diff options
author | Andy Schwerin <schwerin@mongodb.com> | 2015-04-07 15:15:59 -0400 |
---|---|---|
committer | Andy Schwerin <schwerin@mongodb.com> | 2015-04-16 16:00:28 -0400 |
commit | eb8025a6ff2c3652a1f89ae513f7a4a98cd4e2ab (patch) | |
tree | 07d6d6fd9ad11758f0122a9f4d721f4ec6901e0a /src/mongo/s | |
parent | a377aa8648de036659bbb4e67c8dfa030299718b (diff) | |
download | mongo-eb8025a6ff2c3652a1f89ae513f7a4a98cd4e2ab.tar.gz |
SERVER-17817 Make AuthorizationSession a decoration of ClientBasic.
Diffstat (limited to 'src/mongo/s')
22 files changed, 28 insertions, 27 deletions
diff --git a/src/mongo/s/client_info.cpp b/src/mongo/s/client_info.cpp index bc7f0a91f15..98db7d326f2 100644 --- a/src/mongo/s/client_info.cpp +++ b/src/mongo/s/client_info.cpp @@ -52,7 +52,8 @@ namespace { ClientInfo * info = tlInfo.get(); massert(16472, "A ClientInfo already exists for this thread", !info); info = new ClientInfo(serviceContext, messagingPort); - info->setAuthorizationSession(getGlobalAuthorizationManager()->makeAuthorizationSession()); + AuthorizationSession::set(info, + getGlobalAuthorizationManager()->makeAuthorizationSession()); tlInfo.reset( info ); return info; } diff --git a/src/mongo/s/commands/cluster_current_op.cpp b/src/mongo/s/commands/cluster_current_op.cpp index 50c5ad4390c..c4de4dcee82 100644 --- a/src/mongo/s/commands/cluster_current_op.cpp +++ b/src/mongo/s/commands/cluster_current_op.cpp @@ -67,7 +67,7 @@ namespace { const BSONObj& cmdObj) final { - bool isAuthorized = client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + bool isAuthorized = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::inprog); diff --git a/src/mongo/s/commands/cluster_enable_sharding_cmd.cpp b/src/mongo/s/commands/cluster_enable_sharding_cmd.cpp index b100d306594..f9fc4e23938 100644 --- a/src/mongo/s/commands/cluster_enable_sharding_cmd.cpp +++ b/src/mongo/s/commands/cluster_enable_sharding_cmd.cpp @@ -74,7 +74,7 @@ namespace { const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forDatabaseName( parseNs(dbname, cmdObj)), ActionType::enableSharding)) { diff --git a/src/mongo/s/commands/cluster_find_cmd.cpp b/src/mongo/s/commands/cluster_find_cmd.cpp index d6fe443c252..e1ddbf568ec 100644 --- a/src/mongo/s/commands/cluster_find_cmd.cpp +++ b/src/mongo/s/commands/cluster_find_cmd.cpp @@ -72,7 +72,7 @@ namespace mongo { const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); ResourcePattern pattern = parseResourcePattern(dbname, cmdObj); if (authzSession->isAuthorizedForActionsOnResource(pattern, ActionType::find)) { diff --git a/src/mongo/s/commands/cluster_get_shard_version_cmd.cpp b/src/mongo/s/commands/cluster_get_shard_version_cmd.cpp index 04cff5e0b80..1f7d9567a31 100644 --- a/src/mongo/s/commands/cluster_get_shard_version_cmd.cpp +++ b/src/mongo/s/commands/cluster_get_shard_version_cmd.cpp @@ -70,7 +70,7 @@ namespace { const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace( NamespaceString(parseNs(dbname, cmdObj))), diff --git a/src/mongo/s/commands/cluster_index_filter_cmd.cpp b/src/mongo/s/commands/cluster_index_filter_cmd.cpp index c66e2802db9..f39ca1bfd7b 100644 --- a/src/mongo/s/commands/cluster_index_filter_cmd.cpp +++ b/src/mongo/s/commands/cluster_index_filter_cmd.cpp @@ -72,7 +72,7 @@ namespace mongo { Status checkAuthForCommand( ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj ) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); ResourcePattern pattern = parseResourcePattern(dbname, cmdObj); if (authzSession->isAuthorizedForActionsOnResource(pattern, diff --git a/src/mongo/s/commands/cluster_kill_op.cpp b/src/mongo/s/commands/cluster_kill_op.cpp index d5199c3a432..c782d4a8811 100644 --- a/src/mongo/s/commands/cluster_kill_op.cpp +++ b/src/mongo/s/commands/cluster_kill_op.cpp @@ -62,7 +62,7 @@ namespace { const std::string& dbname, const BSONObj& cmdObj) final { - bool isAuthorized = client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + bool isAuthorized = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::killop); return isAuthorized ? Status::OK() : Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/s/commands/cluster_merge_chunks_cmd.cpp b/src/mongo/s/commands/cluster_merge_chunks_cmd.cpp index 64c764a57f5..b7e1ae63723 100644 --- a/src/mongo/s/commands/cluster_merge_chunks_cmd.cpp +++ b/src/mongo/s/commands/cluster_merge_chunks_cmd.cpp @@ -67,7 +67,7 @@ namespace { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))), ActionType::splitChunk)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/s/commands/cluster_move_chunk_cmd.cpp b/src/mongo/s/commands/cluster_move_chunk_cmd.cpp index 4ccac602f46..f904c9f1ebf 100644 --- a/src/mongo/s/commands/cluster_move_chunk_cmd.cpp +++ b/src/mongo/s/commands/cluster_move_chunk_cmd.cpp @@ -84,7 +84,7 @@ namespace { const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace( NamespaceString(parseNs(dbname, cmdObj))), diff --git a/src/mongo/s/commands/cluster_move_primary_cmd.cpp b/src/mongo/s/commands/cluster_move_primary_cmd.cpp index 6e9504ef768..ef050861532 100644 --- a/src/mongo/s/commands/cluster_move_primary_cmd.cpp +++ b/src/mongo/s/commands/cluster_move_primary_cmd.cpp @@ -79,7 +79,7 @@ namespace { const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forDatabaseName( parseNs(dbname, cmdObj)), ActionType::moveChunk)) { diff --git a/src/mongo/s/commands/cluster_plan_cache_cmd.cpp b/src/mongo/s/commands/cluster_plan_cache_cmd.cpp index bd22961aa71..e6d1c75d5fe 100644 --- a/src/mongo/s/commands/cluster_plan_cache_cmd.cpp +++ b/src/mongo/s/commands/cluster_plan_cache_cmd.cpp @@ -72,7 +72,7 @@ namespace mongo { Status checkAuthForCommand( ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj ) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); ResourcePattern pattern = parseResourcePattern(dbname, cmdObj); if (authzSession->isAuthorizedForActionsOnResource(pattern, _actionType)) { diff --git a/src/mongo/s/commands/cluster_shard_collection_cmd.cpp b/src/mongo/s/commands/cluster_shard_collection_cmd.cpp index 61d00764223..5adb6974e68 100644 --- a/src/mongo/s/commands/cluster_shard_collection_cmd.cpp +++ b/src/mongo/s/commands/cluster_shard_collection_cmd.cpp @@ -88,7 +88,7 @@ namespace { const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace( NamespaceString(parseNs(dbname, cmdObj))), diff --git a/src/mongo/s/commands/cluster_split_collection_cmd.cpp b/src/mongo/s/commands/cluster_split_collection_cmd.cpp index f3663510c29..9b613a5fe7e 100644 --- a/src/mongo/s/commands/cluster_split_collection_cmd.cpp +++ b/src/mongo/s/commands/cluster_split_collection_cmd.cpp @@ -83,7 +83,7 @@ namespace { const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace( NamespaceString(parseNs(dbname, cmdObj))), diff --git a/src/mongo/s/commands/cluster_write_cmd.cpp b/src/mongo/s/commands/cluster_write_cmd.cpp index d66673f5eea..2985debc4a7 100644 --- a/src/mongo/s/commands/cluster_write_cmd.cpp +++ b/src/mongo/s/commands/cluster_write_cmd.cpp @@ -77,7 +77,7 @@ namespace { const std::string& dbname, const BSONObj& cmdObj) { - Status status = auth::checkAuthForWriteCommand(client->getAuthorizationSession(), + Status status = auth::checkAuthForWriteCommand(AuthorizationSession::get(client), _writeType, NamespaceString(parseNs(dbname, cmdObj)), diff --git a/src/mongo/s/commands_public.cpp b/src/mongo/s/commands_public.cpp index 6f11511073d..8486b3cccf0 100644 --- a/src/mongo/s/commands_public.cpp +++ b/src/mongo/s/commands_public.cpp @@ -534,7 +534,7 @@ namespace { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); if (cmdObj["capped"].trueValue()) { if (!authzSession->isAuthorizedForActionsOnResource( parseResourcePattern(dbname, cmdObj), ActionType::convertToCapped)) { @@ -1191,7 +1191,7 @@ namespace { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))), ActionType::splitVector)) { @@ -2449,7 +2449,7 @@ namespace { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); // Check for the listCollections ActionType on the database // or find on system.namespaces for pre 3.0 systems. diff --git a/src/mongo/s/cursors.cpp b/src/mongo/s/cursors.cpp index 10c518d0ecc..241299c80b0 100644 --- a/src/mongo/s/cursors.cpp +++ b/src/mongo/s/cursors.cpp @@ -383,7 +383,7 @@ namespace mongo { ConstDataCursor cursors(dbmessage.getArray(n)); ClientBasic* client = ClientBasic::getCurrent(); - AuthorizationSession* authSession = client->getAuthorizationSession(); + AuthorizationSession* authSession = AuthorizationSession::get(client); for ( int i=0; i<n; i++ ) { long long id = cursors.readAndAdvance<LittleEndian<int64_t>>(); LOG(_myLogLevel) << "CursorCache::gotKillCursors id: " << id << endl; diff --git a/src/mongo/s/d_migrate.cpp b/src/mongo/s/d_migrate.cpp index 8d6945f48a2..d074a1adfb0 100644 --- a/src/mongo/s/d_migrate.cpp +++ b/src/mongo/s/d_migrate.cpp @@ -998,7 +998,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))), ActionType::moveChunk)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); @@ -2653,7 +2653,7 @@ namespace mongo { OperationContextImpl txn; if (getGlobalAuthorizationManager()->isAuthEnabled()) { ShardedConnectionInfo::addHook(); - txn.getClient()->getAuthorizationSession()->grantInternalAuthorization(); + AuthorizationSession::get(txn.getClient())->grantInternalAuthorization(); } // Make curop active so this will show up in currOp. diff --git a/src/mongo/s/d_split.cpp b/src/mongo/s/d_split.cpp index f54e4188286..43f6a44436d 100644 --- a/src/mongo/s/d_split.cpp +++ b/src/mongo/s/d_split.cpp @@ -245,7 +245,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))), ActionType::splitVector)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); @@ -511,7 +511,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))), ActionType::splitChunk)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/s/d_state.cpp b/src/mongo/s/d_state.cpp index 14f1ad76c9a..626881edafc 100644 --- a/src/mongo/s/d_state.cpp +++ b/src/mongo/s/d_state.cpp @@ -1229,7 +1229,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))), ActionType::getShardVersion)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/s/request.cpp b/src/mongo/s/request.cpp index c189055c747..a629478a366 100644 --- a/src/mongo/s/request.cpp +++ b/src/mongo/s/request.cpp @@ -81,7 +81,7 @@ namespace mongo { nss.isValid()); } - _clientInfo->getAuthorizationSession()->startRequest(NULL); + AuthorizationSession::get(_clientInfo)->startRequest(NULL); _didInit = true; } diff --git a/src/mongo/s/s_only.cpp b/src/mongo/s/s_only.cpp index 8267f63e19b..be5f6bdfc53 100644 --- a/src/mongo/s/s_only.cpp +++ b/src/mongo/s/s_only.cpp @@ -84,7 +84,7 @@ namespace mongo { Client *c = new Client( fullDesc, getGlobalServiceContext(), mp ); currentClient.reset(c); mongo::lastError.initThread(); - c->setAuthorizationSession(getGlobalAuthorizationManager()->makeAuthorizationSession()); + AuthorizationSession::set(c, getGlobalAuthorizationManager()->makeAuthorizationSession()); } string Client::clientAddress(bool includePort) const { diff --git a/src/mongo/s/strategy.cpp b/src/mongo/s/strategy.cpp index 769be5ceeca..f0d46b5fa44 100644 --- a/src/mongo/s/strategy.cpp +++ b/src/mongo/s/strategy.cpp @@ -151,7 +151,7 @@ namespace mongo { NamespaceString ns(q.ns); ClientBasic* client = ClientBasic::getCurrent(); - AuthorizationSession* authSession = client->getAuthorizationSession(); + AuthorizationSession* authSession = AuthorizationSession::get(client); Status status = authSession->checkAuthForQuery(ns, q.query); audit::logQueryAuthzCheck(client, ns, q.query, status.code()); uassertStatusOK(status); @@ -579,7 +579,7 @@ namespace mongo { ClientBasic* client = ClientBasic::getCurrent(); NamespaceString nsString(ns); - AuthorizationSession* authSession = client->getAuthorizationSession(); + AuthorizationSession* authSession = AuthorizationSession::get(client); Status status = authSession->checkAuthForGetMore( nsString, id ); audit::logGetMoreAuthzCheck( client, nsString, id, status.code() ); uassertStatusOK(status); |