diff options
| author | Spencer T Brody <spencer@10gen.com> | 2012-12-11 12:42:05 -0500 |
|---|---|---|
| committer | Spencer T Brody <spencer@10gen.com> | 2012-12-11 17:33:19 -0500 |
| commit | 7aff4a70be26ba72eb4b4ba855eac25d4a8e72d9 (patch) | |
| tree | 4c859c4f93801c5999a1976b23469c0db7b8edfd /src/mongo/s | |
| parent | 79782656749bd25cb4df50bfbb3df46e22236c24 (diff) | |
| download | mongo-7aff4a70be26ba72eb4b4ba855eac25d4a8e72d9.tar.gz | |
SERVER-7122 Add required privileges to more commands
Diffstat (limited to 'src/mongo/s')
| -rw-r--r-- | src/mongo/s/d_split.cpp | 31 | ||||
| -rw-r--r-- | src/mongo/s/d_state.cpp | 36 |
2 files changed, 65 insertions, 2 deletions
diff --git a/src/mongo/s/d_split.cpp b/src/mongo/s/d_split.cpp index 0c7a70fdca1..96fab9a0cc8 100644 --- a/src/mongo/s/d_split.cpp +++ b/src/mongo/s/d_split.cpp @@ -19,7 +19,11 @@ #include "pch.h" #include <map> #include <string> +#include <vector> +#include "mongo/db/auth/action_set.h" +#include "mongo/db/auth/action_type.h" +#include "mongo/db/auth/privilege.h" #include "mongo/db/btreecursor.h" #include "../db/commands.h" #include "../db/jsobj.h" @@ -47,6 +51,10 @@ namespace mongo { virtual void help( stringstream &help ) const { help << "Deprecated internal command. Use splitVector command instead. \n"; } + // No auth required as this command no longer does anything. + virtual void addRequiredPrivileges(const std::string& dbname, + const BSONObj& cmdObj, + std::vector<Privilege>* out) {} bool run(const string& dbname, BSONObj& jsobj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl ) { errmsg = "medianKey command no longer supported. Calling this indicates mismatch between mongo versions."; return false; @@ -61,7 +69,13 @@ namespace mongo { virtual void help( stringstream &help ) const { help << "Internal command.\n"; } - + virtual void addRequiredPrivileges(const std::string& dbname, + const BSONObj& cmdObj, + std::vector<Privilege>* out) { + ActionSet actions; + actions.addAction(ActionType::find); + out->push_back(Privilege(parseNs(dbname, cmdObj), actions)); + } bool run(const string& dbname, BSONObj& jsobj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl ) { const char* ns = jsobj.getStringField( "checkShardingIndex" ); @@ -183,6 +197,13 @@ namespace mongo { " 'force' will produce one split point even if data is small; defaults to false\n" "NOTE: This command may take a while to run"; } + virtual void addRequiredPrivileges(const std::string& dbname, + const BSONObj& cmdObj, + std::vector<Privilege>* out) { + ActionSet actions; + actions.addAction(ActionType::splitVector); + out->push_back(Privilege(AuthorizationManager::CLUSTER_RESOURCE_NAME, actions)); + } bool run(const string& dbname, BSONObj& jsobj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl ) { @@ -460,7 +481,13 @@ namespace mongo { virtual bool slaveOk() const { return false; } virtual bool adminOnly() const { return true; } virtual LockType locktype() const { return NONE; } - + virtual void addRequiredPrivileges(const std::string& dbname, + const BSONObj& cmdObj, + std::vector<Privilege>* out) { + ActionSet actions; + actions.addAction(ActionType::splitChunk); + out->push_back(Privilege(AuthorizationManager::CLUSTER_RESOURCE_NAME, actions)); + } bool run(const string& dbname, BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl ) { // diff --git a/src/mongo/s/d_state.cpp b/src/mongo/s/d_state.cpp index ab81e74cb1d..dccbc5fda84 100644 --- a/src/mongo/s/d_state.cpp +++ b/src/mongo/s/d_state.cpp @@ -25,7 +25,11 @@ #include "pch.h" #include <map> #include <string> +#include <vector> +#include "mongo/db/auth/action_set.h" +#include "mongo/db/auth/action_type.h" +#include "mongo/db/auth/privilege.h" #include "../db/commands.h" #include "../db/jsobj.h" #include "../db/db.h" @@ -415,6 +419,14 @@ namespace mongo { virtual bool slaveOk() const { return true; } + virtual void addRequiredPrivileges(const std::string& dbname, + const BSONObj& cmdObj, + std::vector<Privilege>* out) { + ActionSet actions; + actions.addAction(ActionType::unsetSharding); + out->push_back(Privilege(AuthorizationManager::CLUSTER_RESOURCE_NAME, actions)); + } + bool run(const string& , BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool) { ShardedConnectionInfo::reset(); return true; @@ -433,6 +445,14 @@ namespace mongo { virtual bool slaveOk() const { return true; } virtual LockType locktype() const { return NONE; } + virtual void addRequiredPrivileges(const std::string& dbname, + const BSONObj& cmdObj, + std::vector<Privilege>* out) { + ActionSet actions; + actions.addAction(ActionType::setShardVersion); + out->push_back(Privilege(AuthorizationManager::CLUSTER_RESOURCE_NAME, actions)); + } + bool checkConfigOrInit( const string& configdb , bool authoritative , string& errmsg , BSONObjBuilder& result , bool locked=false ) const { if ( configdb.size() == 0 ) { errmsg = "no configdb"; @@ -704,6 +724,14 @@ namespace mongo { virtual LockType locktype() const { return NONE; } + virtual void addRequiredPrivileges(const std::string& dbname, + const BSONObj& cmdObj, + std::vector<Privilege>* out) { + ActionSet actions; + actions.addAction(ActionType::getShardVersion); + out->push_back(Privilege(AuthorizationManager::CLUSTER_RESOURCE_NAME, actions)); + } + bool run(const string& , BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool) { string ns = cmdObj["getShardVersion"].valuestrsafe(); if ( ns.size() == 0 ) { @@ -733,6 +761,14 @@ namespace mongo { virtual LockType locktype() const { return WRITE; } // TODO: figure out how to make this not need to lock + virtual void addRequiredPrivileges(const std::string& dbname, + const BSONObj& cmdObj, + std::vector<Privilege>* out) { + ActionSet actions; + actions.addAction(ActionType::shardingState); + out->push_back(Privilege(AuthorizationManager::CLUSTER_RESOURCE_NAME, actions)); + } + bool run(const string& , BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool) { shardingState.appendInfo( result ); return true; |