diff options
| author | Andy Schwerin <schwerin@10gen.com> | 2013-11-13 18:46:59 -0500 |
|---|---|---|
| committer | Andy Schwerin <schwerin@10gen.com> | 2013-11-13 19:04:42 -0500 |
| commit | f85ceb17b37210eef71e8113162c41368bfd5c12 (patch) | |
| tree | e261df01d221aece17d127383c9ba9753df56db3 /src/mongo/db | |
| parent | 4d5ba6b01fa2d38640ba5bc8bf5c99f305e619bf (diff) | |
| download | mongo-f85ceb17b37210eef71e8113162c41368bfd5c12.tar.gz | |
SERVER-9476 Redact some potentially sensitive information when logging authentications.
Diffstat (limited to 'src/mongo/db')
| -rw-r--r-- | src/mongo/db/commands/authentication_commands.cpp | 15 | ||||
| -rw-r--r-- | src/mongo/db/commands/authentication_commands.h | 2 |
2 files changed, 17 insertions, 0 deletions
diff --git a/src/mongo/db/commands/authentication_commands.cpp b/src/mongo/db/commands/authentication_commands.cpp index d8857a1845a..faa9b9a511f 100644 --- a/src/mongo/db/commands/authentication_commands.cpp +++ b/src/mongo/db/commands/authentication_commands.cpp @@ -33,6 +33,7 @@ #include <vector> #include "mongo/base/status.h" +#include "mongo/bson/mutable/algorithm.h" #include "mongo/bson/mutable/document.h" #include "mongo/client/sasl_client_authenticate.h" #include "mongo/db/audit.h" @@ -119,6 +120,20 @@ namespace mongo { boost::scoped_ptr<SecureRandom> _random; } cmdGetNonce; + void CmdAuthenticate::redactForLogging(mutablebson::Document* cmdObj) { + namespace mmb = mutablebson; + static const int numRedactedFields = 2; + static const char* redactedFields[numRedactedFields] = { "key", "nonce" }; + for (int i = 0; i < numRedactedFields; ++i) { + for (mmb::Element element = mmb::findFirstChildNamed(cmdObj->root(), redactedFields[i]); + element.ok(); + element = mmb::findElementNamed(element.rightSibling(), redactedFields[i])) { + + element.setValueString("xxx"); + } + } + } + bool CmdAuthenticate::run(const string& dbname, BSONObj& cmdObj, int, diff --git a/src/mongo/db/commands/authentication_commands.h b/src/mongo/db/commands/authentication_commands.h index ec8807e4579..44db5b1b910 100644 --- a/src/mongo/db/commands/authentication_commands.h +++ b/src/mongo/db/commands/authentication_commands.h @@ -51,6 +51,8 @@ namespace mongo { virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, std::vector<Privilege>* out) {} // No auth required + virtual void redactForLogging(mutablebson::Document* cmdObj); + CmdAuthenticate() : Command("authenticate") {} bool run(const string& dbname, BSONObj& cmdObj, |