SERVER-17527 add startup warning when server is started with web interface and auth

(cherry picked from commit 7a615393f4ce1fee83767ab161cdbc6a6ed1fdef)
author: Robert Guo <robert.guo@10gen.com> 2015-09-01 19:00:10 -0400
committer: Robert Guo <robert.guo@10gen.com> 2016-01-26 16:31:36 -0500
commit: a01f882735e7655cfb1572ec8c6710f296caf4be (patch)
tree: e394df09d26a5d79e37284c8a2f123354cf3cc77
parent: 20d60d3491908f1ae252fe452300de3978a040c7 (diff)
download: mongo-a01f882735e7655cfb1572ec8c6710f296caf4be.tar.gz
6 files changed, 34 insertions, 9 deletions
diff --git a/src/mongo/db/db.cpp b/src/mongo/db/db.cpp
index a77d99b1657..14e8c5b4267 100644
--- a/src/mongo/db/db.cpp
+++ b/src/mongo/db/db.cpp
@@ -82,6 +82,7 @@
 #include "mongo/db/repl/replication_coordinator_impl.h"
 #include "mongo/db/repl/topology_coordinator_impl.h"
 #include "mongo/db/restapi.h"
+#include "mongo/db/server_options.h"
 #include "mongo/db/server_parameters.h"
 #include "mongo/db/startup_warnings_mongod.h"
 #include "mongo/db/stats/counters.h"
@@ -531,7 +532,7 @@ static void _initAndListen(int listenPort) {
 
     getGlobalEnvironment()->setGlobalStorageEngine(storageGlobalParams.engine);
 
-    logMongodStartupWarnings(storageGlobalParams);
+    logMongodStartupWarnings(storageGlobalParams, serverGlobalParams);
 
     {
         stringstream ss;
diff --git a/src/mongo/db/startup_warnings_common.cpp b/src/mongo/db/startup_warnings_common.cpp
index 2e2fe6ed0e6..b8c64d4e507 100644
--- a/src/mongo/db/startup_warnings_common.cpp
+++ b/src/mongo/db/startup_warnings_common.cpp
@@ -35,6 +35,8 @@
 #include <boost/filesystem/operations.hpp>
 #include <fstream>
 
+#include "mongo/db/auth/authorization_manager_global.h"
+#include "mongo/db/server_options.h"
 #include "mongo/util/log.h"
 #include "mongo/util/processinfo.h"
 #include "mongo/util/version.h"
@@ -44,7 +46,7 @@ namespace mongo {
 //
 // system warnings
 //
-void logCommonStartupWarnings() {
+void logCommonStartupWarnings(const ServerGlobalParams& serverParams) {
     // each message adds a leading and a trailing newline
 
     bool warned = false;
@@ -60,6 +62,20 @@ void logCommonStartupWarnings() {
         }
     }
 
+    if ((getGlobalAuthorizationManager()->isAuthEnabled() ||
+         serverParams.clusterAuthMode.load() != ServerGlobalParams::ClusterAuthMode_undefined) &&
+        (serverParams.rest || serverParams.isHttpInterfaceEnabled || serverParams.jsonp)) {
+        log() << startupWarningsLog;
+        log()
+            << "** WARNING: The server is started with the web server interface and access control."
+            << startupWarningsLog;
+        log() << "**          The web interfaces (rest, httpinterface and/or jsonp) are insecure "
+              << startupWarningsLog;
+        log() << "**          and should be disabled unless required for backward compatability."
+              << startupWarningsLog;
+        warned = true;
+    }
+
 #if defined(_WIN32) && !defined(_WIN64)
     // Warn user that they are running a 32-bit app on 64-bit Windows
     BOOL wow64Process;
diff --git a/src/mongo/db/startup_warnings_common.h b/src/mongo/db/startup_warnings_common.h
index ac77a2d5ce3..33f75cab56b 100644
--- a/src/mongo/db/startup_warnings_common.h
+++ b/src/mongo/db/startup_warnings_common.h
@@ -27,7 +27,10 @@
 */
 
 namespace mongo {
+
+struct ServerGlobalParams;
+
 // Checks various startup conditions and logs any necessary warnings that
 // are common to both mongod and mongos processes.
-void logCommonStartupWarnings();
+void logCommonStartupWarnings(const ServerGlobalParams& serverParams);
 }  // namespace mongo
diff --git a/src/mongo/db/startup_warnings_mongod.cpp b/src/mongo/db/startup_warnings_mongod.cpp
index 4d73540482c..b85b0af6ead 100644
--- a/src/mongo/db/startup_warnings_mongod.cpp
+++ b/src/mongo/db/startup_warnings_mongod.cpp
@@ -38,6 +38,7 @@
 #include <sys/resource.h>
 #endif
 
+#include "mongo/db/server_options.h"
 #include "mongo/db/startup_warnings_common.h"
 #include "mongo/db/storage_options.h"
 #include "mongo/util/mongoutils/str.h"
@@ -130,8 +131,9 @@ StatusWith<std::string> StartupWarningsMongod::readTransparentHugePagesParameter
     return StatusWith<std::string>(opMode);
 }
 
-void logMongodStartupWarnings(const StorageGlobalParams& params) {
-    logCommonStartupWarnings();
+void logMongodStartupWarnings(const StorageGlobalParams& storageParams,
+                              const ServerGlobalParams& serverParams) {
+    logCommonStartupWarnings(serverParams);
 
     bool warned = false;
 
@@ -140,7 +142,7 @@ void logMongodStartupWarnings(const StorageGlobalParams& params) {
         log() << "** NOTE: This is a 32 bit MongoDB binary." << startupWarningsLog;
         log() << "**       32 bit builds are limited to less than 2GB of data "
               << "(or less with --journal)." << startupWarningsLog;
-        if (!params.dur) {
+        if (!storageParams.dur) {
             log() << "**       Note that journaling defaults to off for 32 bit "
                   << "and is currently off." << startupWarningsLog;
         }
@@ -219,7 +221,7 @@ void logMongodStartupWarnings(const StorageGlobalParams& params) {
         }
     }
 
-    if (params.dur) {
+    if (storageParams.dur) {
         std::fstream f("/proc/sys/vm/overcommit_memory", ios_base::in);
         unsigned val;
         f >> val;
diff --git a/src/mongo/db/startup_warnings_mongod.h b/src/mongo/db/startup_warnings_mongod.h
index b1dbbd21b5c..b6f4048237d 100644
--- a/src/mongo/db/startup_warnings_mongod.h
+++ b/src/mongo/db/startup_warnings_mongod.h
@@ -32,6 +32,7 @@
 namespace mongo {
 
 struct StorageGlobalParams;
+struct ServerGlobalParams;
 
 class StartupWarningsMongod {
 private:
@@ -54,5 +55,6 @@ public:
 
 // Checks various startup conditions and logs any necessary warnings that
 // are specific to the mongod process.
-void logMongodStartupWarnings(const StorageGlobalParams& params);
+void logMongodStartupWarnings(const StorageGlobalParams& storageParams,
+                              const ServerGlobalParams& serverParams);
 }  // namespace mongo
diff --git a/src/mongo/s/server.cpp b/src/mongo/s/server.cpp
index 3a4af2b6491..e7102c94fa6 100644
--- a/src/mongo/s/server.cpp
+++ b/src/mongo/s/server.cpp
@@ -57,6 +57,7 @@
 #include "mongo/db/lasterror.h"
 #include "mongo/db/log_process_details.h"
 #include "mongo/db/operation_context_noop.h"
+#include "mongo/db/server_options.h"
 #include "mongo/db/startup_warnings_common.h"
 #include "mongo/platform/process_id.h"
 #include "mongo/s/balance.h"
@@ -431,7 +432,7 @@ int mongoSMain(int argc, char* argv[], char** envp) {
     startupConfigActions(std::vector<std::string>(argv, argv + argc));
     cmdline_utils::censorArgvArray(argc, argv);
 
-    mongo::logCommonStartupWarnings();
+    mongo::logCommonStartupWarnings(serverGlobalParams);
 
     try {
         int exitCode = _main();
author	Robert Guo <robert.guo@10gen.com>	2015-09-01 19:00:10 -0400
committer	Robert Guo <robert.guo@10gen.com>	2016-01-26 16:31:36 -0500
commit	a01f882735e7655cfb1572ec8c6710f296caf4be (patch)
tree	e394df09d26a5d79e37284c8a2f123354cf3cc77
parent	20d60d3491908f1ae252fe452300de3978a040c7 (diff)
download	mongo-a01f882735e7655cfb1572ec8c6710f296caf4be.tar.gz