diff options
| -rw-r--r-- | src/mongo/db/auth/sasl_scram_server_conversation.cpp | 12 | ||||
| -rw-r--r-- | src/mongo/db/auth/user.h | 4 |
2 files changed, 12 insertions, 4 deletions
diff --git a/src/mongo/db/auth/sasl_scram_server_conversation.cpp b/src/mongo/db/auth/sasl_scram_server_conversation.cpp index 897d502533a..13024377310 100644 --- a/src/mongo/db/auth/sasl_scram_server_conversation.cpp +++ b/src/mongo/db/auth/sasl_scram_server_conversation.cpp @@ -53,7 +53,6 @@ namespace mongo { - template <typename Policy> StatusWith<std::tuple<bool, std::string>> SaslSCRAMServerMechanism<Policy>::stepImpl( OperationContext* opCtx, StringData inputData) { @@ -210,10 +209,15 @@ StatusWith<std::tuple<bool, std::string>> SaslSCRAMServerMechanism<Policy>::_fir return Status(ErrorCodes::AuthenticationFailed, "It is not possible to authenticate as the __system user " "on servers started without a --keyFile parameter"); + } else if (scramCredentials.empty()) { + return {ErrorCodes::AuthenticationFailed, + str::stream() << "Unable to use " << Policy::getName() + << " based authentication for user without any " + << Policy::getName() << " credentials registered"}; } else { - return Status(ErrorCodes::AuthenticationFailed, - "Unable to perform SCRAM authentication for a user with missing " - "or invalid SCRAM credentials"); + return {ErrorCodes::AuthenticationFailed, + str::stream() << "Unable to validate " << Policy::getName() + << " authentication due to corrupted stored credentials"}; } } diff --git a/src/mongo/db/auth/user.h b/src/mongo/db/auth/user.h index 9ed29c72409..f38f90bd084 100644 --- a/src/mongo/db/auth/user.h +++ b/src/mongo/db/auth/user.h @@ -82,6 +82,10 @@ public: base64::validate(serverKey) && (storedKey.size() == kEncodedHashLength) && base64::validate(storedKey); } + + bool empty() const { + return !iterationCount && salt.empty() && serverKey.empty() && storedKey.empty(); + } }; struct CredentialData { CredentialData() : scram_sha1(), scram_sha256(), isExternal(false) {} |