summaryrefslogtreecommitdiff
path: root/src/mongo/s
diff options
context:
space:
mode:
authorAndy Schwerin <schwerin@mongodb.com>2015-04-07 15:15:59 -0400
committerAndy Schwerin <schwerin@mongodb.com>2015-04-16 16:00:28 -0400
commiteb8025a6ff2c3652a1f89ae513f7a4a98cd4e2ab (patch)
tree07d6d6fd9ad11758f0122a9f4d721f4ec6901e0a /src/mongo/s
parenta377aa8648de036659bbb4e67c8dfa030299718b (diff)
downloadmongo-eb8025a6ff2c3652a1f89ae513f7a4a98cd4e2ab.tar.gz
SERVER-17817 Make AuthorizationSession a decoration of ClientBasic.
Diffstat (limited to 'src/mongo/s')
-rw-r--r--src/mongo/s/client_info.cpp3
-rw-r--r--src/mongo/s/commands/cluster_current_op.cpp2
-rw-r--r--src/mongo/s/commands/cluster_enable_sharding_cmd.cpp2
-rw-r--r--src/mongo/s/commands/cluster_find_cmd.cpp2
-rw-r--r--src/mongo/s/commands/cluster_get_shard_version_cmd.cpp2
-rw-r--r--src/mongo/s/commands/cluster_index_filter_cmd.cpp2
-rw-r--r--src/mongo/s/commands/cluster_kill_op.cpp2
-rw-r--r--src/mongo/s/commands/cluster_merge_chunks_cmd.cpp2
-rw-r--r--src/mongo/s/commands/cluster_move_chunk_cmd.cpp2
-rw-r--r--src/mongo/s/commands/cluster_move_primary_cmd.cpp2
-rw-r--r--src/mongo/s/commands/cluster_plan_cache_cmd.cpp2
-rw-r--r--src/mongo/s/commands/cluster_shard_collection_cmd.cpp2
-rw-r--r--src/mongo/s/commands/cluster_split_collection_cmd.cpp2
-rw-r--r--src/mongo/s/commands/cluster_write_cmd.cpp2
-rw-r--r--src/mongo/s/commands_public.cpp6
-rw-r--r--src/mongo/s/cursors.cpp2
-rw-r--r--src/mongo/s/d_migrate.cpp4
-rw-r--r--src/mongo/s/d_split.cpp4
-rw-r--r--src/mongo/s/d_state.cpp2
-rw-r--r--src/mongo/s/request.cpp2
-rw-r--r--src/mongo/s/s_only.cpp2
-rw-r--r--src/mongo/s/strategy.cpp4
22 files changed, 28 insertions, 27 deletions
diff --git a/src/mongo/s/client_info.cpp b/src/mongo/s/client_info.cpp
index bc7f0a91f15..98db7d326f2 100644
--- a/src/mongo/s/client_info.cpp
+++ b/src/mongo/s/client_info.cpp
@@ -52,7 +52,8 @@ namespace {
ClientInfo * info = tlInfo.get();
massert(16472, "A ClientInfo already exists for this thread", !info);
info = new ClientInfo(serviceContext, messagingPort);
- info->setAuthorizationSession(getGlobalAuthorizationManager()->makeAuthorizationSession());
+ AuthorizationSession::set(info,
+ getGlobalAuthorizationManager()->makeAuthorizationSession());
tlInfo.reset( info );
return info;
}
diff --git a/src/mongo/s/commands/cluster_current_op.cpp b/src/mongo/s/commands/cluster_current_op.cpp
index 50c5ad4390c..c4de4dcee82 100644
--- a/src/mongo/s/commands/cluster_current_op.cpp
+++ b/src/mongo/s/commands/cluster_current_op.cpp
@@ -67,7 +67,7 @@ namespace {
const BSONObj& cmdObj) final {
- bool isAuthorized = client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ bool isAuthorized = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forClusterResource(),
ActionType::inprog);
diff --git a/src/mongo/s/commands/cluster_enable_sharding_cmd.cpp b/src/mongo/s/commands/cluster_enable_sharding_cmd.cpp
index b100d306594..f9fc4e23938 100644
--- a/src/mongo/s/commands/cluster_enable_sharding_cmd.cpp
+++ b/src/mongo/s/commands/cluster_enable_sharding_cmd.cpp
@@ -74,7 +74,7 @@ namespace {
const std::string& dbname,
const BSONObj& cmdObj) {
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forDatabaseName(
parseNs(dbname, cmdObj)),
ActionType::enableSharding)) {
diff --git a/src/mongo/s/commands/cluster_find_cmd.cpp b/src/mongo/s/commands/cluster_find_cmd.cpp
index d6fe443c252..e1ddbf568ec 100644
--- a/src/mongo/s/commands/cluster_find_cmd.cpp
+++ b/src/mongo/s/commands/cluster_find_cmd.cpp
@@ -72,7 +72,7 @@ namespace mongo {
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
ResourcePattern pattern = parseResourcePattern(dbname, cmdObj);
if (authzSession->isAuthorizedForActionsOnResource(pattern, ActionType::find)) {
diff --git a/src/mongo/s/commands/cluster_get_shard_version_cmd.cpp b/src/mongo/s/commands/cluster_get_shard_version_cmd.cpp
index 04cff5e0b80..1f7d9567a31 100644
--- a/src/mongo/s/commands/cluster_get_shard_version_cmd.cpp
+++ b/src/mongo/s/commands/cluster_get_shard_version_cmd.cpp
@@ -70,7 +70,7 @@ namespace {
const std::string& dbname,
const BSONObj& cmdObj) {
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forExactNamespace(
NamespaceString(parseNs(dbname,
cmdObj))),
diff --git a/src/mongo/s/commands/cluster_index_filter_cmd.cpp b/src/mongo/s/commands/cluster_index_filter_cmd.cpp
index c66e2802db9..f39ca1bfd7b 100644
--- a/src/mongo/s/commands/cluster_index_filter_cmd.cpp
+++ b/src/mongo/s/commands/cluster_index_filter_cmd.cpp
@@ -72,7 +72,7 @@ namespace mongo {
Status checkAuthForCommand( ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj ) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
ResourcePattern pattern = parseResourcePattern(dbname, cmdObj);
if (authzSession->isAuthorizedForActionsOnResource(pattern,
diff --git a/src/mongo/s/commands/cluster_kill_op.cpp b/src/mongo/s/commands/cluster_kill_op.cpp
index d5199c3a432..c782d4a8811 100644
--- a/src/mongo/s/commands/cluster_kill_op.cpp
+++ b/src/mongo/s/commands/cluster_kill_op.cpp
@@ -62,7 +62,7 @@ namespace {
const std::string& dbname,
const BSONObj& cmdObj) final {
- bool isAuthorized = client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ bool isAuthorized = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forClusterResource(),
ActionType::killop);
return isAuthorized ? Status::OK() : Status(ErrorCodes::Unauthorized, "Unauthorized");
diff --git a/src/mongo/s/commands/cluster_merge_chunks_cmd.cpp b/src/mongo/s/commands/cluster_merge_chunks_cmd.cpp
index 64c764a57f5..b7e1ae63723 100644
--- a/src/mongo/s/commands/cluster_merge_chunks_cmd.cpp
+++ b/src/mongo/s/commands/cluster_merge_chunks_cmd.cpp
@@ -67,7 +67,7 @@ namespace {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))),
ActionType::splitChunk)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
diff --git a/src/mongo/s/commands/cluster_move_chunk_cmd.cpp b/src/mongo/s/commands/cluster_move_chunk_cmd.cpp
index 4ccac602f46..f904c9f1ebf 100644
--- a/src/mongo/s/commands/cluster_move_chunk_cmd.cpp
+++ b/src/mongo/s/commands/cluster_move_chunk_cmd.cpp
@@ -84,7 +84,7 @@ namespace {
const std::string& dbname,
const BSONObj& cmdObj) {
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forExactNamespace(
NamespaceString(parseNs(dbname,
cmdObj))),
diff --git a/src/mongo/s/commands/cluster_move_primary_cmd.cpp b/src/mongo/s/commands/cluster_move_primary_cmd.cpp
index 6e9504ef768..ef050861532 100644
--- a/src/mongo/s/commands/cluster_move_primary_cmd.cpp
+++ b/src/mongo/s/commands/cluster_move_primary_cmd.cpp
@@ -79,7 +79,7 @@ namespace {
const std::string& dbname,
const BSONObj& cmdObj) {
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forDatabaseName(
parseNs(dbname, cmdObj)),
ActionType::moveChunk)) {
diff --git a/src/mongo/s/commands/cluster_plan_cache_cmd.cpp b/src/mongo/s/commands/cluster_plan_cache_cmd.cpp
index bd22961aa71..e6d1c75d5fe 100644
--- a/src/mongo/s/commands/cluster_plan_cache_cmd.cpp
+++ b/src/mongo/s/commands/cluster_plan_cache_cmd.cpp
@@ -72,7 +72,7 @@ namespace mongo {
Status checkAuthForCommand( ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj ) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
ResourcePattern pattern = parseResourcePattern(dbname, cmdObj);
if (authzSession->isAuthorizedForActionsOnResource(pattern, _actionType)) {
diff --git a/src/mongo/s/commands/cluster_shard_collection_cmd.cpp b/src/mongo/s/commands/cluster_shard_collection_cmd.cpp
index 61d00764223..5adb6974e68 100644
--- a/src/mongo/s/commands/cluster_shard_collection_cmd.cpp
+++ b/src/mongo/s/commands/cluster_shard_collection_cmd.cpp
@@ -88,7 +88,7 @@ namespace {
const std::string& dbname,
const BSONObj& cmdObj) {
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forExactNamespace(
NamespaceString(parseNs(dbname,
cmdObj))),
diff --git a/src/mongo/s/commands/cluster_split_collection_cmd.cpp b/src/mongo/s/commands/cluster_split_collection_cmd.cpp
index f3663510c29..9b613a5fe7e 100644
--- a/src/mongo/s/commands/cluster_split_collection_cmd.cpp
+++ b/src/mongo/s/commands/cluster_split_collection_cmd.cpp
@@ -83,7 +83,7 @@ namespace {
const std::string& dbname,
const BSONObj& cmdObj) {
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forExactNamespace(
NamespaceString(parseNs(dbname,
cmdObj))),
diff --git a/src/mongo/s/commands/cluster_write_cmd.cpp b/src/mongo/s/commands/cluster_write_cmd.cpp
index d66673f5eea..2985debc4a7 100644
--- a/src/mongo/s/commands/cluster_write_cmd.cpp
+++ b/src/mongo/s/commands/cluster_write_cmd.cpp
@@ -77,7 +77,7 @@ namespace {
const std::string& dbname,
const BSONObj& cmdObj) {
- Status status = auth::checkAuthForWriteCommand(client->getAuthorizationSession(),
+ Status status = auth::checkAuthForWriteCommand(AuthorizationSession::get(client),
_writeType,
NamespaceString(parseNs(dbname,
cmdObj)),
diff --git a/src/mongo/s/commands_public.cpp b/src/mongo/s/commands_public.cpp
index 6f11511073d..8486b3cccf0 100644
--- a/src/mongo/s/commands_public.cpp
+++ b/src/mongo/s/commands_public.cpp
@@ -534,7 +534,7 @@ namespace {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
if (cmdObj["capped"].trueValue()) {
if (!authzSession->isAuthorizedForActionsOnResource(
parseResourcePattern(dbname, cmdObj), ActionType::convertToCapped)) {
@@ -1191,7 +1191,7 @@ namespace {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname,
cmdObj))),
ActionType::splitVector)) {
@@ -2449,7 +2449,7 @@ namespace {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- AuthorizationSession* authzSession = client->getAuthorizationSession();
+ AuthorizationSession* authzSession = AuthorizationSession::get(client);
// Check for the listCollections ActionType on the database
// or find on system.namespaces for pre 3.0 systems.
diff --git a/src/mongo/s/cursors.cpp b/src/mongo/s/cursors.cpp
index 10c518d0ecc..241299c80b0 100644
--- a/src/mongo/s/cursors.cpp
+++ b/src/mongo/s/cursors.cpp
@@ -383,7 +383,7 @@ namespace mongo {
ConstDataCursor cursors(dbmessage.getArray(n));
ClientBasic* client = ClientBasic::getCurrent();
- AuthorizationSession* authSession = client->getAuthorizationSession();
+ AuthorizationSession* authSession = AuthorizationSession::get(client);
for ( int i=0; i<n; i++ ) {
long long id = cursors.readAndAdvance<LittleEndian<int64_t>>();
LOG(_myLogLevel) << "CursorCache::gotKillCursors id: " << id << endl;
diff --git a/src/mongo/s/d_migrate.cpp b/src/mongo/s/d_migrate.cpp
index 8d6945f48a2..d074a1adfb0 100644
--- a/src/mongo/s/d_migrate.cpp
+++ b/src/mongo/s/d_migrate.cpp
@@ -998,7 +998,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))),
ActionType::moveChunk)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
@@ -2653,7 +2653,7 @@ namespace mongo {
OperationContextImpl txn;
if (getGlobalAuthorizationManager()->isAuthEnabled()) {
ShardedConnectionInfo::addHook();
- txn.getClient()->getAuthorizationSession()->grantInternalAuthorization();
+ AuthorizationSession::get(txn.getClient())->grantInternalAuthorization();
}
// Make curop active so this will show up in currOp.
diff --git a/src/mongo/s/d_split.cpp b/src/mongo/s/d_split.cpp
index f54e4188286..43f6a44436d 100644
--- a/src/mongo/s/d_split.cpp
+++ b/src/mongo/s/d_split.cpp
@@ -245,7 +245,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))),
ActionType::splitVector)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
@@ -511,7 +511,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))),
ActionType::splitChunk)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
diff --git a/src/mongo/s/d_state.cpp b/src/mongo/s/d_state.cpp
index 14f1ad76c9a..626881edafc 100644
--- a/src/mongo/s/d_state.cpp
+++ b/src/mongo/s/d_state.cpp
@@ -1229,7 +1229,7 @@ namespace mongo {
virtual Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
- if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+ if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))),
ActionType::getShardVersion)) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
diff --git a/src/mongo/s/request.cpp b/src/mongo/s/request.cpp
index c189055c747..a629478a366 100644
--- a/src/mongo/s/request.cpp
+++ b/src/mongo/s/request.cpp
@@ -81,7 +81,7 @@ namespace mongo {
nss.isValid());
}
- _clientInfo->getAuthorizationSession()->startRequest(NULL);
+ AuthorizationSession::get(_clientInfo)->startRequest(NULL);
_didInit = true;
}
diff --git a/src/mongo/s/s_only.cpp b/src/mongo/s/s_only.cpp
index 8267f63e19b..be5f6bdfc53 100644
--- a/src/mongo/s/s_only.cpp
+++ b/src/mongo/s/s_only.cpp
@@ -84,7 +84,7 @@ namespace mongo {
Client *c = new Client( fullDesc, getGlobalServiceContext(), mp );
currentClient.reset(c);
mongo::lastError.initThread();
- c->setAuthorizationSession(getGlobalAuthorizationManager()->makeAuthorizationSession());
+ AuthorizationSession::set(c, getGlobalAuthorizationManager()->makeAuthorizationSession());
}
string Client::clientAddress(bool includePort) const {
diff --git a/src/mongo/s/strategy.cpp b/src/mongo/s/strategy.cpp
index 769be5ceeca..f0d46b5fa44 100644
--- a/src/mongo/s/strategy.cpp
+++ b/src/mongo/s/strategy.cpp
@@ -151,7 +151,7 @@ namespace mongo {
NamespaceString ns(q.ns);
ClientBasic* client = ClientBasic::getCurrent();
- AuthorizationSession* authSession = client->getAuthorizationSession();
+ AuthorizationSession* authSession = AuthorizationSession::get(client);
Status status = authSession->checkAuthForQuery(ns, q.query);
audit::logQueryAuthzCheck(client, ns, q.query, status.code());
uassertStatusOK(status);
@@ -579,7 +579,7 @@ namespace mongo {
ClientBasic* client = ClientBasic::getCurrent();
NamespaceString nsString(ns);
- AuthorizationSession* authSession = client->getAuthorizationSession();
+ AuthorizationSession* authSession = AuthorizationSession::get(client);
Status status = authSession->checkAuthForGetMore( nsString, id );
audit::logGetMoreAuthzCheck( client, nsString, id, status.code() );
uassertStatusOK(status);
View Lorry Controller Status