SERVER-7942 Mongo servers should fail at startup if authorization enabled but no authenticationMechanisms are provided

1 files changed, 26 insertions, 0 deletions

diff --git a/src/mongo/db/server_options_helpers.cpp b/src/mongo/db/server_options_helpers.cpp
index 0124309fdb3..84e6092813d 100644
--- a/src/mongo/db/server_options_helpers.cpp
+++ b/src/mongo/db/server_options_helpers.cpp
@@ -479,6 +479,32 @@ namespace {
         }
 #endif
 
+        bool haveAuthenticationMechanisms = true;
+        bool hasAuthorizationEnabled = false;
+        if (params.count("security.authenticationMechanisms") &&
+            params["security.authenticationMechanisms"].as<std::vector<std::string> >().empty()) {
+            haveAuthenticationMechanisms = false;
+        }
+        if (params.count("setParameter")) {
+            std::map<std::string, std::string> parameters =
+                params["setParameter"].as<std::map<std::string, std::string> >();
+            auto authMechParameter = parameters.find("authenticationMechanisms");
+            if (authMechParameter != parameters.end() && authMechParameter->second.empty()) {
+                haveAuthenticationMechanisms = false;
+            }
+        }
+        if ((params.count("security.authorization") &&
+            params["security.authorization"].as<std::string>() == "enabled") ||
+            params.count("security.clusterAuthMode") ||
+            params.count("security.keyFile") ||
+            params.count("auth")) {
+            hasAuthorizationEnabled = true;
+        }
+        if (hasAuthorizationEnabled && !haveAuthenticationMechanisms) {
+            return Status(ErrorCodes::BadValue,
+                          "Authorization is enabled but no authentication mechanisms are present.");
+        }
+
         return Status::OK();
     }