From d3cce3d10551a072e19adbf40673d78bcd87088d Mon Sep 17 00:00:00 2001
From: Merry Mou <merry.mou@mongodb.com>
Date: Wed, 19 Aug 2015 17:43:06 -0400
Subject: [PATCH] SECURITY-330 redact password from CmdSaslStart

---
 src/mongo/db/auth/sasl_commands.cpp | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/mongo/db/auth/sasl_commands.cpp b/src/mongo/db/auth/sasl_commands.cpp
index c05eec78539..02b971b3d74 100644
--- a/src/mongo/db/auth/sasl_commands.cpp
+++ b/src/mongo/db/auth/sasl_commands.cpp
@@ -34,6 +34,8 @@
 #include "mongo/base/init.h"
 #include "mongo/base/status.h"
 #include "mongo/base/string_data.h"
+#include "mongo/bson/mutable/algorithm.h"
+#include "mongo/bson/mutable/document.h"
 #include "mongo/bson/util/bson_extract.h"
 #include "mongo/client/sasl_client_authenticate.h"
 #include "mongo/db/audit.h"
@@ -69,6 +71,8 @@ public:
                                        const BSONObj&,
                                        std::vector<Privilege>*) {}
 
+    void redactForLogging(mutablebson::Document* cmdObj) override;
+
     virtual bool run(OperationContext* txn,
                      const std::string& db,
                      BSONObj& cmdObj,
@@ -266,6 +270,13 @@ void CmdSaslStart::help(std::stringstream& os) const {
     os << "First step in a SASL authentication conversation.";
 }
 
+void CmdSaslStart::redactForLogging(mutablebson::Document* cmdObj) {
+    mutablebson::Element element = mutablebson::findFirstChildNamed(cmdObj->root(), "payload");
+    if (element.ok()) {
+        element.setValueString("xxx");
+    }
+}
+
 bool CmdSaslStart::run(OperationContext* txn,
                        const std::string& db,
                        BSONObj& cmdObj,