDefault(cmdObj,
saslCommandAutoAuthorizeFieldName,
autoAuthorizeDefault,
&autoAuthorize);
if (!status.isOK())
return status;
std::string mechanism;
status = extractMechanism(cmdObj, &mechanism);
if (!status.isOK())
return status;
if (!sequenceContains(saslGlobalParams.authenticationMechanisms, mechanism)) {
result->append(saslCommandMechanismListFieldName,
saslGlobalParams.authenticationMechanisms);
return Status(ErrorCodes::BadValue,
mongoutils::str::stream() << "Unsupported mechanism " << mechanism);
}
status = session->start(db,
mechanism,
saslGlobalParams.serviceName,
saslGlobalParams.hostName,
1,
autoAuthorize);
if (!status.isOK())
return status;
return doSaslStep(session, cmdObj, result);
}
