diff options
author | Shreyas Kalyan <shreyas.kalyan@10gen.com> | 2019-02-21 09:31:17 -0500 |
---|---|---|
committer | Shreyas Kalyan <shreyas.kalyan@10gen.com> | 2019-03-11 15:56:34 -0400 |
commit | 6f083bd87264e9d9c3d637fae62103c36a65316a (patch) | |
tree | e101b10b09905a1403c3da84ae03d19b4b8f1222 /src/mongo/client/mongo_uri_connect.cpp | |
parent | ef5c6c6f837cc317bd048db29948ca387517ef25 (diff) | |
download | mongo-6f083bd87264e9d9c3d637fae62103c36a65316a.tar.gz |
SERVER-39178 Negotiate SCRAM mechanism in MongoURI::connect()
Diffstat (limited to 'src/mongo/client/mongo_uri_connect.cpp')
-rw-r--r-- | src/mongo/client/mongo_uri_connect.cpp | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/src/mongo/client/mongo_uri_connect.cpp b/src/mongo/client/mongo_uri_connect.cpp index c2aaafb766e..9b09f066a16 100644 --- a/src/mongo/client/mongo_uri_connect.cpp +++ b/src/mongo/client/mongo_uri_connect.cpp @@ -55,8 +55,6 @@ const char kAuthMechanismPropertiesKey[] = "mechanism_properties"; const char kAuthServiceName[] = "SERVICE_NAME"; const char kAuthServiceRealm[] = "SERVICE_REALM"; -const char kAuthMechMongoCR[] = "MONGODB-CR"; -const char kAuthMechScramSha1[] = "SCRAM-SHA-1"; const char kAuthMechDefault[] = "DEFAULT"; const char* const kSupportedAuthMechanismProperties[] = {kAuthServiceName, kAuthServiceRealm}; @@ -83,7 +81,8 @@ BSONObj parseAuthMechanismProperties(const std::string& propStr) { } // namespace -boost::optional<BSONObj> MongoURI::_makeAuthObjFromOptions(int maxWireVersion) const { +boost::optional<BSONObj> MongoURI::_makeAuthObjFromOptions( + int maxWireVersion, const std::vector<std::string>& saslMechsForAuth) const { // Usually, a username is required to authenticate. // However X509 based authentication may, and typically does, // omit the username, inferring it from the client certificate instead. @@ -109,10 +108,18 @@ boost::optional<BSONObj> MongoURI::_makeAuthObjFromOptions(int maxWireVersion) c if (it->second == auth::kMechanismMongoX509) { usernameRequired = false; } + } else if (!saslMechsForAuth.empty()) { + if (std::find(saslMechsForAuth.begin(), + saslMechsForAuth.end(), + auth::kMechanismScramSha256) != saslMechsForAuth.end()) { + bob.append(saslCommandMechanismFieldName, auth::kMechanismScramSha256); + } else { + bob.append(saslCommandMechanismFieldName, auth::kMechanismScramSha1); + } } else if (maxWireVersion >= 3) { - bob.append(saslCommandMechanismFieldName, kAuthMechScramSha1); + bob.append(saslCommandMechanismFieldName, auth::kMechanismScramSha1); } else { - bob.append(saslCommandMechanismFieldName, kAuthMechMongoCR); + bob.append(saslCommandMechanismFieldName, auth::kMechanismMongoCR); } if (usernameRequired && _user.empty()) { @@ -181,7 +188,8 @@ DBClientBase* MongoURI::connect(StringData applicationName, return nullptr; } - auto optAuthObj = _makeAuthObjFromOptions(ret->getMaxWireVersion()); + auto optAuthObj = + _makeAuthObjFromOptions(ret->getMaxWireVersion(), ret->getIsMasterSaslMechanisms()); if (optAuthObj) { ret->auth(optAuthObj.get()); } |