diff options
| author | Gregory Wlodarek <gregory.wlodarek@mongodb.com> | 2020-08-16 21:10:33 -0400 |
|---|---|---|
| committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2020-08-17 01:48:12 +0000 |
| commit | 3cc779415f2777223b5549d3dfd1b85eef01842b (patch) | |
| tree | e165efebd7b0d7d83c68f0de5d88d46b3ac2285e /src/mongo/db/auth | |
| parent | ecd1e0b022a68110ada6517f84ffd91ea8a91bca (diff) | |
| download | mongo-3cc779415f2777223b5549d3dfd1b85eef01842b.tar.gz | |
Revert "SERVER-48693 Add network counter for cluster authentication"
This reverts commit 24dd72daae9e4cf59ad51910058bc111f20edbff.
Diffstat (limited to 'src/mongo/db/auth')
| -rw-r--r-- | src/mongo/db/auth/sasl_commands.cpp | 32 | ||||
| -rw-r--r-- | src/mongo/db/auth/sasl_mechanism_registry.h | 9 |
2 files changed, 10 insertions, 31 deletions
diff --git a/src/mongo/db/auth/sasl_commands.cpp b/src/mongo/db/auth/sasl_commands.cpp index 81d784e64a3..7f4b1010462 100644 --- a/src/mongo/db/auth/sasl_commands.cpp +++ b/src/mongo/db/auth/sasl_commands.cpp @@ -335,26 +335,18 @@ bool runSaslStart(OperationContext* opCtx, } std::string principalName; - try { - auto session = - uassertStatusOK(doSaslStart(opCtx, db, cmdObj, &result, &principalName, speculative)); - const bool isClusterMember = session->getMechanism().isClusterMember(); - if (isClusterMember) { - uassertStatusOK(authCounter.incClusterAuthenticateReceived(mechanismName)); - } - if (session->getMechanism().isSuccess()) { + auto swSession = doSaslStart(opCtx, db, cmdObj, &result, &principalName, speculative); + + if (!swSession.isOK() || swSession.getValue()->getMechanism().isSuccess()) { + audit::logAuthentication( + client, mechanismName, UserName(principalName, db), swSession.getStatus().code()); + uassertStatusOK(swSession.getStatus()); + if (swSession.getValue()->getMechanism().isSuccess()) { uassertStatusOK(authCounter.incAuthenticateSuccessful(mechanismName)); - if (isClusterMember) { - uassertStatusOK(authCounter.incClusterAuthenticateSuccessful(mechanismName)); - } - audit::logAuthentication( - client, mechanismName, UserName(principalName, db), Status::OK().code()); - } else { - AuthenticationSession::swap(client, session); } - } catch (const AssertionException& ex) { - audit::logAuthentication(client, mechanismName, UserName(principalName, db), ex.code()); - throw; + } else { + auto session = std::move(swSession.getValue()); + AuthenticationSession::swap(client, session); } return true; @@ -416,10 +408,6 @@ bool CmdSaslContinue::run(OperationContext* opCtx, if (mechanism.isSuccess()) { uassertStatusOK( authCounter.incAuthenticateSuccessful(mechanism.mechanismName().toString())); - if (mechanism.isClusterMember()) { - uassertStatusOK(authCounter.incClusterAuthenticateSuccessful( - mechanism.mechanismName().toString())); - } } } else { AuthenticationSession::swap(client, sessionGuard); diff --git a/src/mongo/db/auth/sasl_mechanism_registry.h b/src/mongo/db/auth/sasl_mechanism_registry.h index 0215328d9cb..98f2d8ddae9 100644 --- a/src/mongo/db/auth/sasl_mechanism_registry.h +++ b/src/mongo/db/auth/sasl_mechanism_registry.h @@ -155,15 +155,6 @@ public: } /** - * Provides logic for determining if a user is a cluster member or an actual client for SASL - * authentication mechanisms - */ - bool isClusterMember() const { - return _principalName == internalSecurity.user->getName().getUser().toString() && - getAuthenticationDatabase() == internalSecurity.user->getName().getDB(); - }; - - /** * Performs a single step of a SASL exchange. Takes an input provided by a client, * and either returns an error, or a response to be sent back. */ |