diff options
author | Andreas <agralius@gmail.com> | 2014-08-13 12:10:38 -0400 |
---|---|---|
committer | Andreas <agralius@gmail.com> | 2014-08-28 13:20:25 -0400 |
commit | e6a8e256ca73e7596d9f8b7b3a3b00d8c08f6554 (patch) | |
tree | cc5ca0887015b6c8d09bdc932756faaac8df3c24 /src/mongo/db/auth/sasl_plain_server_conversation.cpp | |
parent | ca6a26760c2150736562f49201fcb7b4de5e53f1 (diff) | |
download | mongo-e6a8e256ca73e7596d9f8b7b3a3b00d8c08f6554.tar.gz |
SERVER-7596 Native SCRAM-SHA-1 server side support
Diffstat (limited to 'src/mongo/db/auth/sasl_plain_server_conversation.cpp')
-rw-r--r-- | src/mongo/db/auth/sasl_plain_server_conversation.cpp | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/src/mongo/db/auth/sasl_plain_server_conversation.cpp b/src/mongo/db/auth/sasl_plain_server_conversation.cpp new file mode 100644 index 00000000000..6bf06682851 --- /dev/null +++ b/src/mongo/db/auth/sasl_plain_server_conversation.cpp @@ -0,0 +1,86 @@ +/* + * Copyright (C) 2014 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects for + * all of the code used other than as permitted herein. If you modify file(s) + * with this exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do so, + * delete this exception statement from your version. If you delete this + * exception statement from all source files in the program, then also delete + * it in the license file. + */ + +#include "mongo/db/auth/sasl_plain_server_conversation.h" + +#include "mongo/db/auth/sasl_authentication_session.h" +#include "mongo/util/password_digest.h" +#include "mongo/util/text.h" + +namespace mongo { + + SaslPLAINServerConversation::SaslPLAINServerConversation( + SaslAuthenticationSession* saslAuthSession) : + SaslConversation(saslAuthSession) { + } + + SaslPLAINServerConversation::~SaslPLAINServerConversation() {}; + + StatusWith<bool> SaslPLAINServerConversation::step(const StringData& inputData, + std::string* outputData) { + // Expecting user input on the form: user\0user\0pwd + std::string input = inputData.toString(); + std::string pwd = ""; + + try { + _user = input.substr(0, inputData.find('\0')); + pwd = input.substr(inputData.find('\0', _user.size()+1)+1); + } + catch (std::out_of_range& exception) { + return StatusWith<bool>(ErrorCodes::AuthenticationFailed, + mongoutils::str::stream() << "Incorrectly formatted PLAIN client message"); + } + + User* userObj; + // The authentication database is also the source database for the user. + Status status = _saslAuthSession->getAuthorizationSession()->getAuthorizationManager(). + acquireUser(_saslAuthSession->getOpCtxt(), + UserName(_user, _saslAuthSession->getAuthenticationDatabase()), + &userObj); + + if (!status.isOK()) { + return StatusWith<bool>(status); + } + + const User::CredentialData creds = userObj->getCredentials(); + _saslAuthSession->getAuthorizationSession()->getAuthorizationManager(). + releaseUser(userObj); + + std::string authDigest = createPasswordDigest(_user, pwd); + + if (authDigest != creds.password) { + return StatusWith<bool>(ErrorCodes::AuthenticationFailed, + mongoutils::str::stream() << "Incorrect user name or password"); + } + + *outputData = ""; + + return StatusWith<bool>(true); + } + +} // namespace mongo |