summaryrefslogtreecommitdiff
path: root/src/mongo/db
diff options
context:
space:
mode:
authorAndy Schwerin <schwerin@mongodb.com>2015-04-06 10:48:36 -0400
committerAndy Schwerin <schwerin@mongodb.com>2015-04-06 18:20:14 -0400
commit7ea3fc90c6c1f175da1e76ff79b1e6ae09377141 (patch)
treebd2f3f246c48a3a88578c3195432cb30fc3bfff2 /src/mongo/db
parent9e2cc1588f25f81983de48f2c69130203e325175 (diff)
downloadmongo-7ea3fc90c6c1f175da1e76ff79b1e6ae09377141.tar.gz
SERVER-17817 When setting up ClientBasic, get AuthorizationSession object from AuthorizationManager.
Diffstat (limited to 'src/mongo/db')
-rw-r--r--src/mongo/db/auth/authorization_manager.cpp8
-rw-r--r--src/mongo/db/auth/authorization_manager.h7
-rw-r--r--src/mongo/db/auth/authorization_session.cpp8
-rw-r--r--src/mongo/db/auth/authorization_session.h6
-rw-r--r--src/mongo/db/auth/authorization_session_test.cpp3
-rw-r--r--src/mongo/db/auth/authz_manager_external_state.h10
-rw-r--r--src/mongo/db/auth/authz_manager_external_state_d.cpp11
-rw-r--r--src/mongo/db/auth/authz_manager_external_state_d.h3
-rw-r--r--src/mongo/db/auth/authz_manager_external_state_mock.cpp9
-rw-r--r--src/mongo/db/auth/authz_manager_external_state_mock.h3
-rw-r--r--src/mongo/db/auth/authz_manager_external_state_s.cpp9
-rw-r--r--src/mongo/db/auth/authz_manager_external_state_s.h2
-rw-r--r--src/mongo/db/auth/authz_session_external_state.h4
-rw-r--r--src/mongo/db/auth/native_sasl_authentication_session.cpp6
-rw-r--r--src/mongo/db/client.cpp4
-rw-r--r--src/mongo/db/client_basic.cpp5
-rw-r--r--src/mongo/db/client_basic.h6
17 files changed, 83 insertions, 21 deletions
diff --git a/src/mongo/db/auth/authorization_manager.cpp b/src/mongo/db/auth/authorization_manager.cpp
index fa3dc088c49..162da449007 100644
--- a/src/mongo/db/auth/authorization_manager.cpp
+++ b/src/mongo/db/auth/authorization_manager.cpp
@@ -45,6 +45,7 @@
#include "mongo/bson/util/bson_extract.h"
#include "mongo/crypto/mechanism_scram.h"
#include "mongo/db/auth/action_set.h"
+#include "mongo/db/auth/authorization_session.h"
#include "mongo/db/auth/authz_documents_update_guard.h"
#include "mongo/db/auth/authz_manager_external_state.h"
#include "mongo/db/auth/privilege.h"
@@ -57,9 +58,9 @@
#include "mongo/db/jsobj.h"
#include "mongo/platform/compiler.h"
#include "mongo/platform/unordered_map.h"
+#include "mongo/stdx/memory.h"
#include "mongo/util/assert_util.h"
#include "mongo/util/log.h"
-#include "mongo/util/map_util.h"
#include "mongo/util/mongoutils/str.h"
namespace mongo {
@@ -268,6 +269,11 @@ namespace mongo {
}
}
+ std::unique_ptr<AuthorizationSession> AuthorizationManager::makeAuthorizationSession() {
+ return stdx::make_unique<AuthorizationSession>(
+ _externalState->makeAuthzSessionExternalState(this));
+ }
+
Status AuthorizationManager::getAuthorizationVersion(OperationContext* txn, int* version) {
CacheGuard guard(this, CacheGuard::fetchSynchronizationManual);
int newVersion = _version;
diff --git a/src/mongo/db/auth/authorization_manager.h b/src/mongo/db/auth/authorization_manager.h
index d430d1e8012..46f0ab7da5e 100644
--- a/src/mongo/db/auth/authorization_manager.h
+++ b/src/mongo/db/auth/authorization_manager.h
@@ -51,9 +51,10 @@
namespace mongo {
+ class AuthorizationSession;
class AuthzManagerExternalState;
- class UserDocumentParser;
class OperationContext;
+ class UserDocumentParser;
/**
* Internal secret key info.
@@ -154,6 +155,10 @@ namespace mongo {
const RoleName& roleName,
mutablebson::Element result);
+ /**
+ * Returns a new AuthorizationSession for use with this AuthorizationManager.
+ */
+ std::unique_ptr<AuthorizationSession> makeAuthorizationSession();
/**
* Sets whether or not access control enforcement is enabled for this manager.
diff --git a/src/mongo/db/auth/authorization_session.cpp b/src/mongo/db/auth/authorization_session.cpp
index 6c88f9462fd..a0c7cfe7168 100644
--- a/src/mongo/db/auth/authorization_session.cpp
+++ b/src/mongo/db/auth/authorization_session.cpp
@@ -57,10 +57,10 @@ namespace {
const std::string ADMIN_DBNAME = "admin";
} // namespace
- AuthorizationSession::AuthorizationSession(AuthzSessionExternalState* externalState)
- : _impersonationFlag(false) {
- _externalState.reset(externalState);
- }
+ AuthorizationSession::AuthorizationSession(
+ std::unique_ptr<AuthzSessionExternalState> externalState)
+ : _externalState(std::move(externalState)),
+ _impersonationFlag(false) {}
AuthorizationSession::~AuthorizationSession() {
for (UserSet::iterator it = _authenticatedUsers.begin();
diff --git a/src/mongo/db/auth/authorization_session.h b/src/mongo/db/auth/authorization_session.h
index 68e89c67cb7..f619d90ce2f 100644
--- a/src/mongo/db/auth/authorization_session.h
+++ b/src/mongo/db/auth/authorization_session.h
@@ -28,7 +28,7 @@
#pragma once
-#include <boost/scoped_ptr.hpp>
+#include <memory>
#include <string>
#include <vector>
@@ -64,7 +64,7 @@ namespace mongo {
public:
// Takes ownership of the externalState.
- explicit AuthorizationSession(AuthzSessionExternalState* externalState);
+ explicit AuthorizationSession(std::unique_ptr<AuthzSessionExternalState> externalState);
~AuthorizationSession();
AuthorizationManager& getAuthorizationManager();
@@ -232,7 +232,7 @@ namespace mongo {
// lock on the admin database (to update out-of-date user privilege information).
bool _isAuthorizedForPrivilege(const Privilege& privilege);
- boost::scoped_ptr<AuthzSessionExternalState> _externalState;
+ std::unique_ptr<AuthzSessionExternalState> _externalState;
// All Users who have been authenticated on this connection.
UserSet _authenticatedUsers;
diff --git a/src/mongo/db/auth/authorization_session_test.cpp b/src/mongo/db/auth/authorization_session_test.cpp
index da878ce324c..5a266f33483 100644
--- a/src/mongo/db/auth/authorization_session_test.cpp
+++ b/src/mongo/db/auth/authorization_session_test.cpp
@@ -87,7 +87,8 @@ namespace {
managerState->setAuthzVersion(AuthorizationManager::schemaVersion26Final);
authzManager.reset(new AuthorizationManager(managerState));
sessionState = new AuthzSessionExternalStateMock(authzManager.get());
- authzSession.reset(new AuthorizationSession(sessionState));
+ authzSession.reset(new AuthorizationSession(
+ std::unique_ptr<AuthzSessionExternalState>(sessionState)));
authzManager->setAuthEnabled(true);
}
};
diff --git a/src/mongo/db/auth/authz_manager_external_state.h b/src/mongo/db/auth/authz_manager_external_state.h
index 87c057b25da..a39bd19b0e9 100644
--- a/src/mongo/db/auth/authz_manager_external_state.h
+++ b/src/mongo/db/auth/authz_manager_external_state.h
@@ -28,6 +28,7 @@
#pragma once
+#include <memory>
#include <string>
#include <vector>
@@ -41,6 +42,8 @@
namespace mongo {
+ class AuthorizationManager;
+ class AuthzSessionExternalState;
class OperationContext;
/**
@@ -63,6 +66,13 @@ namespace mongo {
virtual Status initialize(OperationContext* txn) = 0;
/**
+ * Creates an external state manipulator for an AuthorizationSession whose
+ * AuthorizationManager uses this object as its own external state manipulator.
+ */
+ virtual std::unique_ptr<AuthzSessionExternalState> makeAuthzSessionExternalState(
+ AuthorizationManager* authzManager) = 0;
+
+ /**
* Retrieves the schema version of the persistent data describing users and roles.
* Will leave *outVersion unmodified on non-OK status return values.
*/
diff --git a/src/mongo/db/auth/authz_manager_external_state_d.cpp b/src/mongo/db/auth/authz_manager_external_state_d.cpp
index 2ff2b933fce..7871f8d5a78 100644
--- a/src/mongo/db/auth/authz_manager_external_state_d.cpp
+++ b/src/mongo/db/auth/authz_manager_external_state_d.cpp
@@ -38,15 +38,17 @@
#include "mongo/base/status.h"
#include "mongo/db/auth/authorization_manager.h"
+#include "mongo/db/auth/authz_session_external_state_d.h"
#include "mongo/db/auth/user_name.h"
#include "mongo/db/client.h"
#include "mongo/db/db_raii.h"
#include "mongo/db/dbdirectclient.h"
#include "mongo/db/dbhelpers.h"
-#include "mongo/db/service_context.h"
#include "mongo/db/jsobj.h"
#include "mongo/db/operation_context.h"
+#include "mongo/db/service_context.h"
#include "mongo/db/storage/storage_engine.h"
+#include "mongo/stdx/memory.h"
#include "mongo/util/assert_util.h"
#include "mongo/util/log.h"
#include "mongo/util/mongoutils/str.h"
@@ -59,6 +61,13 @@ namespace mongo {
AuthzManagerExternalStateMongod::AuthzManagerExternalStateMongod() {}
AuthzManagerExternalStateMongod::~AuthzManagerExternalStateMongod() {}
+ std::unique_ptr<AuthzSessionExternalState>
+ AuthzManagerExternalStateMongod::makeAuthzSessionExternalState(
+ AuthorizationManager* authzManager) {
+
+ return stdx::make_unique<AuthzSessionExternalStateMongod>(authzManager);
+ }
+
Status AuthzManagerExternalStateMongod::query(
OperationContext* txn,
const NamespaceString& collectionName,
diff --git a/src/mongo/db/auth/authz_manager_external_state_d.h b/src/mongo/db/auth/authz_manager_external_state_d.h
index 72c67284c1e..7a3e1f98de4 100644
--- a/src/mongo/db/auth/authz_manager_external_state_d.h
+++ b/src/mongo/db/auth/authz_manager_external_state_d.h
@@ -50,6 +50,9 @@ namespace mongo {
AuthzManagerExternalStateMongod();
virtual ~AuthzManagerExternalStateMongod();
+ std::unique_ptr<AuthzSessionExternalState> makeAuthzSessionExternalState(
+ AuthorizationManager* authzManager) override;
+
virtual Status findOne(OperationContext* txn,
const NamespaceString& collectionName,
const BSONObj& query,
diff --git a/src/mongo/db/auth/authz_manager_external_state_mock.cpp b/src/mongo/db/auth/authz_manager_external_state_mock.cpp
index 9d9f0cc0955..a8939fceb70 100644
--- a/src/mongo/db/auth/authz_manager_external_state_mock.cpp
+++ b/src/mongo/db/auth/authz_manager_external_state_mock.cpp
@@ -35,12 +35,14 @@
#include "mongo/bson/mutable/document.h"
#include "mongo/bson/mutable/element.h"
#include "mongo/db/auth/authorization_manager.h"
+#include "mongo/db/auth/authz_session_external_state_mock.h"
#include "mongo/db/jsobj.h"
#include "mongo/db/matcher/expression_parser.h"
#include "mongo/db/namespace_string.h"
#include "mongo/db/operation_context_noop.h"
#include "mongo/db/ops/update_driver.h"
#include "mongo/platform/unordered_set.h"
+#include "mongo/stdx/memory.h"
#include "mongo/util/map_util.h"
#include "mongo/util/mongoutils/str.h"
@@ -100,6 +102,13 @@ namespace {
BSONObj()));
}
+ std::unique_ptr<AuthzSessionExternalState>
+ AuthzManagerExternalStateMock::makeAuthzSessionExternalState(
+ AuthorizationManager* authzManager) {
+
+ return stdx::make_unique<AuthzSessionExternalStateMock>(authzManager);
+ }
+
Status AuthzManagerExternalStateMock::findOne(
OperationContext* txn,
const NamespaceString& collectionName,
diff --git a/src/mongo/db/auth/authz_manager_external_state_mock.h b/src/mongo/db/auth/authz_manager_external_state_mock.h
index 0a5bf73de94..92698263295 100644
--- a/src/mongo/db/auth/authz_manager_external_state_mock.h
+++ b/src/mongo/db/auth/authz_manager_external_state_mock.h
@@ -58,6 +58,9 @@ namespace mongo {
void setAuthorizationManager(AuthorizationManager* authzManager);
void setAuthzVersion(int version);
+ std::unique_ptr<AuthzSessionExternalState> makeAuthzSessionExternalState(
+ AuthorizationManager* authzManager) override;
+
virtual Status findOne(OperationContext* txn,
const NamespaceString& collectionName,
const BSONObj& query,
diff --git a/src/mongo/db/auth/authz_manager_external_state_s.cpp b/src/mongo/db/auth/authz_manager_external_state_s.cpp
index 56b485c16f4..4e9a204cbf8 100644
--- a/src/mongo/db/auth/authz_manager_external_state_s.cpp
+++ b/src/mongo/db/auth/authz_manager_external_state_s.cpp
@@ -39,6 +39,7 @@
#include "mongo/client/dbclientinterface.h"
#include "mongo/db/auth/authorization_manager.h"
#include "mongo/db/auth/authorization_manager_global.h"
+#include "mongo/db/auth/authz_session_external_state_s.h"
#include "mongo/db/auth/user_name.h"
#include "mongo/db/jsobj.h"
#include "mongo/s/catalog/catalog_manager.h"
@@ -46,6 +47,7 @@
#include "mongo/s/distlock.h"
#include "mongo/s/grid.h"
#include "mongo/s/write_ops/batched_command_response.h"
+#include "mongo/stdx/memory.h"
#include "mongo/util/assert_util.h"
#include "mongo/util/log.h"
#include "mongo/util/mongoutils/str.h"
@@ -112,6 +114,13 @@ namespace {
return Status::OK();
}
+ std::unique_ptr<AuthzSessionExternalState>
+ AuthzManagerExternalStateMongos::makeAuthzSessionExternalState(
+ AuthorizationManager* authzManager) {
+
+ return stdx::make_unique<AuthzSessionExternalStateMongos>(authzManager);
+ }
+
Status AuthzManagerExternalStateMongos::getStoredAuthorizationVersion(
OperationContext* txn, int* outVersion) {
try {
diff --git a/src/mongo/db/auth/authz_manager_external_state_s.h b/src/mongo/db/auth/authz_manager_external_state_s.h
index 5e1c97cc8f0..7601993a536 100644
--- a/src/mongo/db/auth/authz_manager_external_state_s.h
+++ b/src/mongo/db/auth/authz_manager_external_state_s.h
@@ -54,6 +54,8 @@ namespace mongo {
virtual ~AuthzManagerExternalStateMongos();
virtual Status initialize(OperationContext* txn);
+ std::unique_ptr<AuthzSessionExternalState> makeAuthzSessionExternalState(
+ AuthorizationManager* authzManager) override;
virtual Status getStoredAuthorizationVersion(OperationContext* txn, int* outVersion);
virtual Status getUserDescription(
OperationContext* txn, const UserName& userName, BSONObj* result);
diff --git a/src/mongo/db/auth/authz_session_external_state.h b/src/mongo/db/auth/authz_session_external_state.h
index 2e1b41a0565..8b22b046bbd 100644
--- a/src/mongo/db/auth/authz_session_external_state.h
+++ b/src/mongo/db/auth/authz_session_external_state.h
@@ -75,6 +75,10 @@ namespace mongo {
// This class should never be instantiated directly.
AuthzSessionExternalState(AuthorizationManager* authzManager);
+ // Pointer to the authorization manager associated with the authorization session
+ // that owns this object.
+ //
+ // TODO(schwerin): Eliminate this back pointer.
AuthorizationManager* _authzManager;
};
diff --git a/src/mongo/db/auth/native_sasl_authentication_session.cpp b/src/mongo/db/auth/native_sasl_authentication_session.cpp
index ee7a3e306c8..80d89ccf3b5 100644
--- a/src/mongo/db/auth/native_sasl_authentication_session.cpp
+++ b/src/mongo/db/auth/native_sasl_authentication_session.cpp
@@ -47,6 +47,7 @@
#include "mongo/db/auth/sasl_options.h"
#include "mongo/db/auth/sasl_plain_server_conversation.h"
#include "mongo/db/auth/sasl_scramsha1_server_conversation.h"
+#include "mongo/stdx/memory.h"
#include "mongo/util/assert_util.h"
#include "mongo/util/mongoutils/str.h"
@@ -77,7 +78,8 @@ namespace {
(InitializerContext*) {
AuthorizationManager authzManager(new AuthzManagerExternalStateMock());
- AuthorizationSession authzSession(new AuthzSessionExternalStateMock(&authzManager));
+ std::unique_ptr<AuthorizationSession> authzSession =
+ authzManager.makeAuthorizationSession();
for (size_t i = 0; i < saslGlobalParams.authenticationMechanisms.size(); ++i) {
const std::string& mechanism = saslGlobalParams.authenticationMechanisms[i];
@@ -86,7 +88,7 @@ namespace {
continue;
}
scoped_ptr<SaslAuthenticationSession>
- session(SaslAuthenticationSession::create(&authzSession, mechanism));
+ session(SaslAuthenticationSession::create(authzSession.get(), mechanism));
Status status = session->start("test",
mechanism,
saslGlobalParams.serviceName,
diff --git a/src/mongo/db/client.cpp b/src/mongo/db/client.cpp
index b20dd87d04d..c408723d462 100644
--- a/src/mongo/db/client.cpp
+++ b/src/mongo/db/client.cpp
@@ -45,7 +45,6 @@
#include "mongo/db/auth/action_type.h"
#include "mongo/db/auth/authorization_manager_global.h"
#include "mongo/db/auth/authorization_session.h"
-#include "mongo/db/auth/authz_session_external_state_d.h"
#include "mongo/db/auth/privilege.h"
#include "mongo/db/catalog/database_holder.h"
#include "mongo/db/commands.h"
@@ -96,8 +95,7 @@ namespace mongo {
// Create the client obj, attach to thread
Client* client = new Client(fullDesc, getGlobalServiceContext(), mp);
client->setAuthorizationSession(
- new AuthorizationSession(
- new AuthzSessionExternalStateMongod(getGlobalAuthorizationManager())));
+ getGlobalAuthorizationManager()->makeAuthorizationSession());
currentClient.reset(client);
diff --git a/src/mongo/db/client_basic.cpp b/src/mongo/db/client_basic.cpp
index bbe1d729540..6f3ef6af424 100644
--- a/src/mongo/db/client_basic.cpp
+++ b/src/mongo/db/client_basic.cpp
@@ -70,11 +70,12 @@ namespace mongo {
return _authorizationSession.get();
}
- void ClientBasic::setAuthorizationSession(AuthorizationSession* authorizationSession) {
+ void ClientBasic::setAuthorizationSession(
+ std::unique_ptr<AuthorizationSession> authorizationSession) {
massert(16477,
"An AuthorizationManager has already been set up for this connection",
!hasAuthorizationSession());
- _authorizationSession.reset(authorizationSession);
+ _authorizationSession = std::move(authorizationSession);
}
} // namespace mongo
diff --git a/src/mongo/db/client_basic.h b/src/mongo/db/client_basic.h
index f2b1bd05a75..e68a71b75a9 100644
--- a/src/mongo/db/client_basic.h
+++ b/src/mongo/db/client_basic.h
@@ -28,8 +28,8 @@
#pragma once
-#include <boost/noncopyable.hpp>
#include <boost/scoped_ptr.hpp>
+#include <memory>
#include "mongo/base/disallow_copying.h"
#include "mongo/util/decorable.h"
@@ -60,7 +60,7 @@ namespace mongo {
bool hasAuthorizationSession() const;
AuthorizationSession* getAuthorizationSession() const;
- void setAuthorizationSession(AuthorizationSession* authorizationSession);
+ void setAuthorizationSession(std::unique_ptr<AuthorizationSession> authorizationSession);
bool getIsLocalHostConnection() {
if (!hasRemote()) {
@@ -92,7 +92,7 @@ namespace mongo {
private:
boost::scoped_ptr<AuthenticationSession> _authenticationSession;
- boost::scoped_ptr<AuthorizationSession> _authorizationSession;
+ std::unique_ptr<AuthorizationSession> _authorizationSession;
ServiceContext* const _serviceContext;
AbstractMessagingPort* const _messagingPort;
};
View Lorry Controller Status