diff options
| author | Tony Hannan <tony@10gen.com> | 2011-10-19 12:34:21 -0400 |
|---|---|---|
| committer | Eric Milkie <milkie@10gen.com> | 2012-05-09 16:50:41 -0400 |
| commit | 77db8a50cfd1825a5848f908bf2860c5495ba528 (patch) | |
| tree | f42339f3476ae62120b97d2c4eb60f86e371fce5 | |
| parent | c94a29477ae43133be3a6e47cc2a97ccc01e7469 (diff) | |
| download | mongo-77db8a50cfd1825a5848f908bf2860c5495ba528.tar.gz | |
SERVER-2917: REST interface now authenticate user to db when user successfully authenticates to web server
Signed-off-by: Eric Milkie <milkie@10gen.com>
| -rw-r--r-- | db/dbwebserver.cpp | 11 | ||||
| -rw-r--r-- | db/security_common.h | 4 |
2 files changed, 9 insertions, 6 deletions
diff --git a/db/dbwebserver.cpp b/db/dbwebserver.cpp index 78c09c0f74e..eb19ba3be6c 100644 --- a/db/dbwebserver.cpp +++ b/db/dbwebserver.cpp @@ -79,11 +79,10 @@ namespace mongo { } bool allowed( const char * rq , vector<string>& headers, const SockAddr &from ) { - if ( from.isLocalHost() ) - return true; - - if ( ! _webUsers->haveAdminUsers() ) + if ( from.isLocalHost() || !_webUsers->haveAdminUsers() ) { + cmdAuthenticate.authenticate( "admin", "RestUser", false ); return true; + } string auth = getHeader( rq , "Authorization" ); @@ -118,8 +117,10 @@ namespace mongo { r << ha2; string r1 = md5simpledigest( r.str() ); - if ( r1 == parms["response"] ) + if ( r1 == parms["response"] ) { + cmdAuthenticate.authenticate( "admin", user["user"].str(), user[ "readOnly" ].isBoolean() && user[ "readOnly" ].boolean() ); return true; + } } } diff --git a/db/security_common.h b/db/security_common.h index c9a3e3a8933..80a74506025 100644 --- a/db/security_common.h +++ b/db/security_common.h @@ -61,10 +61,12 @@ namespace mongo { virtual void help(stringstream& ss) const { ss << "internal"; } CmdAuthenticate() : Command("authenticate") {} bool run(const string& dbname , BSONObj& cmdObj, int options, string& errmsg, BSONObjBuilder& result, bool fromRepl); + void authenticate(const string& dbname, const string& user, const bool readOnly); private: bool getUserObj(const string& dbname, const string& user, BSONObj& userObj, string& pwd); - void authenticate(const string& dbname, const string& user, const bool readOnly); }; + + extern CmdAuthenticate cmdAuthenticate; class CmdLogout : public Command { public: |