SERVER-17496 Move sharding-specific auth code out of client

author: Kaloian Manassiev <kaloian.manassiev@mongodb.com> 2015-03-25 17:06:40 -0400
committer: Kaloian Manassiev <kaloian.manassiev@mongodb.com> 2015-03-26 14:31:11 -0400
commit: 73f7b64e15e7659be93f0add4f3c929e22b1b79d (patch)
tree: 9c9410c4616a394c1dfa1fe41adf28f0ed4309c3
parent: 8a805598bbcb2ac20c345e0734c9fbd4c4722cb0 (diff)
download: mongo-73f7b64e15e7659be93f0add4f3c929e22b1b79d.tar.gz
9 files changed, 65 insertions, 145 deletions
diff --git a/src/mongo/SConscript b/src/mongo/SConscript
index 2c36a0c2927..1fcc377fe7f 100644
--- a/src/mongo/SConscript
+++ b/src/mongo/SConscript
@@ -272,9 +272,6 @@ env.CppUnitTest(
         'range_arithmetic'
     ])
 
-env.Library('auth_helpers', ['client/auth_helpers.cpp'],
-            LIBDEPS=['clientdriver'])
-
 env.Library('global_optime', ['db/global_optime.cpp'])
 
 env.Library('spin_lock', ["util/concurrency/spin_lock.cpp"])
@@ -453,8 +450,7 @@ env.Library("fail_point",
             LIBDEPS=["foundation", "bson"])
 
 env.Library('mongocommon', commonFiles,
-            LIBDEPS=['auth_helpers',
-                     'bson',
+            LIBDEPS=['bson',
                      'background_job',
                      'clientdriver',
                      'fail_point',
diff --git a/src/mongo/client/auth_helpers.cpp b/src/mongo/client/auth_helpers.cpp
deleted file mode 100644
index 80353e46207..00000000000
--- a/src/mongo/client/auth_helpers.cpp
+++ /dev/null
@@ -1,68 +0,0 @@
-/*    Copyright 2013 10gen Inc.
- *
- *    This program is free software: you can redistribute it and/or  modify
- *    it under the terms of the GNU Affero General Public License, version 3,
- *    as published by the Free Software Foundation.
- *
- *    This program is distributed in the hope that it will be useful,
- *    but WITHOUT ANY WARRANTY; without even the implied warranty of
- *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *    GNU Affero General Public License for more details.
- *
- *    You should have received a copy of the GNU Affero General Public License
- *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
- *
- *    As a special exception, the copyright holders give permission to link the
- *    code of portions of this program with the OpenSSL library under certain
- *    conditions as described in each individual source file and distribute
- *    linked combinations including the program with the OpenSSL library. You
- *    must comply with the GNU Affero General Public License in all respects
- *    for all of the code used other than as permitted herein. If you modify
- *    file(s) with this exception, you may extend this exception to your
- *    version of the file(s), but you are not obligated to do so. If you do not
- *    wish to do so, delete this exception statement from your version. If you
- *    delete this exception statement from all source files in the program,
- *    then also delete it in the license file.
- */
-
-#include "mongo/client/auth_helpers.h"
-
-#include "mongo/db/auth/authorization_manager.h"
-
-namespace mongo {
-namespace auth {
-
-    const std::string schemaVersionServerParameter = "authSchemaVersion";
-
-    Status getRemoteStoredAuthorizationVersion(DBClientBase* conn, int* outVersion) {
-        try {
-            BSONObj cmdResult;
-            conn->runCommand(
-                    "admin",
-                    BSON("getParameter" << 1 << schemaVersionServerParameter << 1),
-                    cmdResult);
-            if (!cmdResult["ok"].trueValue()) {
-                std::string errmsg = cmdResult["errmsg"].str();
-                if (errmsg == "no option found to get" ||
-                    StringData(errmsg).startsWith("no such cmd")) {
-
-                    *outVersion = 1;
-                    return Status::OK();
-                }
-                int code = cmdResult["code"].numberInt();
-                if (code == 0) {
-                    code = ErrorCodes::UnknownError;
-                }
-                return Status(ErrorCodes::Error(code), errmsg);
-            }
-            BSONElement versionElement = cmdResult[schemaVersionServerParameter];
-            if (versionElement.eoo())
-                return Status(ErrorCodes::UnknownError, "getParameter misbehaved.");
-            *outVersion = versionElement.numberInt();
-            return Status::OK();
-        } catch (const DBException& e) {
-            return e.toStatus();
-        }
-    }
-}  // namespace auth
-}  // namespace mongo
diff --git a/src/mongo/client/auth_helpers.h b/src/mongo/client/auth_helpers.h
deleted file mode 100644
index fe5491aafe7..00000000000
--- a/src/mongo/client/auth_helpers.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/*    Copyright 2013 10gen Inc.
- *
- *    This program is free software: you can redistribute it and/or  modify
- *    it under the terms of the GNU Affero General Public License, version 3,
- *    as published by the Free Software Foundation.
- *
- *    This program is distributed in the hope that it will be useful,
- *    but WITHOUT ANY WARRANTY; without even the implied warranty of
- *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *    GNU Affero General Public License for more details.
- *
- *    You should have received a copy of the GNU Affero General Public License
- *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
- *
- *    As a special exception, the copyright holders give permission to link the
- *    code of portions of this program with the OpenSSL library under certain
- *    conditions as described in each individual source file and distribute
- *    linked combinations including the program with the OpenSSL library. You
- *    must comply with the GNU Affero General Public License in all respects
- *    for all of the code used other than as permitted herein. If you modify
- *    file(s) with this exception, you may extend this exception to your
- *    version of the file(s), but you are not obligated to do so. If you do not
- *    wish to do so, delete this exception statement from your version. If you
- *    delete this exception statement from all source files in the program,
- *    then also delete it in the license file.
- */
-
-#pragma once
-
-#include "mongo/base/status.h"
-#include "mongo/client/dbclientinterface.h"
-
-namespace mongo {
-namespace auth {
-
-    /**
-     * Retrieves the schema version of the persistent data describing users and roles from the
-     * remote server connected to with conn.
-     */
-    Status getRemoteStoredAuthorizationVersion(DBClientBase* conn, int* outVersion);
-
-    /**
-     * Name of the server parameter used to report the auth schema version (via getParameter).
-     */
-    extern const std::string schemaVersionServerParameter;
-
-}  // namespace auth
-}  // namespace mongo
diff --git a/src/mongo/db/auth/SConscript b/src/mongo/db/auth/SConscript
index 2f15a110423..2d472c696e9 100644
--- a/src/mongo/db/auth/SConscript
+++ b/src/mongo/db/auth/SConscript
@@ -28,8 +28,7 @@ env.Library('authcore', ['action_set.cpp',
                          'user_management_commands_parser.cpp',
                          'user_name.cpp',
                          'user_set.cpp'],
-            LIBDEPS=['$BUILD_DIR/mongo/auth_helpers',
-                     '$BUILD_DIR/mongo/base/base',
+            LIBDEPS=['$BUILD_DIR/mongo/base/base',
                      '$BUILD_DIR/mongo/bson',
                      '$BUILD_DIR/mongo/db/common',
                      '$BUILD_DIR/mongo/db/ops/update_driver',
@@ -56,7 +55,10 @@ env.Library('saslauth',
              'sasl_plain_server_conversation.cpp',
              'sasl_scramsha1_server_conversation.cpp',
              'sasl_server_conversation.cpp'],
-             LIBDEPS=['authcore', '$BUILD_DIR/mongo/crypto/scramauth'])
+             LIBDEPS=[
+                'authcore',
+                '$BUILD_DIR/mongo/crypto/scramauth',
+                '$BUILD_DIR/mongo/network'])
 
 env.Library('authmongod',
             ['authz_manager_external_state_d.cpp',
diff --git a/src/mongo/db/auth/authorization_manager.cpp b/src/mongo/db/auth/authorization_manager.cpp
index 2a4ef685acb..fa3dc088c49 100644
--- a/src/mongo/db/auth/authorization_manager.cpp
+++ b/src/mongo/db/auth/authorization_manager.cpp
@@ -43,7 +43,6 @@
 #include "mongo/bson/mutable/document.h"
 #include "mongo/bson/mutable/element.h"
 #include "mongo/bson/util/bson_extract.h"
-#include "mongo/client/auth_helpers.h"
 #include "mongo/crypto/mechanism_scram.h"
 #include "mongo/db/auth/action_set.h"
 #include "mongo/db/auth/authz_documents_update_guard.h"
diff --git a/src/mongo/db/auth/authorization_manager_global.cpp b/src/mongo/db/auth/authorization_manager_global.cpp
index 5e6c680cd16..91ccec7ba0d 100644
--- a/src/mongo/db/auth/authorization_manager_global.cpp
+++ b/src/mongo/db/auth/authorization_manager_global.cpp
@@ -30,7 +30,6 @@
 
 #include "mongo/base/disallow_copying.h"
 #include "mongo/base/init.h"
-#include "mongo/client/auth_helpers.h"
 #include "mongo/db/auth/authorization_manager.h"
 #include "mongo/db/auth/authorization_manager_global.h"
 #include "mongo/db/server_parameters.h"
@@ -53,7 +52,7 @@ namespace {
                               MONGO_NO_PREREQUISITES,
                               ("BeginStartupOptionParsing"))(InitializerContext*) {
         new AuthzVersionParameter(ServerParameterSet::getGlobal(),
-                                  auth::schemaVersionServerParameter);
+                                  authSchemaVersionServerParameter);
         return Status::OK();
     }
 
@@ -75,8 +74,11 @@ namespace {
     Status AuthzVersionParameter::setFromString(const std::string& newValueString) {
         return Status(ErrorCodes::InternalError, "set called on unsettable server parameter");
     }
+
 }  // namespace
 
+    const std::string authSchemaVersionServerParameter = "authSchemaVersion";
+
     void setGlobalAuthorizationManager(AuthorizationManager* authManager) {
         fassert(16841, globalAuthManager == NULL);
         globalAuthManager = authManager;
diff --git a/src/mongo/db/auth/authorization_manager_global.h b/src/mongo/db/auth/authorization_manager_global.h
index 0b13533265e..08ce75d1da6 100644
--- a/src/mongo/db/auth/authorization_manager_global.h
+++ b/src/mongo/db/auth/authorization_manager_global.h
@@ -32,6 +32,11 @@
 
 namespace mongo {
 
+    /**
+     * Name of the server parameter used to report the auth schema version (via getParameter).
+     */
+    extern const std::string authSchemaVersionServerParameter;
+
     // Gets the singleton AuthorizationManager object for this server process.
     AuthorizationManager* getGlobalAuthorizationManager();
 
diff --git a/src/mongo/db/auth/authz_manager_external_state_s.cpp b/src/mongo/db/auth/authz_manager_external_state_s.cpp
index 500f8b9b9eb..56b485c16f4 100644
--- a/src/mongo/db/auth/authz_manager_external_state_s.cpp
+++ b/src/mongo/db/auth/authz_manager_external_state_s.cpp
@@ -36,9 +36,9 @@
 #include <boost/scoped_ptr.hpp>
 #include <string>
 
-#include "mongo/client/auth_helpers.h"
 #include "mongo/client/dbclientinterface.h"
 #include "mongo/db/auth/authorization_manager.h"
+#include "mongo/db/auth/authorization_manager_global.h"
 #include "mongo/db/auth/user_name.h"
 #include "mongo/db/jsobj.h"
 #include "mongo/s/catalog/catalog_manager.h"
@@ -56,35 +56,68 @@ namespace mongo {
     using std::endl;
     using std::vector;
 
-    AuthzManagerExternalStateMongos::AuthzManagerExternalStateMongos() {}
+namespace {
 
-    AuthzManagerExternalStateMongos::~AuthzManagerExternalStateMongos() {}
+    ScopedDbConnection* getConnectionForAuthzCollection(const NamespaceString& ns) {
+        //
+        // Note: The connection mechanism here is *not* ideal, and should not be used elsewhere.
+        // If the primary for the collection moves, this approach may throw rather than handle
+        // version exceptions.
+        //
 
-    Status AuthzManagerExternalStateMongos::initialize(OperationContext* txn) {
-        return Status::OK();
-    }
+        DBConfigPtr config = grid.getDBConfig(ns.ns());
+        Shard s = config->getShard(ns.ns());
 
-    namespace {
-        ScopedDbConnection* getConnectionForAuthzCollection(const NamespaceString& ns) {
-            //
-            // Note: The connection mechanism here is *not* ideal, and should not be used elsewhere.
-            // If the primary for the collection moves, this approach may throw rather than handle
-            // version exceptions.
-            //
+        return new ScopedDbConnection(s.getConnString(), 30.0);
+    }
 
-            DBConfigPtr config = grid.getDBConfig(ns.ns());
-            Shard s = config->getShard(ns.ns());
+    Status getRemoteStoredAuthorizationVersion(DBClientBase* conn, int* outVersion) {
+        try {
+            BSONObj cmdResult;
+            conn->runCommand(
+                    "admin",
+                    BSON("getParameter" << 1 << authSchemaVersionServerParameter << 1),
+                    cmdResult);
+            if (!cmdResult["ok"].trueValue()) {
+                std::string errmsg = cmdResult["errmsg"].str();
+                if (errmsg == "no option found to get" ||
+                    StringData(errmsg).startsWith("no such cmd")) {
 
-            return new ScopedDbConnection(s.getConnString(), 30.0);
+                    *outVersion = 1;
+                    return Status::OK();
+                }
+                int code = cmdResult["code"].numberInt();
+                if (code == 0) {
+                    code = ErrorCodes::UnknownError;
+                }
+                return Status(ErrorCodes::Error(code), errmsg);
+            }
+            BSONElement versionElement = cmdResult[authSchemaVersionServerParameter];
+            if (versionElement.eoo())
+                return Status(ErrorCodes::UnknownError, "getParameter misbehaved.");
+            *outVersion = versionElement.numberInt();
+            return Status::OK();
+        } catch (const DBException& e) {
+            return e.toStatus();
         }
     }
 
+} // namespace
+
+    AuthzManagerExternalStateMongos::AuthzManagerExternalStateMongos() {}
+
+    AuthzManagerExternalStateMongos::~AuthzManagerExternalStateMongos() {}
+
+    Status AuthzManagerExternalStateMongos::initialize(OperationContext* txn) {
+        return Status::OK();
+    }
+
     Status AuthzManagerExternalStateMongos::getStoredAuthorizationVersion(
                                                 OperationContext* txn, int* outVersion) {
         try {
             scoped_ptr<ScopedDbConnection> conn(getConnectionForAuthzCollection(
                     AuthorizationManager::usersCollectionNamespace));
-            Status status = auth::getRemoteStoredAuthorizationVersion(conn->get(), outVersion);
+            Status status = getRemoteStoredAuthorizationVersion(conn->get(), outVersion);
             conn->done();
             return status;
         }
diff --git a/src/mongo/db/auth/user_management_commands_parser.cpp b/src/mongo/db/auth/user_management_commands_parser.cpp
index 7ca29d56c39..eecef9d9301 100644
--- a/src/mongo/db/auth/user_management_commands_parser.cpp
+++ b/src/mongo/db/auth/user_management_commands_parser.cpp
@@ -33,7 +33,6 @@
 
 #include "mongo/base/status.h"
 #include "mongo/bson/util/bson_extract.h"
-#include "mongo/client/auth_helpers.h"
 #include "mongo/db/auth/action_type.h"
 #include "mongo/db/auth/authorization_manager.h"
 #include "mongo/db/auth/privilege.h"
author	Kaloian Manassiev <kaloian.manassiev@mongodb.com>	2015-03-25 17:06:40 -0400
committer	Kaloian Manassiev <kaloian.manassiev@mongodb.com>	2015-03-26 14:31:11 -0400
commit	73f7b64e15e7659be93f0add4f3c929e22b1b79d (patch)
tree	9c9410c4616a394c1dfa1fe41adf28f0ed4309c3
parent	8a805598bbcb2ac20c345e0734c9fbd4c4722cb0 (diff)
download	mongo-73f7b64e15e7659be93f0add4f3c929e22b1b79d.tar.gz