SERVER-47908 Wire speculativeAuthenticate into mongos

(cherry picked from commit 845b52ae1c13f10d79993950888819347fac3aa3)

4 files changed, 128 insertions, 28 deletions

diff --git a/src/mongo/db/repl/SConscript b/src/mongo/db/repl/SConscript
index 558e81835f9..3a47455aedd 100644
--- a/src/mongo/db/repl/SConscript
+++ b/src/mongo/db/repl/SConscript
@@ -1118,9 +1118,8 @@ env.Library(
         'replica_set_messages',
     ],
     LIBDEPS_PRIVATE=[
-        '$BUILD_DIR/mongo/db/auth/authservercommon',
-        '$BUILD_DIR/mongo/db/commands/authentication_commands',
         '$BUILD_DIR/mongo/db/commands/server_status',
+        '$BUILD_DIR/mongo/db/repl/speculative_authenticate',
         '$BUILD_DIR/mongo/db/stats/counters',
         '$BUILD_DIR/mongo/transport/message_compressor',
         'replication_auth',
@@ -1424,3 +1423,15 @@ env.Library(
         'replica_set_messages',
     ],
 )
+
+env.Library(
+    target='speculative_authenticate',
+    source=[
+        'speculative_auth.cpp',
+    ],
+    LIBDEPS_PRIVATE=[
+        '$BUILD_DIR/mongo/base',
+        '$BUILD_DIR/mongo/db/auth/authservercommon',
+        '$BUILD_DIR/mongo/db/commands/authentication_commands',
+    ],
+)
diff --git a/src/mongo/db/repl/replication_info.cpp b/src/mongo/db/repl/replication_info.cpp
index 9d79aed4f42..e105a3469d9 100644
--- a/src/mongo/db/repl/replication_info.cpp
+++ b/src/mongo/db/repl/replication_info.cpp
@@ -36,11 +36,8 @@
 #include "mongo/bson/util/bson_extract.h"
 #include "mongo/client/connpool.h"
 #include "mongo/client/dbclient_connection.h"
-#include "mongo/db/auth/sasl_command_constants.h"
-#include "mongo/db/auth/sasl_commands.h"
 #include "mongo/db/auth/sasl_mechanism_registry.h"
 #include "mongo/db/client.h"
-#include "mongo/db/commands/authentication_commands.h"
 #include "mongo/db/commands/server_status.h"
 #include "mongo/db/db_raii.h"
 #include "mongo/db/dbhelpers.h"
@@ -56,6 +53,7 @@
 #include "mongo/db/repl/replication_auth.h"
 #include "mongo/db/repl/replication_coordinator.h"
 #include "mongo/db/repl/replication_process.h"
+#include "mongo/db/repl/speculative_auth.h"
 #include "mongo/db/repl/storage_interface.h"
 #include "mongo/db/storage/storage_options.h"
 #include "mongo/db/wire_version.h"
@@ -547,29 +545,7 @@ public:
             }
         }
 
-        if (auto sae = cmdObj[auth::kSpeculativeAuthenticate]; !sae.eoo()) {
-            uassert(ErrorCodes::BadValue,
-                    str::stream() << "isMaster." << auth::kSpeculativeAuthenticate
-                                  << " must be an Object",
-                    sae.type() == Object);
-            auto specAuth = sae.Obj();
-
-            uassert(ErrorCodes::BadValue,
-                    str::stream() << "isMaster." << auth::kSpeculativeAuthenticate
-                                  << " must be a non-empty Object",
-                    !specAuth.isEmpty());
-            auto specCmd = specAuth.firstElementFieldNameStringData();
-
-            if (specCmd == saslStartCommandName) {
-                doSpeculativeSaslStart(opCtx, specAuth, &result);
-            } else if (specCmd == auth::kAuthenticateCommand) {
-                doSpeculativeAuthenticate(opCtx, specAuth, &result);
-            } else {
-                uasserted(51769,
-                          str::stream() << "isMaster." << auth::kSpeculativeAuthenticate
-                                        << " unknown command: " << specCmd);
-            }
-        }
+        handleIsMasterSpeculativeAuth(opCtx, cmdObj, &result);
 
         return true;
     }
diff --git a/src/mongo/db/repl/speculative_auth.cpp b/src/mongo/db/repl/speculative_auth.cpp
new file mode 100644
index 00000000000..292df012aa1
--- /dev/null
+++ b/src/mongo/db/repl/speculative_auth.cpp
@@ -0,0 +1,69 @@
+/**
+ *    Copyright (C) 2020-present MongoDB, Inc.
+ *
+ *    This program is free software: you can redistribute it and/or modify
+ *    it under the terms of the Server Side Public License, version 1,
+ *    as published by MongoDB, Inc.
+ *
+ *    This program is distributed in the hope that it will be useful,
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *    Server Side Public License for more details.
+ *
+ *    You should have received a copy of the Server Side Public License
+ *    along with this program. If not, see
+ *    <http://www.mongodb.com/licensing/server-side-public-license>.
+ *
+ *    As a special exception, the copyright holders give permission to link the
+ *    code of portions of this program with the OpenSSL library under certain
+ *    conditions as described in each individual source file and distribute
+ *    linked combinations including the program with the OpenSSL library. You
+ *    must comply with the Server Side Public License in all respects for
+ *    all of the code used other than as permitted herein. If you modify file(s)
+ *    with this exception, you may extend this exception to your version of the
+ *    file(s), but you are not obligated to do so. If you do not wish to do so,
+ *    delete this exception statement from your version. If you delete this
+ *    exception statement from all source files in the program, then also delete
+ *    it in the license file.
+ */
+
+#include "mongo/db/repl/speculative_auth.h"
+
+#include "mongo/client/authenticate.h"
+#include "mongo/db/auth/sasl_command_constants.h"
+#include "mongo/db/auth/sasl_commands.h"
+#include "mongo/db/commands/authentication_commands.h"
+
+namespace mongo {
+
+void handleIsMasterSpeculativeAuth(OperationContext* opCtx,
+                                   BSONObj cmdObj,
+                                   BSONObjBuilder* result) {
+    auto sae = cmdObj[auth::kSpeculativeAuthenticate];
+    if (sae.eoo()) {
+        return;
+    }
+
+    uassert(ErrorCodes::BadValue,
+            str::stream() << "isMaster." << auth::kSpeculativeAuthenticate << " must be an Object",
+            sae.type() == Object);
+    auto specAuth = sae.Obj();
+
+    uassert(ErrorCodes::BadValue,
+            str::stream() << "isMaster." << auth::kSpeculativeAuthenticate
+                          << " must be a non-empty Object",
+            !specAuth.isEmpty());
+    auto specCmd = specAuth.firstElementFieldNameStringData();
+
+    if (specCmd == saslStartCommandName) {
+        doSpeculativeSaslStart(opCtx, specAuth, result);
+    } else if (specCmd == auth::kAuthenticateCommand) {
+        doSpeculativeAuthenticate(opCtx, specAuth, result);
+    } else {
+        uasserted(51769,
+                  str::stream() << "isMaster." << auth::kSpeculativeAuthenticate
+                                << " unknown command: " << specCmd);
+    }
+}
+
+}  // namespace mongo
diff --git a/src/mongo/db/repl/speculative_auth.h b/src/mongo/db/repl/speculative_auth.h
new file mode 100644
index 00000000000..03f071f652e
--- /dev/null
+++ b/src/mongo/db/repl/speculative_auth.h
@@ -0,0 +1,44 @@
+/**
+ *    Copyright (C) 2020-present MongoDB, Inc.
+ *
+ *    This program is free software: you can redistribute it and/or modify
+ *    it under the terms of the Server Side Public License, version 1,
+ *    as published by MongoDB, Inc.
+ *
+ *    This program is distributed in the hope that it will be useful,
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *    Server Side Public License for more details.
+ *
+ *    You should have received a copy of the Server Side Public License
+ *    along with this program. If not, see
+ *    <http://www.mongodb.com/licensing/server-side-public-license>.
+ *
+ *    As a special exception, the copyright holders give permission to link the
+ *    code of portions of this program with the OpenSSL library under certain
+ *    conditions as described in each individual source file and distribute
+ *    linked combinations including the program with the OpenSSL library. You
+ *    must comply with the Server Side Public License in all respects for
+ *    all of the code used other than as permitted herein. If you modify file(s)
+ *    with this exception, you may extend this exception to your version of the
+ *    file(s), but you are not obligated to do so. If you do not wish to do so,
+ *    delete this exception statement from your version. If you delete this
+ *    exception statement from all source files in the program, then also delete
+ *    it in the license file.
+ */
+
+#pragma once
+
+#include "mongo/bson/bsonobj.h"
+#include "mongo/bson/bsonobjbuilder.h"
+#include "mongo/db/operation_context.h"
+
+namespace mongo {
+
+/**
+ * Check an isMaster sent to mongod in ReplSet mode or mongos for "speculativeAuthenticate".
+ * If present, dispatch to saslStart or authenticate commands as appropriate.
+ */
+void handleIsMasterSpeculativeAuth(OperationContext* opCtx, BSONObj cmdObj, BSONObjBuilder* result);
+
+}  // namespace mongo