summaryrefslogtreecommitdiff
path: root/src/mongo/db/dbwebserver.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/mongo/db/dbwebserver.cpp')
-rw-r--r--src/mongo/db/dbwebserver.cpp18
1 files changed, 15 insertions, 3 deletions
diff --git a/src/mongo/db/dbwebserver.cpp b/src/mongo/db/dbwebserver.cpp
index 2c6311d463a..d4598fed49e 100644
--- a/src/mongo/db/dbwebserver.cpp
+++ b/src/mongo/db/dbwebserver.cpp
@@ -32,6 +32,7 @@
#include "mongo/db/auth/authorization_session.h"
#include "mongo/db/auth/privilege.h"
#include "mongo/db/auth/user_name.h"
+#include "mongo/db/auth/user.h"
#include "mongo/db/background.h"
#include "mongo/db/cmdline.h"
#include "mongo/db/commands.h"
@@ -109,9 +110,20 @@ namespace mongo {
// Only users in the admin DB are visible by the webserver
UserName userName(parms["username"], "admin");
- BSONObj user = _webUsers->getAdminUser(userName);
- if ( ! user.isEmpty() ) {
- string ha1 = user["pwd"].str();
+ User* user;
+ AuthorizationManager& authzManager =
+ cc().getAuthorizationSession()->getAuthorizationManager();
+ Status status = authzManager.acquireUser(userName, &user);
+ if (!status.isOK()) {
+ if (status.code() != ErrorCodes::UserNotFound) {
+ uasserted(17051, status.reason());
+ }
+ } else {
+ uassert(17090,
+ "External users don't have a password",
+ !user->getCredentials().isExternal);
+ string ha1 = user->getCredentials().password;
+ authzManager.releaseUser(user);
string ha2 = md5simpledigest( (string)"GET" + ":" + parms["uri"] );
stringstream r;
View Lorry Controller Status