BSONObj Command::getRedactedCopyForLogging(const BSONObj& cmdObj) {
namespace mmb = mutablebson;
mmb::Document cmdToLog(cmdObj, mmb::Document::kInPlaceDisabled);
redactForLogging(&cmdToLog);
BSONObjBuilder bob;
cmdToLog.writeTo(&bob);
return bob.obj();
}
bool CmdAuthenticate::run(const string& dbname,
BSONObj& cmdObj,
int,
string& errmsg,
BSONObjBuilder& result,
bool fromRepl) {
mutablebson::Document cmdToLog(cmdObj, mutablebson::Document::kInPlaceDisabled);
redactForLogging(&cmdToLog);
log() << " authenticate db: " << dbname << " " << cmdToLog << endl;
UserName user(cmdObj.getStringField("user"), dbname);
if (Command::testCommandsEnabled &&
user.getDB() == "admin" &&
user.getUser() == internalSecurity.user->getName().getUser()) {
// Allows authenticating as the internal user against the admin database. This is to
// support the auth passthrough test framework on mongos (since you can't use the local
// database on a mongos, so you can't auth as the internal user without this).
user = internalSecurity.user->getName();
}
std::string mechanism = cmdObj.getStringField("mechanism");
if (mechanism.empty()) {
mechanism = "MONGODB-CR";
}
Status status = _authenticate(mechanism, user, cmdObj);
audit::logAuthentication(ClientBasic::getCurrent(),
mechanism,
user,
status.code());
if (!status.isOK()) {
log() << "Failed to authenticate " << user << " with mechanism " << mechanism << ": " <<
status;
if (status.code() == ErrorCodes::AuthenticationFailed) {
// Statuses with code AuthenticationFailed may contain messages we do not wish to
// reveal to the user, so we return a status with the message "auth failed".
appendCommandStatus(result,
Status(ErrorCodes::AuthenticationFailed, "auth failed"));
}
else {
appendCommandStatus(result, status);
}
return false;
}
result.append("dbname", user.getDB());
result.append("user", user.getUser());
return true;
}
bool CmdAuthenticate::run(const string& dbname,
BSONObj& cmdObj,
int,
string& errmsg,
BSONObjBuilder& result,
bool fromRepl) {
mutablebson::Document cmdToLog(cmdObj, mutablebson::Document::kInPlaceDisabled);
redactForLogging(&cmdToLog);
log() << " authenticate db: " << dbname << " " << cmdToLog << endl;
UserName user(cmdObj.getStringField("user"), dbname);
std::string mechanism = cmdObj.getStringField("mechanism");
if (mechanism.empty()) {
mechanism = "MONGODB-CR";
}
Status status = _authenticate(mechanism, user, cmdObj);
audit::logAuthentication(ClientBasic::getCurrent(),
mechanism,
user,
status.code());
if (!status.isOK()) {
log() << "Failed to authenticate " << user << " with mechanism " << mechanism << ": " <<
status;
if (status.code() == ErrorCodes::AuthenticationFailed) {
// Statuses with code AuthenticationFailed may contain messages we do not wish to
// reveal to the user, so we return a status with the message "auth failed".
appendCommandStatus(result,
Status(ErrorCodes::AuthenticationFailed, "auth failed"));
}
else {
appendCommandStatus(result, status);
}
return false;
}
result.append("dbname", user.getDB());
result.append("user", user.getUser());
return true;
}
