diff options
author | Gabriel Marks <gabriel.marks@mongodb.com> | 2020-06-26 15:42:20 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2020-07-08 23:23:41 +0000 |
commit | b0b09d66b99d80a0a65c4bc552b6e9f443aadb3b (patch) | |
tree | dca13f3eab48c9edb4f276ba89f5c8efd4338b5f /src/mongo/db/commands/authentication_commands.cpp | |
parent | 8895e4ca0321aa121cd0558a8622286bdf1f41b2 (diff) | |
download | mongo-b0b09d66b99d80a0a65c4bc552b6e9f443aadb3b.tar.gz |
SERVER-49112 Add Session::getSSLConfiguration
Diffstat (limited to 'src/mongo/db/commands/authentication_commands.cpp')
-rw-r--r-- | src/mongo/db/commands/authentication_commands.cpp | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/mongo/db/commands/authentication_commands.cpp b/src/mongo/db/commands/authentication_commands.cpp index 1030b67f336..166bbd3ebe9 100644 --- a/src/mongo/db/commands/authentication_commands.cpp +++ b/src/mongo/db/commands/authentication_commands.cpp @@ -61,6 +61,7 @@ #include "mongo/transport/session.h" #include "mongo/util/concurrency/mutex.h" #include "mongo/util/net/ssl_manager.h" +#include "mongo/util/net/ssl_peer_info.h" #include "mongo/util/net/ssl_types.h" #include "mongo/util/text.h" @@ -88,7 +89,9 @@ Status _authenticateX509(OperationContext* opCtx, const UserName& user, const BS "No verified subject name available from client", !clientName.empty()); - if (!getSSLManager()->getSSLConfiguration().hasCA) { + auto sslConfiguration = opCtx->getClient()->session()->getSSLConfiguration(); + + if (!sslConfiguration->hasCA) { return Status(ErrorCodes::AuthenticationFailed, "Unable to verify x.509 certificate, as no CA has been provided."); } else if (user.getUser() != clientName.toString()) { @@ -96,7 +99,7 @@ Status _authenticateX509(OperationContext* opCtx, const UserName& user, const BS "There is no x.509 client certificate matching the user."); } else { // Handle internal cluster member auth, only applies to server-server connections - if (getSSLManager()->getSSLConfiguration().isClusterMember(clientName)) { + if (sslConfiguration->isClusterMember(clientName)) { int clusterAuthMode = serverGlobalParams.clusterAuthMode.load(); if (clusterAuthMode == ServerGlobalParams::ClusterAuthMode_undefined || clusterAuthMode == ServerGlobalParams::ClusterAuthMode_keyFile) { |