summaryrefslogtreecommitdiff
path: root/src/mongo/db/commands/authentication_commands.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/mongo/db/commands/authentication_commands.cpp')
-rw-r--r--src/mongo/db/commands/authentication_commands.cpp21
1 files changed, 12 insertions, 9 deletions
diff --git a/src/mongo/db/commands/authentication_commands.cpp b/src/mongo/db/commands/authentication_commands.cpp
index 651ecb6cca9..144ea90b01b 100644
--- a/src/mongo/db/commands/authentication_commands.cpp
+++ b/src/mongo/db/commands/authentication_commands.cpp
@@ -160,7 +160,7 @@ namespace mongo {
if (mechanism.empty()) {
mechanism = "MONGODB-CR";
}
- Status status = _authenticate(mechanism, user, cmdObj);
+ Status status = _authenticate(txn, mechanism, user, cmdObj);
audit::logAuthentication(ClientBasic::getCurrent(),
mechanism,
user,
@@ -184,22 +184,24 @@ namespace mongo {
return true;
}
- Status CmdAuthenticate::_authenticate(const std::string& mechanism,
+ Status CmdAuthenticate::_authenticate(OperationContext* txn,
+ const std::string& mechanism,
const UserName& user,
const BSONObj& cmdObj) {
if (mechanism == "MONGODB-CR") {
- return _authenticateCR(user, cmdObj);
+ return _authenticateCR(txn, user, cmdObj);
}
#ifdef MONGO_SSL
if (mechanism == "MONGODB-X509") {
- return _authenticateX509(user, cmdObj);
+ return _authenticateX509(txn, user, cmdObj);
}
#endif
return Status(ErrorCodes::BadValue, "Unsupported mechanism: " + mechanism);
}
- Status CmdAuthenticate::_authenticateCR(const UserName& user, const BSONObj& cmdObj) {
+ Status CmdAuthenticate::_authenticateCR(
+ OperationContext* txn, const UserName& user, const BSONObj& cmdObj) {
if (user == internalSecurity.user->getName() &&
serverGlobalParams.clusterAuthMode.load() ==
@@ -246,7 +248,7 @@ namespace mongo {
}
User* userObj;
- Status status = getGlobalAuthorizationManager()->acquireUser(user, &userObj);
+ Status status = getGlobalAuthorizationManager()->acquireUser(txn, user, &userObj);
if (!status.isOK()) {
// Failure to find the privilege document indicates no-such-user, a fact that we do not
// wish to reveal to the client. So, we return AuthenticationFailed rather than passing
@@ -275,7 +277,7 @@ namespace mongo {
AuthorizationSession* authorizationSession =
ClientBasic::getCurrent()->getAuthorizationSession();
- status = authorizationSession->addAndAuthorizeUser(user);
+ status = authorizationSession->addAndAuthorizeUser(txn, user);
if (!status.isOK()) {
return status;
}
@@ -317,7 +319,8 @@ namespace mongo {
return true;
}
- Status CmdAuthenticate::_authenticateX509(const UserName& user, const BSONObj& cmdObj) {
+ Status CmdAuthenticate::_authenticateX509(
+ OperationContext* txn, const UserName& user, const BSONObj& cmdObj) {
if (!getSSLManager()) {
return Status(ErrorCodes::ProtocolError,
"SSL support is required for the MONGODB-X509 mechanism.");
@@ -356,7 +359,7 @@ namespace mongo {
return Status(ErrorCodes::BadValue,
_x509AuthenticationDisabledMessage);
}
- Status status = authorizationSession->addAndAuthorizeUser(user);
+ Status status = authorizationSession->addAndAuthorizeUser(txn, user);
if (!status.isOK()) {
return status;
}
View Lorry Controller Status