Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-15684

Make copydb work with SASL (SCRAM)

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 2.7.7
    • Fix Version/s: 2.8.0-rc0
    • Component/s: Security
    • Labels:
      None

      Description

      copydb with sasl begins with an admin command, "copydbsaslstart", followed by a call to "copydb" and a second call to "copydb". All commands are done on the target server's "admin" database.

      CLIENT TO SERVER: {
          copydbsaslstart: 1,
          fromhost: "host",
          fromdb: "db",
          mechanism: "SCRAM-SHA-1",
          payload: BinData
      }

      The payload is the same as for "saslStart" with SCRAM-SHA-1. The server replies:

      SERVER TO CLIENT: { conversationId: 1, done: false, payload: BinData}

      There is no copydbsaslcontinue. Instead, copydb gets alternate parameters:

      CLIENT TO SERVER: {
          copydb: 1,
          fromhost: "host",
          fromdb: "db",
          todb: "db2",
          payload: BinData,
          conversationId: N
      } 

      The payload is the same as for saslContinue with SCRAM-SHA-1. The conversation continues like:

      SERVER TO CLIENT: { conversationId: 1, done: false, payload: BinData, ok: 1.0 }
      CLIENT TO SERVER: { copydb: 1, fromhost: "host", fromdb: "db", todb: "db2", payload: BinData, conversationId: 1 }
      SERVER TO CLIENT: { conversationId: 1, done: true, payload: BinData, ok: 1.0 }

      The database has now been copied.

      The shell helper copyDatabase has a new "mechanism" parameter that can be "MONGODB-CR" or "SCRAM-SHA-1". If no mechanism is provided, the shell helper uses SCRAM-SHA-1 if the target server has maxWireVersion >= 3 and MONGODB-CR otherwise.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: