summaryrefslogtreecommitdiff
path: root/src/mongo/db
diff options
context:
space:
mode:
authorAndy Schwerin <schwerin@mongodb.com>2015-04-07 15:15:59 -0400
committerAndy Schwerin <schwerin@mongodb.com>2015-04-16 16:00:28 -0400
commiteb8025a6ff2c3652a1f89ae513f7a4a98cd4e2ab (patch)
tree07d6d6fd9ad11758f0122a9f4d721f4ec6901e0a /src/mongo/db
parenta377aa8648de036659bbb4e67c8dfa030299718b (diff)
downloadmongo-eb8025a6ff2c3652a1f89ae513f7a4a98cd4e2ab.tar.gz
SERVER-17817 Make AuthorizationSession a decoration of ClientBasic.
Diffstat (limited to 'src/mongo/db')
-rw-r--r--src/mongo/db/auth/authorization_session.h27
-rw-r--r--src/mongo/db/auth/client_auth_session.cpp26
-rw-r--r--src/mongo/db/auth/sasl_commands.cpp2
-rw-r--r--src/mongo/db/catalog/cursor_manager.cpp2
-rw-r--r--src/mongo/db/client.cpp4
-rw-r--r--src/mongo/db/client_basic.cpp26
-rw-r--r--src/mongo/db/client_basic.h6
-rw-r--r--src/mongo/db/clientlistplugin.cpp2
-rw-r--r--src/mongo/db/commands.cpp4
-rw-r--r--src/mongo/db/commands/authentication_commands.cpp6
-rw-r--r--src/mongo/db/commands/cleanup_orphaned_cmd.cpp2
-rw-r--r--src/mongo/db/commands/clone.cpp2
-rw-r--r--src/mongo/db/commands/clone_collection.cpp2
-rw-r--r--src/mongo/db/commands/connection_status.cpp2
-rw-r--r--src/mongo/db/commands/copydb_common.cpp8
-rw-r--r--src/mongo/db/commands/create_indexes.cpp2
-rw-r--r--src/mongo/db/commands/current_op.cpp2
-rw-r--r--src/mongo/db/commands/find_cmd.cpp2
-rw-r--r--src/mongo/db/commands/fsync.cpp2
-rw-r--r--src/mongo/db/commands/getmore_cmd.cpp2
-rw-r--r--src/mongo/db/commands/group.cpp2
-rw-r--r--src/mongo/db/commands/index_filter_commands.cpp2
-rw-r--r--src/mongo/db/commands/kill_op.cpp2
-rw-r--r--src/mongo/db/commands/list_collections.cpp2
-rw-r--r--src/mongo/db/commands/merge_chunks_cmd.cpp2
-rw-r--r--src/mongo/db/commands/mr.cpp2
-rw-r--r--src/mongo/db/commands/oplog_note.cpp2
-rw-r--r--src/mongo/db/commands/parallel_collection_scan.cpp2
-rw-r--r--src/mongo/db/commands/plan_cache_commands.cpp2
-rw-r--r--src/mongo/db/commands/rename_collection_common.cpp12
-rw-r--r--src/mongo/db/commands/repair_cursor.cpp2
-rw-r--r--src/mongo/db/commands/server_status.cpp3
-rw-r--r--src/mongo/db/commands/user_management_commands.cpp38
-rw-r--r--src/mongo/db/commands/write_commands/write_commands.cpp2
-rw-r--r--src/mongo/db/dbcommands.cpp6
-rw-r--r--src/mongo/db/dbwebserver.cpp4
-rw-r--r--src/mongo/db/exec/group.cpp2
-rw-r--r--src/mongo/db/index_builder.cpp2
-rw-r--r--src/mongo/db/index_rebuilder.cpp2
-rw-r--r--src/mongo/db/instance.cpp14
-rw-r--r--src/mongo/db/introspect.cpp2
-rw-r--r--src/mongo/db/matcher/expression_where.cpp2
-rw-r--r--src/mongo/db/repl/bgsync.cpp2
-rw-r--r--src/mongo/db/repl/master_slave.cpp6
-rw-r--r--src/mongo/db/repl/replset_commands.cpp18
-rw-r--r--src/mongo/db/repl/rs_sync.cpp2
-rw-r--r--src/mongo/db/repl/sync_tail.cpp4
-rw-r--r--src/mongo/db/restapi.cpp2
-rw-r--r--src/mongo/db/server_extra_log_context.cpp4
-rw-r--r--src/mongo/db/ttl.cpp2
50 files changed, 151 insertions, 129 deletions
diff --git a/src/mongo/db/auth/authorization_session.h b/src/mongo/db/auth/authorization_session.h
index f619d90ce2f..0fe4f1c46cb 100644
--- a/src/mongo/db/auth/authorization_session.h
+++ b/src/mongo/db/auth/authorization_session.h
@@ -44,6 +44,7 @@
#include "mongo/db/namespace_string.h"
namespace mongo {
+ class ClientBasic;
/**
* Contains all the authorization logic for a single client connection. It contains a set of
@@ -62,6 +63,32 @@ namespace mongo {
class AuthorizationSession {
MONGO_DISALLOW_COPYING(AuthorizationSession);
public:
+ /**
+ * Gets the AuthorizationSession associated with the given "client", or nullptr.
+ *
+ * The "client" object continues to own the returned AuthorizationSession.
+ */
+ static AuthorizationSession* get(ClientBasic* client);
+
+ /**
+ * Gets the AuthorizationSession associated with the given "client", or nullptr.
+ *
+ * The "client" object continues to own the returned AuthorizationSession.
+ */
+ static AuthorizationSession* get(ClientBasic& client);
+
+ /**
+ * Returns false if AuthorizationSession::get(client) would return nullptr.
+ */
+ static bool exists(ClientBasic* client);
+
+ /**
+ * Sets the AuthorizationSession associated with "client" to "session".
+ *
+ * "session" must not be NULL, and it is only legal to call this function once
+ * on each instance of "client".
+ */
+ static void set(ClientBasic* client, std::unique_ptr<AuthorizationSession> session);
// Takes ownership of the externalState.
explicit AuthorizationSession(std::unique_ptr<AuthzSessionExternalState> externalState);
diff --git a/src/mongo/db/auth/client_auth_session.cpp b/src/mongo/db/auth/client_auth_session.cpp
index 2e1d9c0f4f0..e2cb57522cb 100644
--- a/src/mongo/db/auth/client_auth_session.cpp
+++ b/src/mongo/db/auth/client_auth_session.cpp
@@ -32,6 +32,7 @@
#include <utility>
#include "mongo/db/auth/authentication_session.h"
+#include "mongo/db/auth/authorization_session.h"
#include "mongo/db/client_basic.h"
namespace mongo {
@@ -40,6 +41,9 @@ namespace {
const auto getAuthenticationSession =
ClientBasic::declareDecoration<std::unique_ptr<AuthenticationSession>>();
+ const auto getAuthorizationSession =
+ ClientBasic::declareDecoration<std::unique_ptr<AuthorizationSession>>();
+
} // namespace
void AuthenticationSession::set(
@@ -55,4 +59,26 @@ namespace {
swap(getAuthenticationSession(client), other);
}
+ AuthorizationSession* AuthorizationSession::get(ClientBasic* client) {
+ return get(*client);
+ }
+
+ AuthorizationSession* AuthorizationSession::get(ClientBasic& client) {
+ AuthorizationSession* retval = getAuthorizationSession(client).get();
+ massert(16481,
+ "No AuthorizationManager has been set up for this connection",
+ retval);
+ return retval;
+ }
+
+ bool AuthorizationSession::exists(ClientBasic* client) {
+ return getAuthorizationSession(client).get();
+ }
+
+ void AuthorizationSession::set(
+ ClientBasic* client,
+ std::unique_ptr<AuthorizationSession> authorizationSession) {
+ getAuthorizationSession(client) = std::move(authorizationSession);
+ }
+
} // namespace mongo
diff --git a/src/mongo/db/auth/sasl_commands.cpp b/src/mongo/db/auth/sasl_commands.cpp
index ce7b46a2023..a6ef35c1a74 100644
--- a/src/mongo/db/auth/sasl_commands.cpp
+++ b/src/mongo/db/auth/sasl_commands.cpp
@@ -285,7 +285,7 @@ namespace {
}
SaslAuthenticationSession* session =
- SaslAuthenticationSession::create(client->getAuthorizationSession(), mechanism);
+ SaslAuthenticationSession::create(AuthorizationSession::get(client), mechanism);
std::unique_ptr<AuthenticationSession> sessionGuard(session);
diff --git a/src/mongo/db/catalog/cursor_manager.cpp b/src/mongo/db/catalog/cursor_manager.cpp
index 0ea4f588839..bf17cfb83e7 100644
--- a/src/mongo/db/catalog/cursor_manager.cpp
+++ b/src/mongo/db/catalog/cursor_manager.cpp
@@ -210,7 +210,7 @@ namespace mongo {
// Check if we are authorized to erase this cursor.
if (checkAuth) {
- AuthorizationSession* as = txn->getClient()->getAuthorizationSession();
+ AuthorizationSession* as = AuthorizationSession::get(txn->getClient());
Status authorizationStatus = as->checkAuthForKillCursors(nss, id);
if (!authorizationStatus.isOK()) {
audit::logKillCursorsAuthzCheck(txn->getClient(),
diff --git a/src/mongo/db/client.cpp b/src/mongo/db/client.cpp
index 014fb9472e5..d471bcd5ae4 100644
--- a/src/mongo/db/client.cpp
+++ b/src/mongo/db/client.cpp
@@ -77,8 +77,8 @@ namespace mongo {
// Create the client obj, attach to thread
Client* client = new Client(fullDesc, getGlobalServiceContext(), mp);
- client->setAuthorizationSession(
- getGlobalAuthorizationManager()->makeAuthorizationSession());
+ AuthorizationSession::set(client,
+ getGlobalAuthorizationManager()->makeAuthorizationSession());
currentClient.reset(client);
diff --git a/src/mongo/db/client_basic.cpp b/src/mongo/db/client_basic.cpp
index f9f4a60b904..0f2a9492460 100644
--- a/src/mongo/db/client_basic.cpp
+++ b/src/mongo/db/client_basic.cpp
@@ -30,35 +30,11 @@
#include "mongo/db/client_basic.h"
-#include <boost/scoped_ptr.hpp>
-
-#include "mongo/db/auth/authorization_session.h"
-
namespace mongo {
- using boost::scoped_ptr;
-
ClientBasic::ClientBasic(ServiceContext* serviceContext, AbstractMessagingPort* messagingPort) :
_serviceContext(serviceContext), _messagingPort(messagingPort) {}
- ClientBasic::~ClientBasic() {}
-
- bool ClientBasic::hasAuthorizationSession() const {
- return _authorizationSession.get();
- }
-
- AuthorizationSession* ClientBasic::getAuthorizationSession() const {
- massert(16481,
- "No AuthorizationManager has been set up for this connection",
- hasAuthorizationSession());
- return _authorizationSession.get();
- }
- void ClientBasic::setAuthorizationSession(
- std::unique_ptr<AuthorizationSession> authorizationSession) {
- massert(16477,
- "An AuthorizationManager has already been set up for this connection",
- !hasAuthorizationSession());
- _authorizationSession = std::move(authorizationSession);
- }
+ ClientBasic::~ClientBasic() = default;
} // namespace mongo
diff --git a/src/mongo/db/client_basic.h b/src/mongo/db/client_basic.h
index 42370b3f501..573923cc147 100644
--- a/src/mongo/db/client_basic.h
+++ b/src/mongo/db/client_basic.h
@@ -38,7 +38,6 @@
namespace mongo {
- class AuthorizationSession;
class ServiceContext;
/**
@@ -53,10 +52,6 @@ namespace mongo {
public:
virtual ~ClientBasic();
- bool hasAuthorizationSession() const;
- AuthorizationSession* getAuthorizationSession() const;
- void setAuthorizationSession(std::unique_ptr<AuthorizationSession> authorizationSession);
-
bool getIsLocalHostConnection() {
if (!hasRemote()) {
return false;
@@ -86,7 +81,6 @@ namespace mongo {
ClientBasic(ServiceContext* serviceContext, AbstractMessagingPort* messagingPort);
private:
- std::unique_ptr<AuthorizationSession> _authorizationSession;
ServiceContext* const _serviceContext;
AbstractMessagingPort* const _messagingPort;
};
diff --git a/src/mongo/db/clientlistplugin.cpp b/src/mongo/db/clientlistplugin.cpp
index 4aa31d48bd7..a777026cb0d 100644
--- a/src/mongo/db/clientlistplugin.cpp
+++ b/src/mongo/db/clientlistplugin.cpp
@@ -159,7 +159,7 @@ namespace {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- if ( client->getAuthorizationSession()
+ if ( AuthorizationSession::get(client)
->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(),
ActionType::inprog) ) {
return Status::OK();
diff --git a/src/mongo/db/commands.cpp b/src/mongo/db/commands.cpp
index 35dae6c2fb6..f81caefe991 100644
--- a/src/mongo/db/commands.cpp
+++ b/src/mongo/db/commands.cpp
@@ -338,7 +338,7 @@ namespace mongo {
const BSONObj& cmdObj) {
std::vector<Privilege> privileges;
this->addRequiredPrivileges(dbname, cmdObj, &privileges);
- if (client->getAuthorizationSession()->isAuthorizedForPrivileges(privileges))
+ if (AuthorizationSession::get(client)->isAuthorizedForPrivileges(privileges))
return Status::OK();
return Status(ErrorCodes::Unauthorized, "unauthorized");
}
@@ -371,7 +371,7 @@ namespace mongo {
return Status(ErrorCodes::Unauthorized, str::stream() << c->name <<
" may only be run against the admin database.");
}
- if (client->getAuthorizationSession()->getAuthorizationManager().isAuthEnabled()) {
+ if (AuthorizationSession::get(client)->getAuthorizationManager().isAuthEnabled()) {
Status status = c->checkAuthForCommand(client, dbname, cmdObj);
if (status == ErrorCodes::Unauthorized) {
mmb::Document cmdToLog(cmdObj, mmb::Document::kInPlaceDisabled);
diff --git a/src/mongo/db/commands/authentication_commands.cpp b/src/mongo/db/commands/authentication_commands.cpp
index a8fad3c159d..4a432e03cb2 100644
--- a/src/mongo/db/commands/authentication_commands.cpp
+++ b/src/mongo/db/commands/authentication_commands.cpp
@@ -298,7 +298,7 @@ namespace mongo {
}
AuthorizationSession* authorizationSession =
- ClientBasic::getCurrent()->getAuthorizationSession();
+ AuthorizationSession::get(ClientBasic::getCurrent());
status = authorizationSession->addAndAuthorizeUser(txn, user);
if (!status.isOK()) {
return status;
@@ -355,7 +355,7 @@ namespace mongo {
}
ClientBasic *client = ClientBasic::getCurrent();
- AuthorizationSession* authorizationSession = client->getAuthorizationSession();
+ AuthorizationSession* authorizationSession = AuthorizationSession::get(client);
std::string subjectName = client->port()->getX509SubjectName();
if (!getSSLManager()->getSSLConfiguration().hasCA) {
@@ -416,7 +416,7 @@ namespace mongo {
BSONObjBuilder& result,
bool fromRepl) {
AuthorizationSession* authSession =
- ClientBasic::getCurrent()->getAuthorizationSession();
+ AuthorizationSession::get(ClientBasic::getCurrent());
authSession->logoutDatabase(dbname);
if (Command::testCommandsEnabled && dbname == "admin") {
// Allows logging out as the internal user against the admin database, however
diff --git a/src/mongo/db/commands/cleanup_orphaned_cmd.cpp b/src/mongo/db/commands/cleanup_orphaned_cmd.cpp
index b3d4bf31c80..3294bec5b92 100644
--- a/src/mongo/db/commands/cleanup_orphaned_cmd.cpp
+++ b/src/mongo/db/commands/cleanup_orphaned_cmd.cpp
@@ -194,7 +194,7 @@ namespace mongo {
virtual Status checkAuthForCommand( ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj ) {
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forClusterResource(), ActionType::cleanupOrphaned)) {
return Status(ErrorCodes::Unauthorized,
"Not authorized for cleanupOrphaned command.");
diff --git a/src/mongo/db/commands/clone.cpp b/src/mongo/db/commands/clone.cpp
index 00efcfcf5c1..bc0b8f70311 100644
--- a/src/mongo/db/commands/clone.cpp
+++ b/src/mongo/db/commands/clone.cpp
@@ -80,7 +80,7 @@ namespace mongo {
ActionSet actions;
actions.addAction(ActionType::insert);
actions.addAction(ActionType::createIndex);
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forDatabaseName(dbname), actions)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
}
diff --git a/src/mongo/db/commands/clone_collection.cpp b/src/mongo/db/commands/clone_collection.cpp
index 952044bc747..734d49ff100 100644
--- a/src/mongo/db/commands/clone_collection.cpp
+++ b/src/mongo/db/commands/clone_collection.cpp
@@ -85,7 +85,7 @@ namespace mongo {
actions.addAction(ActionType::insert);
actions.addAction(ActionType::createIndex); // SERVER-11418
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forExactNamespace(NamespaceString(ns)), actions)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
}
diff --git a/src/mongo/db/commands/connection_status.cpp b/src/mongo/db/commands/connection_status.cpp
index cfb3860b0dd..1ad5d9f4318 100644
--- a/src/mongo/db/commands/connection_status.cpp
+++ b/src/mongo/db/commands/connection_status.cpp
@@ -54,7 +54,7 @@ namespace mongo {
bool run(OperationContext* txn, const string&, BSONObj& cmdObj, int, string& errmsg,
BSONObjBuilder& result, bool fromRepl) {
AuthorizationSession* authSession =
- ClientBasic::getCurrent()->getAuthorizationSession();
+ AuthorizationSession::get(ClientBasic::getCurrent());
bool showPrivileges;
Status status = bsonExtractBooleanFieldWithDefault(cmdObj,
diff --git a/src/mongo/db/commands/copydb_common.cpp b/src/mongo/db/commands/copydb_common.cpp
index 5cebb8db021..ca2d78e937d 100644
--- a/src/mongo/db/commands/copydb_common.cpp
+++ b/src/mongo/db/commands/copydb_common.cpp
@@ -64,7 +64,7 @@ namespace copydb {
ActionSet actions;
actions.addAction(ActionType::insert);
actions.addAction(ActionType::createIndex);
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forDatabaseName(todb), actions)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
}
@@ -72,7 +72,7 @@ namespace copydb {
actions.removeAllActions();
actions.addAction(ActionType::insert);
for (size_t i = 0; i < legalClientSystemCollections.size(); ++i) {
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnNamespace(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnNamespace(
NamespaceString(todb, legalClientSystemCollections[i]), actions)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
}
@@ -82,12 +82,12 @@ namespace copydb {
// If copying from self, also require privileges on source db
actions.removeAllActions();
actions.addAction(ActionType::find);
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forDatabaseName(fromdb), actions)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
}
for (size_t i = 0; i < legalClientSystemCollections.size(); ++i) {
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnNamespace(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnNamespace(
NamespaceString(fromdb, legalClientSystemCollections[i]), actions)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
}
diff --git a/src/mongo/db/commands/create_indexes.cpp b/src/mongo/db/commands/create_indexes.cpp
index 32d1300c539..6b0de488273 100644
--- a/src/mongo/db/commands/create_indexes.cpp
+++ b/src/mongo/db/commands/create_indexes.cpp
@@ -70,7 +70,7 @@ namespace mongo {
ActionSet actions;
actions.addAction(ActionType::createIndex);
Privilege p(parseResourcePattern(dbname, cmdObj), actions);
- if (client->getAuthorizationSession()->isAuthorizedForPrivilege(p))
+ if (AuthorizationSession::get(client)->isAuthorizedForPrivilege(p))
return Status::OK();
return Status(ErrorCodes::Unauthorized, "Unauthorized");
}
diff --git a/src/mongo/db/commands/current_op.cpp b/src/mongo/db/commands/current_op.cpp
index c4e9f49c799..6648aa7d869 100644
--- a/src/mongo/db/commands/current_op.cpp
+++ b/src/mongo/db/commands/current_op.cpp
@@ -63,7 +63,7 @@ namespace mongo {
const std::string& dbname,
const BSONObj& cmdObj) final {
- bool isAuthorized = client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ bool isAuthorized = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forClusterResource(),
ActionType::inprog);
return isAuthorized ? Status::OK() : Status(ErrorCodes::Unauthorized, "Unauthorized");
diff --git a/src/mongo/db/commands/find_cmd.cpp b/src/mongo/db/commands/find_cmd.cpp
index b6983adfb4f..3e41d395090 100644
--- a/src/mongo/db/commands/find_cmd.cpp
+++ b/src/mongo/db/commands/find_cmd.cpp
@@ -85,7 +85,7 @@ namespace mongo {
Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) override {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
ResourcePattern pattern = parseResourcePattern(dbname, cmdObj);
if (authzSession->isAuthorizedForActionsOnResource(pattern, ActionType::find)) {
diff --git a/src/mongo/db/commands/fsync.cpp b/src/mongo/db/commands/fsync.cpp
index ac63457aa15..3307e96b80e 100644
--- a/src/mongo/db/commands/fsync.cpp
+++ b/src/mongo/db/commands/fsync.cpp
@@ -179,7 +179,7 @@ namespace mongo {
const std::string& dbname,
const BSONObj& cmdObj) override {
- bool isAuthorized = client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ bool isAuthorized = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forClusterResource(),
ActionType::unlock);
diff --git a/src/mongo/db/commands/getmore_cmd.cpp b/src/mongo/db/commands/getmore_cmd.cpp
index 84d4c76e1a3..190e9bac1e6 100644
--- a/src/mongo/db/commands/getmore_cmd.cpp
+++ b/src/mongo/db/commands/getmore_cmd.cpp
@@ -94,7 +94,7 @@ namespace mongo {
}
const GetMoreRequest& request = parseStatus.getValue();
- return client->getAuthorizationSession()->checkAuthForGetMore(request.nss,
+ return AuthorizationSession::get(client)->checkAuthForGetMore(request.nss,
request.cursorid);
}
diff --git a/src/mongo/db/commands/group.cpp b/src/mongo/db/commands/group.cpp
index b4e18446791..d7310e69ab8 100644
--- a/src/mongo/db/commands/group.cpp
+++ b/src/mongo/db/commands/group.cpp
@@ -56,7 +56,7 @@ namespace mongo {
const std::string& dbname,
const BSONObj& cmdObj) {
std::string ns = parseNs(dbname, cmdObj);
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnNamespace(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnNamespace(
NamespaceString(ns), ActionType::find)) {
return Status(ErrorCodes::Unauthorized, "unauthorized");
}
diff --git a/src/mongo/db/commands/index_filter_commands.cpp b/src/mongo/db/commands/index_filter_commands.cpp
index 9366f8358a1..8532a22df36 100644
--- a/src/mongo/db/commands/index_filter_commands.cpp
+++ b/src/mongo/db/commands/index_filter_commands.cpp
@@ -157,7 +157,7 @@ namespace mongo {
Status IndexFilterCommand::checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
ResourcePattern pattern = parseResourcePattern(dbname, cmdObj);
if (authzSession->isAuthorizedForActionsOnResource(pattern, ActionType::planCacheIndexFilter)) {
diff --git a/src/mongo/db/commands/kill_op.cpp b/src/mongo/db/commands/kill_op.cpp
index e8f80928558..afcc12c4a9f 100644
--- a/src/mongo/db/commands/kill_op.cpp
+++ b/src/mongo/db/commands/kill_op.cpp
@@ -60,7 +60,7 @@ namespace mongo {
const std::string& dbname,
const BSONObj& cmdObj) final {
- bool isAuthorized = client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ bool isAuthorized = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forClusterResource(),
ActionType::killop);
return isAuthorized ? Status::OK() : Status(ErrorCodes::Unauthorized, "Unauthorized");
diff --git a/src/mongo/db/commands/list_collections.cpp b/src/mongo/db/commands/list_collections.cpp
index 092822ba663..64767c6cb07 100644
--- a/src/mongo/db/commands/list_collections.cpp
+++ b/src/mongo/db/commands/list_collections.cpp
@@ -67,7 +67,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
// Check for the listCollections ActionType on the database
// or find on system.namespaces for pre 3.0 systems.
diff --git a/src/mongo/db/commands/merge_chunks_cmd.cpp b/src/mongo/db/commands/merge_chunks_cmd.cpp
index 109e433e6fd..9212b4183ff 100644
--- a/src/mongo/db/commands/merge_chunks_cmd.cpp
+++ b/src/mongo/db/commands/merge_chunks_cmd.cpp
@@ -59,7 +59,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))),
ActionType::splitChunk)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
diff --git a/src/mongo/db/commands/mr.cpp b/src/mongo/db/commands/mr.cpp
index 796ea3fb066..2162c1a3648 100644
--- a/src/mongo/db/commands/mr.cpp
+++ b/src/mongo/db/commands/mr.cpp
@@ -754,7 +754,7 @@ namespace mongo {
*/
void State::init() {
// setup js
- const string userToken = ClientBasic::getCurrent()->getAuthorizationSession()
+ const string userToken = AuthorizationSession::get(ClientBasic::getCurrent())
->getAuthenticatedUserNamesToken();
_scope.reset(globalScriptEngine->getPooledScope(
_txn, _config.dbname, "mapreduce" + userToken).release());
diff --git a/src/mongo/db/commands/oplog_note.cpp b/src/mongo/db/commands/oplog_note.cpp
index 2dc3dd204fb..c57d43c86bb 100644
--- a/src/mongo/db/commands/oplog_note.cpp
+++ b/src/mongo/db/commands/oplog_note.cpp
@@ -57,7 +57,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forClusterResource(), ActionType::appendOplogNote)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
}
diff --git a/src/mongo/db/commands/parallel_collection_scan.cpp b/src/mongo/db/commands/parallel_collection_scan.cpp
index 40bbeb7b085..a84e9070a21 100644
--- a/src/mongo/db/commands/parallel_collection_scan.cpp
+++ b/src/mongo/db/commands/parallel_collection_scan.cpp
@@ -66,7 +66,7 @@ namespace mongo {
ActionSet actions;
actions.addAction(ActionType::find);
Privilege p(parseResourcePattern(dbname, cmdObj), actions);
- if ( client->getAuthorizationSession()->isAuthorizedForPrivilege(p) )
+ if ( AuthorizationSession::get(client)->isAuthorizedForPrivilege(p) )
return Status::OK();
return Status(ErrorCodes::Unauthorized, "Unauthorized");
}
diff --git a/src/mongo/db/commands/plan_cache_commands.cpp b/src/mongo/db/commands/plan_cache_commands.cpp
index 33749bb08f4..9098299c800 100644
--- a/src/mongo/db/commands/plan_cache_commands.cpp
+++ b/src/mongo/db/commands/plan_cache_commands.cpp
@@ -155,7 +155,7 @@ namespace mongo {
Status PlanCacheCommand::checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
ResourcePattern pattern = parseResourcePattern(dbname, cmdObj);
if (authzSession->isAuthorizedForActionsOnResource(pattern, actionType)) {
diff --git a/src/mongo/db/commands/rename_collection_common.cpp b/src/mongo/db/commands/rename_collection_common.cpp
index fba1daffc0b..feec6f4f135 100644
--- a/src/mongo/db/commands/rename_collection_common.cpp
+++ b/src/mongo/db/commands/rename_collection_common.cpp
@@ -54,21 +54,21 @@ namespace rename_collection {
// either can read both of source and dest collections or *can't* read either of source
// or dest collection, then you get can do the rename, even without insert on the
// destination collection.
- bool canRename = client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ bool canRename = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forDatabaseName(sourceNS.db()),
ActionType::renameCollectionSameDB);
bool canDropTargetIfNeeded = true;
if (dropTarget) {
canDropTargetIfNeeded =
- client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forExactNamespace(targetNS),
ActionType::dropCollection);
}
- bool canReadSrc = client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ bool canReadSrc = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forExactNamespace(sourceNS), ActionType::find);
- bool canReadDest = client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ bool canReadDest = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forExactNamespace(targetNS), ActionType::find);
if (canRename && canDropTargetIfNeeded && (canReadSrc || !canReadDest)) {
@@ -80,7 +80,7 @@ namespace rename_collection {
ActionSet actions;
actions.addAction(ActionType::find);
actions.addAction(ActionType::dropCollection);
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forExactNamespace(sourceNS), actions)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
}
@@ -92,7 +92,7 @@ namespace rename_collection {
if (dropTarget) {
actions.addAction(ActionType::dropCollection);
}
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forExactNamespace(targetNS), actions)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
}
diff --git a/src/mongo/db/commands/repair_cursor.cpp b/src/mongo/db/commands/repair_cursor.cpp
index dad8b305201..cc2cf8d183b 100644
--- a/src/mongo/db/commands/repair_cursor.cpp
+++ b/src/mongo/db/commands/repair_cursor.cpp
@@ -54,7 +54,7 @@ namespace mongo {
ActionSet actions;
actions.addAction(ActionType::find);
Privilege p(parseResourcePattern(dbname, cmdObj), actions);
- if (client->getAuthorizationSession()->isAuthorizedForPrivilege(p))
+ if (AuthorizationSession::get(client)->isAuthorizedForPrivilege(p))
return Status::OK();
return Status(ErrorCodes::Unauthorized, "Unauthorized");
}
diff --git a/src/mongo/db/commands/server_status.cpp b/src/mongo/db/commands/server_status.cpp
index 175105a3490..5b3973753b3 100644
--- a/src/mongo/db/commands/server_status.cpp
+++ b/src/mongo/db/commands/server_status.cpp
@@ -88,8 +88,7 @@ namespace mongo {
long long start = Listener::getElapsedTimeMillis();
BSONObjBuilder timeBuilder(256);
- const ClientBasic* myClientBasic = ClientBasic::getCurrent();
- AuthorizationSession* authSession = myClientBasic->getAuthorizationSession();
+ const auto authSession = AuthorizationSession::get(ClientBasic::getCurrent());
// --- basic fields that are global
diff --git a/src/mongo/db/commands/user_management_commands.cpp b/src/mongo/db/commands/user_management_commands.cpp
index cecd41fb447..366b1760f69 100644
--- a/src/mongo/db/commands/user_management_commands.cpp
+++ b/src/mongo/db/commands/user_management_commands.cpp
@@ -334,7 +334,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
auth::CreateOrUpdateUserArgs args;
Status status = auth::parseCreateOrUpdateUserCommands(cmdObj,
"createUser",
@@ -517,7 +517,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
auth::CreateOrUpdateUserArgs args;
Status status = auth::parseCreateOrUpdateUserCommands(cmdObj,
"updateUser",
@@ -688,7 +688,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
UserName userName;
BSONObj unusedWriteConcern;
Status status = auth::parseAndValidateDropUserCommand(cmdObj,
@@ -785,7 +785,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
if (!authzSession->isAuthorizedForActionsOnResource(
ResourcePattern::forDatabaseName(dbname), ActionType::dropUser)) {
return Status(ErrorCodes::Unauthorized,
@@ -861,7 +861,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
std::vector<RoleName> roles;
std::string unusedUserNameString;
BSONObj unusedWriteConcern;
@@ -959,7 +959,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
std::vector<RoleName> roles;
std::string unusedUserNameString;
BSONObj unusedWriteConcern;
@@ -1061,7 +1061,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
auth::UsersInfoArgs args;
Status status = auth::parseUsersInfoCommand(cmdObj, dbname, &args);
if (!status.isOK()) {
@@ -1201,7 +1201,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
auth::CreateOrUpdateRoleArgs args;
Status status = auth::parseCreateOrUpdateRoleCommands(cmdObj,
"createRole",
@@ -1346,7 +1346,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
auth::CreateOrUpdateRoleArgs args;
Status status = auth::parseCreateOrUpdateRoleCommands(cmdObj,
"updateRole",
@@ -1477,7 +1477,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
PrivilegeVector privileges;
RoleName unusedRoleName;
BSONObj unusedWriteConcern;
@@ -1614,7 +1614,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
PrivilegeVector privileges;
RoleName unusedRoleName;
BSONObj unusedWriteConcern;
@@ -1753,7 +1753,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
std::vector<RoleName> roles;
std::string unusedUserNameString;
BSONObj unusedWriteConcern;
@@ -1873,7 +1873,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
std::vector<RoleName> roles;
std::string unusedUserNameString;
BSONObj unusedWriteConcern;
@@ -1990,7 +1990,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
RoleName roleName;
BSONObj unusedWriteConcern;
Status status = auth::parseDropRoleCommand(cmdObj,
@@ -2171,7 +2171,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
if (!authzSession->isAuthorizedForActionsOnResource(
ResourcePattern::forDatabaseName(dbname), ActionType::dropRole)) {
return Status(ErrorCodes::Unauthorized,
@@ -2306,7 +2306,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
auth::RolesInfoArgs args;
Status status = auth::parseRolesInfoCommand(cmdObj, dbname, &args);
if (!status.isOK()) {
@@ -2412,7 +2412,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
if (!authzSession->isAuthorizedForActionsOnResource(
ResourcePattern::forClusterResource(), ActionType::invalidateUserCache)) {
return Status(ErrorCodes::Unauthorized, "Not authorized to invalidate user cache");
@@ -2456,7 +2456,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
if (!authzSession->isAuthorizedForActionsOnResource(
ResourcePattern::forClusterResource(), ActionType::internal)) {
return Status(ErrorCodes::Unauthorized, "Not authorized to get cache generation");
@@ -2517,7 +2517,7 @@ namespace mongo {
return status;
}
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
ActionSet actions;
actions.addAction(ActionType::createUser);
actions.addAction(ActionType::createRole);
diff --git a/src/mongo/db/commands/write_commands/write_commands.cpp b/src/mongo/db/commands/write_commands/write_commands.cpp
index 3b6cdba6a64..0fdecdf7786 100644
--- a/src/mongo/db/commands/write_commands/write_commands.cpp
+++ b/src/mongo/db/commands/write_commands/write_commands.cpp
@@ -97,7 +97,7 @@ namespace mongo {
const std::string& dbname,
const BSONObj& cmdObj ) {
- Status status( auth::checkAuthForWriteCommand( client->getAuthorizationSession(),
+ Status status( auth::checkAuthForWriteCommand( AuthorizationSession::get(client),
_writeType,
NamespaceString( parseNs( dbname, cmdObj ) ),
cmdObj ));
diff --git a/src/mongo/db/dbcommands.cpp b/src/mongo/db/dbcommands.cpp
index 7857b22e502..510be597a87 100644
--- a/src/mongo/db/dbcommands.cpp
+++ b/src/mongo/db/dbcommands.cpp
@@ -306,7 +306,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
if (cmdObj.firstElement().numberInt() == -1 && !cmdObj.hasField("slowms")) {
// If you just want to get the current profiling level you can do so with just
@@ -488,7 +488,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
if (cmdObj["capped"].trueValue()) {
if (!authzSession->isAuthorizedForActionsOnResource(
parseResourcePattern(dbname, cmdObj), ActionType::convertToCapped)) {
@@ -1250,7 +1250,7 @@ namespace mongo {
// in that code path that must not see the impersonated user and roles array elements.
std::vector<UserName> parsedUserNames;
std::vector<RoleName> parsedRoleNames;
- AuthorizationSession* authSession = txn->getClient()->getAuthorizationSession();
+ AuthorizationSession* authSession = AuthorizationSession::get(txn->getClient());
bool rolesFieldIsPresent = false;
bool usersFieldIsPresent = false;
audit::parseAndRemoveImpersonatedRolesField(cmdObj,
diff --git a/src/mongo/db/dbwebserver.cpp b/src/mongo/db/dbwebserver.cpp
index a1de920ba2b..d7066322b02 100644
--- a/src/mongo/db/dbwebserver.cpp
+++ b/src/mongo/db/dbwebserver.cpp
@@ -420,7 +420,7 @@ namespace {
vector<string>& headers,
const SockAddr &from) {
- AuthorizationSession* authSess = cc().getAuthorizationSession();
+ AuthorizationSession* authSess = AuthorizationSession::get(cc());
if (!authSess->getAuthorizationManager().isAuthEnabled()) {
return true;
}
@@ -448,7 +448,7 @@ namespace {
UserName userName(parms["username"], "admin");
User* user;
AuthorizationManager& authzManager =
- cc().getAuthorizationSession()->getAuthorizationManager();
+ AuthorizationSession::get(cc())->getAuthorizationManager();
Status status = authzManager.acquireUser(txn, userName, &user);
if (!status.isOK()) {
if (status.code() != ErrorCodes::UserNotFound) {
diff --git a/src/mongo/db/exec/group.cpp b/src/mongo/db/exec/group.cpp
index 435b48f47b2..85e7d613cc2 100644
--- a/src/mongo/db/exec/group.cpp
+++ b/src/mongo/db/exec/group.cpp
@@ -91,7 +91,7 @@ namespace mongo {
void GroupStage::initGroupScripting() {
// Initialize _scope.
const std::string userToken =
- ClientBasic::getCurrent()->getAuthorizationSession()
+ AuthorizationSession::get(ClientBasic::getCurrent())
->getAuthenticatedUserNamesToken();
const NamespaceString nss(_request.ns);
diff --git a/src/mongo/db/index_builder.cpp b/src/mongo/db/index_builder.cpp
index 62eef061ff6..35ebcee4bb4 100644
--- a/src/mongo/db/index_builder.cpp
+++ b/src/mongo/db/index_builder.cpp
@@ -85,7 +85,7 @@ namespace {
OperationContextImpl txn;
txn.lockState()->setIsBatchWriter(true);
- txn.getClient()->getAuthorizationSession()->grantInternalAuthorization();
+ AuthorizationSession::get(txn.getClient())->grantInternalAuthorization();
txn.getCurOp()->reset(HostAndPort(), dbInsert);
NamespaceString ns(_index["ns"].String());
diff --git a/src/mongo/db/index_rebuilder.cpp b/src/mongo/db/index_rebuilder.cpp
index b73d76acd3e..3dbbb133e20 100644
--- a/src/mongo/db/index_rebuilder.cpp
+++ b/src/mongo/db/index_rebuilder.cpp
@@ -150,7 +150,7 @@ namespace {
} // namespace
void restartInProgressIndexesFromLastShutdown(OperationContext* txn) {
- txn->getClient()->getAuthorizationSession()->grantInternalAuthorization();
+ AuthorizationSession::get(txn->getClient())->grantInternalAuthorization();
std::vector<std::string> dbNames;
diff --git a/src/mongo/db/instance.cpp b/src/mongo/db/instance.cpp
index 4554866b796..a1ddfc65817 100644
--- a/src/mongo/db/instance.cpp
+++ b/src/mongo/db/instance.cpp
@@ -343,7 +343,7 @@ namespace {
try {
Client* client = txn->getClient();
- Status status = client->getAuthorizationSession()->checkAuthForQuery(nss, q.query);
+ Status status = AuthorizationSession::get(client)->checkAuthForQuery(nss, q.query);
audit::logQueryAuthzCheck(client, nss, q.query, status.code());
uassertStatusOK(status);
@@ -383,8 +383,8 @@ namespace {
DbMessage dbmsg(m);
Client& c = *txn->getClient();
- if (!txn->getClient()->isInDirectClient()) {
- c.getAuthorizationSession()->startRequest(txn);
+ if (!c.isInDirectClient()) {
+ AuthorizationSession::get(c)->startRequest(txn);
// We should not be holding any locks at this point
invariant(!txn->lockState()->isLocked());
@@ -641,7 +641,7 @@ namespace {
bool multi = flags & UpdateOption_Multi;
bool broadcast = flags & UpdateOption_Broadcast;
- Status status = txn->getClient()->getAuthorizationSession()->checkAuthForUpdate(nsString,
+ Status status = AuthorizationSession::get(txn->getClient())->checkAuthForUpdate(nsString,
query,
toupdate,
upsert);
@@ -765,7 +765,7 @@ namespace {
verify( d.moreJSObjs() );
BSONObj pattern = d.nextJsObj();
- Status status = txn->getClient()->getAuthorizationSession()->checkAuthForDelete(nsString,
+ Status status = AuthorizationSession::get(txn->getClient())->checkAuthForDelete(nsString,
pattern);
audit::logDeleteAuthzCheck(txn->getClient(), nsString, pattern, status.code());
uassertStatusOK(status);
@@ -848,7 +848,7 @@ namespace {
const NamespaceString nsString( ns );
uassert( 16258, str::stream() << "Invalid ns [" << ns << "]", nsString.isValid() );
- Status status = txn->getClient()->getAuthorizationSession()->checkAuthForGetMore(
+ Status status = AuthorizationSession::get(txn->getClient())->checkAuthForGetMore(
nsString, cursorid);
audit::logGetMoreAuthzCheck(txn->getClient(), nsString, cursorid, status.code());
uassertStatusOK(status);
@@ -1107,7 +1107,7 @@ namespace {
// Check auth for insert (also handles checking if this is an index build and checks
// for the proper privileges in that case).
- Status status = txn->getClient()->getAuthorizationSession()->checkAuthForInsert(nsString, obj);
+ Status status = AuthorizationSession::get(txn->getClient())->checkAuthForInsert(nsString, obj);
audit::logInsertAuthzCheck(txn->getClient(), nsString, obj, status.code());
uassertStatusOK(status);
}
diff --git a/src/mongo/db/introspect.cpp b/src/mongo/db/introspect.cpp
index 93b7fa405fd..8040a0b7b6b 100644
--- a/src/mongo/db/introspect.cpp
+++ b/src/mongo/db/introspect.cpp
@@ -97,7 +97,7 @@ namespace {
b.appendDate("ts", jsTime());
b.append("client", txn->getClient()->clientAddress());
- AuthorizationSession * authSession = txn->getClient()->getAuthorizationSession();
+ AuthorizationSession * authSession = AuthorizationSession::get(txn->getClient());
_appendUserInfo(*txn->getCurOp(), b, authSession);
const BSONObj p = b.done();
diff --git a/src/mongo/db/matcher/expression_where.cpp b/src/mongo/db/matcher/expression_where.cpp
index e0a3f7f082b..c2e95e2dd50 100644
--- a/src/mongo/db/matcher/expression_where.cpp
+++ b/src/mongo/db/matcher/expression_where.cpp
@@ -114,7 +114,7 @@ namespace mongo {
_code = theCode.toString();
_userScope = scope.getOwned();
- const string userToken = ClientBasic::getCurrent()->getAuthorizationSession()
+ const string userToken = AuthorizationSession::get(ClientBasic::getCurrent())
->getAuthenticatedUserNamesToken();
_scope = globalScriptEngine->getPooledScope(_txn, _dbName, "where" + userToken);
diff --git a/src/mongo/db/repl/bgsync.cpp b/src/mongo/db/repl/bgsync.cpp
index 7cdd1d42a2a..270789226f9 100644
--- a/src/mongo/db/repl/bgsync.cpp
+++ b/src/mongo/db/repl/bgsync.cpp
@@ -146,7 +146,7 @@ namespace {
void BackgroundSync::producerThread() {
Client::initThread("rsBackgroundSync");
- cc().getAuthorizationSession()->grantInternalAuthorization();
+ AuthorizationSession::get(cc())->grantInternalAuthorization();
while (!inShutdown()) {
try {
diff --git a/src/mongo/db/repl/master_slave.cpp b/src/mongo/db/repl/master_slave.cpp
index a27588382d3..10f7eef2088 100644
--- a/src/mongo/db/repl/master_slave.cpp
+++ b/src/mongo/db/repl/master_slave.cpp
@@ -1281,7 +1281,7 @@ namespace repl {
// printReplicationStatus() and printSlaveReplicationStatus() stay up-to-date even
// when things are idle.
OperationContextImpl txn;
- txn.getClient()->getAuthorizationSession()->grantInternalAuthorization();
+ AuthorizationSession::get(txn.getClient())->grantInternalAuthorization();
Lock::GlobalWrite globalWrite(txn.lockState(), 1);
if (globalWrite.isLocked()) {
@@ -1308,7 +1308,7 @@ namespace repl {
Client::initThread("replslave");
OperationContextImpl txn;
- txn.getClient()->getAuthorizationSession()->grantInternalAuthorization();
+ AuthorizationSession::get(txn.getClient())->grantInternalAuthorization();
while ( 1 ) {
try {
@@ -1338,7 +1338,7 @@ namespace repl {
if( !replSettings.slave && !replSettings.master )
return;
- txn->getClient()->getAuthorizationSession()->grantInternalAuthorization();
+ AuthorizationSession::get(txn->getClient())->grantInternalAuthorization();
{
ReplSource temp(txn); // Ensures local.me is populated
diff --git a/src/mongo/db/repl/replset_commands.cpp b/src/mongo/db/repl/replset_commands.cpp
index 8f090862013..6530c491902 100644
--- a/src/mongo/db/repl/replset_commands.cpp
+++ b/src/mongo/db/repl/replset_commands.cpp
@@ -73,7 +73,7 @@ namespace repl {
const BSONObj& cmdObj) {
ActionSet actions;
actions.addAction(ActionType::internal);
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forClusterResource(), actions)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
}
@@ -146,7 +146,7 @@ namespace repl {
const BSONObj& cmdObj) {
ActionSet actions;
actions.addAction(ActionType::replSetGetStatus);
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forClusterResource(), actions)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
}
@@ -178,7 +178,7 @@ namespace repl {
const BSONObj& cmdObj) {
ActionSet actions;
actions.addAction(ActionType::replSetGetConfig);
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forClusterResource(), actions)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
}
@@ -286,7 +286,7 @@ namespace {
const BSONObj& cmdObj) {
ActionSet actions;
actions.addAction(ActionType::replSetConfigure);
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forClusterResource(), actions)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
}
@@ -371,7 +371,7 @@ namespace {
const BSONObj& cmdObj) {
ActionSet actions;
actions.addAction(ActionType::replSetConfigure);
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forClusterResource(), actions)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
}
@@ -427,7 +427,7 @@ namespace {
const BSONObj& cmdObj) {
ActionSet actions;
actions.addAction(ActionType::replSetStateChange);
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forClusterResource(), actions)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
}
@@ -459,7 +459,7 @@ namespace {
const BSONObj& cmdObj) {
ActionSet actions;
actions.addAction(ActionType::replSetStateChange);
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forClusterResource(), actions)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
}
@@ -534,7 +534,7 @@ namespace {
const BSONObj& cmdObj) {
ActionSet actions;
actions.addAction(ActionType::replSetStateChange);
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forClusterResource(), actions)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
}
@@ -564,7 +564,7 @@ namespace {
const BSONObj& cmdObj) {
ActionSet actions;
actions.addAction(ActionType::replSetStateChange);
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forClusterResource(), actions)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
}
diff --git a/src/mongo/db/repl/rs_sync.cpp b/src/mongo/db/repl/rs_sync.cpp
index 174147fb078..dbb914d6c6e 100644
--- a/src/mongo/db/repl/rs_sync.cpp
+++ b/src/mongo/db/repl/rs_sync.cpp
@@ -63,7 +63,7 @@ namespace repl {
void runSyncThread() {
Client::initThread("rsSync");
- cc().getAuthorizationSession()->grantInternalAuthorization();
+ AuthorizationSession::get(cc())->grantInternalAuthorization();
ReplicationCoordinator* replCoord = getGlobalReplicationCoordinator();
// Set initial indexPrefetch setting
diff --git a/src/mongo/db/repl/sync_tail.cpp b/src/mongo/db/repl/sync_tail.cpp
index 00e9d59c75d..fe173e5430d 100644
--- a/src/mongo/db/repl/sync_tail.cpp
+++ b/src/mongo/db/repl/sync_tail.cpp
@@ -90,7 +90,7 @@ namespace repl {
void initializePrefetchThread() {
if (!ClientBasic::getCurrent()) {
Client::initThreadIfNotAlready();
- cc().getAuthorizationSession()->grantInternalAuthorization();
+ AuthorizationSession::get(cc())->grantInternalAuthorization();
}
}
namespace {
@@ -651,7 +651,7 @@ namespace {
// Only do this once per thread
if (!ClientBasic::getCurrent()) {
Client::initThreadIfNotAlready();
- cc().getAuthorizationSession()->grantInternalAuthorization();
+ AuthorizationSession::get(cc())->grantInternalAuthorization();
}
}
diff --git a/src/mongo/db/restapi.cpp b/src/mongo/db/restapi.cpp
index 8a1863a56dc..f582bf33a3b 100644
--- a/src/mongo/db/restapi.cpp
+++ b/src/mongo/db/restapi.cpp
@@ -273,7 +273,7 @@ namespace mongo {
} restHandler;
bool RestAdminAccess::haveAdminUsers(OperationContext* txn) const {
- AuthorizationSession* authzSession = txn->getClient()->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(txn->getClient());
return authzSession->getAuthorizationManager().hasAnyPrivilegeDocuments(txn);
}
diff --git a/src/mongo/db/server_extra_log_context.cpp b/src/mongo/db/server_extra_log_context.cpp
index e269552eb11..82ab6e7b4fd 100644
--- a/src/mongo/db/server_extra_log_context.cpp
+++ b/src/mongo/db/server_extra_log_context.cpp
@@ -52,11 +52,11 @@ namespace {
ClientBasic* clientBasic = ClientBasic::getCurrent();
if (!clientBasic)
return;
- if (!clientBasic->hasAuthorizationSession())
+ if (!AuthorizationSession::exists(clientBasic))
return;
UserNameIterator users =
- clientBasic->getAuthorizationSession()->getAuthenticatedUserNames();
+ AuthorizationSession::get(clientBasic)->getAuthenticatedUserNames();
if (!users.more())
return;
diff --git a/src/mongo/db/ttl.cpp b/src/mongo/db/ttl.cpp
index d516d9c20ee..eeb17a984a8 100644
--- a/src/mongo/db/ttl.cpp
+++ b/src/mongo/db/ttl.cpp
@@ -83,7 +83,7 @@ namespace mongo {
virtual void run() {
Client::initThread( name().c_str() );
- cc().getAuthorizationSession()->grantInternalAuthorization();
+ AuthorizationSession::get(cc())->grantInternalAuthorization();
while ( ! inShutdown() ) {
sleepsecs( ttlMonitorSleepSecs );
View Lorry Controller Status