diff options
author | Sara Golemon <sara.golemon@mongodb.com> | 2020-05-04 14:47:29 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2020-05-04 23:52:39 +0000 |
commit | ebf32d3a3e3f297d981053337b104fca4a32ac9e (patch) | |
tree | 8c001d209260191984dd422d01656e5092507355 /src/mongo/db/repl | |
parent | 066c614a5672d63f4127752da2befc7477780320 (diff) | |
download | mongo-ebf32d3a3e3f297d981053337b104fca4a32ac9e.tar.gz |
SERVER-47908 Wire speculativeAuthenticate into mongos
(cherry picked from commit 845b52ae1c13f10d79993950888819347fac3aa3)
Diffstat (limited to 'src/mongo/db/repl')
-rw-r--r-- | src/mongo/db/repl/SConscript | 15 | ||||
-rw-r--r-- | src/mongo/db/repl/replication_info.cpp | 28 | ||||
-rw-r--r-- | src/mongo/db/repl/speculative_auth.cpp | 69 | ||||
-rw-r--r-- | src/mongo/db/repl/speculative_auth.h | 44 |
4 files changed, 128 insertions, 28 deletions
diff --git a/src/mongo/db/repl/SConscript b/src/mongo/db/repl/SConscript index 558e81835f9..3a47455aedd 100644 --- a/src/mongo/db/repl/SConscript +++ b/src/mongo/db/repl/SConscript @@ -1118,9 +1118,8 @@ env.Library( 'replica_set_messages', ], LIBDEPS_PRIVATE=[ - '$BUILD_DIR/mongo/db/auth/authservercommon', - '$BUILD_DIR/mongo/db/commands/authentication_commands', '$BUILD_DIR/mongo/db/commands/server_status', + '$BUILD_DIR/mongo/db/repl/speculative_authenticate', '$BUILD_DIR/mongo/db/stats/counters', '$BUILD_DIR/mongo/transport/message_compressor', 'replication_auth', @@ -1424,3 +1423,15 @@ env.Library( 'replica_set_messages', ], ) + +env.Library( + target='speculative_authenticate', + source=[ + 'speculative_auth.cpp', + ], + LIBDEPS_PRIVATE=[ + '$BUILD_DIR/mongo/base', + '$BUILD_DIR/mongo/db/auth/authservercommon', + '$BUILD_DIR/mongo/db/commands/authentication_commands', + ], +) diff --git a/src/mongo/db/repl/replication_info.cpp b/src/mongo/db/repl/replication_info.cpp index 9d79aed4f42..e105a3469d9 100644 --- a/src/mongo/db/repl/replication_info.cpp +++ b/src/mongo/db/repl/replication_info.cpp @@ -36,11 +36,8 @@ #include "mongo/bson/util/bson_extract.h" #include "mongo/client/connpool.h" #include "mongo/client/dbclient_connection.h" -#include "mongo/db/auth/sasl_command_constants.h" -#include "mongo/db/auth/sasl_commands.h" #include "mongo/db/auth/sasl_mechanism_registry.h" #include "mongo/db/client.h" -#include "mongo/db/commands/authentication_commands.h" #include "mongo/db/commands/server_status.h" #include "mongo/db/db_raii.h" #include "mongo/db/dbhelpers.h" @@ -56,6 +53,7 @@ #include "mongo/db/repl/replication_auth.h" #include "mongo/db/repl/replication_coordinator.h" #include "mongo/db/repl/replication_process.h" +#include "mongo/db/repl/speculative_auth.h" #include "mongo/db/repl/storage_interface.h" #include "mongo/db/storage/storage_options.h" #include "mongo/db/wire_version.h" @@ -547,29 +545,7 @@ public: } } - if (auto sae = cmdObj[auth::kSpeculativeAuthenticate]; !sae.eoo()) { - uassert(ErrorCodes::BadValue, - str::stream() << "isMaster." << auth::kSpeculativeAuthenticate - << " must be an Object", - sae.type() == Object); - auto specAuth = sae.Obj(); - - uassert(ErrorCodes::BadValue, - str::stream() << "isMaster." << auth::kSpeculativeAuthenticate - << " must be a non-empty Object", - !specAuth.isEmpty()); - auto specCmd = specAuth.firstElementFieldNameStringData(); - - if (specCmd == saslStartCommandName) { - doSpeculativeSaslStart(opCtx, specAuth, &result); - } else if (specCmd == auth::kAuthenticateCommand) { - doSpeculativeAuthenticate(opCtx, specAuth, &result); - } else { - uasserted(51769, - str::stream() << "isMaster." << auth::kSpeculativeAuthenticate - << " unknown command: " << specCmd); - } - } + handleIsMasterSpeculativeAuth(opCtx, cmdObj, &result); return true; } diff --git a/src/mongo/db/repl/speculative_auth.cpp b/src/mongo/db/repl/speculative_auth.cpp new file mode 100644 index 00000000000..292df012aa1 --- /dev/null +++ b/src/mongo/db/repl/speculative_auth.cpp @@ -0,0 +1,69 @@ +/** + * Copyright (C) 2020-present MongoDB, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the Server Side Public License, version 1, + * as published by MongoDB, Inc. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * Server Side Public License for more details. + * + * You should have received a copy of the Server Side Public License + * along with this program. If not, see + * <http://www.mongodb.com/licensing/server-side-public-license>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the Server Side Public License in all respects for + * all of the code used other than as permitted herein. If you modify file(s) + * with this exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do so, + * delete this exception statement from your version. If you delete this + * exception statement from all source files in the program, then also delete + * it in the license file. + */ + +#include "mongo/db/repl/speculative_auth.h" + +#include "mongo/client/authenticate.h" +#include "mongo/db/auth/sasl_command_constants.h" +#include "mongo/db/auth/sasl_commands.h" +#include "mongo/db/commands/authentication_commands.h" + +namespace mongo { + +void handleIsMasterSpeculativeAuth(OperationContext* opCtx, + BSONObj cmdObj, + BSONObjBuilder* result) { + auto sae = cmdObj[auth::kSpeculativeAuthenticate]; + if (sae.eoo()) { + return; + } + + uassert(ErrorCodes::BadValue, + str::stream() << "isMaster." << auth::kSpeculativeAuthenticate << " must be an Object", + sae.type() == Object); + auto specAuth = sae.Obj(); + + uassert(ErrorCodes::BadValue, + str::stream() << "isMaster." << auth::kSpeculativeAuthenticate + << " must be a non-empty Object", + !specAuth.isEmpty()); + auto specCmd = specAuth.firstElementFieldNameStringData(); + + if (specCmd == saslStartCommandName) { + doSpeculativeSaslStart(opCtx, specAuth, result); + } else if (specCmd == auth::kAuthenticateCommand) { + doSpeculativeAuthenticate(opCtx, specAuth, result); + } else { + uasserted(51769, + str::stream() << "isMaster." << auth::kSpeculativeAuthenticate + << " unknown command: " << specCmd); + } +} + +} // namespace mongo diff --git a/src/mongo/db/repl/speculative_auth.h b/src/mongo/db/repl/speculative_auth.h new file mode 100644 index 00000000000..03f071f652e --- /dev/null +++ b/src/mongo/db/repl/speculative_auth.h @@ -0,0 +1,44 @@ +/** + * Copyright (C) 2020-present MongoDB, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the Server Side Public License, version 1, + * as published by MongoDB, Inc. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * Server Side Public License for more details. + * + * You should have received a copy of the Server Side Public License + * along with this program. If not, see + * <http://www.mongodb.com/licensing/server-side-public-license>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the Server Side Public License in all respects for + * all of the code used other than as permitted herein. If you modify file(s) + * with this exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do so, + * delete this exception statement from your version. If you delete this + * exception statement from all source files in the program, then also delete + * it in the license file. + */ + +#pragma once + +#include "mongo/bson/bsonobj.h" +#include "mongo/bson/bsonobjbuilder.h" +#include "mongo/db/operation_context.h" + +namespace mongo { + +/** + * Check an isMaster sent to mongod in ReplSet mode or mongos for "speculativeAuthenticate". + * If present, dispatch to saslStart or authenticate commands as appropriate. + */ +void handleIsMasterSpeculativeAuth(OperationContext* opCtx, BSONObj cmdObj, BSONObjBuilder* result); + +} // namespace mongo |