SERVER-38983 Differentiate UserNotFound from AuthenticationFailure in audit log

(cherry picked from commit ddb5d16aa7a5854d326bff0b6d094b33f1b662b5)
author: Sara Golemon <sara.golemon@mongodb.com> 2019-01-14 16:23:59 +0000
committer: Sara Golemon <sara.golemon@mongodb.com> 2019-01-14 22:48:00 +0000
commit: 72dfba52dab035df80e5e3f06db39c66e1656814 (patch)
tree: 20a3166f1d865ee472d6f288712aee38de23eb8d
parent: 6de0d9f57ad300123b9995846fde17888eadcf18 (diff)
download: mongo-72dfba52dab035df80e5e3f06db39c66e1656814.tar.gz
1 files changed, 12 insertions, 12 deletions
diff --git a/src/mongo/db/auth/sasl_commands.cpp b/src/mongo/db/auth/sasl_commands.cpp
index 7de2e747732..3006be506a7 100644
--- a/src/mongo/db/auth/sasl_commands.cpp
+++ b/src/mongo/db/auth/sasl_commands.cpp
@@ -214,7 +214,8 @@ Status doSaslStep(OperationContext* opCtx,
 StatusWith<std::unique_ptr<AuthenticationSession>> doSaslStart(OperationContext* opCtx,
                                                                const std::string& db,
                                                                const BSONObj& cmdObj,
-                                                               BSONObjBuilder* result) {
+                                                               BSONObjBuilder* result,
+                                                               std::string* principalName) {
     bool autoAuthorize = false;
     Status status = bsonExtractBooleanFieldWithDefault(
         cmdObj, saslCommandAutoAuthorizeFieldName, autoAuthorizeDefault, &autoAuthorize);
@@ -236,6 +237,7 @@ StatusWith<std::unique_ptr<AuthenticationSession>> doSaslStart(OperationContext*
 
     auto session = std::make_unique<AuthenticationSession>(std::move(swMech.getValue()));
     Status statusStep = doSaslStep(opCtx, session.get(), cmdObj, result);
+    *principalName = session->getMechanism().getPrincipalName().toString();
     if (!statusStep.isOK()) {
         return statusStep;
     }
@@ -283,21 +285,19 @@ bool CmdSaslStart::run(OperationContext* opCtx,
         return false;
     }
 
-    StatusWith<std::unique_ptr<AuthenticationSession>> swSession =
-        doSaslStart(opCtx, db, cmdObj, &result);
-    uassertStatusOK(swSession.getStatus());
-    auto session = std::move(swSession.getValue());
+    std::string principalName;
+    auto swSession = doSaslStart(opCtx, db, cmdObj, &result, &principalName);
 
-    auto& mechanism = session->getMechanism();
-    if (mechanism.isSuccess() || !swSession.isOK()) {
-        audit::logAuthentication(client,
-                                 mechanismName,
-                                 UserName(mechanism.getPrincipalName(), db),
-                                 swSession.getStatus().code());
+    if (!swSession.isOK() || swSession.getValue()->getMechanism().isSuccess()) {
+        audit::logAuthentication(
+            client, mechanismName, UserName(principalName, db), swSession.getStatus().code());
+        uassertStatusOK(swSession.getStatus());
     } else {
+        auto session = std::move(swSession.getValue());
         AuthenticationSession::swap(client, session);
     }
-    return swSession.isOK();
+
+    return true;
 }
 
 CmdSaslContinue::CmdSaslContinue() : BasicCommand(saslContinueCommandName) {}
author	Sara Golemon <sara.golemon@mongodb.com>	2019-01-14 16:23:59 +0000
committer	Sara Golemon <sara.golemon@mongodb.com>	2019-01-14 22:48:00 +0000
commit	72dfba52dab035df80e5e3f06db39c66e1656814 (patch)
tree	20a3166f1d865ee472d6f288712aee38de23eb8d
parent	6de0d9f57ad300123b9995846fde17888eadcf18 (diff)
download	mongo-72dfba52dab035df80e5e3f06db39c66e1656814.tar.gz