SERVER-7572 Restructure security files

11 files changed, 106 insertions, 214 deletions

diff --git a/src/mongo/SConscript b/src/mongo/SConscript
index a922ae71406..fdc02ffcb65 100644
--- a/src/mongo/SConscript
+++ b/src/mongo/SConscript
@@ -213,6 +213,7 @@ env.StaticLibrary('mongocommon', commonFiles,
 env.StaticLibrary("coredb", [
         "client/parallel.cpp",
         "db/commands.cpp",
+        "db/commands/authentication_commands.cpp",
         "db/commands/connection_status.cpp",
         "db/commands/fail_point_cmd.cpp",
         "db/commands/find_and_modify_common.cpp",
@@ -260,8 +261,6 @@ env.StaticLibrary("coredb", [
         "db/projection.cpp",
         "db/querypattern.cpp",
         "db/queryutil.cpp",
-        "db/security_commands.cpp",
-        "db/security_common.cpp",
         "db/stats/top.cpp",
         "s/shardconnection.cpp",
         ],
@@ -388,7 +387,6 @@ serverOnlyFiles = [ "db/curop.cpp",
                     "db/pdfile.cpp",
                     "db/record.cpp",
                     "db/cursor.cpp",
-                    "db/security.cpp",
                     "db/queryoptimizer.cpp",
                     "db/queryoptimizercursorimpl.cpp",
                     "db/extsort.cpp",
@@ -464,7 +462,6 @@ mongosLibraryFiles = [
     "s/balancer_policy.cpp",
     "s/writeback_listener.cpp",
     "s/version_manager.cpp",
-    "s/security.cpp",
     ]
 
 env.Library( "mongoscore" , mongosLibraryFiles, LIBDEPS=['db/auth/authmongos'] )
diff --git a/src/mongo/db/auth/SConscript b/src/mongo/db/auth/SConscript
index e84edb1a0f8..c959c638ef1 100644
--- a/src/mongo/db/auth/SConscript
+++ b/src/mongo/db/auth/SConscript
@@ -21,7 +21,8 @@ env.StaticLibrary('authcore', ['action_set.cpp',
                            '$BUILD_DIR/mongo/stringutils'])
 
 env.StaticLibrary('authservercommon',
-                  ['auth_external_state_server_common.cpp'],
+                  ['auth_external_state_server_common.cpp',
+                   'security_key.cpp'],
                   LIBDEPS=['authcore'])
 
 env.StaticLibrary('authmongod',
diff --git a/src/mongo/db/auth/authorization_manager.cpp b/src/mongo/db/auth/authorization_manager.cpp
index c002bcb207d..224808a3547 100644
--- a/src/mongo/db/auth/authorization_manager.cpp
+++ b/src/mongo/db/auth/authorization_manager.cpp
@@ -31,7 +31,6 @@
 #include "mongo/db/client.h"
 #include "mongo/db/jsobj.h"
 #include "mongo/db/namespacestring.h"
-#include "mongo/db/security_common.h"
 #include "mongo/util/assert_util.h"
 #include "mongo/util/log.h"
 #include "mongo/util/mongoutils/str.h"
diff --git a/src/mongo/db/security_common.cpp b/src/mongo/db/auth/security_key.cpp
index 053faef70d6..c5f85bee877 100644
--- a/src/mongo/db/security_common.cpp
+++ b/src/mongo/db/auth/security_key.cpp
@@ -1,4 +1,3 @@
-// security_common.cpp
 /*
  *    Copyright (C) 2010 10gen Inc.
  *
@@ -15,29 +14,17 @@
  *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-/**
- * This file contains inter-mongo instance security helpers.  Due to the
- * requirement that it be possible to compile this into mongos and mongod, it
- * should not depend on much external stuff.
- */
-
-#include "pch.h"
+#include "mongo/db/auth/security_key.h"
 
 #include <sys/stat.h>
 #include <string>
 #include <vector>
 
+#include "mongo/client/dbclientinterface.h"
 #include "mongo/db/auth/action_set.h"
 #include "mongo/db/auth/action_type.h"
 #include "mongo/db/auth/authorization_manager.h"
 #include "mongo/db/auth/privilege.h"
-#include "mongo/db/jsobj.h"
-#include "security.h"
-#include "security_common.h"
-#include "commands.h"
-#include "../util/md5.hpp"
-#include "client_basic.h"
-#include "mongo/client/dbclientinterface.h"
 
 
 namespace mongo {
diff --git a/src/mongo/db/security.h b/src/mongo/db/auth/security_key.h
index 4134e5ed1f9..e261123dcea 100644
--- a/src/mongo/db/security.h
+++ b/src/mongo/db/auth/security_key.h
@@ -1,5 +1,3 @@
-// security.h
-
 /**
 *    Copyright (C) 2009 10gen Inc.
 *
@@ -20,12 +18,15 @@
 
 #include <string>
 
-#include "mongo/db/security_common.h"
-#include "mongo/client/authlevel.h"
-#include "mongo/util/concurrency/spin_lock.h"
-
-// this is used by both mongos and mongod
-
 namespace mongo {
 
+    /**
+     * This method checks the validity of filename as a security key, hashes its
+     * contents, and stores it in the internalSecurity variable.  Prints an
+     * error message to the logs if there's an error.
+     * @param filename the file containing the key
+     * @return if the key was successfully stored
+     */
+    bool setUpSecurityKey(const std::string& filename);
+
 } // namespace mongo
diff --git a/src/mongo/db/security_commands.cpp b/src/mongo/db/commands/authentication_commands.cpp
index fc60101b1f2..600e352564e 100644
--- a/src/mongo/db/security_commands.cpp
+++ b/src/mongo/db/commands/authentication_commands.cpp
@@ -1,20 +1,20 @@
-/*
- *    Copyright (C) 2010 10gen Inc.
- *
- *    This program is free software: you can redistribute it and/or  modify
- *    it under the terms of the GNU Affero General Public License, version 3,
- *    as published by the Free Software Foundation.
- *
- *    This program is distributed in the hope that it will be useful,
- *    but WITHOUT ANY WARRANTY; without even the implied warranty of
- *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *    GNU Affero General Public License for more details.
- *
- *    You should have received a copy of the GNU Affero General Public License
- *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "mongo/pch.h"
+/**
+*    Copyright (C) 2010 10gen Inc.
+*
+*    This program is free software: you can redistribute it and/or  modify
+*    it under the terms of the GNU Affero General Public License, version 3,
+*    as published by the Free Software Foundation.
+*
+*    This program is distributed in the hope that it will be useful,
+*    but WITHOUT ANY WARRANTY; without even the implied warranty of
+*    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*    GNU Affero General Public License for more details.
+*
+*    You should have received a copy of the GNU Affero General Public License
+*    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "mongo/db/commands/authentication_commands.h"
 
 #include <string>
 #include <vector>
@@ -23,22 +23,13 @@
 #include "mongo/db/auth/action_set.h"
 #include "mongo/db/auth/action_type.h"
 #include "mongo/db/auth/authorization_manager.h"
-#include "mongo/db/auth/authentication_session.h"
 #include "mongo/db/auth/mongo_authentication_session.h"
-#include "mongo/db/auth/principal.h"
 #include "mongo/db/auth/privilege.h"
-#include "mongo/db/auth/privilege_set.h"
 #include "mongo/db/client_basic.h"
 #include "mongo/db/commands.h"
-#include "mongo/db/db.h"
-#include "mongo/db/dbhelpers.h"
 #include "mongo/db/jsobj.h"
-#include "mongo/db/json.h"
-#include "mongo/db/pdfile.h"
-#include "mongo/db/security_common.h"
 #include "mongo/platform/random.h"
 #include "mongo/util/md5.hpp"
-#include "mongo/util/mongoutils/str.h"
 
 namespace mongo {
 
@@ -65,7 +56,7 @@ namespace mongo {
         CmdGetNonce() : Command("getnonce") {
             _random = SecureRandom::create();
         }
-        
+
         virtual bool requiresAuth() { return false; }
         virtual bool logTheOp() { return false; }
         virtual bool slaveOk() const {
@@ -94,8 +85,6 @@ namespace mongo {
         SecureRandom* _random;
     } cmdGetNonce;
 
-    CmdLogout cmdLogout;
-
     bool CmdAuthenticate::run(const string& dbname , BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl) {
         if (!_areNonceAuthenticateCommandsEnabled) {
             errmsg = _nonceAuthenticateCommandsDisabledMessage;
@@ -185,7 +174,31 @@ namespace mongo {
         result.append( "user" , user );
         return true;
     }
-
     CmdAuthenticate cmdAuthenticate;
 
-} // namespace mongo
+    class CmdLogout : public Command {
+    public:
+        virtual bool logTheOp() {
+            return false;
+        }
+        virtual bool slaveOk() const {
+            return true;
+        }
+        virtual void addRequiredPrivileges(const std::string& dbname,
+                                           const BSONObj& cmdObj,
+                                           std::vector<Privilege>* out) {} // No auth required
+        void help(stringstream& h) const { h << "de-authenticate"; }
+        virtual LockType locktype() const { return NONE; }
+        CmdLogout() : Command("logout") {}
+        bool run(const string& dbname,
+                 BSONObj& cmdObj,
+                 int options,
+                 string& errmsg,
+                 BSONObjBuilder& result,
+                 bool fromRepl) {
+            AuthorizationManager* authManager = ClientBasic::getCurrent()->getAuthorizationManager();
+            authManager->logoutDatabase(dbname);
+            return true;
+        }
+    } cmdLogout;
+}
diff --git a/src/mongo/db/commands/authentication_commands.h b/src/mongo/db/commands/authentication_commands.h
new file mode 100644
index 00000000000..0e785d416a9
--- /dev/null
+++ b/src/mongo/db/commands/authentication_commands.h
@@ -0,0 +1,46 @@
+/**
+ *    Copyright (C) 2012 10gen Inc.
+ *
+ *    This program is free software: you can redistribute it and/or  modify
+ *    it under the terms of the GNU Affero General Public License, version 3,
+ *    as published by the Free Software Foundation.
+ *
+ *    This program is distributed in the hope that it will be useful,
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *    GNU Affero General Public License for more details.
+ *
+ *    You should have received a copy of the GNU Affero General Public License
+ *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#pragma once
+
+#include "mongo/db/commands.h"
+
+namespace mongo {
+
+    class CmdAuthenticate : public Command {
+    public:
+        static void disableCommand();
+
+        virtual bool requiresAuth() { return false; }
+        virtual bool logTheOp() {
+            return false;
+        }
+        virtual bool slaveOk() const {
+            return true;
+        }
+        virtual LockType locktype() const { return NONE; }
+        virtual void help(stringstream& ss) const { ss << "internal"; }
+        virtual void addRequiredPrivileges(const std::string& dbname,
+                                           const BSONObj& cmdObj,
+                                           std::vector<Privilege>* out) {} // No auth required
+        CmdAuthenticate() : Command("authenticate") {}
+        bool run(const string& dbname , BSONObj& cmdObj, int options, string& errmsg, BSONObjBuilder& result, bool fromRepl);
+    };
+
+    extern CmdAuthenticate cmdAuthenticate;
+}
+
+
diff --git a/src/mongo/db/initialize_server_global_state.cpp b/src/mongo/db/initialize_server_global_state.cpp
index 6143daec7df..5a498ec4564 100644
--- a/src/mongo/db/initialize_server_global_state.cpp
+++ b/src/mongo/db/initialize_server_global_state.cpp
@@ -25,8 +25,9 @@
 #include <sys/wait.h>
 #endif
 
+#include "mongo/db/auth/authorization_manager.h"
+#include "mongo/db/auth/security_key.h"
 #include "mongo/db/cmdline.h"
-#include "mongo/db/security_common.h"
 #include "mongo/util/log.h"
 #include "mongo/util/net/listen.h"
 #include "mongo/util/processinfo.h"
diff --git a/src/mongo/db/security.cpp b/src/mongo/db/security.cpp
deleted file mode 100644
index 17325def651..00000000000
--- a/src/mongo/db/security.cpp
+++ /dev/null
@@ -1,42 +0,0 @@
-// security.cpp
-
-/**
- *    Copyright (C) 2009 10gen Inc.
- *
- *    This program is free software: you can redistribute it and/or  modify
- *    it under the terms of the GNU Affero General Public License, version 3,
- *    as published by the Free Software Foundation.
- *
- *    This program is distributed in the hope that it will be useful,
- *    but WITHOUT ANY WARRANTY; without even the implied warranty of
- *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *    GNU Affero General Public License for more details.
- *
- *    You should have received a copy of the GNU Affero General Public License
- *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "mongo/pch.h"
-
-#include "mongo/db/security.h"
-
-#include "mongo/db/auth/authorization_manager.h"
-#include "mongo/db/client.h"
-#include "mongo/db/curop-inl.h"
-#include "mongo/db/db.h"
-#include "mongo/db/dbhelpers.h"
-#include "mongo/db/instance.h"
-#include "mongo/db/security_common.h"
-
-// this is the _mongod only_ implementation of security.h
-
-namespace mongo {
-
-    bool CmdLogout::run(const string& dbname , BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl) {
-        AuthorizationManager* authManager = cc().getAuthorizationManager();
-        authManager->logoutDatabase(dbname);
-        return true;
-    }
-
-} // namespace mongo
-
diff --git a/src/mongo/db/security_common.h b/src/mongo/db/security_common.h
deleted file mode 100644
index e476e2baca0..00000000000
--- a/src/mongo/db/security_common.h
+++ /dev/null
@@ -1,73 +0,0 @@
-// security_common.h
-
-/**
-*    Copyright (C) 2009 10gen Inc.
-*
-*    This program is free software: you can redistribute it and/or  modify
-*    it under the terms of the GNU Affero General Public License, version 3,
-*    as published by the Free Software Foundation.
-*
-*    This program is distributed in the hope that it will be useful,
-*    but WITHOUT ANY WARRANTY; without even the implied warranty of
-*    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-*    GNU Affero General Public License for more details.
-*
-*    You should have received a copy of the GNU Affero General Public License
-*    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#pragma once
-
-#include "mongo/db/commands.h"
-
-namespace mongo {
-
-    /**
-     * This method checks the validity of filename as a security key, hashes its
-     * contents, and stores it in the internalSecurity variable.  Prints an
-     * error message to the logs if there's an error.
-     * @param filename the file containing the key
-     * @return if the key was successfully stored
-     */
-    bool setUpSecurityKey(const string& filename);
-
-    class CmdAuthenticate : public Command {
-    public:
-        static void disableCommand();
-
-        virtual bool requiresAuth() { return false; }
-        virtual bool logTheOp() {
-            return false;
-        }
-        virtual bool slaveOk() const {
-            return true;
-        }
-        virtual LockType locktype() const { return NONE; }
-        virtual void help(stringstream& ss) const { ss << "internal"; }
-        virtual void addRequiredPrivileges(const std::string& dbname,
-                                           const BSONObj& cmdObj,
-                                           std::vector<Privilege>* out) {} // No auth required
-        CmdAuthenticate() : Command("authenticate") {}
-        bool run(const string& dbname , BSONObj& cmdObj, int options, string& errmsg, BSONObjBuilder& result, bool fromRepl);
-    };
-
-    extern CmdAuthenticate cmdAuthenticate;
-
-    class CmdLogout : public Command {
-    public:
-        virtual bool logTheOp() {
-            return false;
-        }
-        virtual bool slaveOk() const {
-            return true;
-        }
-        virtual void addRequiredPrivileges(const std::string& dbname,
-                                           const BSONObj& cmdObj,
-                                           std::vector<Privilege>* out) {} // No auth required
-        void help(stringstream& h) const { h << "de-authenticate"; }
-        virtual LockType locktype() const { return NONE; }
-        CmdLogout() : Command("logout") {}
-        bool run(const string& dbname , BSONObj& cmdObj, int options, string& errmsg, BSONObjBuilder& result, bool fromRepl);
-    };
-
-} // namespace mongo
diff --git a/src/mongo/s/security.cpp b/src/mongo/s/security.cpp
deleted file mode 100644
index eed1ea72508..00000000000
--- a/src/mongo/s/security.cpp
+++ /dev/null
@@ -1,38 +0,0 @@
-// security.cpp
-/*
- *    Copyright (C) 2010 10gen Inc.
- *
- *    This program is free software: you can redistribute it and/or  modify
- *    it under the terms of the GNU Affero General Public License, version 3,
- *    as published by the Free Software Foundation.
- *
- *    This program is distributed in the hope that it will be useful,
- *    but WITHOUT ANY WARRANTY; without even the implied warranty of
- *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *    GNU Affero General Public License for more details.
- *
- *    You should have received a copy of the GNU Affero General Public License
- *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-// security.cpp
-
-#include "pch.h"
-
-#include "mongo/db/auth/authorization_manager.h"
-#include "../db/security_common.h"
-#include "../db/security.h"
-#include "config.h"
-#include "client_info.h"
-#include "grid.h"
-
-// this is the _mongos only_ implementation of security.h
-
-namespace mongo {
-
-    bool CmdLogout::run(const string& dbname , BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl) {
-        AuthorizationManager* authManager = ClientInfo::get()->getAuthorizationManager();
-        authManager->logoutDatabase(dbname);
-        return true;
-    }
-}