Permalink
Browse files

only allow internal user with --keyFile option SERVER-3666

  • Loading branch information...
kchodorow committed Aug 23, 2011
1 parent 55087b1 commit bc8b2ef3cc55a18274920ededbba6e18e99626e4
Showing with 7 additions and 0 deletions.
  1. +4 −0 db/cmdline.cpp
  2. +2 −0 db/cmdline.h
  3. +1 −0 db/security_commands.cpp
View
@@ -272,8 +272,12 @@ namespace mongo {
dbexit(EXIT_BADOPTIONS);
}
+ cmdLine.keyFile = true;
noauth = false;
}
+ else {
+ cmdLine.keyFile = false;
+ }
{
View
@@ -100,6 +100,8 @@ namespace mongo {
string socket; // UNIX domain socket directory
+ bool keyFile;
+
static void addGlobalOptions( boost::program_options::options_description& general ,
boost::program_options::options_description& hidden );
View
@@ -139,6 +139,7 @@ namespace mongo {
string pwd;
if (user == internalSecurity.user) {
+ uassert(15889, "key file must be used to log in with internal user", cmdLine.keyFile);
pwd = internalSecurity.pwd;
}
else {

0 comments on commit bc8b2ef

Please sign in to comment.