diff options
| author | Gabriel Marks <gabriel.marks@mongodb.com> | 2020-06-26 15:42:20 +0000 |
|---|---|---|
| committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2020-07-14 18:38:47 +0000 |
| commit | f1d1e28bb59cfdda58c9bf8aaf50561eca3aea4d (patch) | |
| tree | cce0ce1d12d507149f7516199ad291f6f3778b7a /src/mongo/db | |
| parent | 526878fe931d0042000a94377501c89b403c43be (diff) | |
| download | mongo-f1d1e28bb59cfdda58c9bf8aaf50561eca3aea4d.tar.gz | |
SERVER-49114 Replace getSSLManager() with SSLManagerCoordinator
Diffstat (limited to 'src/mongo/db')
4 files changed, 16 insertions, 11 deletions
diff --git a/src/mongo/db/commands/authentication_commands.cpp b/src/mongo/db/commands/authentication_commands.cpp index 166bbd3ebe9..f146e0c8742 100644 --- a/src/mongo/db/commands/authentication_commands.cpp +++ b/src/mongo/db/commands/authentication_commands.cpp @@ -73,7 +73,7 @@ static constexpr auto kX509AuthenticationDisabledMessage = "x.509 authentication #ifdef MONGO_CONFIG_SSL Status _authenticateX509(OperationContext* opCtx, const UserName& user, const BSONObj& cmdObj) { - if (!getSSLManager()) { + if (!opCtx->getClient()->session()->getSSLManager()) { return Status(ErrorCodes::ProtocolError, "SSL support is required for the MONGODB-X509 mechanism."); } diff --git a/src/mongo/db/commands/server_status_servers.cpp b/src/mongo/db/commands/server_status_servers.cpp index c208ae96e36..85a57202370 100644 --- a/src/mongo/db/commands/server_status_servers.cpp +++ b/src/mongo/db/commands/server_status_servers.cpp @@ -110,8 +110,11 @@ public: result.append("authentication", auth.obj()); #ifdef MONGO_CONFIG_SSL - if (getSSLManager()) { - getSSLManager()->getSSLConfiguration().getServerStatusBSON(&result); + if (SSLManagerCoordinator::get()) { + SSLManagerCoordinator::get() + ->getSSLManager() + ->getSSLConfiguration() + .getServerStatusBSON(&result); } #endif diff --git a/src/mongo/db/commands/user_management_commands.cpp b/src/mongo/db/commands/user_management_commands.cpp index d6f95c0e64f..fe1841aa8f9 100644 --- a/src/mongo/db/commands/user_management_commands.cpp +++ b/src/mongo/db/commands/user_management_commands.cpp @@ -839,12 +839,12 @@ void CmdUMCTyped<CreateUserCommand, void>::Invocation::typedRun(OperationContext (cmd.getMechanisms() == boost::none) || !cmd.getMechanisms()->empty()); #ifdef MONGO_CONFIG_SSL + auto configuration = opCtx->getClient()->session()->getSSLConfiguration(); uassert(ErrorCodes::BadValue, "Cannot create an x.509 user with a subjectname that would be " "recognized as an internal cluster member", - (dbname != "$external") || !getSSLManager() || - !opCtx->getClient()->session()->getSSLConfiguration()->isClusterMember( - userName.getUser())); + (dbname != "$external") || !configuration || + !configuration->isClusterMember(userName.getUser())); #endif // Synthesize a user document diff --git a/src/mongo/db/initialize_server_security_state.cpp b/src/mongo/db/initialize_server_security_state.cpp index cb9c29b63bd..93b19abed90 100644 --- a/src/mongo/db/initialize_server_security_state.cpp +++ b/src/mongo/db/initialize_server_security_state.cpp @@ -62,11 +62,13 @@ bool initializeServerSecurityGlobalState(ServiceContext* service) { #ifdef MONGO_CONFIG_SSL if (clusterAuthMode == ServerGlobalParams::ClusterAuthMode_x509 || clusterAuthMode == ServerGlobalParams::ClusterAuthMode_sendX509) { - auth::setInternalUserAuthParams( - BSON(saslCommandMechanismFieldName - << "MONGODB-X509" << saslCommandUserDBFieldName << "$external" - << saslCommandUserFieldName - << getSSLManager()->getSSLConfiguration().clientSubjectName.toString())); + auth::setInternalUserAuthParams(BSON(saslCommandMechanismFieldName + << "MONGODB-X509" << saslCommandUserDBFieldName + << "$external" << saslCommandUserFieldName + << SSLManagerCoordinator::get() + ->getSSLManager() + ->getSSLConfiguration() + .clientSubjectName.toString())); } #endif |