diff options
| author | Sara Golemon <sara.golemon@mongodb.com> | 2019-10-24 18:22:46 +0000 |
|---|---|---|
| committer | evergreen <evergreen@mongodb.com> | 2019-10-24 18:22:46 +0000 |
| commit | ce00713876aa3388a2abcebda00672632a0c5ff5 (patch) | |
| tree | 4efea15ebfa8787dd0ea9eaf5e84f3319d051afd | |
| parent | 55e80afa2d511b9bd1a316d3fd4cb6185baa829b (diff) | |
| download | mongo-ce00713876aa3388a2abcebda00672632a0c5ff5.tar.gz | |
SERVER-43853 Clarify SCRAM authentication error messages
| -rw-r--r-- | src/mongo/db/auth/sasl_scram_server_conversation.cpp | 12 | ||||
| -rw-r--r-- | src/mongo/db/auth/user.h | 4 |
2 files changed, 12 insertions, 4 deletions
diff --git a/src/mongo/db/auth/sasl_scram_server_conversation.cpp b/src/mongo/db/auth/sasl_scram_server_conversation.cpp index 897d502533a..13024377310 100644 --- a/src/mongo/db/auth/sasl_scram_server_conversation.cpp +++ b/src/mongo/db/auth/sasl_scram_server_conversation.cpp @@ -53,7 +53,6 @@ namespace mongo { - template <typename Policy> StatusWith<std::tuple<bool, std::string>> SaslSCRAMServerMechanism<Policy>::stepImpl( OperationContext* opCtx, StringData inputData) { @@ -210,10 +209,15 @@ StatusWith<std::tuple<bool, std::string>> SaslSCRAMServerMechanism<Policy>::_fir return Status(ErrorCodes::AuthenticationFailed, "It is not possible to authenticate as the __system user " "on servers started without a --keyFile parameter"); + } else if (scramCredentials.empty()) { + return {ErrorCodes::AuthenticationFailed, + str::stream() << "Unable to use " << Policy::getName() + << " based authentication for user without any " + << Policy::getName() << " credentials registered"}; } else { - return Status(ErrorCodes::AuthenticationFailed, - "Unable to perform SCRAM authentication for a user with missing " - "or invalid SCRAM credentials"); + return {ErrorCodes::AuthenticationFailed, + str::stream() << "Unable to validate " << Policy::getName() + << " authentication due to corrupted stored credentials"}; } } diff --git a/src/mongo/db/auth/user.h b/src/mongo/db/auth/user.h index 9ed29c72409..f38f90bd084 100644 --- a/src/mongo/db/auth/user.h +++ b/src/mongo/db/auth/user.h @@ -82,6 +82,10 @@ public: base64::validate(serverKey) && (storedKey.size() == kEncodedHashLength) && base64::validate(storedKey); } + + bool empty() const { + return !iterationCount && salt.empty() && serverKey.empty() && storedKey.empty(); + } }; struct CredentialData { CredentialData() : scram_sha1(), scram_sha256(), isExternal(false) {} |