diff options
| author | Shane Harvey <shane.harvey@mongodb.com> | 2016-03-25 17:13:17 -0400 |
|---|---|---|
| committer | Shane Harvey <shane.harvey@mongodb.com> | 2016-04-13 14:19:55 -0400 |
| commit | 26b55942cc467bca2cc2b935e517b443cf16c550 (patch) | |
| tree | 770b6987c9ffa3796135a735deeb9299d842ba5c /src/mongo/db/repl | |
| parent | 0b490582031c2be63239ac0885801739946a2a78 (diff) | |
| download | mongo-26b55942cc467bca2cc2b935e517b443cf16c550.tar.gz | |
SERVER-6823 Enable Access control without downtime.
Add --tryClusterAuth flag that enables communicatation between nodes running
with and without auth.
Diffstat (limited to 'src/mongo/db/repl')
| -rw-r--r-- | src/mongo/db/repl/isself.cpp | 6 | ||||
| -rw-r--r-- | src/mongo/db/repl/oplogreader.cpp | 12 |
2 files changed, 7 insertions, 11 deletions
diff --git a/src/mongo/db/repl/isself.cpp b/src/mongo/db/repl/isself.cpp index a4fc217481d..87cba6fe03b 100644 --- a/src/mongo/db/repl/isself.cpp +++ b/src/mongo/db/repl/isself.cpp @@ -202,10 +202,8 @@ bool isSelf(const HostAndPort& hostAndPort) { return false; } - if (getGlobalAuthorizationManager()->isAuthEnabled() && isInternalAuthSet()) { - if (!conn.authenticateInternalUser()) { - return false; - } + if (isInternalAuthSet() && !conn.authenticateInternalUser()) { + return false; } BSONObj out; bool ok = conn.simpleCommand("admin", &out, "_isSelf"); diff --git a/src/mongo/db/repl/oplogreader.cpp b/src/mongo/db/repl/oplogreader.cpp index c1b6e37f82f..28401834b65 100644 --- a/src/mongo/db/repl/oplogreader.cpp +++ b/src/mongo/db/repl/oplogreader.cpp @@ -68,12 +68,11 @@ static ServerStatusMetricField<Counter64> displayReadersCreated("repl.network.re bool replAuthenticate(DBClientBase* conn) { - if (!getGlobalAuthorizationManager()->isAuthEnabled()) - return true; - - if (!isInternalAuthSet()) + if (isInternalAuthSet()) + return conn->authenticateInternalUser(); + if (getGlobalAuthorizationManager()->isAuthEnabled()) return false; - return conn->authenticateInternalUser(); + return true; } const Seconds OplogReader::kSocketTimeout(30); @@ -94,8 +93,7 @@ bool OplogReader::connect(const HostAndPort& host) { _conn = shared_ptr<DBClientConnection>( new DBClientConnection(false, durationCount<Seconds>(kSocketTimeout))); string errmsg; - if (!_conn->connect(host, errmsg) || - (getGlobalAuthorizationManager()->isAuthEnabled() && !replAuthenticate(_conn.get()))) { + if (!_conn->connect(host, errmsg) || !replAuthenticate(_conn.get())) { resetConnection(); error() << errmsg << endl; return false; |