diff options
author | Andrew Morrow <acm@mongodb.com> | 2018-03-28 11:59:39 -0400 |
---|---|---|
committer | Andrew Morrow <acm@mongodb.com> | 2018-03-29 12:15:39 -0400 |
commit | 73a74e4ba33af61b2f102ddf11e674ee30dc2768 (patch) | |
tree | ec11fffd096488f006e9e3a6f33ff4b80c1315fe | |
parent | 45c86eb7be9a2ce2ffd112f22f7cdc131d35b0aa (diff) | |
download | mongo-73a74e4ba33af61b2f102ddf11e674ee30dc2768.tar.gz |
SERVER-33980 Reduce dependencies for embedded commands
34 files changed, 624 insertions, 457 deletions
diff --git a/site_scons/site_tools/auto_install_binaries.py b/site_scons/site_tools/auto_install_binaries.py index 19232645e26..87821f0341b 100644 --- a/site_scons/site_tools/auto_install_binaries.py +++ b/site_scons/site_tools/auto_install_binaries.py @@ -26,8 +26,21 @@ def generate(env): for s in map(env.Entry, env.Flatten(source)): setattr(s.attributes, "aib_install_actions", actions) - tags = kwargs.get('INSTALL_ALIAS', []) - if tags: + # Get the tags. If no tags were set, or a non-falsish thing + # was set then interpret that as a request for normal + # tagging. Auto include the 'all' tag, and generate + # aliases. If the user explicitly set the INSTALL_ALIAS to + # something falsy, interpret that as meaning no tags at all, + # so that we have a way to exempt targets from auto + # installation. + tags = kwargs.get('INSTALL_ALIAS', None) + if tags is None or tags: + tags = set(tags or []) + tags.add('all') + if 'default' in tags: + tags.remove('default') + env.Alias('install', actions) + env.Default('install') env.Alias(['install-' + tag for tag in tags], actions) return actions @@ -64,6 +77,8 @@ def generate(env): install_sources = node.sources for install_source in install_sources: is_executor = install_source.get_executor() + if not is_executor: + continue is_targets = is_executor.get_all_targets() for is_target in (is_targets or []): grandchildren = is_target.children() diff --git a/src/mongo/SConscript b/src/mongo/SConscript index c5d91a883b6..500cf0f8eac 100644 --- a/src/mongo/SConscript +++ b/src/mongo/SConscript @@ -356,8 +356,9 @@ mongod = env.Program( 'mongodmain', ], INSTALL_ALIAS=[ - 'servers', 'core', + 'default', + 'servers', ], ) diff --git a/src/mongo/client/SConscript b/src/mongo/client/SConscript index 9a679c36395..420260ad62c 100644 --- a/src/mongo/client/SConscript +++ b/src/mongo/client/SConscript @@ -127,7 +127,7 @@ env.Library( '$BUILD_DIR/mongo/bson/util/bson_extract', '$BUILD_DIR/mongo/executor/remote_command', 'sasl_client' - ] + ], ) env.CppUnitTest( diff --git a/src/mongo/client/authenticate.cpp b/src/mongo/client/authenticate.cpp index fcfc5570713..fe13099bd2a 100644 --- a/src/mongo/client/authenticate.cpp +++ b/src/mongo/client/authenticate.cpp @@ -37,6 +37,7 @@ #include "mongo/bson/util/bson_extract.h" #include "mongo/client/sasl_client_authenticate.h" #include "mongo/config.h" +#include "mongo/db/auth/sasl_command_constants.h" #include "mongo/db/server_options.h" #include "mongo/rpc/get_status_from_command_result.h" #include "mongo/util/log.h" diff --git a/src/mongo/client/dbclient_rs.cpp b/src/mongo/client/dbclient_rs.cpp index 91f41fbf274..1946af5a162 100644 --- a/src/mongo/client/dbclient_rs.cpp +++ b/src/mongo/client/dbclient_rs.cpp @@ -40,7 +40,7 @@ #include "mongo/client/global_conn_pool.h" #include "mongo/client/read_preference.h" #include "mongo/client/replica_set_monitor.h" -#include "mongo/client/sasl_client_authenticate.h" +#include "mongo/db/auth/sasl_command_constants.h" #include "mongo/db/dbmessage.h" #include "mongo/db/jsobj.h" #include "mongo/stdx/memory.h" diff --git a/src/mongo/client/mongo_uri_connect.cpp b/src/mongo/client/mongo_uri_connect.cpp index 172d0ce046f..3f9ee296a6d 100644 --- a/src/mongo/client/mongo_uri_connect.cpp +++ b/src/mongo/client/mongo_uri_connect.cpp @@ -35,7 +35,7 @@ #include "mongo/base/status_with.h" #include "mongo/bson/bsonobjbuilder.h" #include "mongo/client/dbclientinterface.h" -#include "mongo/client/sasl_client_authenticate.h" +#include "mongo/db/auth/sasl_command_constants.h" #include "mongo/util/mongoutils/str.h" #include "mongo/util/password_digest.h" diff --git a/src/mongo/client/sasl_client_authenticate.cpp b/src/mongo/client/sasl_client_authenticate.cpp index 00525ad75eb..6fd76f1af67 100644 --- a/src/mongo/client/sasl_client_authenticate.cpp +++ b/src/mongo/client/sasl_client_authenticate.cpp @@ -31,6 +31,7 @@ #include "mongo/base/string_data.h" #include "mongo/bson/util/bson_extract.h" +#include "mongo/db/auth/sasl_command_constants.h" #include "mongo/util/base64.h" #include "mongo/util/mongoutils/str.h" @@ -43,23 +44,6 @@ void (*saslClientAuthenticate)(auth::RunCommandHook runCommand, const BSONObj& saslParameters, auth::AuthCompletionHandler handler) = nullptr; -const char* const saslStartCommandName = "saslStart"; -const char* const saslContinueCommandName = "saslContinue"; -const char* const saslCommandAutoAuthorizeFieldName = "autoAuthorize"; -const char* const saslCommandConversationIdFieldName = "conversationId"; -const char* const saslCommandDoneFieldName = "done"; -const char* const saslCommandMechanismFieldName = "mechanism"; -const char* const saslCommandMechanismListFieldName = "supportedMechanisms"; -const char* const saslCommandPasswordFieldName = "pwd"; -const char* const saslCommandPayloadFieldName = "payload"; -const char* const saslCommandUserDBFieldName = "db"; -const char* const saslCommandUserFieldName = "user"; -const char* const saslCommandServiceHostnameFieldName = "serviceHostname"; -const char* const saslCommandServiceNameFieldName = "serviceName"; -const char* const saslCommandDigestPasswordFieldName = "digestPassword"; -const char* const saslDefaultDBName = "$external"; -const char* const saslDefaultServiceName = "mongodb"; - Status saslExtractPayload(const BSONObj& cmdObj, std::string* payload, BSONType* type) { BSONElement payloadElement; Status status = bsonExtractField(cmdObj, saslCommandPayloadFieldName, &payloadElement); diff --git a/src/mongo/client/sasl_client_authenticate.h b/src/mongo/client/sasl_client_authenticate.h index fac72f2712e..21cad039a82 100644 --- a/src/mongo/client/sasl_client_authenticate.h +++ b/src/mongo/client/sasl_client_authenticate.h @@ -82,62 +82,4 @@ extern void (*saslClientAuthenticate)(auth::RunCommandHook runCommand, * into "*payload". In all other cases, returns */ Status saslExtractPayload(const BSONObj& cmdObj, std::string* payload, BSONType* type); - -// Constants - -/// std::string name of the saslStart command. -extern const char* const saslStartCommandName; - -/// std::string name of the saslContinue command. -extern const char* const saslContinueCommandName; - -/// Name of the saslStart parameter indicating that the server should automatically grant the -/// connection all privileges associated with the user after successful authentication. -extern const char* const saslCommandAutoAuthorizeFieldName; - -/// Name of the field containing the conversation identifier in server respones and saslContinue -/// commands. -extern const char* const saslCommandConversationIdFieldName; - -/// Name of the field that indicates whether or not the server believes authentication has -/// completed successfully. -extern const char* const saslCommandDoneFieldName; - -/// Name of parameter to saslStart command indiciating the client's desired sasl mechanism. -extern const char* const saslCommandMechanismFieldName; - -/// In the event that saslStart supplies an unsupported mechanism, the server responds with a -/// field by this name, with a list of supported mechanisms. -extern const char* const saslCommandMechanismListFieldName; - -/// Field containing password information for saslClientAuthenticate(). -extern const char* const saslCommandPasswordFieldName; - -/// Field containing sasl payloads passed to and from the server. -extern const char* const saslCommandPayloadFieldName; - -/// Field containing the std::string identifier of the user to authenticate in -/// saslClientAuthenticate(). -extern const char* const saslCommandUserFieldName; - -/// Field containing the std::string identifier of the database containing credential information, -/// or "$external" if the credential information is stored outside of the mongo cluster. -extern const char* const saslCommandUserDBFieldName; - -/// Field overriding the FQDN of the hostname hosting the mongodb srevice in -/// saslClientAuthenticate(). -extern const char* const saslCommandServiceHostnameFieldName; - -/// Field overriding the name of the mongodb service saslClientAuthenticate(). -extern const char* const saslCommandServiceNameFieldName; - -/// Default database against which sasl authentication commands should run. -extern const char* const saslDefaultDBName; - -/// Default sasl service name, "mongodb". -extern const char* const saslDefaultServiceName; - -// Field whose value should be set to true if the field in saslCommandPasswordFieldName needs to -// be digested. -extern const char* const saslCommandDigestPasswordFieldName; } diff --git a/src/mongo/client/sasl_client_authenticate_impl.cpp b/src/mongo/client/sasl_client_authenticate_impl.cpp index e3c1652a220..6f6a7ba57f7 100644 --- a/src/mongo/client/sasl_client_authenticate_impl.cpp +++ b/src/mongo/client/sasl_client_authenticate_impl.cpp @@ -45,6 +45,7 @@ #include "mongo/bson/util/bson_extract.h" #include "mongo/client/sasl_client_authenticate.h" #include "mongo/client/sasl_client_session.h" +#include "mongo/db/auth/sasl_command_constants.h" #include "mongo/rpc/get_status_from_command_result.h" #include "mongo/util/base64.h" #include "mongo/util/log.h" diff --git a/src/mongo/db/auth/SConscript b/src/mongo/db/auth/SConscript index e3afcfc79d9..eaebe1cc5d2 100644 --- a/src/mongo/db/auth/SConscript +++ b/src/mongo/db/auth/SConscript @@ -104,13 +104,17 @@ env.Library( ] ) -env.Library('authcommon', - ['internal_user_auth.cpp'], - LIBDEPS=[ - '$BUILD_DIR/mongo/base', - '$BUILD_DIR/mongo/bson/mutable/mutable_bson', - '$BUILD_DIR/mongo/bson/util/bson_extract', - ]) +env.Library( + target='authcommon', + source=[ + 'internal_user_auth.cpp', + ], + LIBDEPS=[ + '$BUILD_DIR/mongo/base', + '$BUILD_DIR/mongo/bson/mutable/mutable_bson', + '$BUILD_DIR/mongo/bson/util/bson_extract', + ], +) env.Library('authorization_manager_global', [ diff --git a/src/mongo/db/auth/sasl_command_constants.h b/src/mongo/db/auth/sasl_command_constants.h new file mode 100644 index 00000000000..7603cea4df5 --- /dev/null +++ b/src/mongo/db/auth/sasl_command_constants.h @@ -0,0 +1,91 @@ +/** + * Copyright (C) 2018 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. + */ + +#pragma once + +#include "mongo/base/string_data.h" + +namespace mongo { + +/// String name of the saslStart command. +constexpr auto saslStartCommandName = "saslStart"_sd; + +/// String name of the saslContinue command. +constexpr auto saslContinueCommandName = "saslContinue"_sd; + +/// Name of the saslStart parameter indicating that the server should automatically grant the +/// connection all privileges associated with the user after successful authentication. +constexpr auto saslCommandAutoAuthorizeFieldName = "autoAuthorize"_sd; + +/// Name of the field containing the conversation identifier in server respones and saslContinue +/// commands. +constexpr auto saslCommandConversationIdFieldName = "conversationId"_sd; + +/// Name of the field that indicates whether or not the server believes authentication has +/// completed successfully. +constexpr auto saslCommandDoneFieldName = "done"_sd; + +/// Name of parameter to saslStart command indiciating the client's desired sasl mechanism. +constexpr auto saslCommandMechanismFieldName = "mechanism"_sd; + +/// In the event that saslStart supplies an unsupported mechanism, the server responds with a +/// field by this name, with a list of supported mechanisms. +constexpr auto saslCommandMechanismListFieldName = "supportedMechanisms"_sd; + +/// Field containing password information for saslClientAuthenticate(). +constexpr auto saslCommandPasswordFieldName = "pwd"_sd; + +/// Field containing sasl payloads passed to and from the server. +constexpr auto saslCommandPayloadFieldName = "payload"_sd; + +/// Field containing the string identifier of the user to authenticate in +/// saslClientAuthenticate(). +constexpr auto saslCommandUserFieldName = "user"_sd; + +/// Field containing the string identifier of the database containing credential information, +/// or "$external" if the credential information is stored outside of the mongo cluster. +constexpr auto saslCommandUserDBFieldName = "db"_sd; + +/// Field overriding the FQDN of the hostname hosting the mongodb srevice in +/// saslClientAuthenticate(). +constexpr auto saslCommandServiceHostnameFieldName = "serviceHostname"_sd; + +/// Field overriding the name of the mongodb service saslClientAuthenticate(). +constexpr auto saslCommandServiceNameFieldName = "serviceName"_sd; + +/// Default database against which sasl authentication commands should run. +constexpr auto saslDefaultDBName = "$external"_sd; + +/// Default sasl service name, "mongodb". +constexpr auto saslDefaultServiceName = "mongodb"_sd; + +// Field whose value should be set to true if the field in saslCommandPasswordFieldName needs to +// be digested. +constexpr auto saslCommandDigestPasswordFieldName = "digestPassword"_sd; + +} // namespace mongo diff --git a/src/mongo/db/auth/sasl_commands.cpp b/src/mongo/db/auth/sasl_commands.cpp index 43f75bdb83c..ef9bcc68285 100644 --- a/src/mongo/db/auth/sasl_commands.cpp +++ b/src/mongo/db/auth/sasl_commands.cpp @@ -44,6 +44,7 @@ #include "mongo/db/auth/authorization_session.h" #include "mongo/db/auth/authz_manager_external_state_mock.h" #include "mongo/db/auth/authz_session_external_state_mock.h" +#include "mongo/db/auth/sasl_command_constants.h" #include "mongo/db/auth/sasl_options.h" #include "mongo/db/client.h" #include "mongo/db/commands.h" diff --git a/src/mongo/db/auth/sasl_scram_server_conversation.cpp b/src/mongo/db/auth/sasl_scram_server_conversation.cpp index 65720d6d383..25cc6659247 100644 --- a/src/mongo/db/auth/sasl_scram_server_conversation.cpp +++ b/src/mongo/db/auth/sasl_scram_server_conversation.cpp @@ -344,6 +344,9 @@ StatusWith<std::tuple<bool, std::string>> SaslSCRAMServerMechanism<Policy>::_sec return std::make_tuple(false, sb.str()); } +template class SaslSCRAMServerMechanism<SCRAMSHA1Policy>; +template class SaslSCRAMServerMechanism<SCRAMSHA256Policy>; + MONGO_INITIALIZER_WITH_PREREQUISITES(SASLSCRAMServerMechanism, ("CreateSASLServerMechanismRegistry")) (::mongo::InitializerContext* context) { diff --git a/src/mongo/db/auth/sasl_scram_server_conversation.h b/src/mongo/db/auth/sasl_scram_server_conversation.h index 33713258028..8338fc3e676 100644 --- a/src/mongo/db/auth/sasl_scram_server_conversation.h +++ b/src/mongo/db/auth/sasl_scram_server_conversation.h @@ -88,6 +88,9 @@ private: std::string _nonce; }; +extern template class SaslSCRAMServerMechanism<SCRAMSHA1Policy>; +extern template class SaslSCRAMServerMechanism<SCRAMSHA256Policy>; + template <typename ScramMechanism> class SCRAMServerFactory : public MakeServerFactory<ScramMechanism> { public: diff --git a/src/mongo/db/auth/security_key.cpp b/src/mongo/db/auth/security_key.cpp index 3e14d65c00e..a9d6f86c2ad 100644 --- a/src/mongo/db/auth/security_key.cpp +++ b/src/mongo/db/auth/security_key.cpp @@ -37,7 +37,6 @@ #include <vector> #include "mongo/base/status_with.h" -#include "mongo/client/sasl_client_authenticate.h" #include "mongo/crypto/mechanism_scram.h" #include "mongo/crypto/sha1_block.h" #include "mongo/db/auth/action_set.h" @@ -45,6 +44,7 @@ #include "mongo/db/auth/authorization_manager.h" #include "mongo/db/auth/internal_user_auth.h" #include "mongo/db/auth/privilege.h" +#include "mongo/db/auth/sasl_command_constants.h" #include "mongo/db/auth/sasl_options.h" #include "mongo/db/auth/security_file.h" #include "mongo/db/auth/user.h" diff --git a/src/mongo/db/commands/SConscript b/src/mongo/db/commands/SConscript index fb60cfb4c04..7ed15fbb86b 100644 --- a/src/mongo/db/commands/SConscript +++ b/src/mongo/db/commands/SConscript @@ -54,9 +54,10 @@ env.Library( ) env.Library( - target="feature_compatibility_version_parser", + target="feature_compatibility_parsers", source=[ "feature_compatibility_version_parser.cpp", + "feature_compatibility_version_command_parser.cpp", ], LIBDEPS=[ '$BUILD_DIR/mongo/base', @@ -82,8 +83,6 @@ env.Library( '$BUILD_DIR/mongo/db/common', '$BUILD_DIR/mongo/db/log_process_details', '$BUILD_DIR/mongo/logger/parse_log_component_settings', - '$BUILD_DIR/mongo/scripting/scripting_common', - '$BUILD_DIR/mongo/util/ntservice', ], ) @@ -96,7 +95,7 @@ env.Library( "conn_pool_sync.cpp", "connection_status.cpp", "end_sessions_command.cpp", - "feature_compatibility_version_command_parser.cpp", + "generic_servers.cpp", "isself.cpp", "kill_all_sessions_by_pattern_command.cpp", "kill_all_sessions_command.cpp", @@ -124,8 +123,10 @@ env.Library( '$BUILD_DIR/mongo/executor/task_executor_pool', '$BUILD_DIR/mongo/s/sharding_legacy_api', '$BUILD_DIR/mongo/s/coreshard', + '$BUILD_DIR/mongo/scripting/scripting_common', + '$BUILD_DIR/mongo/util/ntservice', 'core', - 'feature_compatibility_version_parser', + 'feature_compatibility_parsers', ] ) @@ -149,7 +150,7 @@ env.Library( "feature_compatibility_version.cpp", ], LIBDEPS=[ - 'feature_compatibility_version_parser', + 'feature_compatibility_parsers', ], LIBDEPS_PRIVATE=[ '$BUILD_DIR/mongo/db/commands', @@ -260,6 +261,7 @@ env.Library( "resize_oplog.cpp", "restart_catalog_command.cpp", "set_feature_compatibility_version_command.cpp", + "shutdown_d.cpp", "snapshot_management.cpp", "test_commands.cpp", "top_command.cpp", diff --git a/src/mongo/db/commands/copydb.cpp b/src/mongo/db/commands/copydb.cpp index 6e476977f87..539111c92fa 100644 --- a/src/mongo/db/commands/copydb.cpp +++ b/src/mongo/db/commands/copydb.cpp @@ -33,6 +33,7 @@ #include "mongo/db/auth/action_set.h" #include "mongo/db/auth/authorization_session.h" #include "mongo/db/auth/resource_pattern.h" +#include "mongo/db/auth/sasl_command_constants.h" #include "mongo/db/catalog/document_validation.h" #include "mongo/db/cloner.h" #include "mongo/db/commands.h" diff --git a/src/mongo/db/commands/copydb_start_commands.cpp b/src/mongo/db/commands/copydb_start_commands.cpp index 73a878d450b..00105a60a9f 100644 --- a/src/mongo/db/commands/copydb_start_commands.cpp +++ b/src/mongo/db/commands/copydb_start_commands.cpp @@ -35,10 +35,10 @@ #include "mongo/base/status.h" #include "mongo/bson/util/bson_extract.h" #include "mongo/client/dbclientinterface.h" -#include "mongo/client/sasl_client_authenticate.h" #include "mongo/db/auth/action_set.h" #include "mongo/db/auth/authorization_session.h" #include "mongo/db/auth/resource_pattern.h" +#include "mongo/db/auth/sasl_command_constants.h" #include "mongo/db/client.h" #include "mongo/db/cloner.h" #include "mongo/db/commands.h" diff --git a/src/mongo/db/commands/dbcommands.cpp b/src/mongo/db/commands/dbcommands.cpp index ef40fe96ce3..3c8581fd6d4 100644 --- a/src/mongo/db/commands/dbcommands.cpp +++ b/src/mongo/db/commands/dbcommands.cpp @@ -58,7 +58,6 @@ #include "mongo/db/commands/profile_common.h" #include "mongo/db/commands/profile_gen.h" #include "mongo/db/commands/server_status.h" -#include "mongo/db/commands/shutdown.h" #include "mongo/db/concurrency/write_conflict_exception.h" #include "mongo/db/db_raii.h" #include "mongo/db/dbdirectclient.h" @@ -105,41 +104,6 @@ using std::unique_ptr; namespace { -class CmdShutdownMongoD : public CmdShutdown { -public: - std::string help() const override { - return "shutdown the database. must be ran against admin db and " - "either (1) ran from localhost or (2) authenticated. If " - "this is a primary in a replica set and there is no member " - "within 10 seconds of its optime, it will not shutdown " - "without force : true. You can also specify timeoutSecs : " - "N to wait N seconds for other members to catch up."; - } - - virtual bool run(OperationContext* opCtx, - const string& dbname, - const BSONObj& cmdObj, - BSONObjBuilder& result) { - bool force = cmdObj.hasField("force") && cmdObj["force"].trueValue(); - - long long timeoutSecs = 10; - if (cmdObj.hasField("timeoutSecs")) { - timeoutSecs = cmdObj["timeoutSecs"].numberLong(); - } - - Status status = repl::ReplicationCoordinator::get(opCtx)->stepDown( - opCtx, force, Seconds(timeoutSecs), Seconds(120)); - if (!status.isOK() && status.code() != ErrorCodes::NotMaster) { // ignore not master - return CommandHelpers::appendCommandStatus(result, status); - } - - // Never returns - shutdownHelper(cmdObj); - return true; - } - -} cmdShutdownMongoD; - class CmdDropDatabase : public BasicCommand { public: std::string help() const override { diff --git a/src/mongo/db/commands/generic.cpp b/src/mongo/db/commands/generic.cpp index 500a0755e42..ccb09698095 100644 --- a/src/mongo/db/commands/generic.cpp +++ b/src/mongo/db/commands/generic.cpp @@ -30,40 +30,20 @@ #include "mongo/platform/basic.h" -#include <time.h> - #include "mongo/bson/util/bson_extract.h" #include "mongo/bson/util/builder.h" -#include "mongo/client/dbclient_rs.h" -#include "mongo/db/auth/action_set.h" -#include "mongo/db/auth/action_type.h" -#include "mongo/db/auth/authorization_manager.h" -#include "mongo/db/auth/privilege.h" -#include "mongo/db/background.h" #include "mongo/db/commands.h" -#include "mongo/db/commands/shutdown.h" #include "mongo/db/commands/test_commands_enabled.h" -#include "mongo/db/db.h" -#include "mongo/db/introspect.h" -#include "mongo/db/jsobj.h" -#include "mongo/db/json.h" -#include "mongo/db/lasterror.h" #include "mongo/db/log_process_details.h" -#include "mongo/db/server_options.h" -#include "mongo/db/service_context.h" -#include "mongo/db/stats/counters.h" -#include "mongo/scripting/engine.h" -#include "mongo/util/exit.h" -#include "mongo/util/fail_point.h" -#include "mongo/util/fail_point_service.h" #include "mongo/util/log.h" -#include "mongo/util/md5.hpp" -#include "mongo/util/net/sock.h" -#include "mongo/util/ntservice.h" #include "mongo/util/processinfo.h" #include "mongo/util/ramlog.h" #include "mongo/util/version.h" +#include <sstream> +#include <string> +#include <vector> + namespace mongo { namespace { @@ -136,89 +116,6 @@ public: } } pingCmd; -class FeaturesCmd : public BasicCommand { -public: - FeaturesCmd() : BasicCommand("features") {} - std::string help() const override { - return "return build level feature settings"; - } - AllowedOnSecondary secondaryAllowed(ServiceContext*) const override { - return AllowedOnSecondary::kAlways; - } - virtual bool supportsWriteConcern(const BSONObj& cmd) const override { - return false; - } - virtual void addRequiredPrivileges(const std::string& dbname, - const BSONObj& cmdObj, - std::vector<Privilege>* out) const {} // No auth required - virtual bool run(OperationContext* opCtx, - const string& ns, - const BSONObj& cmdObj, - BSONObjBuilder& result) { - if (getGlobalScriptEngine()) { - BSONObjBuilder bb(result.subobjStart("js")); - result.append("utf8", getGlobalScriptEngine()->utf8Ok()); - bb.done(); - } - if (cmdObj["oidReset"].trueValue()) { - result.append("oidMachineOld", OID::getMachineId()); - OID::regenMachineId(); - } - result.append("oidMachine", OID::getMachineId()); - return true; - } - -} featuresCmd; - -class HostInfoCmd : public BasicCommand { -public: - HostInfoCmd() : BasicCommand("hostInfo") {} - - AllowedOnSecondary secondaryAllowed(ServiceContext*) const override { - return AllowedOnSecondary::kAlways; - } - - virtual bool supportsWriteConcern(const BSONObj& cmd) const override { - return false; - } - - std::string help() const override { - return "returns information about the daemon's host"; - } - virtual void addRequiredPrivileges(const std::string& dbname, - const BSONObj& cmdObj, - std::vector<Privilege>* out) const { - ActionSet actions; - actions.addAction(ActionType::hostInfo); - out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); - } - bool run(OperationContext* opCtx, - const string& dbname, - const BSONObj& cmdObj, - BSONObjBuilder& result) { - ProcessInfo p; - BSONObjBuilder bSys, bOs; - - bSys.appendDate("currentTime", jsTime()); - bSys.append("hostname", prettyHostName()); - bSys.append("cpuAddrSize", p.getAddrSize()); - bSys.append("memSizeMB", static_cast<unsigned>(p.getMemSizeMB())); - bSys.append("numCores", p.getNumCores()); - bSys.append("cpuArch", p.getArch()); - bSys.append("numaEnabled", p.hasNumaEnabled()); - bOs.append("type", p.getOsType()); - bOs.append("name", p.getOsName()); - bOs.append("version", p.getOsVersion()); - - result.append(StringData("system"), bSys.obj()); - result.append(StringData("os"), bOs.obj()); - p.appendSystemDetails(result); - - return true; - } - -} hostInfoCmd; - class LogRotateCmd : public BasicCommand { public: LogRotateCmd() : BasicCommand("logRotate") {} @@ -460,47 +357,5 @@ public: } } cmdGetCmdLineOpts; - -MONGO_FP_DECLARE(crashOnShutdown); -int* volatile illegalAddress; // NOLINT - used for fail point only - } // namespace - -void CmdShutdown::addRequiredPrivileges(const std::string& dbname, - const BSONObj& cmdObj, - std::vector<Privilege>* out) const { - ActionSet actions; - actions.addAction(ActionType::shutdown); - out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); -} - -void CmdShutdown::shutdownHelper(const BSONObj& cmdObj) { - MONGO_FAIL_POINT_BLOCK(crashOnShutdown, crashBlock) { - const std::string crashHow = crashBlock.getData()["how"].str(); - if (crashHow == "fault") { - ++*illegalAddress; - } - ::abort(); - } - - log() << "terminating, shutdown command received " << cmdObj; - -#if defined(_WIN32) - // Signal the ServiceMain thread to shutdown. - if (ntservice::shouldStartService()) { - shutdownNoTerminate(); - - // Client expects us to abruptly close the socket as part of exiting - // so this function is not allowed to return. - // The ServiceMain thread will quit for us so just sleep until it does. - while (true) - sleepsecs(60); // Loop forever - } else -#endif - { - exitCleanly(EXIT_CLEAN); // this never returns - invariant(false); - } -} - } // namespace mongo diff --git a/src/mongo/db/commands/generic_servers.cpp b/src/mongo/db/commands/generic_servers.cpp new file mode 100644 index 00000000000..d003ea1c7f1 --- /dev/null +++ b/src/mongo/db/commands/generic_servers.cpp @@ -0,0 +1,178 @@ +/** + * Copyright (C) 2018 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. + */ + +#define MONGO_LOG_DEFAULT_COMPONENT ::mongo::logger::LogComponent::kCommand + +#include "mongo/platform/basic.h" + +#include "mongo/bson/util/builder.h" +#include "mongo/db/commands.h" +#include "mongo/db/commands/shutdown.h" +#include "mongo/scripting/engine.h" +#include "mongo/util/exit.h" +#include "mongo/util/fail_point.h" +#include "mongo/util/fail_point_service.h" +#include "mongo/util/log.h" +#include "mongo/util/net/sock.h" +#include "mongo/util/ntservice.h" +#include "mongo/util/processinfo.h" + +#include <string> +#include <vector> + +namespace mongo { +namespace { + +using std::string; + +class FeaturesCmd : public BasicCommand { +public: + FeaturesCmd() : BasicCommand("features") {} + std::string help() const override { + return "return build level feature settings"; + } + AllowedOnSecondary secondaryAllowed(ServiceContext*) const override { + return AllowedOnSecondary::kAlways; + } + virtual bool supportsWriteConcern(const BSONObj& cmd) const override { + return false; + } + virtual void addRequiredPrivileges(const std::string& dbname, + const BSONObj& cmdObj, + std::vector<Privilege>* out) const {} // No auth required + virtual bool run(OperationContext* opCtx, + const string& ns, + const BSONObj& cmdObj, + BSONObjBuilder& result) { + if (getGlobalScriptEngine()) { + BSONObjBuilder bb(result.subobjStart("js")); + result.append("utf8", getGlobalScriptEngine()->utf8Ok()); + bb.done(); + } + if (cmdObj["oidReset"].trueValue()) { + result.append("oidMachineOld", OID::getMachineId()); + OID::regenMachineId(); + } + result.append("oidMachine", OID::getMachineId()); + return true; + } + +} featuresCmd; + +class HostInfoCmd : public BasicCommand { +public: + HostInfoCmd() : BasicCommand("hostInfo") {} + + AllowedOnSecondary secondaryAllowed(ServiceContext*) const override { + return AllowedOnSecondary::kAlways; + } + + virtual bool supportsWriteConcern(const BSONObj& cmd) const override { + return false; + } + + std::string help() const override { + return "returns information about the daemon's host"; + } + virtual void addRequiredPrivileges(const std::string& dbname, + const BSONObj& cmdObj, + std::vector<Privilege>* out) const { + ActionSet actions; + actions.addAction(ActionType::hostInfo); + out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); + } + bool run(OperationContext* opCtx, + const string& dbname, + const BSONObj& cmdObj, + BSONObjBuilder& result) { + ProcessInfo p; + BSONObjBuilder bSys, bOs; + + bSys.appendDate("currentTime", jsTime()); + bSys.append("hostname", prettyHostName()); + bSys.append("cpuAddrSize", p.getAddrSize()); + bSys.append("memSizeMB", static_cast<unsigned>(p.getMemSizeMB())); + bSys.append("numCores", p.getNumCores()); + bSys.append("cpuArch", p.getArch()); + bSys.append("numaEnabled", p.hasNumaEnabled()); + bOs.append("type", p.getOsType()); + bOs.append("name", p.getOsName()); + bOs.append("version", p.getOsVersion()); + + result.append(StringData("system"), bSys.obj()); + result.append(StringData("os"), bOs.obj()); + p.appendSystemDetails(result); + + return true; + } + +} hostInfoCmd; + +MONGO_FP_DECLARE(crashOnShutdown); +int* volatile illegalAddress; // NOLINT - used for fail point only + +} // namespace + +void CmdShutdown::addRequiredPrivileges(const std::string& dbname, + const BSONObj& cmdObj, + std::vector<Privilege>* out) const { + ActionSet actions; + actions.addAction(ActionType::shutdown); + out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); +} + +void CmdShutdown::shutdownHelper(const BSONObj& cmdObj) { + MONGO_FAIL_POINT_BLOCK(crashOnShutdown, crashBlock) { + const std::string crashHow = crashBlock.getData()["how"].str(); + if (crashHow == "fault") { + ++*illegalAddress; + } + ::abort(); + } + + log() << "terminating, shutdown command received " << cmdObj; + +#if defined(_WIN32) + // Signal the ServiceMain thread to shutdown. + if (ntservice::shouldStartService()) { + shutdownNoTerminate(); + + // Client expects us to abruptly close the socket as part of exiting + // so this function is not allowed to return. + // The ServiceMain thread will quit for us so just sleep until it does. + while (true) + sleepsecs(60); // Loop forever + } else +#endif + { + exitCleanly(EXIT_CLEAN); // this never returns + invariant(false); + } +} + +} // namespace mongo diff --git a/src/mongo/db/commands/parameters.cpp b/src/mongo/db/commands/parameters.cpp index 0be2615489b..29e801a72d8 100644 --- a/src/mongo/db/commands/parameters.cpp +++ b/src/mongo/db/commands/parameters.cpp @@ -35,7 +35,6 @@ #include "mongo/bson/json.h" #include "mongo/bson/mutable/document.h" #include "mongo/client/replica_set_monitor.h" -#include "mongo/client/sasl_client_authenticate.h" #include "mongo/config.h" #include "mongo/db/auth/authorization_manager.h" #include "mongo/db/auth/internal_user_auth.h" @@ -45,8 +44,6 @@ #include "mongo/logger/logger.h" #include "mongo/logger/parse_log_component_settings.h" #include "mongo/util/mongoutils/str.h" -#include "mongo/util/net/ssl_manager.h" -#include "mongo/util/net/ssl_options.h" using std::string; using std::stringstream; @@ -62,7 +59,7 @@ void appendParameterNames(std::string* help) { *help += '\n'; } } -} +} // namespace class CmdGet : public ErrmsgCommandDeprecated { public: @@ -430,167 +427,6 @@ private: } } logComponentVerbositySetting; -} // namespace - -namespace { -class SSLModeSetting : public ServerParameter { -public: - SSLModeSetting() - : ServerParameter(ServerParameterSet::getGlobal(), - "sslMode", - false, // allowedToChangeAtStartup - true // allowedToChangeAtRuntime - ) {} - - std::string sslModeStr() { - switch (sslGlobalParams.sslMode.load()) { - case SSLParams::SSLMode_disabled: - return "disabled"; - case SSLParams::SSLMode_allowSSL: - return "allowSSL"; - case SSLParams::SSLMode_preferSSL: - return "preferSSL"; - case SSLParams::SSLMode_requireSSL: - return "requireSSL"; - default: - return "undefined"; - } - } - - virtual void append(OperationContext* opCtx, BSONObjBuilder& b, const std::string& name) { - b << name << sslModeStr(); - } - - virtual Status set(const BSONElement& newValueElement) { - try { - return setFromString(newValueElement.String()); - } catch (const AssertionException& msg) { - return Status(ErrorCodes::BadValue, - mongoutils::str::stream() - << "Invalid value for sslMode via setParameter command: " - << newValueElement - << ", exception: " - << msg.what()); - } - } - - virtual Status setFromString(const std::string& str) { -#ifndef MONGO_CONFIG_SSL - return Status(ErrorCodes::IllegalOperation, - mongoutils::str::stream() - << "Unable to set sslMode, SSL support is not compiled into server"); -#endif - if (str != "disabled" && str != "allowSSL" && str != "preferSSL" && str != "requireSSL") { - return Status(ErrorCodes::BadValue, - mongoutils::str::stream() - << "Invalid value for sslMode via setParameter command: " - << str); - } - - int oldMode = sslGlobalParams.sslMode.load(); - if (str == "preferSSL" && oldMode == SSLParams::SSLMode_allowSSL) { - sslGlobalParams.sslMode.store(SSLParams::SSLMode_preferSSL); - } else if (str == "requireSSL" && oldMode == SSLParams::SSLMode_preferSSL) { - sslGlobalParams.sslMode.store(SSLParams::SSLMode_requireSSL); - } else { - return Status(ErrorCodes::BadValue, - mongoutils::str::stream() - << "Illegal state transition for sslMode, attempt to change from " - << sslModeStr() - << " to " - << str); - } - return Status::OK(); - } -} sslModeSetting; - -class ClusterAuthModeSetting : public ServerParameter { -public: - ClusterAuthModeSetting() - : ServerParameter(ServerParameterSet::getGlobal(), - "clusterAuthMode", - false, // allowedToChangeAtStartup - true // allowedToChangeAtRuntime - ) {} - - std::string clusterAuthModeStr() { - switch (serverGlobalParams.clusterAuthMode.load()) { - case ServerGlobalParams::ClusterAuthMode_keyFile: - return "keyFile"; - case ServerGlobalParams::ClusterAuthMode_sendKeyFile: - return "sendKeyFile"; - case ServerGlobalParams::ClusterAuthMode_sendX509: - return "sendX509"; - case ServerGlobalParams::ClusterAuthMode_x509: - return "x509"; - default: - return "undefined"; - } - } - - virtual void append(OperationContext* opCtx, BSONObjBuilder& b, const std::string& name) { - b << name << clusterAuthModeStr(); - } - - virtual Status set(const BSONElement& newValueElement) { - try { - return setFromString(newValueElement.String()); - } catch (const AssertionException& msg) { - return Status(ErrorCodes::BadValue, - mongoutils::str::stream() - << "Invalid value for clusterAuthMode via setParameter command: " - << newValueElement - << ", exception: " - << msg.what()); - } - } - - virtual Status setFromString(const std::string& str) { -#ifndef MONGO_CONFIG_SSL - return Status(ErrorCodes::IllegalOperation, - mongoutils::str::stream() << "Unable to set clusterAuthMode, " - << "SSL support is not compiled into server"); -#endif - if (str != "keyFile" && str != "sendKeyFile" && str != "sendX509" && str != "x509") { - return Status(ErrorCodes::BadValue, - mongoutils::str::stream() - << "Invalid value for clusterAuthMode via setParameter command: " - << str); - } - - int oldMode = serverGlobalParams.clusterAuthMode.load(); - int sslMode = sslGlobalParams.sslMode.load(); - if (str == "sendX509" && oldMode == ServerGlobalParams::ClusterAuthMode_sendKeyFile) { - if (sslMode == SSLParams::SSLMode_disabled || sslMode == SSLParams::SSLMode_allowSSL) { - return Status(ErrorCodes::BadValue, - mongoutils::str::stream() - << "Illegal state transition for clusterAuthMode, " - << "need to enable SSL for outgoing connections"); - } - serverGlobalParams.clusterAuthMode.store(ServerGlobalParams::ClusterAuthMode_sendX509); -#ifdef MONGO_CONFIG_SSL - setInternalUserAuthParams( - BSON(saslCommandMechanismFieldName - << "MONGODB-X509" - << saslCommandUserDBFieldName - << "$external" - << saslCommandUserFieldName - << getSSLManager()->getSSLConfiguration().clientSubjectName)); -#endif - } else if (str == "x509" && oldMode == ServerGlobalParams::ClusterAuthMode_sendX509) { - serverGlobalParams.clusterAuthMode.store(ServerGlobalParams::ClusterAuthMode_x509); - } else { - return Status(ErrorCodes::BadValue, - mongoutils::str::stream() - << "Illegal state transition for clusterAuthMode, change from " - << clusterAuthModeStr() - << " to " - << str); - } - return Status::OK(); - } -} clusterAuthModeSetting; - ExportedServerParameter<bool, ServerParameterType::kStartupAndRuntime> QuietSetting( ServerParameterSet::getGlobal(), "quiet", &serverGlobalParams.quiet); @@ -644,5 +480,6 @@ private: constexpr decltype(AutomationServiceDescriptor::kName) AutomationServiceDescriptor::kName; constexpr decltype(AutomationServiceDescriptor::kMaxSize) AutomationServiceDescriptor::kMaxSize; -} -} + +} // namespace +} // namespace mongo diff --git a/src/mongo/db/commands/shutdown_d.cpp b/src/mongo/db/commands/shutdown_d.cpp new file mode 100644 index 00000000000..77806c0d368 --- /dev/null +++ b/src/mongo/db/commands/shutdown_d.cpp @@ -0,0 +1,77 @@ +/** + * Copyright (C) 2012-2015 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects for + * all of the code used other than as permitted herein. If you modify file(s) + * with this exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do so, + * delete this exception statement from your version. If you delete this + * exception statement from all source files in the program, then also delete + * it in the license file. + */ + +#define MONGO_LOG_DEFAULT_COMPONENT ::mongo::logger::LogComponent::kCommand + +#include "mongo/platform/basic.h" + +#include <string> + +#include "mongo/db/commands/shutdown.h" +#include "mongo/db/repl/replication_coordinator.h" + +namespace mongo { +namespace { + +class CmdShutdownMongoD : public CmdShutdown { +public: + std::string help() const override { + return "shutdown the database. must be ran against admin db and " + "either (1) ran from localhost or (2) authenticated. If " + "this is a primary in a replica set and there is no member " + "within 10 seconds of its optime, it will not shutdown " + "without force : true. You can also specify timeoutSecs : " + "N to wait N seconds for other members to catch up."; + } + + virtual bool run(OperationContext* opCtx, + const std::string& dbname, + const BSONObj& cmdObj, + BSONObjBuilder& result) { + bool force = cmdObj.hasField("force") && cmdObj["force"].trueValue(); + + long long timeoutSecs = 10; + if (cmdObj.hasField("timeoutSecs")) { + timeoutSecs = cmdObj["timeoutSecs"].numberLong(); + } + + Status status = repl::ReplicationCoordinator::get(opCtx)->stepDown( + opCtx, force, Seconds(timeoutSecs), Seconds(120)); + if (!status.isOK() && status.code() != ErrorCodes::NotMaster) { // ignore not master + return CommandHelpers::appendCommandStatus(result, status); + } + + // Never returns + shutdownHelper(cmdObj); + return true; + } + +} cmdShutdownMongoD; + +} // namespace +} // namespace mongo diff --git a/src/mongo/db/initialize_server_global_state.cpp b/src/mongo/db/initialize_server_global_state.cpp index a5d7c5c82ec..9e222e45c48 100644 --- a/src/mongo/db/initialize_server_global_state.cpp +++ b/src/mongo/db/initialize_server_global_state.cpp @@ -45,11 +45,11 @@ #endif #include "mongo/base/init.h" -#include "mongo/client/sasl_client_authenticate.h" #include "mongo/config.h" #include "mongo/db/auth/authorization_manager.h" #include "mongo/db/auth/authorization_manager_global.h" #include "mongo/db/auth/internal_user_auth.h" +#include "mongo/db/auth/sasl_command_constants.h" #include "mongo/db/auth/security_key.h" #include "mongo/db/server_options.h" #include "mongo/db/server_parameters.h" diff --git a/src/mongo/db/repl/SConscript b/src/mongo/db/repl/SConscript index 19104ae0c91..ab73473f5a4 100644 --- a/src/mongo/db/repl/SConscript +++ b/src/mongo/db/repl/SConscript @@ -18,7 +18,7 @@ env.Library( '$BUILD_DIR/mongo/base', '$BUILD_DIR/mongo/db/background', '$BUILD_DIR/mongo/db/catalog/catalog_helpers', - '$BUILD_DIR/mongo/db/commands/feature_compatibility_version_parser', + '$BUILD_DIR/mongo/db/commands/feature_compatibility_parsers', '$BUILD_DIR/mongo/db/db_raii', '$BUILD_DIR/mongo/db/dbdirectclient', '$BUILD_DIR/mongo/db/dbhelpers', @@ -1463,7 +1463,7 @@ env.Library( 'storage_interface', ], LIBDEPS_PRIVATE=[ - '$BUILD_DIR/mongo/db/commands/feature_compatibility_version_parser', + '$BUILD_DIR/mongo/db/commands/feature_compatibility_parsers', ] ) diff --git a/src/mongo/db/s/SConscript b/src/mongo/db/s/SConscript index 7c4c8f1da30..963cde5b133 100644 --- a/src/mongo/db/s/SConscript +++ b/src/mongo/db/s/SConscript @@ -201,7 +201,6 @@ env.Library( ], LIBDEPS_PRIVATE=[ '$BUILD_DIR/mongo/db/commands/mongod_fcv', - '$BUILD_DIR/mongo/db/commands/servers', ], ) diff --git a/src/mongo/installer/msi/ca/SConscript b/src/mongo/installer/msi/ca/SConscript index e2350401e0e..f67f5eccd45 100644 --- a/src/mongo/installer/msi/ca/SConscript +++ b/src/mongo/installer/msi/ca/SConscript @@ -30,4 +30,6 @@ ca = env.SharedLibrary( 'customaction.cpp', 'customaction.def', ], + # We don't want the usual auto install rules to apply to this file. + INSTALL_ALIAS=[], ) diff --git a/src/mongo/s/commands/SConscript b/src/mongo/s/commands/SConscript index dc260353030..51c3358732d 100644 --- a/src/mongo/s/commands/SConscript +++ b/src/mongo/s/commands/SConscript @@ -96,7 +96,7 @@ env.Library( '$BUILD_DIR/mongo/db/commands/core', '$BUILD_DIR/mongo/db/commands/current_op_common', '$BUILD_DIR/mongo/db/commands/servers', - '$BUILD_DIR/mongo/db/commands/feature_compatibility_version_parser', + '$BUILD_DIR/mongo/db/commands/feature_compatibility_parsers', '$BUILD_DIR/mongo/db/commands/kill_common', '$BUILD_DIR/mongo/db/commands/profile_common', '$BUILD_DIR/mongo/db/commands/test_commands_enabled', diff --git a/src/mongo/scripting/mozjs/mongo.cpp b/src/mongo/scripting/mozjs/mongo.cpp index 47bb122cb7f..249792266a7 100644 --- a/src/mongo/scripting/mozjs/mongo.cpp +++ b/src/mongo/scripting/mozjs/mongo.cpp @@ -37,6 +37,7 @@ #include "mongo/client/native_sasl_client_session.h" #include "mongo/client/sasl_client_authenticate.h" #include "mongo/client/sasl_client_session.h" +#include "mongo/db/auth/sasl_command_constants.h" #include "mongo/db/logical_session_id.h" #include "mongo/db/logical_session_id_helpers.h" #include "mongo/db/namespace_string.h" diff --git a/src/mongo/shell/dbshell.cpp b/src/mongo/shell/dbshell.cpp index a85e8a16f92..81d4ecdc85d 100644 --- a/src/mongo/shell/dbshell.cpp +++ b/src/mongo/shell/dbshell.cpp @@ -43,7 +43,7 @@ #include "mongo/base/status.h" #include "mongo/client/dbclientinterface.h" #include "mongo/client/mongo_uri.h" -#include "mongo/client/sasl_client_authenticate.h" +#include "mongo/db/auth/sasl_command_constants.h" #include "mongo/db/client.h" #include "mongo/db/log_process_details.h" #include "mongo/db/server_options.h" diff --git a/src/mongo/shell/mongodbcr.cpp b/src/mongo/shell/mongodbcr.cpp index 5489e7fa80f..6096643b380 100644 --- a/src/mongo/shell/mongodbcr.cpp +++ b/src/mongo/shell/mongodbcr.cpp @@ -34,7 +34,7 @@ #include "mongo/base/status_with.h" #include "mongo/base/string_data.h" #include "mongo/bson/util/bson_extract.h" -#include "mongo/client/sasl_client_authenticate.h" +#include "mongo/db/auth/sasl_command_constants.h" #include "mongo/util/password_digest.h" using mongo::executor::RemoteCommandRequest; diff --git a/src/mongo/shell/shell_options.cpp b/src/mongo/shell/shell_options.cpp index 8e8ca5f4b3e..4f071c04b09 100644 --- a/src/mongo/shell/shell_options.cpp +++ b/src/mongo/shell/shell_options.cpp @@ -39,8 +39,8 @@ #include "mongo/base/status.h" #include "mongo/bson/util/builder.h" #include "mongo/client/mongo_uri.h" -#include "mongo/client/sasl_client_authenticate.h" #include "mongo/config.h" +#include "mongo/db/auth/sasl_command_constants.h" #include "mongo/db/server_options.h" #include "mongo/rpc/protocol.h" #include "mongo/shell/shell_utils.h" @@ -123,7 +123,7 @@ Status addMongoShellOptions(moe::OptionSection* options) { "gssapiServiceName", moe::String, "Service name to use when authenticating using GSSAPI/Kerberos") - .setDefault(moe::Value(std::string(saslDefaultServiceName))); + .setDefault(moe::Value(saslDefaultServiceName.toString())); authenticationOptions.addOptionChaining( "gssapiHostName", diff --git a/src/mongo/util/net/SConscript b/src/mongo/util/net/SConscript index db7506faf00..b7dd19b3953 100644 --- a/src/mongo/util/net/SConscript +++ b/src/mongo/util/net/SConscript @@ -32,6 +32,7 @@ env.Library( "ssl_manager.cpp", 'ssl_manager_%s.cpp' % (ssl_provider), "ssl_options.cpp", + "ssl_parameters.cpp", ], LIBDEPS=[ '$BUILD_DIR/mongo/base', @@ -40,6 +41,7 @@ env.Library( 'host', ], LIBDEPS_PRIVATE=[ + '$BUILD_DIR/mongo/db/auth/authcommon', '$BUILD_DIR/mongo/db/bson/dotted_path_support', '$BUILD_DIR/mongo/db/server_options_core', '$BUILD_DIR/mongo/util/background_job', diff --git a/src/mongo/util/net/ssl_parameters.cpp b/src/mongo/util/net/ssl_parameters.cpp new file mode 100644 index 00000000000..f98119ef487 --- /dev/null +++ b/src/mongo/util/net/ssl_parameters.cpp @@ -0,0 +1,203 @@ +/** + * Copyright (C) 2018 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects for + * all of the code used other than as permitted herein. If you modify file(s) + * with this exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do so, + * delete this exception statement from your version. If you delete this + * exception statement from all source files in the program, then also delete + * it in the license file. + */ + +#include "mongo/platform/basic.h" + +#include "mongo/config.h" +#include "mongo/db/auth/internal_user_auth.h" +#include "mongo/db/auth/sasl_command_constants.h" +#include "mongo/db/server_options.h" +#include "mongo/db/server_parameters.h" +#include "mongo/util/net/ssl_manager.h" +#include "mongo/util/net/ssl_options.h" + +namespace mongo { + +namespace { + +class SSLModeSetting : public ServerParameter { +public: + SSLModeSetting() + : ServerParameter(ServerParameterSet::getGlobal(), + "sslMode", + false, // allowedToChangeAtStartup + true // allowedToChangeAtRuntime + ) {} + + std::string sslModeStr() { + switch (sslGlobalParams.sslMode.load()) { + case SSLParams::SSLMode_disabled: + return "disabled"; + case SSLParams::SSLMode_allowSSL: + return "allowSSL"; + case SSLParams::SSLMode_preferSSL: + return "preferSSL"; + case SSLParams::SSLMode_requireSSL: + return "requireSSL"; + default: + return "undefined"; + } + } + + virtual void append(OperationContext* opCtx, BSONObjBuilder& b, const std::string& name) { + b << name << sslModeStr(); + } + + virtual Status set(const BSONElement& newValueElement) { + try { + return setFromString(newValueElement.String()); + } catch (const AssertionException& msg) { + return Status(ErrorCodes::BadValue, + mongoutils::str::stream() + << "Invalid value for sslMode via setParameter command: " + << newValueElement + << ", exception: " + << msg.what()); + } + } + + virtual Status setFromString(const std::string& str) { +#ifndef MONGO_CONFIG_SSL + return Status(ErrorCodes::IllegalOperation, + mongoutils::str::stream() + << "Unable to set sslMode, SSL support is not compiled into server"); +#endif + if (str != "disabled" && str != "allowSSL" && str != "preferSSL" && str != "requireSSL") { + return Status(ErrorCodes::BadValue, + mongoutils::str::stream() + << "Invalid value for sslMode via setParameter command: " + << str); + } + + int oldMode = sslGlobalParams.sslMode.load(); + if (str == "preferSSL" && oldMode == SSLParams::SSLMode_allowSSL) { + sslGlobalParams.sslMode.store(SSLParams::SSLMode_preferSSL); + } else if (str == "requireSSL" && oldMode == SSLParams::SSLMode_preferSSL) { + sslGlobalParams.sslMode.store(SSLParams::SSLMode_requireSSL); + } else { + return Status(ErrorCodes::BadValue, + mongoutils::str::stream() + << "Illegal state transition for sslMode, attempt to change from " + << sslModeStr() + << " to " + << str); + } + return Status::OK(); + } +} sslModeSetting; + +class ClusterAuthModeSetting : public ServerParameter { +public: + ClusterAuthModeSetting() + : ServerParameter(ServerParameterSet::getGlobal(), + "clusterAuthMode", + false, // allowedToChangeAtStartup + true // allowedToChangeAtRuntime + ) {} + + std::string clusterAuthModeStr() { + switch (serverGlobalParams.clusterAuthMode.load()) { + case ServerGlobalParams::ClusterAuthMode_keyFile: + return "keyFile"; + case ServerGlobalParams::ClusterAuthMode_sendKeyFile: + return "sendKeyFile"; + case ServerGlobalParams::ClusterAuthMode_sendX509: + return "sendX509"; + case ServerGlobalParams::ClusterAuthMode_x509: + return "x509"; + default: + return "undefined"; + } + } + + virtual void append(OperationContext* opCtx, BSONObjBuilder& b, const std::string& name) { + b << name << clusterAuthModeStr(); + } + + virtual Status set(const BSONElement& newValueElement) { + try { + return setFromString(newValueElement.String()); + } catch (const AssertionException& msg) { + return Status(ErrorCodes::BadValue, + mongoutils::str::stream() + << "Invalid value for clusterAuthMode via setParameter command: " + << newValueElement + << ", exception: " + << msg.what()); + } + } + + virtual Status setFromString(const std::string& str) { +#ifndef MONGO_CONFIG_SSL + return Status(ErrorCodes::IllegalOperation, + mongoutils::str::stream() << "Unable to set clusterAuthMode, " + << "SSL support is not compiled into server"); +#endif + if (str != "keyFile" && str != "sendKeyFile" && str != "sendX509" && str != "x509") { + return Status(ErrorCodes::BadValue, + mongoutils::str::stream() + << "Invalid value for clusterAuthMode via setParameter command: " + << str); + } + + int oldMode = serverGlobalParams.clusterAuthMode.load(); + int sslMode = sslGlobalParams.sslMode.load(); + if (str == "sendX509" && oldMode == ServerGlobalParams::ClusterAuthMode_sendKeyFile) { + if (sslMode == SSLParams::SSLMode_disabled || sslMode == SSLParams::SSLMode_allowSSL) { + return Status(ErrorCodes::BadValue, + mongoutils::str::stream() + << "Illegal state transition for clusterAuthMode, " + << "need to enable SSL for outgoing connections"); + } + serverGlobalParams.clusterAuthMode.store(ServerGlobalParams::ClusterAuthMode_sendX509); +#ifdef MONGO_CONFIG_SSL + setInternalUserAuthParams( + BSON(saslCommandMechanismFieldName + << "MONGODB-X509" + << saslCommandUserDBFieldName + << "$external" + << saslCommandUserFieldName + << getSSLManager()->getSSLConfiguration().clientSubjectName)); +#endif + } else if (str == "x509" && oldMode == ServerGlobalParams::ClusterAuthMode_sendX509) { + serverGlobalParams.clusterAuthMode.store(ServerGlobalParams::ClusterAuthMode_x509); + } else { + return Status(ErrorCodes::BadValue, + mongoutils::str::stream() + << "Illegal state transition for clusterAuthMode, change from " + << clusterAuthModeStr() + << " to " + << str); + } + return Status::OK(); + } +} clusterAuthModeSetting; + +} // namespace + +} // namespace mongo |