SERVER-17817 When setting up ClientBasic, get AuthorizationSession object from AuthorizationManager.

author: Andy Schwerin <schwerin@mongodb.com> 2015-04-06 10:48:36 -0400
committer: Andy Schwerin <schwerin@mongodb.com> 2015-04-06 18:20:14 -0400
commit: 7ea3fc90c6c1f175da1e76ff79b1e6ae09377141 (patch)
tree: bd2f3f246c48a3a88578c3195432cb30fc3bfff2
parent: 9e2cc1588f25f81983de48f2c69130203e325175 (diff)
download: mongo-7ea3fc90c6c1f175da1e76ff79b1e6ae09377141.tar.gz
19 files changed, 85 insertions, 27 deletions
diff --git a/src/mongo/db/auth/authorization_manager.cpp b/src/mongo/db/auth/authorization_manager.cpp
index fa3dc088c49..162da449007 100644
--- a/src/mongo/db/auth/authorization_manager.cpp
+++ b/src/mongo/db/auth/authorization_manager.cpp
@@ -45,6 +45,7 @@
 #include "mongo/bson/util/bson_extract.h"
 #include "mongo/crypto/mechanism_scram.h"
 #include "mongo/db/auth/action_set.h"
+#include "mongo/db/auth/authorization_session.h"
 #include "mongo/db/auth/authz_documents_update_guard.h"
 #include "mongo/db/auth/authz_manager_external_state.h"
 #include "mongo/db/auth/privilege.h"
@@ -57,9 +58,9 @@
 #include "mongo/db/jsobj.h"
 #include "mongo/platform/compiler.h"
 #include "mongo/platform/unordered_map.h"
+#include "mongo/stdx/memory.h"
 #include "mongo/util/assert_util.h"
 #include "mongo/util/log.h"
-#include "mongo/util/map_util.h"
 #include "mongo/util/mongoutils/str.h"
 
 namespace mongo {
@@ -268,6 +269,11 @@ namespace mongo {
         }
     }
 
+    std::unique_ptr<AuthorizationSession> AuthorizationManager::makeAuthorizationSession() {
+        return stdx::make_unique<AuthorizationSession>(
+                _externalState->makeAuthzSessionExternalState(this));
+    }
+
     Status AuthorizationManager::getAuthorizationVersion(OperationContext* txn, int* version) {
         CacheGuard guard(this, CacheGuard::fetchSynchronizationManual);
         int newVersion = _version;
diff --git a/src/mongo/db/auth/authorization_manager.h b/src/mongo/db/auth/authorization_manager.h
index d430d1e8012..46f0ab7da5e 100644
--- a/src/mongo/db/auth/authorization_manager.h
+++ b/src/mongo/db/auth/authorization_manager.h
@@ -51,9 +51,10 @@
 
 namespace mongo {
 
+    class AuthorizationSession;
     class AuthzManagerExternalState;
-    class UserDocumentParser;
     class OperationContext;
+    class UserDocumentParser;
 
     /**
      * Internal secret key info.
@@ -154,6 +155,10 @@ namespace mongo {
                                      const RoleName& roleName,
                                      mutablebson::Element result);
 
+        /**
+         * Returns a new AuthorizationSession for use with this AuthorizationManager.
+         */
+        std::unique_ptr<AuthorizationSession> makeAuthorizationSession();
 
         /**
          * Sets whether or not access control enforcement is enabled for this manager.
diff --git a/src/mongo/db/auth/authorization_session.cpp b/src/mongo/db/auth/authorization_session.cpp
index 6c88f9462fd..a0c7cfe7168 100644
--- a/src/mongo/db/auth/authorization_session.cpp
+++ b/src/mongo/db/auth/authorization_session.cpp
@@ -57,10 +57,10 @@ namespace {
     const std::string ADMIN_DBNAME = "admin";
 }  // namespace
 
-    AuthorizationSession::AuthorizationSession(AuthzSessionExternalState* externalState) 
-        : _impersonationFlag(false) {
-        _externalState.reset(externalState);
-    }
+    AuthorizationSession::AuthorizationSession(
+            std::unique_ptr<AuthzSessionExternalState> externalState)
+        : _externalState(std::move(externalState)),
+          _impersonationFlag(false) {}
 
     AuthorizationSession::~AuthorizationSession() {
         for (UserSet::iterator it = _authenticatedUsers.begin();
diff --git a/src/mongo/db/auth/authorization_session.h b/src/mongo/db/auth/authorization_session.h
index 68e89c67cb7..f619d90ce2f 100644
--- a/src/mongo/db/auth/authorization_session.h
+++ b/src/mongo/db/auth/authorization_session.h
@@ -28,7 +28,7 @@
 
 #pragma once
 
-#include <boost/scoped_ptr.hpp>
+#include <memory>
 #include <string>
 #include <vector>
 
@@ -64,7 +64,7 @@ namespace mongo {
     public:
 
         // Takes ownership of the externalState.
-        explicit AuthorizationSession(AuthzSessionExternalState* externalState);
+        explicit AuthorizationSession(std::unique_ptr<AuthzSessionExternalState> externalState);
         ~AuthorizationSession();
 
         AuthorizationManager& getAuthorizationManager();
@@ -232,7 +232,7 @@ namespace mongo {
         // lock on the admin database (to update out-of-date user privilege information).
         bool _isAuthorizedForPrivilege(const Privilege& privilege);
 
-        boost::scoped_ptr<AuthzSessionExternalState> _externalState;
+        std::unique_ptr<AuthzSessionExternalState> _externalState;
 
         // All Users who have been authenticated on this connection.
         UserSet _authenticatedUsers;
diff --git a/src/mongo/db/auth/authorization_session_test.cpp b/src/mongo/db/auth/authorization_session_test.cpp
index da878ce324c..5a266f33483 100644
--- a/src/mongo/db/auth/authorization_session_test.cpp
+++ b/src/mongo/db/auth/authorization_session_test.cpp
@@ -87,7 +87,8 @@ namespace {
             managerState->setAuthzVersion(AuthorizationManager::schemaVersion26Final);
             authzManager.reset(new AuthorizationManager(managerState));
             sessionState = new AuthzSessionExternalStateMock(authzManager.get());
-            authzSession.reset(new AuthorizationSession(sessionState));
+            authzSession.reset(new AuthorizationSession(
+                                       std::unique_ptr<AuthzSessionExternalState>(sessionState)));
             authzManager->setAuthEnabled(true);
         }
     };
diff --git a/src/mongo/db/auth/authz_manager_external_state.h b/src/mongo/db/auth/authz_manager_external_state.h
index 87c057b25da..a39bd19b0e9 100644
--- a/src/mongo/db/auth/authz_manager_external_state.h
+++ b/src/mongo/db/auth/authz_manager_external_state.h
@@ -28,6 +28,7 @@
 
 #pragma once
 
+#include <memory>
 #include <string>
 #include <vector>
 
@@ -41,6 +42,8 @@
 
 namespace mongo {
 
+    class AuthorizationManager;
+    class AuthzSessionExternalState;
     class OperationContext;
 
     /**
@@ -63,6 +66,13 @@ namespace mongo {
         virtual Status initialize(OperationContext* txn) = 0;
 
         /**
+         * Creates an external state manipulator for an AuthorizationSession whose
+         * AuthorizationManager uses this object as its own external state manipulator.
+         */
+        virtual std::unique_ptr<AuthzSessionExternalState> makeAuthzSessionExternalState(
+                AuthorizationManager* authzManager) = 0;
+
+        /**
          * Retrieves the schema version of the persistent data describing users and roles.
          * Will leave *outVersion unmodified on non-OK status return values.
          */
diff --git a/src/mongo/db/auth/authz_manager_external_state_d.cpp b/src/mongo/db/auth/authz_manager_external_state_d.cpp
index 2ff2b933fce..7871f8d5a78 100644
--- a/src/mongo/db/auth/authz_manager_external_state_d.cpp
+++ b/src/mongo/db/auth/authz_manager_external_state_d.cpp
@@ -38,15 +38,17 @@
 
 #include "mongo/base/status.h"
 #include "mongo/db/auth/authorization_manager.h"
+#include "mongo/db/auth/authz_session_external_state_d.h"
 #include "mongo/db/auth/user_name.h"
 #include "mongo/db/client.h"
 #include "mongo/db/db_raii.h"
 #include "mongo/db/dbdirectclient.h"
 #include "mongo/db/dbhelpers.h"
-#include "mongo/db/service_context.h"
 #include "mongo/db/jsobj.h"
 #include "mongo/db/operation_context.h"
+#include "mongo/db/service_context.h"
 #include "mongo/db/storage/storage_engine.h"
+#include "mongo/stdx/memory.h"
 #include "mongo/util/assert_util.h"
 #include "mongo/util/log.h"
 #include "mongo/util/mongoutils/str.h"
@@ -59,6 +61,13 @@ namespace mongo {
     AuthzManagerExternalStateMongod::AuthzManagerExternalStateMongod() {}
     AuthzManagerExternalStateMongod::~AuthzManagerExternalStateMongod() {}
 
+    std::unique_ptr<AuthzSessionExternalState>
+    AuthzManagerExternalStateMongod::makeAuthzSessionExternalState(
+            AuthorizationManager* authzManager) {
+
+        return stdx::make_unique<AuthzSessionExternalStateMongod>(authzManager);
+    }
+
     Status AuthzManagerExternalStateMongod::query(
             OperationContext* txn,
             const NamespaceString& collectionName,
diff --git a/src/mongo/db/auth/authz_manager_external_state_d.h b/src/mongo/db/auth/authz_manager_external_state_d.h
index 72c67284c1e..7a3e1f98de4 100644
--- a/src/mongo/db/auth/authz_manager_external_state_d.h
+++ b/src/mongo/db/auth/authz_manager_external_state_d.h
@@ -50,6 +50,9 @@ namespace mongo {
         AuthzManagerExternalStateMongod();
         virtual ~AuthzManagerExternalStateMongod();
 
+        std::unique_ptr<AuthzSessionExternalState> makeAuthzSessionExternalState(
+                AuthorizationManager* authzManager) override;
+
         virtual Status findOne(OperationContext* txn,
                                const NamespaceString& collectionName,
                                const BSONObj& query,
diff --git a/src/mongo/db/auth/authz_manager_external_state_mock.cpp b/src/mongo/db/auth/authz_manager_external_state_mock.cpp
index 9d9f0cc0955..a8939fceb70 100644
--- a/src/mongo/db/auth/authz_manager_external_state_mock.cpp
+++ b/src/mongo/db/auth/authz_manager_external_state_mock.cpp
@@ -35,12 +35,14 @@
 #include "mongo/bson/mutable/document.h"
 #include "mongo/bson/mutable/element.h"
 #include "mongo/db/auth/authorization_manager.h"
+#include "mongo/db/auth/authz_session_external_state_mock.h"
 #include "mongo/db/jsobj.h"
 #include "mongo/db/matcher/expression_parser.h"
 #include "mongo/db/namespace_string.h"
 #include "mongo/db/operation_context_noop.h"
 #include "mongo/db/ops/update_driver.h"
 #include "mongo/platform/unordered_set.h"
+#include "mongo/stdx/memory.h"
 #include "mongo/util/map_util.h"
 #include "mongo/util/mongoutils/str.h"
 
@@ -100,6 +102,13 @@ namespace {
                           BSONObj()));
     }
 
+    std::unique_ptr<AuthzSessionExternalState>
+    AuthzManagerExternalStateMock::makeAuthzSessionExternalState(
+            AuthorizationManager* authzManager) {
+
+        return stdx::make_unique<AuthzSessionExternalStateMock>(authzManager);
+    }
+
     Status AuthzManagerExternalStateMock::findOne(
             OperationContext* txn,
             const NamespaceString& collectionName,
diff --git a/src/mongo/db/auth/authz_manager_external_state_mock.h b/src/mongo/db/auth/authz_manager_external_state_mock.h
index 0a5bf73de94..92698263295 100644
--- a/src/mongo/db/auth/authz_manager_external_state_mock.h
+++ b/src/mongo/db/auth/authz_manager_external_state_mock.h
@@ -58,6 +58,9 @@ namespace mongo {
         void setAuthorizationManager(AuthorizationManager* authzManager);
         void setAuthzVersion(int version);
 
+        std::unique_ptr<AuthzSessionExternalState> makeAuthzSessionExternalState(
+                AuthorizationManager* authzManager) override;
+
         virtual Status findOne(OperationContext* txn,
                                const NamespaceString& collectionName,
                                const BSONObj& query,
diff --git a/src/mongo/db/auth/authz_manager_external_state_s.cpp b/src/mongo/db/auth/authz_manager_external_state_s.cpp
index 56b485c16f4..4e9a204cbf8 100644
--- a/src/mongo/db/auth/authz_manager_external_state_s.cpp
+++ b/src/mongo/db/auth/authz_manager_external_state_s.cpp
@@ -39,6 +39,7 @@
 #include "mongo/client/dbclientinterface.h"
 #include "mongo/db/auth/authorization_manager.h"
 #include "mongo/db/auth/authorization_manager_global.h"
+#include "mongo/db/auth/authz_session_external_state_s.h"
 #include "mongo/db/auth/user_name.h"
 #include "mongo/db/jsobj.h"
 #include "mongo/s/catalog/catalog_manager.h"
@@ -46,6 +47,7 @@
 #include "mongo/s/distlock.h"
 #include "mongo/s/grid.h"
 #include "mongo/s/write_ops/batched_command_response.h"
+#include "mongo/stdx/memory.h"
 #include "mongo/util/assert_util.h"
 #include "mongo/util/log.h"
 #include "mongo/util/mongoutils/str.h"
@@ -112,6 +114,13 @@ namespace {
         return Status::OK();
     }
 
+    std::unique_ptr<AuthzSessionExternalState>
+    AuthzManagerExternalStateMongos::makeAuthzSessionExternalState(
+            AuthorizationManager* authzManager) {
+
+        return stdx::make_unique<AuthzSessionExternalStateMongos>(authzManager);
+    }
+
     Status AuthzManagerExternalStateMongos::getStoredAuthorizationVersion(
                                                 OperationContext* txn, int* outVersion) {
         try {
diff --git a/src/mongo/db/auth/authz_manager_external_state_s.h b/src/mongo/db/auth/authz_manager_external_state_s.h
index 5e1c97cc8f0..7601993a536 100644
--- a/src/mongo/db/auth/authz_manager_external_state_s.h
+++ b/src/mongo/db/auth/authz_manager_external_state_s.h
@@ -54,6 +54,8 @@ namespace mongo {
         virtual ~AuthzManagerExternalStateMongos();
 
         virtual Status initialize(OperationContext* txn);
+        std::unique_ptr<AuthzSessionExternalState> makeAuthzSessionExternalState(
+                AuthorizationManager* authzManager) override;
         virtual Status getStoredAuthorizationVersion(OperationContext* txn, int* outVersion);
         virtual Status getUserDescription(
                             OperationContext* txn, const UserName& userName, BSONObj* result);
diff --git a/src/mongo/db/auth/authz_session_external_state.h b/src/mongo/db/auth/authz_session_external_state.h
index 2e1b41a0565..8b22b046bbd 100644
--- a/src/mongo/db/auth/authz_session_external_state.h
+++ b/src/mongo/db/auth/authz_session_external_state.h
@@ -75,6 +75,10 @@ namespace mongo {
         // This class should never be instantiated directly.
         AuthzSessionExternalState(AuthorizationManager* authzManager);
 
+        // Pointer to the authorization manager associated with the authorization session
+        // that owns this object.
+        //
+        // TODO(schwerin): Eliminate this back pointer.
         AuthorizationManager* _authzManager;
     };
 
diff --git a/src/mongo/db/auth/native_sasl_authentication_session.cpp b/src/mongo/db/auth/native_sasl_authentication_session.cpp
index ee7a3e306c8..80d89ccf3b5 100644
--- a/src/mongo/db/auth/native_sasl_authentication_session.cpp
+++ b/src/mongo/db/auth/native_sasl_authentication_session.cpp
@@ -47,6 +47,7 @@
 #include "mongo/db/auth/sasl_options.h"
 #include "mongo/db/auth/sasl_plain_server_conversation.h"
 #include "mongo/db/auth/sasl_scramsha1_server_conversation.h"
+#include "mongo/stdx/memory.h"
 #include "mongo/util/assert_util.h"
 #include "mongo/util/mongoutils/str.h"
 
@@ -77,7 +78,8 @@ namespace {
         (InitializerContext*) {
 
         AuthorizationManager authzManager(new AuthzManagerExternalStateMock());
-        AuthorizationSession authzSession(new AuthzSessionExternalStateMock(&authzManager));
+        std::unique_ptr<AuthorizationSession> authzSession =
+            authzManager.makeAuthorizationSession();
 
         for (size_t i = 0; i < saslGlobalParams.authenticationMechanisms.size(); ++i) {
             const std::string& mechanism = saslGlobalParams.authenticationMechanisms[i];
@@ -86,7 +88,7 @@ namespace {
                 continue;
             }
             scoped_ptr<SaslAuthenticationSession>
-                session(SaslAuthenticationSession::create(&authzSession, mechanism));
+                session(SaslAuthenticationSession::create(authzSession.get(), mechanism));
             Status status = session->start("test",
                                            mechanism,
                                            saslGlobalParams.serviceName,
diff --git a/src/mongo/db/client.cpp b/src/mongo/db/client.cpp
index b20dd87d04d..c408723d462 100644
--- a/src/mongo/db/client.cpp
+++ b/src/mongo/db/client.cpp
@@ -45,7 +45,6 @@
 #include "mongo/db/auth/action_type.h"
 #include "mongo/db/auth/authorization_manager_global.h"
 #include "mongo/db/auth/authorization_session.h"
-#include "mongo/db/auth/authz_session_external_state_d.h"
 #include "mongo/db/auth/privilege.h"
 #include "mongo/db/catalog/database_holder.h"
 #include "mongo/db/commands.h"
@@ -96,8 +95,7 @@ namespace mongo {
         // Create the client obj, attach to thread
         Client* client = new Client(fullDesc, getGlobalServiceContext(), mp);
         client->setAuthorizationSession(
-            new AuthorizationSession(
-                new AuthzSessionExternalStateMongod(getGlobalAuthorizationManager())));
+                getGlobalAuthorizationManager()->makeAuthorizationSession());
 
         currentClient.reset(client);
 
diff --git a/src/mongo/db/client_basic.cpp b/src/mongo/db/client_basic.cpp
index bbe1d729540..6f3ef6af424 100644
--- a/src/mongo/db/client_basic.cpp
+++ b/src/mongo/db/client_basic.cpp
@@ -70,11 +70,12 @@ namespace mongo {
             return _authorizationSession.get();
     }
 
-    void ClientBasic::setAuthorizationSession(AuthorizationSession* authorizationSession) {
+    void ClientBasic::setAuthorizationSession(
+            std::unique_ptr<AuthorizationSession> authorizationSession) {
         massert(16477,
                 "An AuthorizationManager has already been set up for this connection",
                 !hasAuthorizationSession());
-        _authorizationSession.reset(authorizationSession);
+        _authorizationSession = std::move(authorizationSession);
     }
 
 }  // namespace mongo
diff --git a/src/mongo/db/client_basic.h b/src/mongo/db/client_basic.h
index f2b1bd05a75..e68a71b75a9 100644
--- a/src/mongo/db/client_basic.h
+++ b/src/mongo/db/client_basic.h
@@ -28,8 +28,8 @@
 
 #pragma once
 
-#include <boost/noncopyable.hpp>
 #include <boost/scoped_ptr.hpp>
+#include <memory>
 
 #include "mongo/base/disallow_copying.h"
 #include "mongo/util/decorable.h"
@@ -60,7 +60,7 @@ namespace mongo {
 
         bool hasAuthorizationSession() const;
         AuthorizationSession* getAuthorizationSession() const;
-        void setAuthorizationSession(AuthorizationSession* authorizationSession);
+        void setAuthorizationSession(std::unique_ptr<AuthorizationSession> authorizationSession);
 
         bool getIsLocalHostConnection() {
             if (!hasRemote()) {
@@ -92,7 +92,7 @@ namespace mongo {
 
     private:
         boost::scoped_ptr<AuthenticationSession> _authenticationSession;
-        boost::scoped_ptr<AuthorizationSession> _authorizationSession;
+        std::unique_ptr<AuthorizationSession> _authorizationSession;
         ServiceContext* const _serviceContext;
         AbstractMessagingPort* const _messagingPort;
     };
diff --git a/src/mongo/s/client_info.cpp b/src/mongo/s/client_info.cpp
index b3f3cdca424..4b3f3b519c3 100644
--- a/src/mongo/s/client_info.cpp
+++ b/src/mongo/s/client_info.cpp
@@ -38,7 +38,6 @@
 
 #include "mongo/db/auth/authorization_manager_global.h"
 #include "mongo/db/auth/authorization_session.h"
-#include "mongo/db/auth/authz_session_external_state_s.h"
 #include "mongo/db/commands.h"
 #include "mongo/db/lasterror.h"
 #include "mongo/db/service_context.h"
@@ -84,8 +83,7 @@ namespace mongo {
         ClientInfo * info = _tlInfo.get();
         massert(16472, "A ClientInfo already exists for this thread", !info);
         info = new ClientInfo(serviceContext, messagingPort);
-        info->setAuthorizationSession(new AuthorizationSession(
-                new AuthzSessionExternalStateMongos(getGlobalAuthorizationManager())));
+        info->setAuthorizationSession(getGlobalAuthorizationManager()->makeAuthorizationSession());
         _tlInfo.reset( info );
         info->newRequest();
         return info;
diff --git a/src/mongo/s/s_only.cpp b/src/mongo/s/s_only.cpp
index 9bd24de0322..64fffd1a780 100644
--- a/src/mongo/s/s_only.cpp
+++ b/src/mongo/s/s_only.cpp
@@ -34,7 +34,6 @@
 #include "mongo/db/auth/authorization_manager.h"
 #include "mongo/db/auth/authorization_manager_global.h"
 #include "mongo/db/auth/authorization_session.h"
-#include "mongo/db/auth/authz_session_external_state_s.h"
 #include "mongo/db/client.h"
 #include "mongo/db/commands.h"
 #include "mongo/db/service_context.h"
@@ -84,8 +83,7 @@ namespace mongo {
         Client *c = new Client( fullDesc, getGlobalServiceContext(), mp );
         currentClient.reset(c);
         mongo::lastError.initThread();
-        c->setAuthorizationSession(new AuthorizationSession(new AuthzSessionExternalStateMongos(
-                getGlobalAuthorizationManager())));
+        c->setAuthorizationSession(getGlobalAuthorizationManager()->makeAuthorizationSession());
     }
 
     string Client::clientAddress(bool includePort) const {
author	Andy Schwerin <schwerin@mongodb.com>	2015-04-06 10:48:36 -0400
committer	Andy Schwerin <schwerin@mongodb.com>	2015-04-06 18:20:14 -0400
commit	7ea3fc90c6c1f175da1e76ff79b1e6ae09377141 (patch)
tree	bd2f3f246c48a3a88578c3195432cb30fc3bfff2
parent	9e2cc1588f25f81983de48f2c69130203e325175 (diff)
download	mongo-7ea3fc90c6c1f175da1e76ff79b1e6ae09377141.tar.gz