summaryrefslogtreecommitdiff
path: root/src/mongo/db/auth/security_key.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/mongo/db/auth/security_key.cpp')
-rw-r--r--src/mongo/db/auth/security_key.cpp156
1 files changed, 78 insertions, 78 deletions
diff --git a/src/mongo/db/auth/security_key.cpp b/src/mongo/db/auth/security_key.cpp
index 8edbc6ef140..d7d7c96410e 100644
--- a/src/mongo/db/auth/security_key.cpp
+++ b/src/mongo/db/auth/security_key.cpp
@@ -51,97 +51,97 @@
namespace mongo {
- using std::endl;
- using std::string;
+using std::endl;
+using std::string;
- bool setUpSecurityKey(const string& filename) {
- struct stat stats;
+bool setUpSecurityKey(const string& filename) {
+ struct stat stats;
- // check obvious file errors
- if (stat(filename.c_str(), &stats) == -1) {
- log() << "error getting file " << filename << ": " << strerror(errno) << endl;
- return false;
- }
+ // check obvious file errors
+ if (stat(filename.c_str(), &stats) == -1) {
+ log() << "error getting file " << filename << ": " << strerror(errno) << endl;
+ return false;
+ }
#if !defined(_WIN32)
- // check permissions: must be X00, where X is >= 4
- if ((stats.st_mode & (S_IRWXG|S_IRWXO)) != 0) {
- log() << "permissions on " << filename << " are too open" << endl;
- return false;
- }
+ // check permissions: must be X00, where X is >= 4
+ if ((stats.st_mode & (S_IRWXG | S_IRWXO)) != 0) {
+ log() << "permissions on " << filename << " are too open" << endl;
+ return false;
+ }
#endif
- FILE* file = fopen( filename.c_str(), "rb" );
- if (!file) {
- log() << "error opening file: " << filename << ": " << strerror(errno) << endl;
+ FILE* file = fopen(filename.c_str(), "rb");
+ if (!file) {
+ log() << "error opening file: " << filename << ": " << strerror(errno) << endl;
+ return false;
+ }
+
+ string str = "";
+
+ // strip key file
+ const unsigned long long fileLength = stats.st_size;
+ unsigned long long read = 0;
+ while (read < fileLength) {
+ char buf;
+ int readLength = fread(&buf, 1, 1, file);
+ if (readLength < 1) {
+ log() << "error reading file " << filename << endl;
+ fclose(file);
return false;
}
+ read++;
- string str = "";
-
- // strip key file
- const unsigned long long fileLength = stats.st_size;
- unsigned long long read = 0;
- while (read < fileLength) {
- char buf;
- int readLength = fread(&buf, 1, 1, file);
- if (readLength < 1) {
- log() << "error reading file " << filename << endl;
- fclose( file );
- return false;
- }
- read++;
-
- // check for whitespace
- if ((buf >= '\x09' && buf <= '\x0D') || buf == ' ') {
- continue;
- }
-
- // check valid base64
- if ((buf < 'A' || buf > 'Z') && (buf < 'a' || buf > 'z') && (buf < '0' || buf > '9') && buf != '+' && buf != '/') {
- log() << "invalid char in key file " << filename << ": " << buf << endl;
- fclose( file );
- return false;
- }
-
- str += buf;
+ // check for whitespace
+ if ((buf >= '\x09' && buf <= '\x0D') || buf == ' ') {
+ continue;
}
- fclose( file );
-
- const unsigned long long keyLength = str.size();
- if (keyLength < 6 || keyLength > 1024) {
- log() << " security key in " << filename << " has length " << keyLength
- << ", must be between 6 and 1024 chars" << endl;
+ // check valid base64
+ if ((buf < 'A' || buf > 'Z') && (buf < 'a' || buf > 'z') && (buf < '0' || buf > '9') &&
+ buf != '+' && buf != '/') {
+ log() << "invalid char in key file " << filename << ": " << buf << endl;
+ fclose(file);
return false;
}
- // Generate MONGODB-CR and SCRAM credentials for the internal user based on the keyfile.
- User::CredentialData credentials;
- credentials.password = mongo::createPasswordDigest(
- internalSecurity.user->getName().getUser().toString(), str);
-
- BSONObj creds = scram::generateCredentials(credentials.password,
- saslGlobalParams.scramIterationCount);
- credentials.scram.iterationCount = creds[scram::iterationCountFieldName].Int();
- credentials.scram.salt = creds[scram::saltFieldName].String();
- credentials.scram.storedKey = creds[scram::storedKeyFieldName].String();
- credentials.scram.serverKey = creds[scram::serverKeyFieldName].String();
-
- internalSecurity.user->setCredentials(credentials);
-
- int clusterAuthMode = serverGlobalParams.clusterAuthMode.load();
- if (clusterAuthMode == ServerGlobalParams::ClusterAuthMode_keyFile ||
- clusterAuthMode == ServerGlobalParams::ClusterAuthMode_sendKeyFile) {
- setInternalUserAuthParams(
- BSON(saslCommandMechanismFieldName << "SCRAM-SHA-1" <<
- saslCommandUserDBFieldName <<
- internalSecurity.user->getName().getDB() <<
- saslCommandUserFieldName << internalSecurity.user->getName().getUser() <<
- saslCommandPasswordFieldName << credentials.password <<
- saslCommandDigestPasswordFieldName << false));
- }
- return true;
+ str += buf;
+ }
+
+ fclose(file);
+
+ const unsigned long long keyLength = str.size();
+ if (keyLength < 6 || keyLength > 1024) {
+ log() << " security key in " << filename << " has length " << keyLength
+ << ", must be between 6 and 1024 chars" << endl;
+ return false;
+ }
+
+ // Generate MONGODB-CR and SCRAM credentials for the internal user based on the keyfile.
+ User::CredentialData credentials;
+ credentials.password =
+ mongo::createPasswordDigest(internalSecurity.user->getName().getUser().toString(), str);
+
+ BSONObj creds =
+ scram::generateCredentials(credentials.password, saslGlobalParams.scramIterationCount);
+ credentials.scram.iterationCount = creds[scram::iterationCountFieldName].Int();
+ credentials.scram.salt = creds[scram::saltFieldName].String();
+ credentials.scram.storedKey = creds[scram::storedKeyFieldName].String();
+ credentials.scram.serverKey = creds[scram::serverKeyFieldName].String();
+
+ internalSecurity.user->setCredentials(credentials);
+
+ int clusterAuthMode = serverGlobalParams.clusterAuthMode.load();
+ if (clusterAuthMode == ServerGlobalParams::ClusterAuthMode_keyFile ||
+ clusterAuthMode == ServerGlobalParams::ClusterAuthMode_sendKeyFile) {
+ setInternalUserAuthParams(
+ BSON(saslCommandMechanismFieldName
+ << "SCRAM-SHA-1" << saslCommandUserDBFieldName
+ << internalSecurity.user->getName().getDB() << saslCommandUserFieldName
+ << internalSecurity.user->getName().getUser() << saslCommandPasswordFieldName
+ << credentials.password << saslCommandDigestPasswordFieldName << false));
}
+ return true;
+}
-} // namespace mongo
+} // namespace mongo
View Lorry Controller Status