diff options
author | Ben Caimano <ben.caimano@10gen.com> | 2021-02-22 19:16:33 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-02-25 22:04:40 +0000 |
commit | 583a1ee38db44d359df465f387b9371f9ad1001b (patch) | |
tree | 17c53ba8eb9b10bf04cd8118bc663e75fa223520 /src | |
parent | d916ceb3159020b988037e13e363effb3fdf20e4 (diff) | |
download | mongo-583a1ee38db44d359df465f387b9371f9ad1001b.tar.gz |
SERVER-54508 Speculative saslStart discards "options" subelement
Diffstat (limited to 'src')
-rw-r--r-- | src/mongo/db/auth/authentication_session.cpp | 3 | ||||
-rw-r--r-- | src/mongo/db/auth/sasl_commands.cpp | 16 | ||||
-rw-r--r-- | src/mongo/db/auth/sasl_commands.h | 4 | ||||
-rw-r--r-- | src/mongo/db/auth/sasl_commands.idl | 2 | ||||
-rw-r--r-- | src/mongo/db/repl/hello_auth.cpp | 2 |
5 files changed, 17 insertions, 10 deletions
diff --git a/src/mongo/db/auth/authentication_session.cpp b/src/mongo/db/auth/authentication_session.cpp index 54e7e6efe36..45b70cacd68 100644 --- a/src/mongo/db/auth/authentication_session.cpp +++ b/src/mongo/db/auth/authentication_session.cpp @@ -224,7 +224,8 @@ void AuthenticationSession::setMechanism(std::unique_ptr<ServerMechanismBase> me _mech = std::move(mech); if (options) { - uassertStatusOK(_mech->setOptions(options->getOwned())); + invariant(options->isOwned()); + uassertStatusOK(_mech->setOptions(*options)); } LOGV2_DEBUG(5286304, kDiagnosticLogLevel, "Determined mechanism for authentication"); diff --git a/src/mongo/db/auth/sasl_commands.cpp b/src/mongo/db/auth/sasl_commands.cpp index 2e4281a7b21..2c997e12c85 100644 --- a/src/mongo/db/auth/sasl_commands.cpp +++ b/src/mongo/db/auth/sasl_commands.cpp @@ -261,28 +261,32 @@ constexpr auto kDBFieldName = "db"_sd; } // namespace } // namespace auth -void doSpeculativeSaslStart(OperationContext* opCtx, BSONObj cmdObj, BSONObjBuilder* result) try { +void doSpeculativeSaslStart(OperationContext* opCtx, + const BSONObj& sourceObj, + BSONObjBuilder* result) try { // TypedCommands expect DB overrides in the "$db" field, // but saslStart coming from the Hello command has it in the "db" field. // Rewrite it for handling here. - BSONObjBuilder cmd; + BSONObjBuilder bob; bool hasDBField = false; - for (const auto& elem : cmdObj) { + for (const auto& elem : sourceObj) { if (elem.fieldName() == auth::kDBFieldName) { - cmd.appendAs(elem, auth::SaslStartCommand::kDbNameFieldName); + bob.appendAs(elem, auth::SaslStartCommand::kDbNameFieldName); hasDBField = true; } else { - cmd.append(elem); + bob.append(elem); } } if (!hasDBField) { return; } + const auto cmdObj = bob.obj(); + AuthenticationSession::doStep( opCtx, AuthenticationSession::StepType::kSpeculativeSaslStart, [&](auto session) { auto request = auth::SaslStartCommand::parse( - IDLParserErrorContext("speculative saslStart"), cmd.obj()); + IDLParserErrorContext("speculative saslStart"), cmdObj); auto reply = auth::runSaslStart(opCtx, session, request); result->append(auth::kSpeculativeAuthenticate, reply.toBSON()); }); diff --git a/src/mongo/db/auth/sasl_commands.h b/src/mongo/db/auth/sasl_commands.h index 394e6034b0c..054756745e6 100644 --- a/src/mongo/db/auth/sasl_commands.h +++ b/src/mongo/db/auth/sasl_commands.h @@ -38,5 +38,7 @@ class OperationContext; /** * Handle isMaster: { speculativeAuthenticate: {...} } */ -void doSpeculativeSaslStart(OperationContext* opCtx, BSONObj cmdObj, BSONObjBuilder* result); +void doSpeculativeSaslStart(OperationContext* opCtx, + const BSONObj& sourceObj, + BSONObjBuilder* result); } // namespace mongo diff --git a/src/mongo/db/auth/sasl_commands.idl b/src/mongo/db/auth/sasl_commands.idl index c6ef7cad125..638696c38a4 100644 --- a/src/mongo/db/auth/sasl_commands.idl +++ b/src/mongo/db/auth/sasl_commands.idl @@ -77,7 +77,7 @@ commands: default: true options: description: "SASL mechanism specific options" - type: object + type: object_owned optional: true payload: description: "Initial client message for SASL exchange" diff --git a/src/mongo/db/repl/hello_auth.cpp b/src/mongo/db/repl/hello_auth.cpp index 85e31a617a0..007070aab66 100644 --- a/src/mongo/db/repl/hello_auth.cpp +++ b/src/mongo/db/repl/hello_auth.cpp @@ -53,7 +53,7 @@ void handleHelloAuth(OperationContext* opCtx, const HelloCommand& cmd, BSONObjBu } // speculativeAuthenticate: SaslStart -> SaslReply or Authenticate -> AuthenticateReply - auto specAuth = cmd.getSpeculativeAuthenticate(); + auto& specAuth = cmd.getSpeculativeAuthenticate(); if (!specAuth) { return; } |