only allow internal user with --keyFile option SERVER-3666

kchodorow · kchodorow · commit bc8b2ef3cc55 · 2011-08-23T15:46:28.000-04:00
diff --git a/db/cmdline.cpp b/db/cmdline.cpp
@@ -272,8 +272,12 @@ namespace mongo {
                 dbexit(EXIT_BADOPTIONS);
             }
 
+            cmdLine.keyFile = true;
             noauth = false;
         }
+        else {
+            cmdLine.keyFile = false;
+        }
 
 
         {
diff --git a/db/cmdline.h b/db/cmdline.h
@@ -100,6 +100,8 @@ namespace mongo {
 
         string socket;         // UNIX domain socket directory
 
+        bool keyFile;
+
         static void addGlobalOptions( boost::program_options::options_description& general ,
                                       boost::program_options::options_description& hidden );
 
diff --git a/db/security_commands.cpp b/db/security_commands.cpp
@@ -139,6 +139,7 @@ namespace mongo {
             string pwd;
 
             if (user == internalSecurity.user) {
+                uassert(15889, "key file must be used to log in with internal user", cmdLine.keyFile);
                 pwd = internalSecurity.pwd;
             }
             else {

Original file line number	Diff line number	Diff line change
`@@ -139,6 +139,7 @@ namespace mongo {`
`139`	`139`	`string pwd;`
`140`	`140`
`141`	`141`	`if (user == internalSecurity.user) {`
	`142`	`+ uassert(15889, "key file must be used to log in with internal user", cmdLine.keyFile);`
`142`	`143`	`pwd = internalSecurity.pwd;`
`143`	`144`	`}`
`144`	`145`	`else {`