diff options
author | Randolph Tan <randolph@10gen.com> | 2017-05-01 14:37:16 -0400 |
---|---|---|
committer | Randolph Tan <randolph@10gen.com> | 2017-05-22 10:59:36 -0400 |
commit | 8edbf46a78494ae034e8faa982c8f8bdcd5c3ef4 (patch) | |
tree | e5484224ac87be90ffb8b24d25beb97f07ab5d01 /src/mongo/rpc/metadata.cpp | |
parent | b035e46ec65088885d8b934af235481f294af77f (diff) | |
download | mongo-8edbf46a78494ae034e8faa982c8f8bdcd5c3ef4.tar.gz |
SERVER-28127 Integrate KeyManager to LogicalClock
Diffstat (limited to 'src/mongo/rpc/metadata.cpp')
-rw-r--r-- | src/mongo/rpc/metadata.cpp | 42 |
1 files changed, 7 insertions, 35 deletions
diff --git a/src/mongo/rpc/metadata.cpp b/src/mongo/rpc/metadata.cpp index 80046bdad58..7b35b2c7821 100644 --- a/src/mongo/rpc/metadata.cpp +++ b/src/mongo/rpc/metadata.cpp @@ -30,12 +30,7 @@ #include "mongo/rpc/metadata.h" -#include "mongo/base/init.h" #include "mongo/client/dbclientinterface.h" -#include "mongo/db/auth/action_set.h" -#include "mongo/db/auth/action_type.h" -#include "mongo/db/auth/authorization_session.h" -#include "mongo/db/auth/privilege.h" #include "mongo/db/jsobj.h" #include "mongo/db/logical_clock.h" #include "mongo/db/logical_time_validator.h" @@ -49,27 +44,6 @@ namespace mongo { namespace rpc { -namespace { - -std::vector<Privilege> advanceLogicalClockPrivilege; - -MONGO_INITIALIZER(InitializeAdvanceLogicalClockPrivilegeVector)(InitializerContext* const) { - ActionSet actions; - actions.addAction(ActionType::internal); - advanceLogicalClockPrivilege.emplace_back(ResourcePattern::forClusterResource(), actions); - return Status::OK(); -} - -bool isAuthorizedToAdvanceClock(OperationContext* opCtx) { - auto client = opCtx->getClient(); - // Note: returns true if auth is off, courtesy of - // AuthzSessionExternalStateServerCommon::shouldIgnoreAuthChecks. - return AuthorizationSession::get(client)->isAuthorizedForPrivileges( - advanceLogicalClockPrivilege); -} - -} // unnamed namespace - BSONObj makeEmptyMetadata() { return BSONObj(); } @@ -124,16 +98,14 @@ void readRequestMetadata(OperationContext* opCtx, const BSONObj& metadataObj) { // default constructed SignedLogicalTime should be ignored. if (signedTime.getTime() != LogicalTime::kUninitialized) { auto logicalTimeValidator = LogicalTimeValidator::get(opCtx); - if (isAuthorizedToAdvanceClock(opCtx)) { - if (logicalTimeValidator) { - logicalTimeValidator->updateCacheTrustedSource(signedTime); + if (!LogicalTimeValidator::isAuthorizedToAdvanceClock(opCtx)) { + if (!logicalTimeValidator) { + uasserted(ErrorCodes::CannotVerifyAndSignLogicalTime, + "Cannot accept logicalTime: " + signedTime.getTime().toString() + + ". May not be a part of a sharded cluster"); + } else { + uassertStatusOK(logicalTimeValidator->validate(opCtx, signedTime)); } - } else if (!logicalTimeValidator) { - uasserted(ErrorCodes::CannotVerifyAndSignLogicalTime, - "Cannot accept logicalTime: " + signedTime.getTime().toString() + - ". May not be a part of a sharded cluster"); - } else { - uassertStatusOK(logicalTimeValidator->validate(signedTime)); } uassertStatusOK(logicalClock->advanceClusterTime(signedTime.getTime())); |