diff options
| author | Spencer Jackson <spencer.jackson@mongodb.com> | 2020-08-11 16:45:06 +0000 |
|---|---|---|
| committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2020-09-02 00:20:03 +0000 |
| commit | 2973992735143c9f6b6ff2a8bc15e5adf19d9ac6 (patch) | |
| tree | 898de0308d139b2c65bd82b45a1cf4581ab282f9 /src/mongo/db/commands/user_management_commands.cpp | |
| parent | 8cdfbc1bed025b640b98196cc1e2d2494b9dde27 (diff) | |
| download | mongo-2973992735143c9f6b6ff2a8bc15e5adf19d9ac6.tar.gz | |
SERVER-45938 Create override for createUser to allow possible cluster members
Diffstat (limited to 'src/mongo/db/commands/user_management_commands.cpp')
| -rw-r--r-- | src/mongo/db/commands/user_management_commands.cpp | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/src/mongo/db/commands/user_management_commands.cpp b/src/mongo/db/commands/user_management_commands.cpp index 5694a2368cb..33c64a07122 100644 --- a/src/mongo/db/commands/user_management_commands.cpp +++ b/src/mongo/db/commands/user_management_commands.cpp @@ -812,11 +812,20 @@ void CmdUMCTyped<CreateUserCommand, void>::Invocation::typedRun(OperationContext #ifdef MONGO_CONFIG_SSL auto configuration = opCtx->getClient()->session()->getSSLConfiguration(); - uassert(ErrorCodes::BadValue, - "Cannot create an x.509 user with a subjectname that would be " - "recognized as an internal cluster member", - (dbname != "$external") || !configuration || - !configuration->isClusterMember(userName.getUser())); + + if ((dbname == "$external") && configuration && + configuration->isClusterMember(userName.getUser())) { + if (gEnforceUserClusterSeparation) { + uasserted(ErrorCodes::BadValue, + "Cannot create an x.509 user with a subjectname that would be " + "recognized as an internal cluster member"); + } else { + LOGV2(4593800, + "Creating user which would be considered a cluster member if clusterAuthMode " + "enabled X509 authentication", + "user"_attr = userName); + } + } #endif // Synthesize a user document |