summaryrefslogtreecommitdiff
path: root/db/security_commands.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'db/security_commands.cpp')
-rw-r--r--db/security_commands.cpp58
1 files changed, 30 insertions, 28 deletions
diff --git a/db/security_commands.cpp b/db/security_commands.cpp
index 19ebc55b93f..67605aab77d 100644
--- a/db/security_commands.cpp
+++ b/db/security_commands.cpp
@@ -22,7 +22,7 @@
#include "pch.h"
#include "security.h"
#include "../util/md5.hpp"
-#include "json.h"
+#include "json.h"
#include "pdfile.h"
#include "db.h"
#include "dbhelpers.h"
@@ -32,17 +32,17 @@
namespace mongo {
-/* authentication
+ /* authentication
- system.users contains
- { user : <username>, pwd : <pwd_digest>, ... }
+ system.users contains
+ { user : <username>, pwd : <pwd_digest>, ... }
- getnonce sends nonce to client
+ getnonce sends nonce to client
- client then sends { authenticate:1, nonce:<nonce_str>, user:<username>, key:<key> }
+ client then sends { authenticate:1, nonce:<nonce_str>, user:<username>, key:<key> }
- where <key> is md5(<nonce_str><username><pwd_digest_str>) as a string
-*/
+ where <key> is md5(<nonce_str><username><pwd_digest_str>) as a string
+ */
boost::thread_specific_ptr<nonce> lastNonce;
@@ -83,7 +83,7 @@ namespace mongo {
return true;
}
} cmdLogout;
-
+
class CmdAuthenticate : public Command {
public:
virtual bool requiresAuth() { return false; }
@@ -102,16 +102,16 @@ namespace mongo {
string user = cmdObj.getStringField("user");
string key = cmdObj.getStringField("key");
string received_nonce = cmdObj.getStringField("nonce");
-
- if( user.empty() || key.empty() || received_nonce.empty() ) {
- log() << "field missing/wrong type in received authenticate command "
- << dbname
- << endl;
+
+ if( user.empty() || key.empty() || received_nonce.empty() ) {
+ log() << "field missing/wrong type in received authenticate command "
+ << dbname
+ << endl;
errmsg = "auth fails";
sleepmillis(10);
return false;
}
-
+
stringstream digestBuilder;
{
@@ -120,12 +120,13 @@ namespace mongo {
if ( ln == 0 ) {
reject = true;
log(1) << "auth: no lastNonce" << endl;
- } else {
+ }
+ else {
digestBuilder << hex << *ln;
reject = digestBuilder.str() != received_nonce;
if ( reject ) log(1) << "auth: different lastNonce" << endl;
}
-
+
if ( reject ) {
log() << "auth: bad nonce received or getnonce not called. could be a driver bug or a security attack. db:" << cc().database()->name << endl;
errmsg = "auth fails";
@@ -133,7 +134,7 @@ namespace mongo {
return false;
}
}
-
+
BSONObj userObj;
string pwd;
@@ -143,12 +144,12 @@ namespace mongo {
else {
static BSONObj userPattern = fromjson("{\"user\":1}");
string systemUsers = dbname + ".system.users";
- OCCASIONALLY Helpers::ensureIndex(systemUsers.c_str(), userPattern, false, "user_1");
+ OCCASIONALLY Helpers::ensureIndex(systemUsers.c_str(), userPattern, false, "user_1");
{
BSONObjBuilder b;
b << "user" << user;
BSONObj query = b.done();
- if( !Helpers::findOne(systemUsers.c_str(), query, userObj) ) {
+ if( !Helpers::findOne(systemUsers.c_str(), query, userObj) ) {
log() << "auth: couldn't find user " << user << ", " << systemUsers << endl;
errmsg = "auth fails";
return false;
@@ -158,35 +159,36 @@ namespace mongo {
pwd = userObj.getStringField("pwd");
}
-
+
md5digest d;
{
digestBuilder << user << pwd;
string done = digestBuilder.str();
-
+
md5_state_t st;
md5_init(&st);
md5_append(&st, (const md5_byte_t *) done.c_str(), done.size());
md5_finish(&st, d);
}
-
+
string computed = digestToString( d );
-
- if ( key != computed ){
+
+ if ( key != computed ) {
log() << "auth: key mismatch " << user << ", ns:" << dbname << endl;
errmsg = "auth fails";
return false;
}
AuthenticationInfo *ai = cc().getAuthenticationInfo();
-
+
if ( userObj[ "readOnly" ].isBoolean() && userObj[ "readOnly" ].boolean() ) {
ai->authorizeReadOnly( cc().database()->name.c_str() );
- } else {
+ }
+ else {
ai->authorize( cc().database()->name.c_str() );
}
return true;
}
} cmdAuthenticate;
-
+
} // namespace mongo
View Lorry Controller Status