diff options
Diffstat (limited to 'src/mongo')
-rw-r--r-- | src/mongo/db/auth/user_management_commands_parser.cpp | 9 | ||||
-rw-r--r-- | src/mongo/db/auth/user_management_commands_parser.h | 1 | ||||
-rw-r--r-- | src/mongo/db/commands/user_management_commands.cpp | 47 |
3 files changed, 17 insertions, 40 deletions
diff --git a/src/mongo/db/auth/user_management_commands_parser.cpp b/src/mongo/db/auth/user_management_commands_parser.cpp index 035c39985ec..f8226d4afcf 100644 --- a/src/mongo/db/auth/user_management_commands_parser.cpp +++ b/src/mongo/db/auth/user_management_commands_parser.cpp @@ -216,7 +216,6 @@ namespace auth { validFieldNames.insert("pwd"); validFieldNames.insert("roles"); validFieldNames.insert("writeConcern"); - validFieldNames.insert("mechanism"); Status status = _checkNoExtraFields(cmdObj, cmdName, validFieldNames); if (!status.isOK()) { @@ -239,14 +238,6 @@ namespace auth { parsedArgs->userName = UserName(userName, dbname); - // Parse authMechanism - if (cmdObj.hasField("mechanism")) { - status = bsonExtractStringField(cmdObj, "mechanism", &parsedArgs->mechanism); - if (!status.isOK()) { - return status; - } - } - // Parse password if (cmdObj.hasField("pwd")) { std::string password; diff --git a/src/mongo/db/auth/user_management_commands_parser.h b/src/mongo/db/auth/user_management_commands_parser.h index 606d1667259..ca7133ff0cf 100644 --- a/src/mongo/db/auth/user_management_commands_parser.h +++ b/src/mongo/db/auth/user_management_commands_parser.h @@ -45,7 +45,6 @@ namespace auth { struct CreateOrUpdateUserArgs { UserName userName; - std::string mechanism; bool hasHashedPassword; std::string hashedPassword; bool hasCustomData; diff --git a/src/mongo/db/commands/user_management_commands.cpp b/src/mongo/db/commands/user_management_commands.cpp index 323ecd98527..d4b09c365bc 100644 --- a/src/mongo/db/commands/user_management_commands.cpp +++ b/src/mongo/db/commands/user_management_commands.cpp @@ -421,40 +421,28 @@ namespace mongo { // Must be an external user userObjBuilder.append("credentials", BSON("external" << true)); } - else if (args.mechanism == "SCRAM-SHA-1" || - args.mechanism == "MONGODB-CR" || - args.mechanism == "CRAM-MD5" || - args.mechanism.empty()) { - // At the moment we are ignoring the mechanism parameter and create - // both SCRAM-SHA-1 and MONGODB-CR credentials for all new users. - BSONObjBuilder credentialsBuilder(userObjBuilder.subobjStart("credentials")); + BSONObjBuilder credentialsBuilder(userObjBuilder.subobjStart("credentials")); - AuthorizationManager* authzManager = getGlobalAuthorizationManager(); - int authzVersion; - Status status = authzManager->getAuthorizationVersion(txn, &authzVersion); - if (!status.isOK()) { - return appendCommandStatus(result, status); - } + AuthorizationManager* authzManager = getGlobalAuthorizationManager(); + int authzVersion; + status = authzManager->getAuthorizationVersion(txn, &authzVersion); + if (!status.isOK()) { + return appendCommandStatus(result, status); + } - // Add SCRAM credentials for appropriate authSchemaVersions. - if (authzVersion > AuthorizationManager::schemaVersion26Final) { - BSONObj scramCred = scram::generateCredentials( - args.hashedPassword, - saslGlobalParams.scramIterationCount); - credentialsBuilder.append("SCRAM-SHA-1", scramCred); - } - else { // Otherwise default to MONGODB-CR. - credentialsBuilder.append("MONGODB-CR", args.hashedPassword); - } - credentialsBuilder.done(); + // Add SCRAM credentials for appropriate authSchemaVersions. + if (authzVersion > AuthorizationManager::schemaVersion26Final) { + BSONObj scramCred = scram::generateCredentials( + args.hashedPassword, + saslGlobalParams.scramIterationCount); + credentialsBuilder.append("SCRAM-SHA-1", scramCred); } - else { - return appendCommandStatus( - result, - Status(ErrorCodes::BadValue, - "Unsupported password authentication mechanism " + args.mechanism)); + else { // Otherwise default to MONGODB-CR. + credentialsBuilder.append("MONGODB-CR", args.hashedPassword); } + credentialsBuilder.done(); + if (args.hasCustomData) { userObjBuilder.append("customData", args.customData); } @@ -467,7 +455,6 @@ namespace mongo { return appendCommandStatus(result, status); } - AuthorizationManager* authzManager = getGlobalAuthorizationManager(); AuthzDocumentsUpdateGuard updateGuard(authzManager); if (!updateGuard.tryLock("Create user")) { return appendCommandStatus( |