diff options
author | samantharitter <samantha.ritter@10gen.com> | 2017-03-27 13:49:41 -0400 |
---|---|---|
committer | samantharitter <samantha.ritter@10gen.com> | 2017-05-05 14:44:26 -0400 |
commit | 02edad4ea3cd611e5428c9b8c191f70332c38994 (patch) | |
tree | e682a93e36bf563689fd309041ab3d553ecdf0a9 /src/mongo/db/auth/authorization_manager.h | |
parent | e6d9d9722c86626c86a157be45f721ed49267863 (diff) | |
download | mongo-02edad4ea3cd611e5428c9b8c191f70332c38994.tar.gz |
SERVER-28190 Add internal tracking ids to users
Diffstat (limited to 'src/mongo/db/auth/authorization_manager.h')
-rw-r--r-- | src/mongo/db/auth/authorization_manager.h | 50 |
1 files changed, 39 insertions, 11 deletions
diff --git a/src/mongo/db/auth/authorization_manager.h b/src/mongo/db/auth/authorization_manager.h index 495bcc0aa81..7afa9bc747a 100644 --- a/src/mongo/db/auth/authorization_manager.h +++ b/src/mongo/db/auth/authorization_manager.h @@ -31,6 +31,8 @@ #include <memory> #include <string> +#include <boost/optional.hpp> + #include "mongo/base/disallow_copying.h" #include "mongo/base/status.h" #include "mongo/bson/mutable/element.h" @@ -82,6 +84,7 @@ public: ~AuthorizationManager(); static const std::string USER_NAME_FIELD_NAME; + static const std::string USER_ID_FIELD_NAME; static const std::string USER_DB_FIELD_NAME; static const std::string ROLE_NAME_FIELD_NAME; static const std::string ROLE_DB_FIELD_NAME; @@ -250,16 +253,41 @@ public: std::vector<BSONObj>* result); /** - * Returns the User object for the given userName in the out parameter "acquiredUser". - * If the user cache already has a user object for this user, it increments the refcount - * on that object and gives out a pointer to it. If no user object for this user name - * exists yet in the cache, reads the user's privilege document from disk, builds up - * a User object, sets the refcount to 1, and gives that out. The returned user may - * be invalid by the time the caller gets access to it. - * The AuthorizationManager retains ownership of the returned User object. - * On non-OK Status return values, acquiredUser will not be modified. + * Returns the User object for the given userName in the out parameter "acquiredUser". + * + * This method should be used only when initially authenticating a user, in contexts when + * the caller does not yet have an id for this user. When the caller already has access + * to a user document, acquireUserToRefreshSessionCache should be used instead. + * + * If no user object for this user name exists yet in the cache, read the user's privilege + * document from disk, build up a User object, sets the refcount to 1, and give that out. + * + * The returned user may be invalid by the time the caller gets access to it. + * The AuthorizationManager retains ownership of the returned User object. + * On non-OK Status return values, acquiredUser will not be modified. + */ + Status acquireUserForInitialAuth(OperationContext* opCtx, + const UserName& userName, + User** acquiredUser); + /** + * Returns the User object for the given userName in the out parameter "acquiredUser". + * + * This method must be called with a user id (the unset optional, boost::none, will be + * understood as a distinct id for a pre-3.6 user). The acquired user must match + * both the given name and given id, or this method will return an error. This method + * should be used when the caller is refresing a user document they already have. + * + * If no user object for this user name exists yet in the cache, read the user's privilege + * document from disk, build up a User object, sets the refcount to 1, and give that out. + * + * The returned user may be invalid by the time the caller gets access to it. + * The AuthorizationManager retains ownership of the returned User object. + * On non-OK Status return values, acquiredUser will not be modified. */ - Status acquireUser(OperationContext* opCtx, const UserName& userName, User** acquiredUser); + Status acquireUserToRefreshSessionCache(OperationContext* opCtx, + const UserName& userName, + boost::optional<OID> id, + User** acquiredUser); /** * Decrements the refcount of the given User object. If the refcount has gone to zero, @@ -372,8 +400,8 @@ private: /** * Cached value of the authorization schema version. * - * May be set by acquireUser() and getAuthorizationVersion(). Invalidated by - * invalidateUserCache(). + * May be set by acquireUserForInitialAuth(), acquireUserToRefreshSessionCache(), + * and getAuthorizationVersion(). Invalidated by invalidateUserCache(). * * Reads and writes guarded by CacheGuard. */ |