diff options
| author | Andy Schwerin <schwerin@mongodb.com> | 2015-04-07 15:15:59 -0400 |
|---|---|---|
| committer | Andy Schwerin <schwerin@mongodb.com> | 2015-04-16 16:00:28 -0400 |
| commit | eb8025a6ff2c3652a1f89ae513f7a4a98cd4e2ab (patch) | |
| tree | 07d6d6fd9ad11758f0122a9f4d721f4ec6901e0a /src | |
| parent | a377aa8648de036659bbb4e67c8dfa030299718b (diff) | |
| download | mongo-eb8025a6ff2c3652a1f89ae513f7a4a98cd4e2ab.tar.gz | |
SERVER-17817 Make AuthorizationSession a decoration of ClientBasic.
Diffstat (limited to 'src')
72 files changed, 179 insertions, 156 deletions
diff --git a/src/mongo/db/auth/authorization_session.h b/src/mongo/db/auth/authorization_session.h index f619d90ce2f..0fe4f1c46cb 100644 --- a/src/mongo/db/auth/authorization_session.h +++ b/src/mongo/db/auth/authorization_session.h @@ -44,6 +44,7 @@ #include "mongo/db/namespace_string.h" namespace mongo { + class ClientBasic; /** * Contains all the authorization logic for a single client connection. It contains a set of @@ -62,6 +63,32 @@ namespace mongo { class AuthorizationSession { MONGO_DISALLOW_COPYING(AuthorizationSession); public: + /** + * Gets the AuthorizationSession associated with the given "client", or nullptr. + * + * The "client" object continues to own the returned AuthorizationSession. + */ + static AuthorizationSession* get(ClientBasic* client); + + /** + * Gets the AuthorizationSession associated with the given "client", or nullptr. + * + * The "client" object continues to own the returned AuthorizationSession. + */ + static AuthorizationSession* get(ClientBasic& client); + + /** + * Returns false if AuthorizationSession::get(client) would return nullptr. + */ + static bool exists(ClientBasic* client); + + /** + * Sets the AuthorizationSession associated with "client" to "session". + * + * "session" must not be NULL, and it is only legal to call this function once + * on each instance of "client". + */ + static void set(ClientBasic* client, std::unique_ptr<AuthorizationSession> session); // Takes ownership of the externalState. explicit AuthorizationSession(std::unique_ptr<AuthzSessionExternalState> externalState); diff --git a/src/mongo/db/auth/client_auth_session.cpp b/src/mongo/db/auth/client_auth_session.cpp index 2e1d9c0f4f0..e2cb57522cb 100644 --- a/src/mongo/db/auth/client_auth_session.cpp +++ b/src/mongo/db/auth/client_auth_session.cpp @@ -32,6 +32,7 @@ #include <utility> #include "mongo/db/auth/authentication_session.h" +#include "mongo/db/auth/authorization_session.h" #include "mongo/db/client_basic.h" namespace mongo { @@ -40,6 +41,9 @@ namespace { const auto getAuthenticationSession = ClientBasic::declareDecoration<std::unique_ptr<AuthenticationSession>>(); + const auto getAuthorizationSession = + ClientBasic::declareDecoration<std::unique_ptr<AuthorizationSession>>(); + } // namespace void AuthenticationSession::set( @@ -55,4 +59,26 @@ namespace { swap(getAuthenticationSession(client), other); } + AuthorizationSession* AuthorizationSession::get(ClientBasic* client) { + return get(*client); + } + + AuthorizationSession* AuthorizationSession::get(ClientBasic& client) { + AuthorizationSession* retval = getAuthorizationSession(client).get(); + massert(16481, + "No AuthorizationManager has been set up for this connection", + retval); + return retval; + } + + bool AuthorizationSession::exists(ClientBasic* client) { + return getAuthorizationSession(client).get(); + } + + void AuthorizationSession::set( + ClientBasic* client, + std::unique_ptr<AuthorizationSession> authorizationSession) { + getAuthorizationSession(client) = std::move(authorizationSession); + } + } // namespace mongo diff --git a/src/mongo/db/auth/sasl_commands.cpp b/src/mongo/db/auth/sasl_commands.cpp index ce7b46a2023..a6ef35c1a74 100644 --- a/src/mongo/db/auth/sasl_commands.cpp +++ b/src/mongo/db/auth/sasl_commands.cpp @@ -285,7 +285,7 @@ namespace { } SaslAuthenticationSession* session = - SaslAuthenticationSession::create(client->getAuthorizationSession(), mechanism); + SaslAuthenticationSession::create(AuthorizationSession::get(client), mechanism); std::unique_ptr<AuthenticationSession> sessionGuard(session); diff --git a/src/mongo/db/catalog/cursor_manager.cpp b/src/mongo/db/catalog/cursor_manager.cpp index 0ea4f588839..bf17cfb83e7 100644 --- a/src/mongo/db/catalog/cursor_manager.cpp +++ b/src/mongo/db/catalog/cursor_manager.cpp @@ -210,7 +210,7 @@ namespace mongo { // Check if we are authorized to erase this cursor. if (checkAuth) { - AuthorizationSession* as = txn->getClient()->getAuthorizationSession(); + AuthorizationSession* as = AuthorizationSession::get(txn->getClient()); Status authorizationStatus = as->checkAuthForKillCursors(nss, id); if (!authorizationStatus.isOK()) { audit::logKillCursorsAuthzCheck(txn->getClient(), diff --git a/src/mongo/db/client.cpp b/src/mongo/db/client.cpp index 014fb9472e5..d471bcd5ae4 100644 --- a/src/mongo/db/client.cpp +++ b/src/mongo/db/client.cpp @@ -77,8 +77,8 @@ namespace mongo { // Create the client obj, attach to thread Client* client = new Client(fullDesc, getGlobalServiceContext(), mp); - client->setAuthorizationSession( - getGlobalAuthorizationManager()->makeAuthorizationSession()); + AuthorizationSession::set(client, + getGlobalAuthorizationManager()->makeAuthorizationSession()); currentClient.reset(client); diff --git a/src/mongo/db/client_basic.cpp b/src/mongo/db/client_basic.cpp index f9f4a60b904..0f2a9492460 100644 --- a/src/mongo/db/client_basic.cpp +++ b/src/mongo/db/client_basic.cpp @@ -30,35 +30,11 @@ #include "mongo/db/client_basic.h" -#include <boost/scoped_ptr.hpp> - -#include "mongo/db/auth/authorization_session.h" - namespace mongo { - using boost::scoped_ptr; - ClientBasic::ClientBasic(ServiceContext* serviceContext, AbstractMessagingPort* messagingPort) : _serviceContext(serviceContext), _messagingPort(messagingPort) {} - ClientBasic::~ClientBasic() {} - - bool ClientBasic::hasAuthorizationSession() const { - return _authorizationSession.get(); - } - - AuthorizationSession* ClientBasic::getAuthorizationSession() const { - massert(16481, - "No AuthorizationManager has been set up for this connection", - hasAuthorizationSession()); - return _authorizationSession.get(); - } - void ClientBasic::setAuthorizationSession( - std::unique_ptr<AuthorizationSession> authorizationSession) { - massert(16477, - "An AuthorizationManager has already been set up for this connection", - !hasAuthorizationSession()); - _authorizationSession = std::move(authorizationSession); - } + ClientBasic::~ClientBasic() = default; } // namespace mongo diff --git a/src/mongo/db/client_basic.h b/src/mongo/db/client_basic.h index 42370b3f501..573923cc147 100644 --- a/src/mongo/db/client_basic.h +++ b/src/mongo/db/client_basic.h @@ -38,7 +38,6 @@ namespace mongo { - class AuthorizationSession; class ServiceContext; /** @@ -53,10 +52,6 @@ namespace mongo { public: virtual ~ClientBasic(); - bool hasAuthorizationSession() const; - AuthorizationSession* getAuthorizationSession() const; - void setAuthorizationSession(std::unique_ptr<AuthorizationSession> authorizationSession); - bool getIsLocalHostConnection() { if (!hasRemote()) { return false; @@ -86,7 +81,6 @@ namespace mongo { ClientBasic(ServiceContext* serviceContext, AbstractMessagingPort* messagingPort); private: - std::unique_ptr<AuthorizationSession> _authorizationSession; ServiceContext* const _serviceContext; AbstractMessagingPort* const _messagingPort; }; diff --git a/src/mongo/db/clientlistplugin.cpp b/src/mongo/db/clientlistplugin.cpp index 4aa31d48bd7..a777026cb0d 100644 --- a/src/mongo/db/clientlistplugin.cpp +++ b/src/mongo/db/clientlistplugin.cpp @@ -159,7 +159,7 @@ namespace { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - if ( client->getAuthorizationSession() + if ( AuthorizationSession::get(client) ->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(), ActionType::inprog) ) { return Status::OK(); diff --git a/src/mongo/db/commands.cpp b/src/mongo/db/commands.cpp index 35dae6c2fb6..f81caefe991 100644 --- a/src/mongo/db/commands.cpp +++ b/src/mongo/db/commands.cpp @@ -338,7 +338,7 @@ namespace mongo { const BSONObj& cmdObj) { std::vector<Privilege> privileges; this->addRequiredPrivileges(dbname, cmdObj, &privileges); - if (client->getAuthorizationSession()->isAuthorizedForPrivileges(privileges)) + if (AuthorizationSession::get(client)->isAuthorizedForPrivileges(privileges)) return Status::OK(); return Status(ErrorCodes::Unauthorized, "unauthorized"); } @@ -371,7 +371,7 @@ namespace mongo { return Status(ErrorCodes::Unauthorized, str::stream() << c->name << " may only be run against the admin database."); } - if (client->getAuthorizationSession()->getAuthorizationManager().isAuthEnabled()) { + if (AuthorizationSession::get(client)->getAuthorizationManager().isAuthEnabled()) { Status status = c->checkAuthForCommand(client, dbname, cmdObj); if (status == ErrorCodes::Unauthorized) { mmb::Document cmdToLog(cmdObj, mmb::Document::kInPlaceDisabled); diff --git a/src/mongo/db/commands/authentication_commands.cpp b/src/mongo/db/commands/authentication_commands.cpp index a8fad3c159d..4a432e03cb2 100644 --- a/src/mongo/db/commands/authentication_commands.cpp +++ b/src/mongo/db/commands/authentication_commands.cpp @@ -298,7 +298,7 @@ namespace mongo { } AuthorizationSession* authorizationSession = - ClientBasic::getCurrent()->getAuthorizationSession(); + AuthorizationSession::get(ClientBasic::getCurrent()); status = authorizationSession->addAndAuthorizeUser(txn, user); if (!status.isOK()) { return status; @@ -355,7 +355,7 @@ namespace mongo { } ClientBasic *client = ClientBasic::getCurrent(); - AuthorizationSession* authorizationSession = client->getAuthorizationSession(); + AuthorizationSession* authorizationSession = AuthorizationSession::get(client); std::string subjectName = client->port()->getX509SubjectName(); if (!getSSLManager()->getSSLConfiguration().hasCA) { @@ -416,7 +416,7 @@ namespace mongo { BSONObjBuilder& result, bool fromRepl) { AuthorizationSession* authSession = - ClientBasic::getCurrent()->getAuthorizationSession(); + AuthorizationSession::get(ClientBasic::getCurrent()); authSession->logoutDatabase(dbname); if (Command::testCommandsEnabled && dbname == "admin") { // Allows logging out as the internal user against the admin database, however diff --git a/src/mongo/db/commands/cleanup_orphaned_cmd.cpp b/src/mongo/db/commands/cleanup_orphaned_cmd.cpp index b3d4bf31c80..3294bec5b92 100644 --- a/src/mongo/db/commands/cleanup_orphaned_cmd.cpp +++ b/src/mongo/db/commands/cleanup_orphaned_cmd.cpp @@ -194,7 +194,7 @@ namespace mongo { virtual Status checkAuthForCommand( ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj ) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::cleanupOrphaned)) { return Status(ErrorCodes::Unauthorized, "Not authorized for cleanupOrphaned command."); diff --git a/src/mongo/db/commands/clone.cpp b/src/mongo/db/commands/clone.cpp index 00efcfcf5c1..bc0b8f70311 100644 --- a/src/mongo/db/commands/clone.cpp +++ b/src/mongo/db/commands/clone.cpp @@ -80,7 +80,7 @@ namespace mongo { ActionSet actions; actions.addAction(ActionType::insert); actions.addAction(ActionType::createIndex); - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forDatabaseName(dbname), actions)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); } diff --git a/src/mongo/db/commands/clone_collection.cpp b/src/mongo/db/commands/clone_collection.cpp index 952044bc747..734d49ff100 100644 --- a/src/mongo/db/commands/clone_collection.cpp +++ b/src/mongo/db/commands/clone_collection.cpp @@ -85,7 +85,7 @@ namespace mongo { actions.addAction(ActionType::insert); actions.addAction(ActionType::createIndex); // SERVER-11418 - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(NamespaceString(ns)), actions)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); } diff --git a/src/mongo/db/commands/connection_status.cpp b/src/mongo/db/commands/connection_status.cpp index cfb3860b0dd..1ad5d9f4318 100644 --- a/src/mongo/db/commands/connection_status.cpp +++ b/src/mongo/db/commands/connection_status.cpp @@ -54,7 +54,7 @@ namespace mongo { bool run(OperationContext* txn, const string&, BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl) { AuthorizationSession* authSession = - ClientBasic::getCurrent()->getAuthorizationSession(); + AuthorizationSession::get(ClientBasic::getCurrent()); bool showPrivileges; Status status = bsonExtractBooleanFieldWithDefault(cmdObj, diff --git a/src/mongo/db/commands/copydb_common.cpp b/src/mongo/db/commands/copydb_common.cpp index 5cebb8db021..ca2d78e937d 100644 --- a/src/mongo/db/commands/copydb_common.cpp +++ b/src/mongo/db/commands/copydb_common.cpp @@ -64,7 +64,7 @@ namespace copydb { ActionSet actions; actions.addAction(ActionType::insert); actions.addAction(ActionType::createIndex); - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forDatabaseName(todb), actions)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); } @@ -72,7 +72,7 @@ namespace copydb { actions.removeAllActions(); actions.addAction(ActionType::insert); for (size_t i = 0; i < legalClientSystemCollections.size(); ++i) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnNamespace( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnNamespace( NamespaceString(todb, legalClientSystemCollections[i]), actions)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); } @@ -82,12 +82,12 @@ namespace copydb { // If copying from self, also require privileges on source db actions.removeAllActions(); actions.addAction(ActionType::find); - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forDatabaseName(fromdb), actions)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); } for (size_t i = 0; i < legalClientSystemCollections.size(); ++i) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnNamespace( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnNamespace( NamespaceString(fromdb, legalClientSystemCollections[i]), actions)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); } diff --git a/src/mongo/db/commands/create_indexes.cpp b/src/mongo/db/commands/create_indexes.cpp index 32d1300c539..6b0de488273 100644 --- a/src/mongo/db/commands/create_indexes.cpp +++ b/src/mongo/db/commands/create_indexes.cpp @@ -70,7 +70,7 @@ namespace mongo { ActionSet actions; actions.addAction(ActionType::createIndex); Privilege p(parseResourcePattern(dbname, cmdObj), actions); - if (client->getAuthorizationSession()->isAuthorizedForPrivilege(p)) + if (AuthorizationSession::get(client)->isAuthorizedForPrivilege(p)) return Status::OK(); return Status(ErrorCodes::Unauthorized, "Unauthorized"); } diff --git a/src/mongo/db/commands/current_op.cpp b/src/mongo/db/commands/current_op.cpp index c4e9f49c799..6648aa7d869 100644 --- a/src/mongo/db/commands/current_op.cpp +++ b/src/mongo/db/commands/current_op.cpp @@ -63,7 +63,7 @@ namespace mongo { const std::string& dbname, const BSONObj& cmdObj) final { - bool isAuthorized = client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + bool isAuthorized = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::inprog); return isAuthorized ? Status::OK() : Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/commands/find_cmd.cpp b/src/mongo/db/commands/find_cmd.cpp index b6983adfb4f..3e41d395090 100644 --- a/src/mongo/db/commands/find_cmd.cpp +++ b/src/mongo/db/commands/find_cmd.cpp @@ -85,7 +85,7 @@ namespace mongo { Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) override { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); ResourcePattern pattern = parseResourcePattern(dbname, cmdObj); if (authzSession->isAuthorizedForActionsOnResource(pattern, ActionType::find)) { diff --git a/src/mongo/db/commands/fsync.cpp b/src/mongo/db/commands/fsync.cpp index ac63457aa15..3307e96b80e 100644 --- a/src/mongo/db/commands/fsync.cpp +++ b/src/mongo/db/commands/fsync.cpp @@ -179,7 +179,7 @@ namespace mongo { const std::string& dbname, const BSONObj& cmdObj) override { - bool isAuthorized = client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + bool isAuthorized = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::unlock); diff --git a/src/mongo/db/commands/getmore_cmd.cpp b/src/mongo/db/commands/getmore_cmd.cpp index 84d4c76e1a3..190e9bac1e6 100644 --- a/src/mongo/db/commands/getmore_cmd.cpp +++ b/src/mongo/db/commands/getmore_cmd.cpp @@ -94,7 +94,7 @@ namespace mongo { } const GetMoreRequest& request = parseStatus.getValue(); - return client->getAuthorizationSession()->checkAuthForGetMore(request.nss, + return AuthorizationSession::get(client)->checkAuthForGetMore(request.nss, request.cursorid); } diff --git a/src/mongo/db/commands/group.cpp b/src/mongo/db/commands/group.cpp index b4e18446791..d7310e69ab8 100644 --- a/src/mongo/db/commands/group.cpp +++ b/src/mongo/db/commands/group.cpp @@ -56,7 +56,7 @@ namespace mongo { const std::string& dbname, const BSONObj& cmdObj) { std::string ns = parseNs(dbname, cmdObj); - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnNamespace( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnNamespace( NamespaceString(ns), ActionType::find)) { return Status(ErrorCodes::Unauthorized, "unauthorized"); } diff --git a/src/mongo/db/commands/index_filter_commands.cpp b/src/mongo/db/commands/index_filter_commands.cpp index 9366f8358a1..8532a22df36 100644 --- a/src/mongo/db/commands/index_filter_commands.cpp +++ b/src/mongo/db/commands/index_filter_commands.cpp @@ -157,7 +157,7 @@ namespace mongo { Status IndexFilterCommand::checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); ResourcePattern pattern = parseResourcePattern(dbname, cmdObj); if (authzSession->isAuthorizedForActionsOnResource(pattern, ActionType::planCacheIndexFilter)) { diff --git a/src/mongo/db/commands/kill_op.cpp b/src/mongo/db/commands/kill_op.cpp index e8f80928558..afcc12c4a9f 100644 --- a/src/mongo/db/commands/kill_op.cpp +++ b/src/mongo/db/commands/kill_op.cpp @@ -60,7 +60,7 @@ namespace mongo { const std::string& dbname, const BSONObj& cmdObj) final { - bool isAuthorized = client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + bool isAuthorized = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::killop); return isAuthorized ? Status::OK() : Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/commands/list_collections.cpp b/src/mongo/db/commands/list_collections.cpp index 092822ba663..64767c6cb07 100644 --- a/src/mongo/db/commands/list_collections.cpp +++ b/src/mongo/db/commands/list_collections.cpp @@ -67,7 +67,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); // Check for the listCollections ActionType on the database // or find on system.namespaces for pre 3.0 systems. diff --git a/src/mongo/db/commands/merge_chunks_cmd.cpp b/src/mongo/db/commands/merge_chunks_cmd.cpp index 109e433e6fd..9212b4183ff 100644 --- a/src/mongo/db/commands/merge_chunks_cmd.cpp +++ b/src/mongo/db/commands/merge_chunks_cmd.cpp @@ -59,7 +59,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))), ActionType::splitChunk)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/db/commands/mr.cpp b/src/mongo/db/commands/mr.cpp index 796ea3fb066..2162c1a3648 100644 --- a/src/mongo/db/commands/mr.cpp +++ b/src/mongo/db/commands/mr.cpp @@ -754,7 +754,7 @@ namespace mongo { */ void State::init() { // setup js - const string userToken = ClientBasic::getCurrent()->getAuthorizationSession() + const string userToken = AuthorizationSession::get(ClientBasic::getCurrent()) ->getAuthenticatedUserNamesToken(); _scope.reset(globalScriptEngine->getPooledScope( _txn, _config.dbname, "mapreduce" + userToken).release()); diff --git a/src/mongo/db/commands/oplog_note.cpp b/src/mongo/db/commands/oplog_note.cpp index 2dc3dd204fb..c57d43c86bb 100644 --- a/src/mongo/db/commands/oplog_note.cpp +++ b/src/mongo/db/commands/oplog_note.cpp @@ -57,7 +57,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::appendOplogNote)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); } diff --git a/src/mongo/db/commands/parallel_collection_scan.cpp b/src/mongo/db/commands/parallel_collection_scan.cpp index 40bbeb7b085..a84e9070a21 100644 --- a/src/mongo/db/commands/parallel_collection_scan.cpp +++ b/src/mongo/db/commands/parallel_collection_scan.cpp @@ -66,7 +66,7 @@ namespace mongo { ActionSet actions; actions.addAction(ActionType::find); Privilege p(parseResourcePattern(dbname, cmdObj), actions); - if ( client->getAuthorizationSession()->isAuthorizedForPrivilege(p) ) + if ( AuthorizationSession::get(client)->isAuthorizedForPrivilege(p) ) return Status::OK(); return Status(ErrorCodes::Unauthorized, "Unauthorized"); } diff --git a/src/mongo/db/commands/plan_cache_commands.cpp b/src/mongo/db/commands/plan_cache_commands.cpp index 33749bb08f4..9098299c800 100644 --- a/src/mongo/db/commands/plan_cache_commands.cpp +++ b/src/mongo/db/commands/plan_cache_commands.cpp @@ -155,7 +155,7 @@ namespace mongo { Status PlanCacheCommand::checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); ResourcePattern pattern = parseResourcePattern(dbname, cmdObj); if (authzSession->isAuthorizedForActionsOnResource(pattern, actionType)) { diff --git a/src/mongo/db/commands/rename_collection_common.cpp b/src/mongo/db/commands/rename_collection_common.cpp index fba1daffc0b..feec6f4f135 100644 --- a/src/mongo/db/commands/rename_collection_common.cpp +++ b/src/mongo/db/commands/rename_collection_common.cpp @@ -54,21 +54,21 @@ namespace rename_collection { // either can read both of source and dest collections or *can't* read either of source // or dest collection, then you get can do the rename, even without insert on the // destination collection. - bool canRename = client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + bool canRename = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forDatabaseName(sourceNS.db()), ActionType::renameCollectionSameDB); bool canDropTargetIfNeeded = true; if (dropTarget) { canDropTargetIfNeeded = - client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(targetNS), ActionType::dropCollection); } - bool canReadSrc = client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + bool canReadSrc = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(sourceNS), ActionType::find); - bool canReadDest = client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + bool canReadDest = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(targetNS), ActionType::find); if (canRename && canDropTargetIfNeeded && (canReadSrc || !canReadDest)) { @@ -80,7 +80,7 @@ namespace rename_collection { ActionSet actions; actions.addAction(ActionType::find); actions.addAction(ActionType::dropCollection); - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(sourceNS), actions)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); } @@ -92,7 +92,7 @@ namespace rename_collection { if (dropTarget) { actions.addAction(ActionType::dropCollection); } - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(targetNS), actions)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); } diff --git a/src/mongo/db/commands/repair_cursor.cpp b/src/mongo/db/commands/repair_cursor.cpp index dad8b305201..cc2cf8d183b 100644 --- a/src/mongo/db/commands/repair_cursor.cpp +++ b/src/mongo/db/commands/repair_cursor.cpp @@ -54,7 +54,7 @@ namespace mongo { ActionSet actions; actions.addAction(ActionType::find); Privilege p(parseResourcePattern(dbname, cmdObj), actions); - if (client->getAuthorizationSession()->isAuthorizedForPrivilege(p)) + if (AuthorizationSession::get(client)->isAuthorizedForPrivilege(p)) return Status::OK(); return Status(ErrorCodes::Unauthorized, "Unauthorized"); } diff --git a/src/mongo/db/commands/server_status.cpp b/src/mongo/db/commands/server_status.cpp index 175105a3490..5b3973753b3 100644 --- a/src/mongo/db/commands/server_status.cpp +++ b/src/mongo/db/commands/server_status.cpp @@ -88,8 +88,7 @@ namespace mongo { long long start = Listener::getElapsedTimeMillis(); BSONObjBuilder timeBuilder(256); - const ClientBasic* myClientBasic = ClientBasic::getCurrent(); - AuthorizationSession* authSession = myClientBasic->getAuthorizationSession(); + const auto authSession = AuthorizationSession::get(ClientBasic::getCurrent()); // --- basic fields that are global diff --git a/src/mongo/db/commands/user_management_commands.cpp b/src/mongo/db/commands/user_management_commands.cpp index cecd41fb447..366b1760f69 100644 --- a/src/mongo/db/commands/user_management_commands.cpp +++ b/src/mongo/db/commands/user_management_commands.cpp @@ -334,7 +334,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); auth::CreateOrUpdateUserArgs args; Status status = auth::parseCreateOrUpdateUserCommands(cmdObj, "createUser", @@ -517,7 +517,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); auth::CreateOrUpdateUserArgs args; Status status = auth::parseCreateOrUpdateUserCommands(cmdObj, "updateUser", @@ -688,7 +688,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); UserName userName; BSONObj unusedWriteConcern; Status status = auth::parseAndValidateDropUserCommand(cmdObj, @@ -785,7 +785,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); if (!authzSession->isAuthorizedForActionsOnResource( ResourcePattern::forDatabaseName(dbname), ActionType::dropUser)) { return Status(ErrorCodes::Unauthorized, @@ -861,7 +861,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); std::vector<RoleName> roles; std::string unusedUserNameString; BSONObj unusedWriteConcern; @@ -959,7 +959,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); std::vector<RoleName> roles; std::string unusedUserNameString; BSONObj unusedWriteConcern; @@ -1061,7 +1061,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); auth::UsersInfoArgs args; Status status = auth::parseUsersInfoCommand(cmdObj, dbname, &args); if (!status.isOK()) { @@ -1201,7 +1201,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); auth::CreateOrUpdateRoleArgs args; Status status = auth::parseCreateOrUpdateRoleCommands(cmdObj, "createRole", @@ -1346,7 +1346,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); auth::CreateOrUpdateRoleArgs args; Status status = auth::parseCreateOrUpdateRoleCommands(cmdObj, "updateRole", @@ -1477,7 +1477,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); PrivilegeVector privileges; RoleName unusedRoleName; BSONObj unusedWriteConcern; @@ -1614,7 +1614,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); PrivilegeVector privileges; RoleName unusedRoleName; BSONObj unusedWriteConcern; @@ -1753,7 +1753,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); std::vector<RoleName> roles; std::string unusedUserNameString; BSONObj unusedWriteConcern; @@ -1873,7 +1873,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); std::vector<RoleName> roles; std::string unusedUserNameString; BSONObj unusedWriteConcern; @@ -1990,7 +1990,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); RoleName roleName; BSONObj unusedWriteConcern; Status status = auth::parseDropRoleCommand(cmdObj, @@ -2171,7 +2171,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); if (!authzSession->isAuthorizedForActionsOnResource( ResourcePattern::forDatabaseName(dbname), ActionType::dropRole)) { return Status(ErrorCodes::Unauthorized, @@ -2306,7 +2306,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); auth::RolesInfoArgs args; Status status = auth::parseRolesInfoCommand(cmdObj, dbname, &args); if (!status.isOK()) { @@ -2412,7 +2412,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); if (!authzSession->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::invalidateUserCache)) { return Status(ErrorCodes::Unauthorized, "Not authorized to invalidate user cache"); @@ -2456,7 +2456,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); if (!authzSession->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::internal)) { return Status(ErrorCodes::Unauthorized, "Not authorized to get cache generation"); @@ -2517,7 +2517,7 @@ namespace mongo { return status; } - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); ActionSet actions; actions.addAction(ActionType::createUser); actions.addAction(ActionType::createRole); diff --git a/src/mongo/db/commands/write_commands/write_commands.cpp b/src/mongo/db/commands/write_commands/write_commands.cpp index 3b6cdba6a64..0fdecdf7786 100644 --- a/src/mongo/db/commands/write_commands/write_commands.cpp +++ b/src/mongo/db/commands/write_commands/write_commands.cpp @@ -97,7 +97,7 @@ namespace mongo { const std::string& dbname, const BSONObj& cmdObj ) { - Status status( auth::checkAuthForWriteCommand( client->getAuthorizationSession(), + Status status( auth::checkAuthForWriteCommand( AuthorizationSession::get(client), _writeType, NamespaceString( parseNs( dbname, cmdObj ) ), cmdObj )); diff --git a/src/mongo/db/dbcommands.cpp b/src/mongo/db/dbcommands.cpp index 7857b22e502..510be597a87 100644 --- a/src/mongo/db/dbcommands.cpp +++ b/src/mongo/db/dbcommands.cpp @@ -306,7 +306,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); if (cmdObj.firstElement().numberInt() == -1 && !cmdObj.hasField("slowms")) { // If you just want to get the current profiling level you can do so with just @@ -488,7 +488,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); if (cmdObj["capped"].trueValue()) { if (!authzSession->isAuthorizedForActionsOnResource( parseResourcePattern(dbname, cmdObj), ActionType::convertToCapped)) { @@ -1250,7 +1250,7 @@ namespace mongo { // in that code path that must not see the impersonated user and roles array elements. std::vector<UserName> parsedUserNames; std::vector<RoleName> parsedRoleNames; - AuthorizationSession* authSession = txn->getClient()->getAuthorizationSession(); + AuthorizationSession* authSession = AuthorizationSession::get(txn->getClient()); bool rolesFieldIsPresent = false; bool usersFieldIsPresent = false; audit::parseAndRemoveImpersonatedRolesField(cmdObj, diff --git a/src/mongo/db/dbwebserver.cpp b/src/mongo/db/dbwebserver.cpp index a1de920ba2b..d7066322b02 100644 --- a/src/mongo/db/dbwebserver.cpp +++ b/src/mongo/db/dbwebserver.cpp @@ -420,7 +420,7 @@ namespace { vector<string>& headers, const SockAddr &from) { - AuthorizationSession* authSess = cc().getAuthorizationSession(); + AuthorizationSession* authSess = AuthorizationSession::get(cc()); if (!authSess->getAuthorizationManager().isAuthEnabled()) { return true; } @@ -448,7 +448,7 @@ namespace { UserName userName(parms["username"], "admin"); User* user; AuthorizationManager& authzManager = - cc().getAuthorizationSession()->getAuthorizationManager(); + AuthorizationSession::get(cc())->getAuthorizationManager(); Status status = authzManager.acquireUser(txn, userName, &user); if (!status.isOK()) { if (status.code() != ErrorCodes::UserNotFound) { diff --git a/src/mongo/db/exec/group.cpp b/src/mongo/db/exec/group.cpp index 435b48f47b2..85e7d613cc2 100644 --- a/src/mongo/db/exec/group.cpp +++ b/src/mongo/db/exec/group.cpp @@ -91,7 +91,7 @@ namespace mongo { void GroupStage::initGroupScripting() { // Initialize _scope. const std::string userToken = - ClientBasic::getCurrent()->getAuthorizationSession() + AuthorizationSession::get(ClientBasic::getCurrent()) ->getAuthenticatedUserNamesToken(); const NamespaceString nss(_request.ns); diff --git a/src/mongo/db/index_builder.cpp b/src/mongo/db/index_builder.cpp index 62eef061ff6..35ebcee4bb4 100644 --- a/src/mongo/db/index_builder.cpp +++ b/src/mongo/db/index_builder.cpp @@ -85,7 +85,7 @@ namespace { OperationContextImpl txn; txn.lockState()->setIsBatchWriter(true); - txn.getClient()->getAuthorizationSession()->grantInternalAuthorization(); + AuthorizationSession::get(txn.getClient())->grantInternalAuthorization(); txn.getCurOp()->reset(HostAndPort(), dbInsert); NamespaceString ns(_index["ns"].String()); diff --git a/src/mongo/db/index_rebuilder.cpp b/src/mongo/db/index_rebuilder.cpp index b73d76acd3e..3dbbb133e20 100644 --- a/src/mongo/db/index_rebuilder.cpp +++ b/src/mongo/db/index_rebuilder.cpp @@ -150,7 +150,7 @@ namespace { } // namespace void restartInProgressIndexesFromLastShutdown(OperationContext* txn) { - txn->getClient()->getAuthorizationSession()->grantInternalAuthorization(); + AuthorizationSession::get(txn->getClient())->grantInternalAuthorization(); std::vector<std::string> dbNames; diff --git a/src/mongo/db/instance.cpp b/src/mongo/db/instance.cpp index 4554866b796..a1ddfc65817 100644 --- a/src/mongo/db/instance.cpp +++ b/src/mongo/db/instance.cpp @@ -343,7 +343,7 @@ namespace { try { Client* client = txn->getClient(); - Status status = client->getAuthorizationSession()->checkAuthForQuery(nss, q.query); + Status status = AuthorizationSession::get(client)->checkAuthForQuery(nss, q.query); audit::logQueryAuthzCheck(client, nss, q.query, status.code()); uassertStatusOK(status); @@ -383,8 +383,8 @@ namespace { DbMessage dbmsg(m); Client& c = *txn->getClient(); - if (!txn->getClient()->isInDirectClient()) { - c.getAuthorizationSession()->startRequest(txn); + if (!c.isInDirectClient()) { + AuthorizationSession::get(c)->startRequest(txn); // We should not be holding any locks at this point invariant(!txn->lockState()->isLocked()); @@ -641,7 +641,7 @@ namespace { bool multi = flags & UpdateOption_Multi; bool broadcast = flags & UpdateOption_Broadcast; - Status status = txn->getClient()->getAuthorizationSession()->checkAuthForUpdate(nsString, + Status status = AuthorizationSession::get(txn->getClient())->checkAuthForUpdate(nsString, query, toupdate, upsert); @@ -765,7 +765,7 @@ namespace { verify( d.moreJSObjs() ); BSONObj pattern = d.nextJsObj(); - Status status = txn->getClient()->getAuthorizationSession()->checkAuthForDelete(nsString, + Status status = AuthorizationSession::get(txn->getClient())->checkAuthForDelete(nsString, pattern); audit::logDeleteAuthzCheck(txn->getClient(), nsString, pattern, status.code()); uassertStatusOK(status); @@ -848,7 +848,7 @@ namespace { const NamespaceString nsString( ns ); uassert( 16258, str::stream() << "Invalid ns [" << ns << "]", nsString.isValid() ); - Status status = txn->getClient()->getAuthorizationSession()->checkAuthForGetMore( + Status status = AuthorizationSession::get(txn->getClient())->checkAuthForGetMore( nsString, cursorid); audit::logGetMoreAuthzCheck(txn->getClient(), nsString, cursorid, status.code()); uassertStatusOK(status); @@ -1107,7 +1107,7 @@ namespace { // Check auth for insert (also handles checking if this is an index build and checks // for the proper privileges in that case). - Status status = txn->getClient()->getAuthorizationSession()->checkAuthForInsert(nsString, obj); + Status status = AuthorizationSession::get(txn->getClient())->checkAuthForInsert(nsString, obj); audit::logInsertAuthzCheck(txn->getClient(), nsString, obj, status.code()); uassertStatusOK(status); } diff --git a/src/mongo/db/introspect.cpp b/src/mongo/db/introspect.cpp index 93b7fa405fd..8040a0b7b6b 100644 --- a/src/mongo/db/introspect.cpp +++ b/src/mongo/db/introspect.cpp @@ -97,7 +97,7 @@ namespace { b.appendDate("ts", jsTime()); b.append("client", txn->getClient()->clientAddress()); - AuthorizationSession * authSession = txn->getClient()->getAuthorizationSession(); + AuthorizationSession * authSession = AuthorizationSession::get(txn->getClient()); _appendUserInfo(*txn->getCurOp(), b, authSession); const BSONObj p = b.done(); diff --git a/src/mongo/db/matcher/expression_where.cpp b/src/mongo/db/matcher/expression_where.cpp index e0a3f7f082b..c2e95e2dd50 100644 --- a/src/mongo/db/matcher/expression_where.cpp +++ b/src/mongo/db/matcher/expression_where.cpp @@ -114,7 +114,7 @@ namespace mongo { _code = theCode.toString(); _userScope = scope.getOwned(); - const string userToken = ClientBasic::getCurrent()->getAuthorizationSession() + const string userToken = AuthorizationSession::get(ClientBasic::getCurrent()) ->getAuthenticatedUserNamesToken(); _scope = globalScriptEngine->getPooledScope(_txn, _dbName, "where" + userToken); diff --git a/src/mongo/db/repl/bgsync.cpp b/src/mongo/db/repl/bgsync.cpp index 7cdd1d42a2a..270789226f9 100644 --- a/src/mongo/db/repl/bgsync.cpp +++ b/src/mongo/db/repl/bgsync.cpp @@ -146,7 +146,7 @@ namespace { void BackgroundSync::producerThread() { Client::initThread("rsBackgroundSync"); - cc().getAuthorizationSession()->grantInternalAuthorization(); + AuthorizationSession::get(cc())->grantInternalAuthorization(); while (!inShutdown()) { try { diff --git a/src/mongo/db/repl/master_slave.cpp b/src/mongo/db/repl/master_slave.cpp index a27588382d3..10f7eef2088 100644 --- a/src/mongo/db/repl/master_slave.cpp +++ b/src/mongo/db/repl/master_slave.cpp @@ -1281,7 +1281,7 @@ namespace repl { // printReplicationStatus() and printSlaveReplicationStatus() stay up-to-date even // when things are idle. OperationContextImpl txn; - txn.getClient()->getAuthorizationSession()->grantInternalAuthorization(); + AuthorizationSession::get(txn.getClient())->grantInternalAuthorization(); Lock::GlobalWrite globalWrite(txn.lockState(), 1); if (globalWrite.isLocked()) { @@ -1308,7 +1308,7 @@ namespace repl { Client::initThread("replslave"); OperationContextImpl txn; - txn.getClient()->getAuthorizationSession()->grantInternalAuthorization(); + AuthorizationSession::get(txn.getClient())->grantInternalAuthorization(); while ( 1 ) { try { @@ -1338,7 +1338,7 @@ namespace repl { if( !replSettings.slave && !replSettings.master ) return; - txn->getClient()->getAuthorizationSession()->grantInternalAuthorization(); + AuthorizationSession::get(txn->getClient())->grantInternalAuthorization(); { ReplSource temp(txn); // Ensures local.me is populated diff --git a/src/mongo/db/repl/replset_commands.cpp b/src/mongo/db/repl/replset_commands.cpp index 8f090862013..6530c491902 100644 --- a/src/mongo/db/repl/replset_commands.cpp +++ b/src/mongo/db/repl/replset_commands.cpp @@ -73,7 +73,7 @@ namespace repl { const BSONObj& cmdObj) { ActionSet actions; actions.addAction(ActionType::internal); - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), actions)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); } @@ -146,7 +146,7 @@ namespace repl { const BSONObj& cmdObj) { ActionSet actions; actions.addAction(ActionType::replSetGetStatus); - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), actions)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); } @@ -178,7 +178,7 @@ namespace repl { const BSONObj& cmdObj) { ActionSet actions; actions.addAction(ActionType::replSetGetConfig); - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), actions)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); } @@ -286,7 +286,7 @@ namespace { const BSONObj& cmdObj) { ActionSet actions; actions.addAction(ActionType::replSetConfigure); - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), actions)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); } @@ -371,7 +371,7 @@ namespace { const BSONObj& cmdObj) { ActionSet actions; actions.addAction(ActionType::replSetConfigure); - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), actions)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); } @@ -427,7 +427,7 @@ namespace { const BSONObj& cmdObj) { ActionSet actions; actions.addAction(ActionType::replSetStateChange); - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), actions)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); } @@ -459,7 +459,7 @@ namespace { const BSONObj& cmdObj) { ActionSet actions; actions.addAction(ActionType::replSetStateChange); - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), actions)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); } @@ -534,7 +534,7 @@ namespace { const BSONObj& cmdObj) { ActionSet actions; actions.addAction(ActionType::replSetStateChange); - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), actions)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); } @@ -564,7 +564,7 @@ namespace { const BSONObj& cmdObj) { ActionSet actions; actions.addAction(ActionType::replSetStateChange); - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), actions)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); } diff --git a/src/mongo/db/repl/rs_sync.cpp b/src/mongo/db/repl/rs_sync.cpp index 174147fb078..dbb914d6c6e 100644 --- a/src/mongo/db/repl/rs_sync.cpp +++ b/src/mongo/db/repl/rs_sync.cpp @@ -63,7 +63,7 @@ namespace repl { void runSyncThread() { Client::initThread("rsSync"); - cc().getAuthorizationSession()->grantInternalAuthorization(); + AuthorizationSession::get(cc())->grantInternalAuthorization(); ReplicationCoordinator* replCoord = getGlobalReplicationCoordinator(); // Set initial indexPrefetch setting diff --git a/src/mongo/db/repl/sync_tail.cpp b/src/mongo/db/repl/sync_tail.cpp index 00e9d59c75d..fe173e5430d 100644 --- a/src/mongo/db/repl/sync_tail.cpp +++ b/src/mongo/db/repl/sync_tail.cpp @@ -90,7 +90,7 @@ namespace repl { void initializePrefetchThread() { if (!ClientBasic::getCurrent()) { Client::initThreadIfNotAlready(); - cc().getAuthorizationSession()->grantInternalAuthorization(); + AuthorizationSession::get(cc())->grantInternalAuthorization(); } } namespace { @@ -651,7 +651,7 @@ namespace { // Only do this once per thread if (!ClientBasic::getCurrent()) { Client::initThreadIfNotAlready(); - cc().getAuthorizationSession()->grantInternalAuthorization(); + AuthorizationSession::get(cc())->grantInternalAuthorization(); } } diff --git a/src/mongo/db/restapi.cpp b/src/mongo/db/restapi.cpp index 8a1863a56dc..f582bf33a3b 100644 --- a/src/mongo/db/restapi.cpp +++ b/src/mongo/db/restapi.cpp @@ -273,7 +273,7 @@ namespace mongo { } restHandler; bool RestAdminAccess::haveAdminUsers(OperationContext* txn) const { - AuthorizationSession* authzSession = txn->getClient()->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(txn->getClient()); return authzSession->getAuthorizationManager().hasAnyPrivilegeDocuments(txn); } diff --git a/src/mongo/db/server_extra_log_context.cpp b/src/mongo/db/server_extra_log_context.cpp index e269552eb11..82ab6e7b4fd 100644 --- a/src/mongo/db/server_extra_log_context.cpp +++ b/src/mongo/db/server_extra_log_context.cpp @@ -52,11 +52,11 @@ namespace { ClientBasic* clientBasic = ClientBasic::getCurrent(); if (!clientBasic) return; - if (!clientBasic->hasAuthorizationSession()) + if (!AuthorizationSession::exists(clientBasic)) return; UserNameIterator users = - clientBasic->getAuthorizationSession()->getAuthenticatedUserNames(); + AuthorizationSession::get(clientBasic)->getAuthenticatedUserNames(); if (!users.more()) return; diff --git a/src/mongo/db/ttl.cpp b/src/mongo/db/ttl.cpp index d516d9c20ee..eeb17a984a8 100644 --- a/src/mongo/db/ttl.cpp +++ b/src/mongo/db/ttl.cpp @@ -83,7 +83,7 @@ namespace mongo { virtual void run() { Client::initThread( name().c_str() ); - cc().getAuthorizationSession()->grantInternalAuthorization(); + AuthorizationSession::get(cc())->grantInternalAuthorization(); while ( ! inShutdown() ) { sleepsecs( ttlMonitorSleepSecs ); diff --git a/src/mongo/s/client_info.cpp b/src/mongo/s/client_info.cpp index bc7f0a91f15..98db7d326f2 100644 --- a/src/mongo/s/client_info.cpp +++ b/src/mongo/s/client_info.cpp @@ -52,7 +52,8 @@ namespace { ClientInfo * info = tlInfo.get(); massert(16472, "A ClientInfo already exists for this thread", !info); info = new ClientInfo(serviceContext, messagingPort); - info->setAuthorizationSession(getGlobalAuthorizationManager()->makeAuthorizationSession()); + AuthorizationSession::set(info, + getGlobalAuthorizationManager()->makeAuthorizationSession()); tlInfo.reset( info ); return info; } diff --git a/src/mongo/s/commands/cluster_current_op.cpp b/src/mongo/s/commands/cluster_current_op.cpp index 50c5ad4390c..c4de4dcee82 100644 --- a/src/mongo/s/commands/cluster_current_op.cpp +++ b/src/mongo/s/commands/cluster_current_op.cpp @@ -67,7 +67,7 @@ namespace { const BSONObj& cmdObj) final { - bool isAuthorized = client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + bool isAuthorized = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::inprog); diff --git a/src/mongo/s/commands/cluster_enable_sharding_cmd.cpp b/src/mongo/s/commands/cluster_enable_sharding_cmd.cpp index b100d306594..f9fc4e23938 100644 --- a/src/mongo/s/commands/cluster_enable_sharding_cmd.cpp +++ b/src/mongo/s/commands/cluster_enable_sharding_cmd.cpp @@ -74,7 +74,7 @@ namespace { const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forDatabaseName( parseNs(dbname, cmdObj)), ActionType::enableSharding)) { diff --git a/src/mongo/s/commands/cluster_find_cmd.cpp b/src/mongo/s/commands/cluster_find_cmd.cpp index d6fe443c252..e1ddbf568ec 100644 --- a/src/mongo/s/commands/cluster_find_cmd.cpp +++ b/src/mongo/s/commands/cluster_find_cmd.cpp @@ -72,7 +72,7 @@ namespace mongo { const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); ResourcePattern pattern = parseResourcePattern(dbname, cmdObj); if (authzSession->isAuthorizedForActionsOnResource(pattern, ActionType::find)) { diff --git a/src/mongo/s/commands/cluster_get_shard_version_cmd.cpp b/src/mongo/s/commands/cluster_get_shard_version_cmd.cpp index 04cff5e0b80..1f7d9567a31 100644 --- a/src/mongo/s/commands/cluster_get_shard_version_cmd.cpp +++ b/src/mongo/s/commands/cluster_get_shard_version_cmd.cpp @@ -70,7 +70,7 @@ namespace { const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace( NamespaceString(parseNs(dbname, cmdObj))), diff --git a/src/mongo/s/commands/cluster_index_filter_cmd.cpp b/src/mongo/s/commands/cluster_index_filter_cmd.cpp index c66e2802db9..f39ca1bfd7b 100644 --- a/src/mongo/s/commands/cluster_index_filter_cmd.cpp +++ b/src/mongo/s/commands/cluster_index_filter_cmd.cpp @@ -72,7 +72,7 @@ namespace mongo { Status checkAuthForCommand( ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj ) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); ResourcePattern pattern = parseResourcePattern(dbname, cmdObj); if (authzSession->isAuthorizedForActionsOnResource(pattern, diff --git a/src/mongo/s/commands/cluster_kill_op.cpp b/src/mongo/s/commands/cluster_kill_op.cpp index d5199c3a432..c782d4a8811 100644 --- a/src/mongo/s/commands/cluster_kill_op.cpp +++ b/src/mongo/s/commands/cluster_kill_op.cpp @@ -62,7 +62,7 @@ namespace { const std::string& dbname, const BSONObj& cmdObj) final { - bool isAuthorized = client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + bool isAuthorized = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forClusterResource(), ActionType::killop); return isAuthorized ? Status::OK() : Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/s/commands/cluster_merge_chunks_cmd.cpp b/src/mongo/s/commands/cluster_merge_chunks_cmd.cpp index 64c764a57f5..b7e1ae63723 100644 --- a/src/mongo/s/commands/cluster_merge_chunks_cmd.cpp +++ b/src/mongo/s/commands/cluster_merge_chunks_cmd.cpp @@ -67,7 +67,7 @@ namespace { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))), ActionType::splitChunk)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/s/commands/cluster_move_chunk_cmd.cpp b/src/mongo/s/commands/cluster_move_chunk_cmd.cpp index 4ccac602f46..f904c9f1ebf 100644 --- a/src/mongo/s/commands/cluster_move_chunk_cmd.cpp +++ b/src/mongo/s/commands/cluster_move_chunk_cmd.cpp @@ -84,7 +84,7 @@ namespace { const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace( NamespaceString(parseNs(dbname, cmdObj))), diff --git a/src/mongo/s/commands/cluster_move_primary_cmd.cpp b/src/mongo/s/commands/cluster_move_primary_cmd.cpp index 6e9504ef768..ef050861532 100644 --- a/src/mongo/s/commands/cluster_move_primary_cmd.cpp +++ b/src/mongo/s/commands/cluster_move_primary_cmd.cpp @@ -79,7 +79,7 @@ namespace { const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forDatabaseName( parseNs(dbname, cmdObj)), ActionType::moveChunk)) { diff --git a/src/mongo/s/commands/cluster_plan_cache_cmd.cpp b/src/mongo/s/commands/cluster_plan_cache_cmd.cpp index bd22961aa71..e6d1c75d5fe 100644 --- a/src/mongo/s/commands/cluster_plan_cache_cmd.cpp +++ b/src/mongo/s/commands/cluster_plan_cache_cmd.cpp @@ -72,7 +72,7 @@ namespace mongo { Status checkAuthForCommand( ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj ) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); ResourcePattern pattern = parseResourcePattern(dbname, cmdObj); if (authzSession->isAuthorizedForActionsOnResource(pattern, _actionType)) { diff --git a/src/mongo/s/commands/cluster_shard_collection_cmd.cpp b/src/mongo/s/commands/cluster_shard_collection_cmd.cpp index 61d00764223..5adb6974e68 100644 --- a/src/mongo/s/commands/cluster_shard_collection_cmd.cpp +++ b/src/mongo/s/commands/cluster_shard_collection_cmd.cpp @@ -88,7 +88,7 @@ namespace { const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace( NamespaceString(parseNs(dbname, cmdObj))), diff --git a/src/mongo/s/commands/cluster_split_collection_cmd.cpp b/src/mongo/s/commands/cluster_split_collection_cmd.cpp index f3663510c29..9b613a5fe7e 100644 --- a/src/mongo/s/commands/cluster_split_collection_cmd.cpp +++ b/src/mongo/s/commands/cluster_split_collection_cmd.cpp @@ -83,7 +83,7 @@ namespace { const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace( NamespaceString(parseNs(dbname, cmdObj))), diff --git a/src/mongo/s/commands/cluster_write_cmd.cpp b/src/mongo/s/commands/cluster_write_cmd.cpp index d66673f5eea..2985debc4a7 100644 --- a/src/mongo/s/commands/cluster_write_cmd.cpp +++ b/src/mongo/s/commands/cluster_write_cmd.cpp @@ -77,7 +77,7 @@ namespace { const std::string& dbname, const BSONObj& cmdObj) { - Status status = auth::checkAuthForWriteCommand(client->getAuthorizationSession(), + Status status = auth::checkAuthForWriteCommand(AuthorizationSession::get(client), _writeType, NamespaceString(parseNs(dbname, cmdObj)), diff --git a/src/mongo/s/commands_public.cpp b/src/mongo/s/commands_public.cpp index 6f11511073d..8486b3cccf0 100644 --- a/src/mongo/s/commands_public.cpp +++ b/src/mongo/s/commands_public.cpp @@ -534,7 +534,7 @@ namespace { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); if (cmdObj["capped"].trueValue()) { if (!authzSession->isAuthorizedForActionsOnResource( parseResourcePattern(dbname, cmdObj), ActionType::convertToCapped)) { @@ -1191,7 +1191,7 @@ namespace { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))), ActionType::splitVector)) { @@ -2449,7 +2449,7 @@ namespace { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - AuthorizationSession* authzSession = client->getAuthorizationSession(); + AuthorizationSession* authzSession = AuthorizationSession::get(client); // Check for the listCollections ActionType on the database // or find on system.namespaces for pre 3.0 systems. diff --git a/src/mongo/s/cursors.cpp b/src/mongo/s/cursors.cpp index 10c518d0ecc..241299c80b0 100644 --- a/src/mongo/s/cursors.cpp +++ b/src/mongo/s/cursors.cpp @@ -383,7 +383,7 @@ namespace mongo { ConstDataCursor cursors(dbmessage.getArray(n)); ClientBasic* client = ClientBasic::getCurrent(); - AuthorizationSession* authSession = client->getAuthorizationSession(); + AuthorizationSession* authSession = AuthorizationSession::get(client); for ( int i=0; i<n; i++ ) { long long id = cursors.readAndAdvance<LittleEndian<int64_t>>(); LOG(_myLogLevel) << "CursorCache::gotKillCursors id: " << id << endl; diff --git a/src/mongo/s/d_migrate.cpp b/src/mongo/s/d_migrate.cpp index 8d6945f48a2..d074a1adfb0 100644 --- a/src/mongo/s/d_migrate.cpp +++ b/src/mongo/s/d_migrate.cpp @@ -998,7 +998,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))), ActionType::moveChunk)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); @@ -2653,7 +2653,7 @@ namespace mongo { OperationContextImpl txn; if (getGlobalAuthorizationManager()->isAuthEnabled()) { ShardedConnectionInfo::addHook(); - txn.getClient()->getAuthorizationSession()->grantInternalAuthorization(); + AuthorizationSession::get(txn.getClient())->grantInternalAuthorization(); } // Make curop active so this will show up in currOp. diff --git a/src/mongo/s/d_split.cpp b/src/mongo/s/d_split.cpp index f54e4188286..43f6a44436d 100644 --- a/src/mongo/s/d_split.cpp +++ b/src/mongo/s/d_split.cpp @@ -245,7 +245,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))), ActionType::splitVector)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); @@ -511,7 +511,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))), ActionType::splitChunk)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/s/d_state.cpp b/src/mongo/s/d_state.cpp index 14f1ad76c9a..626881edafc 100644 --- a/src/mongo/s/d_state.cpp +++ b/src/mongo/s/d_state.cpp @@ -1229,7 +1229,7 @@ namespace mongo { virtual Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { - if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource( + if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(NamespaceString(parseNs(dbname, cmdObj))), ActionType::getShardVersion)) { return Status(ErrorCodes::Unauthorized, "Unauthorized"); diff --git a/src/mongo/s/request.cpp b/src/mongo/s/request.cpp index c189055c747..a629478a366 100644 --- a/src/mongo/s/request.cpp +++ b/src/mongo/s/request.cpp @@ -81,7 +81,7 @@ namespace mongo { nss.isValid()); } - _clientInfo->getAuthorizationSession()->startRequest(NULL); + AuthorizationSession::get(_clientInfo)->startRequest(NULL); _didInit = true; } diff --git a/src/mongo/s/s_only.cpp b/src/mongo/s/s_only.cpp index 8267f63e19b..be5f6bdfc53 100644 --- a/src/mongo/s/s_only.cpp +++ b/src/mongo/s/s_only.cpp @@ -84,7 +84,7 @@ namespace mongo { Client *c = new Client( fullDesc, getGlobalServiceContext(), mp ); currentClient.reset(c); mongo::lastError.initThread(); - c->setAuthorizationSession(getGlobalAuthorizationManager()->makeAuthorizationSession()); + AuthorizationSession::set(c, getGlobalAuthorizationManager()->makeAuthorizationSession()); } string Client::clientAddress(bool includePort) const { diff --git a/src/mongo/s/strategy.cpp b/src/mongo/s/strategy.cpp index 769be5ceeca..f0d46b5fa44 100644 --- a/src/mongo/s/strategy.cpp +++ b/src/mongo/s/strategy.cpp @@ -151,7 +151,7 @@ namespace mongo { NamespaceString ns(q.ns); ClientBasic* client = ClientBasic::getCurrent(); - AuthorizationSession* authSession = client->getAuthorizationSession(); + AuthorizationSession* authSession = AuthorizationSession::get(client); Status status = authSession->checkAuthForQuery(ns, q.query); audit::logQueryAuthzCheck(client, ns, q.query, status.code()); uassertStatusOK(status); @@ -579,7 +579,7 @@ namespace mongo { ClientBasic* client = ClientBasic::getCurrent(); NamespaceString nsString(ns); - AuthorizationSession* authSession = client->getAuthorizationSession(); + AuthorizationSession* authSession = AuthorizationSession::get(client); Status status = authSession->checkAuthForGetMore( nsString, id ); audit::logGetMoreAuthzCheck( client, nsString, id, status.code() ); uassertStatusOK(status); |