Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-15684

Make copydb work with SASL (SCRAM)

    • Type: Icon: Task Task
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.8.0-rc0
    • Affects Version/s: 2.7.7
    • Component/s: Security
    • None

      copydb with sasl begins with an admin command, "copydbsaslstart", followed by a call to "copydb" and a second call to "copydb". All commands are done on the target server's "admin" database.

      CLIENT TO SERVER: {
          copydbsaslstart: 1,
          fromhost: "host",
          fromdb: "db",
          mechanism: "SCRAM-SHA-1",
          payload: BinData
      }
      

      The payload is the same as for "saslStart" with SCRAM-SHA-1. The server replies:

      SERVER TO CLIENT: { conversationId: 1, done: false, payload: BinData}
      

      There is no copydbsaslcontinue. Instead, copydb gets alternate parameters:

      CLIENT TO SERVER: {
          copydb: 1,
          fromhost: "host",
          fromdb: "db",
          todb: "db2",
          payload: BinData,
          conversationId: N
      } 
      

      The payload is the same as for saslContinue with SCRAM-SHA-1. The conversation continues like:

      SERVER TO CLIENT: { conversationId: 1, done: false, payload: BinData, ok: 1.0 }
      CLIENT TO SERVER: { copydb: 1, fromhost: "host", fromdb: "db", todb: "db2", payload: BinData, conversationId: 1 }
      SERVER TO CLIENT: { conversationId: 1, done: true, payload: BinData, ok: 1.0 }
      

      The database has now been copied.

      The shell helper copyDatabase has a new "mechanism" parameter that can be "MONGODB-CR" or "SCRAM-SHA-1". If no mechanism is provided, the shell helper uses SCRAM-SHA-1 if the target server has maxWireVersion >= 3 and MONGODB-CR otherwise.

            Assignee:
            greg.mckeon@mongodb.com Gregory McKeon (Inactive)
            Reporter:
            andreas.nilsson Andreas Nilsson
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: