diff options
Diffstat (limited to 'src/mongo/db/auth/sasl_plain_server_conversation.cpp')
-rw-r--r-- | src/mongo/db/auth/sasl_plain_server_conversation.cpp | 113 |
1 files changed, 55 insertions, 58 deletions
diff --git a/src/mongo/db/auth/sasl_plain_server_conversation.cpp b/src/mongo/db/auth/sasl_plain_server_conversation.cpp index ef38762e3a5..b5f0b9e3c8f 100644 --- a/src/mongo/db/auth/sasl_plain_server_conversation.cpp +++ b/src/mongo/db/auth/sasl_plain_server_conversation.cpp @@ -36,73 +36,70 @@ namespace mongo { - SaslPLAINServerConversation::SaslPLAINServerConversation( - SaslAuthenticationSession* saslAuthSession) : - SaslServerConversation(saslAuthSession) { +SaslPLAINServerConversation::SaslPLAINServerConversation(SaslAuthenticationSession* saslAuthSession) + : SaslServerConversation(saslAuthSession) {} + +SaslPLAINServerConversation::~SaslPLAINServerConversation(){}; + +StatusWith<bool> SaslPLAINServerConversation::step(StringData inputData, std::string* outputData) { + // Expecting user input on the form: user\0user\0pwd + std::string input = inputData.toString(); + std::string pwd = ""; + + try { + _user = input.substr(0, inputData.find('\0')); + pwd = input.substr(inputData.find('\0', _user.size() + 1) + 1); + } catch (std::out_of_range& exception) { + return StatusWith<bool>(ErrorCodes::AuthenticationFailed, + mongoutils::str::stream() + << "Incorrectly formatted PLAIN client message"); } - SaslPLAINServerConversation::~SaslPLAINServerConversation() {}; + User* userObj; + // The authentication database is also the source database for the user. + Status status = + _saslAuthSession->getAuthorizationSession()->getAuthorizationManager().acquireUser( + _saslAuthSession->getOpCtxt(), + UserName(_user, _saslAuthSession->getAuthenticationDatabase()), + &userObj); - StatusWith<bool> SaslPLAINServerConversation::step(StringData inputData, - std::string* outputData) { - // Expecting user input on the form: user\0user\0pwd - std::string input = inputData.toString(); - std::string pwd = ""; - - try { - _user = input.substr(0, inputData.find('\0')); - pwd = input.substr(inputData.find('\0', _user.size()+1)+1); - } - catch (std::out_of_range& exception) { - return StatusWith<bool>(ErrorCodes::AuthenticationFailed, - mongoutils::str::stream() << "Incorrectly formatted PLAIN client message"); - } - - User* userObj; - // The authentication database is also the source database for the user. - Status status = _saslAuthSession->getAuthorizationSession()->getAuthorizationManager(). - acquireUser(_saslAuthSession->getOpCtxt(), - UserName(_user, _saslAuthSession->getAuthenticationDatabase()), - &userObj); - - if (!status.isOK()) { - return StatusWith<bool>(status); - } + if (!status.isOK()) { + return StatusWith<bool>(status); + } - const User::CredentialData creds = userObj->getCredentials(); - _saslAuthSession->getAuthorizationSession()->getAuthorizationManager(). - releaseUser(userObj); + const User::CredentialData creds = userObj->getCredentials(); + _saslAuthSession->getAuthorizationSession()->getAuthorizationManager().releaseUser(userObj); - std::string authDigest = createPasswordDigest(_user, pwd); + std::string authDigest = createPasswordDigest(_user, pwd); - if (!creds.password.empty()) { - // Handle schemaVersion26Final (MONGODB-CR/SCRAM mixed mode) - if (authDigest != creds.password) { - return StatusWith<bool>(ErrorCodes::AuthenticationFailed, - mongoutils::str::stream() << "Incorrect user name or password"); - } + if (!creds.password.empty()) { + // Handle schemaVersion26Final (MONGODB-CR/SCRAM mixed mode) + if (authDigest != creds.password) { + return StatusWith<bool>(ErrorCodes::AuthenticationFailed, + mongoutils::str::stream() << "Incorrect user name or password"); } - else { - // Handle schemaVersion28SCRAM (SCRAM only mode) - unsigned char storedKey[scram::hashSize]; - unsigned char serverKey[scram::hashSize]; - - scram::generateSecrets(authDigest, - reinterpret_cast<const unsigned char*>(base64::decode(creds.scram.salt).c_str()), - 16, - creds.scram.iterationCount, - storedKey, - serverKey); - if (creds.scram.storedKey != base64::encode(reinterpret_cast<const char*>(storedKey), - scram::hashSize)){ - return StatusWith<bool>(ErrorCodes::AuthenticationFailed, - mongoutils::str::stream() << "Incorrect user name or password"); - } + } else { + // Handle schemaVersion28SCRAM (SCRAM only mode) + unsigned char storedKey[scram::hashSize]; + unsigned char serverKey[scram::hashSize]; + + scram::generateSecrets( + authDigest, + reinterpret_cast<const unsigned char*>(base64::decode(creds.scram.salt).c_str()), + 16, + creds.scram.iterationCount, + storedKey, + serverKey); + if (creds.scram.storedKey != + base64::encode(reinterpret_cast<const char*>(storedKey), scram::hashSize)) { + return StatusWith<bool>(ErrorCodes::AuthenticationFailed, + mongoutils::str::stream() << "Incorrect user name or password"); } + } - *outputData = ""; + *outputData = ""; - return StatusWith<bool>(true); - } + return StatusWith<bool>(true); +} } // namespace mongo |