diff options
| -rw-r--r-- | src/mongo/db/auth/authorization_manager.h | 1 | ||||
| -rw-r--r-- | src/mongo/db/auth/security_key.cpp | 26 | ||||
| -rw-r--r-- | src/mongo/db/auth/security_key.h | 6 |
3 files changed, 24 insertions, 9 deletions
diff --git a/src/mongo/db/auth/authorization_manager.h b/src/mongo/db/auth/authorization_manager.h index 2dd04e2d1df..6170bea849e 100644 --- a/src/mongo/db/auth/authorization_manager.h +++ b/src/mongo/db/auth/authorization_manager.h @@ -40,6 +40,7 @@ namespace mongo { AuthInfo(); std::string user; std::string pwd; + BSONObj authParams; }; extern AuthInfo internalSecurity; // set at startup and not changed after initialization. diff --git a/src/mongo/db/auth/security_key.cpp b/src/mongo/db/auth/security_key.cpp index 82b82cd6c47..d12efa2617c 100644 --- a/src/mongo/db/auth/security_key.cpp +++ b/src/mongo/db/auth/security_key.cpp @@ -24,21 +24,23 @@ #include "mongo/db/auth/action_type.h" #include "mongo/db/auth/authorization_manager.h" #include "mongo/db/auth/privilege.h" - +#include "mongo/client/sasl_client_authenticate.h" namespace mongo { + bool setInternalUserAuthParams(BSONObj authParams) { + internalSecurity.authParams = authParams.copy(); + return true; + } + bool authenticateInternalUser(DBClientWithCommands* conn){ - string err; - if( !conn->auth("local", - internalSecurity.user, - internalSecurity.pwd, - err, - false) ) { - log() << "can't authenticate as internal user, error: " << err << endl; + try { + conn->auth(internalSecurity.authParams); + return true; + } catch(const UserException& ex) { + log() << "can't authenticate as internal user, error: " << ex.what() << endl; return false; } - return true; } bool setUpSecurityKey(const string& filename) { @@ -113,6 +115,12 @@ namespace mongo { DBClientConnection conn; internalSecurity.pwd = conn.createPasswordDigest(internalSecurity.user, str); + setInternalUserAuthParams(BSON(saslCommandMechanismFieldName << "MONGODB-CR" << + saslCommandUserSourceFieldName << "local" << + saslCommandUserFieldName << internalSecurity.user << + saslCommandPasswordFieldName << internalSecurity.pwd << + saslCommandDigestPasswordFieldName << false)); + return true; } diff --git a/src/mongo/db/auth/security_key.h b/src/mongo/db/auth/security_key.h index f5c44c17911..df1740c6888 100644 --- a/src/mongo/db/auth/security_key.h +++ b/src/mongo/db/auth/security_key.h @@ -21,6 +21,12 @@ #include "mongo/client/dbclientinterface.h" namespace mongo { + /** + * This method initializes the internalSecurity object with authentication + * credentials to be used by authenticateInternalUser + * + */ + extern bool setInternalUserAuthParams(BSONObj authParams); /** * This method authenticates to another cluster member using appropriate |