SERVER-1891 Add hooks to audit authentications using MONGODB-CR and MONGODB-X509.

author: Andy Schwerin <schwerin@10gen.com> 2013-07-08 19:19:05 -0400
committer: Andy Schwerin <schwerin@10gen.com> 2013-07-26 11:40:31 -0400
commit: 78b54e5608d1a49da4228ee2b45489a9d0cc9182 (patch)
tree: 76bd554674161762b05e1bef322fbfbe67e2fae9 /src/mongo/db/commands/authentication_commands.cpp
parent: 01b4f0ad09c244fd7f83bb045ff844416aa8ca96 (diff)
download: mongo-78b54e5608d1a49da4228ee2b45489a9d0cc9182.tar.gz
1 files changed, 15 insertions, 4 deletions
diff --git a/src/mongo/db/commands/authentication_commands.cpp b/src/mongo/db/commands/authentication_commands.cpp
index 6098707e824..85cd9197a28 100644
--- a/src/mongo/db/commands/authentication_commands.cpp
+++ b/src/mongo/db/commands/authentication_commands.cpp
@@ -22,6 +22,7 @@
 
 #include "mongo/base/status.h"
 #include "mongo/client/sasl_client_authenticate.h"
+#include "mongo/db/audit.h"
 #include "mongo/db/auth/action_set.h"
 #include "mongo/db/auth/action_type.h"
 #include "mongo/db/auth/authorization_manager.h"
@@ -104,7 +105,15 @@ namespace mongo {
 
         log() << " authenticate db: " << dbname << " " << cmdObj << endl;
         UserName user(cmdObj.getStringField("user"), dbname);
-        Status status = _authenticate(user, cmdObj);
+        std::string mechanism = cmdObj.getStringField("mechanism");
+        if (mechanism.empty()) {
+            mechanism = "MONGODB-CR";
+        }
+        Status status = _authenticate(mechanism, user, cmdObj);
+        audit::logAuthentication(ClientBasic::getCurrent(),
+                                 mechanism,
+                                 user,
+                                 status.code());
         if (!status.isOK()) {
             if (status.code() == ErrorCodes::AuthenticationFailed) {
                 // Statuses with code AuthenticationFailed may contain messages we do not wish to
@@ -122,9 +131,11 @@ namespace mongo {
         return true;
     }
 
-    Status CmdAuthenticate::_authenticate(const UserName& user, const BSONObj& cmdObj) {
-        std::string mechanism = cmdObj.getStringField("mechanism");
-        if (mechanism.empty() || mechanism == "MONGODB-CR") {
+    Status CmdAuthenticate::_authenticate(const std::string& mechanism,
+                                          const UserName& user,
+                                          const BSONObj& cmdObj) {
+
+        if (mechanism == "MONGODB-CR") {
             return _authenticateCR(user, cmdObj);
         }
 #ifdef MONGO_SSL
author	Andy Schwerin <schwerin@10gen.com>	2013-07-08 19:19:05 -0400
committer	Andy Schwerin <schwerin@10gen.com>	2013-07-26 11:40:31 -0400
commit	78b54e5608d1a49da4228ee2b45489a9d0cc9182 (patch)
tree	76bd554674161762b05e1bef322fbfbe67e2fae9 /src/mongo/db/commands/authentication_commands.cpp
parent	01b4f0ad09c244fd7f83bb045ff844416aa8ca96 (diff)
download	mongo-78b54e5608d1a49da4228ee2b45489a9d0cc9182.tar.gz