SERVER-33019 Update User object and DocumentParser to handle SCRAM-SHA-256

author: Sara Golemon <sara.golemon@mongodb.com> 2018-01-28 17:28:22 -0500
committer: Sara Golemon <sara.golemon@mongodb.com> 2018-02-01 19:06:12 -0500
commit: 48152225232972473a420ac86100b0d870a5b875 (patch)
tree: 8a1b96f6ef3ff4b03a62cc0683b86f3e8450bb75 /src/mongo/db/auth/sasl_scram_server_conversation.cpp
parent: 8bd1b06964b7721d194bdf63b8b1c402feb99388 (diff)
download: mongo-48152225232972473a420ac86100b0d870a5b875.tar.gz
1 files changed, 14 insertions, 14 deletions
diff --git a/src/mongo/db/auth/sasl_scram_server_conversation.cpp b/src/mongo/db/auth/sasl_scram_server_conversation.cpp
index f332d7e200d..2ac64aedb34 100644
--- a/src/mongo/db/auth/sasl_scram_server_conversation.cpp
+++ b/src/mongo/db/auth/sasl_scram_server_conversation.cpp
@@ -173,18 +173,18 @@ StatusWith<bool> SaslSCRAMServerConversation::_firstStep(std::vector<string>& in
 
     _saslAuthSession->getAuthorizationSession()->getAuthorizationManager().releaseUser(userObj);
 
-    // Check for authentication attempts of the __system user on
-    // systems started without a keyfile.
-    if (userName == internalSecurity.user->getName() && _creds.scram.salt.empty()) {
-        return StatusWith<bool>(ErrorCodes::AuthenticationFailed,
-                                "It is not possible to authenticate as the __system user "
-                                "on servers started without a --keyFile parameter");
-    }
-
-    if (!_creds.scram.isValid()) {
-        return Status(ErrorCodes::AuthenticationFailed,
-                      "Unable to perform SCRAM authentication for a user with missing "
-                      "or invalid SCRAM credentials");
+    if (!initAndValidateCredentials()) {
+        // Check for authentication attempts of the __system user on
+        // systems started without a keyfile.
+        if (userName == internalSecurity.user->getName()) {
+            return Status(ErrorCodes::AuthenticationFailed,
+                          "It is not possible to authenticate as the __system user "
+                          "on servers started without a --keyFile parameter");
+        } else {
+            return Status(ErrorCodes::AuthenticationFailed,
+                          "Unable to perform SCRAM authentication for a user with missing "
+                          "or invalid SCRAM credentials");
+        }
     }
 
     // Generate server-first-message
@@ -201,7 +201,7 @@ StatusWith<bool> SaslSCRAMServerConversation::_firstStep(std::vector<string>& in
     _nonce =
         clientNonce + base64::encode(reinterpret_cast<char*>(binaryNonce), sizeof(binaryNonce));
     StringBuilder sb;
-    sb << "r=" << _nonce << ",s=" << _creds.scram.salt << ",i=" << _creds.scram.iterationCount;
+    sb << "r=" << _nonce << ",s=" << getSalt() << ",i=" << getIterationCount();
     *outputData = sb.str();
 
     // add server-first-message to authMessage
@@ -269,7 +269,7 @@ StatusWith<bool> SaslSCRAMServerConversation::_secondStep(const std::vector<stri
     // ClientSignature := HMAC(StoredKey, AuthMessage)
     // ClientKey := ClientSignature XOR ClientProof
     // ServerSignature := HMAC(ServerKey, AuthMessage)
-    invariant(_creds.scram.isValid());
+    invariant(initAndValidateCredentials());
 
     if (!verifyClientProof(base64::decode(clientProof))) {
         return StatusWith<bool>(ErrorCodes::AuthenticationFailed,
author	Sara Golemon <sara.golemon@mongodb.com>	2018-01-28 17:28:22 -0500
committer	Sara Golemon <sara.golemon@mongodb.com>	2018-02-01 19:06:12 -0500
commit	48152225232972473a420ac86100b0d870a5b875 (patch)
tree	8a1b96f6ef3ff4b03a62cc0683b86f3e8450bb75 /src/mongo/db/auth/sasl_scram_server_conversation.cpp
parent	8bd1b06964b7721d194bdf63b8b1c402feb99388 (diff)
download	mongo-48152225232972473a420ac86100b0d870a5b875.tar.gz