diff options
author | Amalia Hawkins <amalia.hawkins@10gen.com> | 2015-04-07 14:08:46 -0400 |
---|---|---|
committer | Amalia Hawkins <amalia.hawkins@10gen.com> | 2015-04-29 15:38:49 -0400 |
commit | b90e930b7221d3a1708b249314cc124111110847 (patch) | |
tree | d2b34ed83aeb5fb5d6d82fc95aade6be5181977a /src/mongo/db | |
parent | 762e0cdc48281414c05ee3ef53277bdf138a4334 (diff) | |
download | mongo-b90e930b7221d3a1708b249314cc124111110847.tar.gz |
SERVER-7942 Mongo servers should fail at startup if authorization enabled but no authenticationMechanisms are provided
Diffstat (limited to 'src/mongo/db')
-rw-r--r-- | src/mongo/db/server_options_helpers.cpp | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/src/mongo/db/server_options_helpers.cpp b/src/mongo/db/server_options_helpers.cpp index 0124309fdb3..84e6092813d 100644 --- a/src/mongo/db/server_options_helpers.cpp +++ b/src/mongo/db/server_options_helpers.cpp @@ -479,6 +479,32 @@ namespace { } #endif + bool haveAuthenticationMechanisms = true; + bool hasAuthorizationEnabled = false; + if (params.count("security.authenticationMechanisms") && + params["security.authenticationMechanisms"].as<std::vector<std::string> >().empty()) { + haveAuthenticationMechanisms = false; + } + if (params.count("setParameter")) { + std::map<std::string, std::string> parameters = + params["setParameter"].as<std::map<std::string, std::string> >(); + auto authMechParameter = parameters.find("authenticationMechanisms"); + if (authMechParameter != parameters.end() && authMechParameter->second.empty()) { + haveAuthenticationMechanisms = false; + } + } + if ((params.count("security.authorization") && + params["security.authorization"].as<std::string>() == "enabled") || + params.count("security.clusterAuthMode") || + params.count("security.keyFile") || + params.count("auth")) { + hasAuthorizationEnabled = true; + } + if (hasAuthorizationEnabled && !haveAuthenticationMechanisms) { + return Status(ErrorCodes::BadValue, + "Authorization is enabled but no authentication mechanisms are present."); + } + return Status::OK(); } |