diff options
author | Andy Schwerin <schwerin@10gen.com> | 2013-07-08 19:19:05 -0400 |
---|---|---|
committer | Andy Schwerin <schwerin@10gen.com> | 2013-07-26 11:40:31 -0400 |
commit | 78b54e5608d1a49da4228ee2b45489a9d0cc9182 (patch) | |
tree | 76bd554674161762b05e1bef322fbfbe67e2fae9 /src/mongo/db/commands/authentication_commands.cpp | |
parent | 01b4f0ad09c244fd7f83bb045ff844416aa8ca96 (diff) | |
download | mongo-78b54e5608d1a49da4228ee2b45489a9d0cc9182.tar.gz |
SERVER-1891 Add hooks to audit authentications using MONGODB-CR and MONGODB-X509.
Diffstat (limited to 'src/mongo/db/commands/authentication_commands.cpp')
-rw-r--r-- | src/mongo/db/commands/authentication_commands.cpp | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/src/mongo/db/commands/authentication_commands.cpp b/src/mongo/db/commands/authentication_commands.cpp index 6098707e824..85cd9197a28 100644 --- a/src/mongo/db/commands/authentication_commands.cpp +++ b/src/mongo/db/commands/authentication_commands.cpp @@ -22,6 +22,7 @@ #include "mongo/base/status.h" #include "mongo/client/sasl_client_authenticate.h" +#include "mongo/db/audit.h" #include "mongo/db/auth/action_set.h" #include "mongo/db/auth/action_type.h" #include "mongo/db/auth/authorization_manager.h" @@ -104,7 +105,15 @@ namespace mongo { log() << " authenticate db: " << dbname << " " << cmdObj << endl; UserName user(cmdObj.getStringField("user"), dbname); - Status status = _authenticate(user, cmdObj); + std::string mechanism = cmdObj.getStringField("mechanism"); + if (mechanism.empty()) { + mechanism = "MONGODB-CR"; + } + Status status = _authenticate(mechanism, user, cmdObj); + audit::logAuthentication(ClientBasic::getCurrent(), + mechanism, + user, + status.code()); if (!status.isOK()) { if (status.code() == ErrorCodes::AuthenticationFailed) { // Statuses with code AuthenticationFailed may contain messages we do not wish to @@ -122,9 +131,11 @@ namespace mongo { return true; } - Status CmdAuthenticate::_authenticate(const UserName& user, const BSONObj& cmdObj) { - std::string mechanism = cmdObj.getStringField("mechanism"); - if (mechanism.empty() || mechanism == "MONGODB-CR") { + Status CmdAuthenticate::_authenticate(const std::string& mechanism, + const UserName& user, + const BSONObj& cmdObj) { + + if (mechanism == "MONGODB-CR") { return _authenticateCR(user, cmdObj); } #ifdef MONGO_SSL |