SERVER-15177 Use native SCRAM-SHA-1 for enterprise client

4 files changed, 25 insertions, 5 deletions

diff --git a/src/mongo/client/cyrus_sasl_client_session.cpp b/src/mongo/client/cyrus_sasl_client_session.cpp
index 1c7d92c1924..98b9f25b988 100644
--- a/src/mongo/client/cyrus_sasl_client_session.cpp
+++ b/src/mongo/client/cyrus_sasl_client_session.cpp
@@ -30,6 +30,7 @@
 #include "mongo/client/cyrus_sasl_client_session.h"
 
 #include "mongo/base/init.h"
+#include "mongo/client/native_sasl_client_session.h"
 #include "mongo/util/allocator.h"
 #include "mongo/util/assert_util.h"
 #include "mongo/util/concurrency/mutex.h"
@@ -39,7 +40,10 @@
 namespace mongo {
 namespace {
 
-    SaslClientSession* createCyrusSaslClientSession() {
+    SaslClientSession* createCyrusSaslClientSession(const std::string& mech) {
+        if (mech == "SCRAM-SHA-1") {
+            return new NativeSaslClientSession();
+        }
         return new CyrusSaslClientSession();
     }
      
diff --git a/src/mongo/client/native_sasl_client_session.cpp b/src/mongo/client/native_sasl_client_session.cpp
index 57e33eb9639..bbdcef55f7c 100644
--- a/src/mongo/client/native_sasl_client_session.cpp
+++ b/src/mongo/client/native_sasl_client_session.cpp
@@ -38,7 +38,7 @@
 namespace mongo {
 namespace {
 
-    SaslClientSession* createNativeSaslClientSession() {
+    SaslClientSession* createNativeSaslClientSession(const std::string mech) {
         return new NativeSaslClientSession();
     }
      
@@ -80,6 +80,12 @@ namespace {
     }
 
     Status NativeSaslClientSession::step(const StringData& inputData, std::string* outputData) {
+        if (!_saslConversation) {
+            return Status(ErrorCodes::BadValue,
+                mongoutils::str::stream() << 
+                "The client authentication session has not been properly initialized");
+        }
+
         StatusWith<bool> status = _saslConversation->step(inputData, outputData);
         if (status.isOK()) {
             _done = status.getValue();
diff --git a/src/mongo/client/sasl_client_authenticate_impl.cpp b/src/mongo/client/sasl_client_authenticate_impl.cpp
index dd779a36884..95be07732d5 100644
--- a/src/mongo/client/sasl_client_authenticate_impl.cpp
+++ b/src/mongo/client/sasl_client_authenticate_impl.cpp
@@ -196,8 +196,16 @@ namespace {
             return ex.toStatus();
         }
 
-        boost::scoped_ptr<SaslClientSession> session(SaslClientSession::create());
-        Status status = configureSession(session.get(), client, targetDatabase, saslParameters);
+        std::string mechanism;
+        Status status = bsonExtractStringField(saslParameters, 
+                                               saslCommandMechanismFieldName,
+                                               &mechanism);
+        if(!status.isOK()) {
+            return status;
+        }
+
+        boost::scoped_ptr<SaslClientSession> session(SaslClientSession::create(mechanism));
+        status = configureSession(session.get(), client, targetDatabase, saslParameters);
        
         if (!status.isOK())
             return status;
diff --git a/src/mongo/client/sasl_client_session.h b/src/mongo/client/sasl_client_session.h
index 8f06bcbe6ab..69f012b6b11 100644
--- a/src/mongo/client/sasl_client_session.h
+++ b/src/mongo/client/sasl_client_session.h
@@ -25,6 +25,8 @@
  *    then also delete it in the license file.
  */
 
+#pragma once
+
 #include <boost/scoped_array.hpp>
 #include <string>
 
@@ -52,7 +54,7 @@ namespace mongo {
     class MONGO_CLIENT_API SaslClientSession {
         MONGO_DISALLOW_COPYING(SaslClientSession);
     public:
-        typedef stdx::function<SaslClientSession* ()> SaslClientSessionFactoryFn;
+        typedef stdx::function<SaslClientSession* (const std::string&)> SaslClientSessionFactoryFn;
         static SaslClientSessionFactoryFn create;
         
         /**