diff options
author | dwight <dwight@Dwights-MacBook-2.local> | 2009-01-21 17:26:16 -0500 |
---|---|---|
committer | dwight <dwight@Dwights-MacBook-2.local> | 2009-01-21 17:26:16 -0500 |
commit | 0f9f3648b064641860d40a8b9da01c013bef2d75 (patch) | |
tree | 342dd28f1bc30da211bde6d493bdb9f8e9d71baf /db | |
parent | 92d7e087d3d250788a164d54326347c42e798f19 (diff) | |
download | mongo-0f9f3648b064641860d40a8b9da01c013bef2d75.tar.gz |
if no admin.system.users, allow access to everything from localhost
Diffstat (limited to 'db')
-rw-r--r-- | db/db.cpp | 2 | ||||
-rw-r--r-- | db/dbhelpers.h | 8 | ||||
-rw-r--r-- | db/security.cpp | 2 | ||||
-rw-r--r-- | db/security.h | 27 |
4 files changed, 32 insertions, 7 deletions
diff --git a/db/db.cpp b/db/db.cpp index fb36a43bece..7d9d2b5e7b9 100644 --- a/db/db.cpp +++ b/db/db.cpp @@ -162,6 +162,8 @@ namespace mongo { try { + ai->isLocalHost = dbMsgPort.farEnd.isLocalHost(); + Message m; while ( 1 ) { m.reset(); diff --git a/db/dbhelpers.h b/db/dbhelpers.h index b606d75776f..d2b56a025e1 100644 --- a/db/dbhelpers.h +++ b/db/dbhelpers.h @@ -50,11 +50,11 @@ namespace mongo { static bool findOne(const char *ns, BSONObj query, BSONObj& result, bool requireIndex=false); /* Get/put the first object from a collection. Generally only useful if the collection - only ever has a single object -- which is a "singleton collection". + only ever has a single object -- which is a "singleton collection". - You do not need to set the database before calling. - - Returns: true if object exists. + You do not need to set the database before calling. + + Returns: true if object exists. */ static bool getSingleton(const char *ns, BSONObj& result); static void putSingleton(const char *ns, BSONObj obj); diff --git a/db/security.cpp b/db/security.cpp index c4174f7f720..81340aada0c 100644 --- a/db/security.cpp +++ b/db/security.cpp @@ -17,6 +17,8 @@ namespace mongo { bool noauth = true; + int AuthenticationInfo::warned; + Security::Security(){ #if defined(__linux__) devrandom = new ifstream("/dev/urandom", ios::binary|ios::in); diff --git a/db/security.h b/db/security.h index 5b5f69ea27c..9b22ff85793 100644 --- a/db/security.h +++ b/db/security.h @@ -19,6 +19,8 @@ #pragma once #include <boost/thread/tss.hpp> +#include "db.h" +#include "dbhelpers.h" namespace mongo { @@ -33,16 +35,35 @@ namespace mongo { class AuthenticationInfo : boost::noncopyable { map<string, Auth> m; // dbname -> auth + static int warned; public: - AuthenticationInfo() { } + bool isLocalHost; + AuthenticationInfo() { isLocalHost = false; } ~AuthenticationInfo() { } - void logout(const char *dbname) { m.erase(dbname); } + void logout(const char *dbname) { + assert( dbMutexInfo.isLocked() ); + m.erase(dbname); + } void authorize(const char *dbname) { + assert( dbMutexInfo.isLocked() ); m[dbname].level = 2; } bool isAuthorized(const char *dbname) { - return m[dbname].level == 2 || noauth; + if( m[dbname].level == 2 ) return true; + if( noauth ) return true; + if( isLocalHost ) { + DBContext c("admin.system.users"); + BSONObj result; + if( Helpers::getSingleton("admin.system.users", result) ) + return false; + if( warned == 0 ) { + warned++; + log() << "warning: no users configured in admin.system.users, allowing localhost access" << endl; + } + return true; + } + return false; } }; |