Make copydb work with SASL (SCRAM)

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Done
    • Priority: Major - P3
    • 2.8.0-rc0
    • Affects Version/s: 2.7.7
    • Component/s: Security
    • None
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      copydb with sasl begins with an admin command, "copydbsaslstart", followed by a call to "copydb" and a second call to "copydb". All commands are done on the target server's "admin" database.

      CLIENT TO SERVER: {
    copydbsaslstart: 1,
    fromhost: "host",
    fromdb: "db",
    mechanism: "SCRAM-SHA-1",
    payload: BinData
}

      The payload is the same as for "saslStart" with SCRAM-SHA-1. The server replies:

      SERVER TO CLIENT: { conversationId: 1, done: false, payload: BinData}

      There is no copydbsaslcontinue. Instead, copydb gets alternate parameters:

      CLIENT TO SERVER: {
    copydb: 1,
    fromhost: "host",
    fromdb: "db",
    todb: "db2",
    payload: BinData,
    conversationId: N
}

      The payload is the same as for saslContinue with SCRAM-SHA-1. The conversation continues like:

      SERVER TO CLIENT: { conversationId: 1, done: false, payload: BinData, ok: 1.0 }
CLIENT TO SERVER: { copydb: 1, fromhost: "host", fromdb: "db", todb: "db2", payload: BinData, conversationId: 1 }
SERVER TO CLIENT: { conversationId: 1, done: true, payload: BinData, ok: 1.0 }

      The database has now been copied.

      The shell helper copyDatabase has a new "mechanism" parameter that can be "MONGODB-CR" or "SCRAM-SHA-1". If no mechanism is provided, the shell helper uses SCRAM-SHA-1 if the target server has maxWireVersion >= 3 and MONGODB-CR otherwise.

            Assignee:
            Gregory McKeon (Inactive)
            Reporter:
            Andreas Nilsson (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: