diff options
author | Adam Rayner <adam.rayner@gmail.com> | 2021-11-29 17:52:30 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-12-31 17:24:38 +0000 |
commit | 9ec1e6e58e94d52d2f6a9bc167ff939118aa5134 (patch) | |
tree | b297e008a674be9cc7674b5bfe369271ee2647a5 /src/mongo/client | |
parent | dded0c98d11736c9afa7271b9021d19ed17f3118 (diff) | |
download | mongo-9ec1e6e58e94d52d2f6a9bc167ff939118aa5134.tar.gz |
SERVER-46399 remove SCRAM-SHA-1 as a default internal auth mech
Diffstat (limited to 'src/mongo/client')
-rw-r--r-- | src/mongo/client/authenticate.cpp | 13 | ||||
-rw-r--r-- | src/mongo/client/authenticate.h | 6 | ||||
-rw-r--r-- | src/mongo/client/dbclient_base.cpp | 6 | ||||
-rw-r--r-- | src/mongo/client/dbclient_base.h | 8 |
4 files changed, 9 insertions, 24 deletions
diff --git a/src/mongo/client/authenticate.cpp b/src/mongo/client/authenticate.cpp index a1b3fd5a649..2c26e03953e 100644 --- a/src/mongo/client/authenticate.cpp +++ b/src/mongo/client/authenticate.cpp @@ -277,14 +277,11 @@ Future<void> authenticateInternalClient( }); } -BSONObj buildAuthParams(StringData dbname, - StringData username, - StringData passwordText, - bool digestPassword) { - return BSON(saslCommandMechanismFieldName - << "SCRAM-SHA-1" << saslCommandUserDBFieldName << dbname << saslCommandUserFieldName - << username << saslCommandPasswordFieldName << passwordText - << saslCommandDigestPasswordFieldName << digestPassword); +BSONObj buildAuthParams(StringData dbname, StringData username, StringData passwordText) { + + return BSON(saslCommandMechanismFieldName << "SCRAM-SHA-256" << saslCommandUserDBFieldName + << dbname << saslCommandUserFieldName << username + << saslCommandPasswordFieldName << passwordText); } StringData getSaslCommandUserDBFieldName() { diff --git a/src/mongo/client/authenticate.h b/src/mongo/client/authenticate.h index b5b4876c573..613fcef768e 100644 --- a/src/mongo/client/authenticate.h +++ b/src/mongo/client/authenticate.h @@ -160,12 +160,8 @@ Future<void> authenticateInternalClient( * @dbname: The database target of the auth command. * @username: The std::string name of the user to authenticate. * @passwordText: The std::string representing the user's password. - * @digestPassword: Set to true if the password is undigested. */ -BSONObj buildAuthParams(StringData dbname, - StringData username, - StringData passwordText, - bool digestPassword); +BSONObj buildAuthParams(StringData dbname, StringData username, StringData passwordText); /** * Run an isMaster exchange to negotiate a SASL mechanism for authentication. diff --git a/src/mongo/client/dbclient_base.cpp b/src/mongo/client/dbclient_base.cpp index 69bb443908b..c4b38ddb3e3 100644 --- a/src/mongo/client/dbclient_base.cpp +++ b/src/mongo/client/dbclient_base.cpp @@ -416,11 +416,9 @@ void DBClientBase::auth(const BSONObj& params) { bool DBClientBase::auth(const string& dbname, const string& username, const string& password_text, - string& errmsg, - bool digestPassword) { + string& errmsg) { try { - const auto authParams = - auth::buildAuthParams(dbname, username, password_text, digestPassword); + const auto authParams = auth::buildAuthParams(dbname, username, password_text); auth(authParams); return true; } catch (const AssertionException& ex) { diff --git a/src/mongo/client/dbclient_base.h b/src/mongo/client/dbclient_base.h index d34bffd34ed..28dda9ada30 100644 --- a/src/mongo/client/dbclient_base.h +++ b/src/mongo/client/dbclient_base.h @@ -277,12 +277,10 @@ public: * of the credential information for the user. May be "$external" if * credential information is stored outside of the mongo cluster. Mandatory. * 'pwd': The password data. - * 'digestPassword': Boolean, set to true if the "pwd" is undigested (default). * 'serviceName': The GSSAPI service name to use. Defaults to "mongodb". * 'serviceHostname': The GSSAPI hostname to use. Defaults to the name of the remote host. * * Other fields in 'params' are silently ignored. - * * Returns normally on success, and throws on error. Throws a DBException with getCode() == * ErrorCodes::AuthenticationFailed if authentication is rejected. All other exceptions are * tantamount to authentication failure, but may also indicate more serious problems. @@ -296,16 +294,12 @@ public: * number of databases on a single connection. The "admin" database is special and once * authenticated provides access to all databases on the server. * - * 'digestPassword': If password is plain text, set this to true. otherwise assumed to be - * pre-digested. - * * Returns true if successful. */ bool auth(const std::string& dbname, const std::string& username, const std::string& pwd, - std::string& errmsg, - bool digestPassword = true); + std::string& errmsg); /** * Logs out the connection for the given database. |