diff options
author | Mark Benvenuto <mark.benvenuto@mongodb.com> | 2019-01-24 15:03:48 -0500 |
---|---|---|
committer | Mark Benvenuto <mark.benvenuto@mongodb.com> | 2019-01-24 15:03:48 -0500 |
commit | b86d86d24446628271259e6402baef3069b18064 (patch) | |
tree | 8aab62e7eb7f1ef6133f26a3d56eb79031d8b708 /src | |
parent | fe87aca985ad0f4371ab976bd6815185dae9bd8c (diff) | |
download | mongo-b86d86d24446628271259e6402baef3069b18064.tar.gz |
SERVER-39130 Split up initialize_server_global_state.cpp
Diffstat (limited to 'src')
-rw-r--r-- | src/mongo/db/SConscript | 26 | ||||
-rw-r--r-- | src/mongo/db/db.cpp | 4 | ||||
-rw-r--r-- | src/mongo/db/initialize_server_global_state.cpp | 35 | ||||
-rw-r--r-- | src/mongo/db/initialize_server_security_state.cpp | 77 | ||||
-rw-r--r-- | src/mongo/db/initialize_server_security_state.h | 41 | ||||
-rw-r--r-- | src/mongo/s/server.cpp | 4 |
6 files changed, 145 insertions, 42 deletions
diff --git a/src/mongo/db/SConscript b/src/mongo/db/SConscript index b3c8b2ab9a4..ddf8010f61c 100644 --- a/src/mongo/db/SConscript +++ b/src/mongo/db/SConscript @@ -438,20 +438,32 @@ env.CppUnitTest( env.Library( target="mongodandmongos", source=[ - "initialize_server_global_state.cpp", - "server_options_init.cpp", + "initialize_server_security_state.cpp", ], LIBDEPS=[ - "$BUILD_DIR/mongo/client/clientdriver_network", + "serverinit", + ], + LIBDEPS_PRIVATE=[ + "$BUILD_DIR/mongo/client/authentication", "$BUILD_DIR/mongo/db/auth/auth", - "$BUILD_DIR/mongo/rpc/rpc", + "$BUILD_DIR/mongo/db/auth/security_key", "$BUILD_DIR/mongo/rpc/metadata", - "$BUILD_DIR/mongo/util/processinfo", - "$BUILD_DIR/mongo/util/signal_handlers", + "$BUILD_DIR/mongo/rpc/rpc", + "$BUILD_DIR/mongo/util/net/ssl_manager", "auth/authorization_manager_global", + "serverinit", + ], +) + +env.Library( + target="serverinit", + source=[ + "initialize_server_global_state.cpp", + "server_options_init.cpp", ], LIBDEPS_PRIVATE=[ - "$BUILD_DIR/mongo/db/auth/security_key", + "$BUILD_DIR/mongo/util/processinfo", + "$BUILD_DIR/mongo/util/signal_handlers", ], ) diff --git a/src/mongo/db/db.cpp b/src/mongo/db/db.cpp index 202cce5e6a4..07b54f4ab9b 100644 --- a/src/mongo/db/db.cpp +++ b/src/mongo/db/db.cpp @@ -79,6 +79,7 @@ #include "mongo/db/index_names.h" #include "mongo/db/index_rebuilder.h" #include "mongo/db/initialize_server_global_state.h" +#include "mongo/db/initialize_server_security_state.h" #include "mongo/db/initialize_snmp.h" #include "mongo/db/introspect.h" #include "mongo/db/json.h" @@ -1054,6 +1055,9 @@ int mongoDbMain(int argc, char* argv[], char** envp) { if (!initializeServerGlobalState(service)) quickExit(EXIT_FAILURE); + if (!initializeServerSecurityGlobalState(service)) + quickExit(EXIT_FAILURE); + // Per SERVER-7434, startSignalProcessingThread must run after any forks (i.e. // initializeServerGlobalState) and before the creation of any other threads startSignalProcessingThread(); diff --git a/src/mongo/db/initialize_server_global_state.cpp b/src/mongo/db/initialize_server_global_state.cpp index 1c40b0c3a6a..968c0214b07 100644 --- a/src/mongo/db/initialize_server_global_state.cpp +++ b/src/mongo/db/initialize_server_global_state.cpp @@ -41,17 +41,12 @@ #ifndef _WIN32 #include <sys/stat.h> -#include <sys/types.h> #include <sys/wait.h> #include <syslog.h> #endif #include "mongo/base/init.h" -#include "mongo/client/authenticate.h" #include "mongo/config.h" -#include "mongo/db/auth/authorization_manager.h" -#include "mongo/db/auth/sasl_command_constants.h" -#include "mongo/db/auth/security_key.h" #include "mongo/db/server_options.h" #include "mongo/db/server_parameters.h" #include "mongo/logger/console_appender.h" @@ -66,7 +61,6 @@ #include "mongo/platform/process_id.h" #include "mongo/util/log.h" #include "mongo/util/mongoutils/str.h" -#include "mongo/util/net/ssl_manager.h" #include "mongo/util/processinfo.h" #include "mongo/util/quick_exit.h" #include "mongo/util/signal_handlers_synchronous.h" @@ -388,35 +382,6 @@ bool initializeServerGlobalState(ServiceContext* service) { } } - int clusterAuthMode = serverGlobalParams.clusterAuthMode.load(); - if (!serverGlobalParams.keyFile.empty() && - clusterAuthMode != ServerGlobalParams::ClusterAuthMode_x509) { - if (!setUpSecurityKey(serverGlobalParams.keyFile)) { - // error message printed in setUpPrivateKey - return false; - } - } - - // Auto-enable auth unless we are in mixed auth/no-auth or clusterAuthMode was not provided. - // clusterAuthMode defaults to "keyFile" if a --keyFile parameter is provided. - if (clusterAuthMode != ServerGlobalParams::ClusterAuthMode_undefined && - !serverGlobalParams.transitionToAuth) { - AuthorizationManager::get(service)->setAuthEnabled(true); - } - -#ifdef MONGO_CONFIG_SSL - if (clusterAuthMode == ServerGlobalParams::ClusterAuthMode_x509 || - clusterAuthMode == ServerGlobalParams::ClusterAuthMode_sendX509) { - auth::setInternalUserAuthParams( - BSON(saslCommandMechanismFieldName - << "MONGODB-X509" - << saslCommandUserDBFieldName - << "$external" - << saslCommandUserFieldName - << getSSLManager()->getSSLConfiguration().clientSubjectName.toString())); - } -#endif - return true; } diff --git a/src/mongo/db/initialize_server_security_state.cpp b/src/mongo/db/initialize_server_security_state.cpp new file mode 100644 index 00000000000..b5d660869c4 --- /dev/null +++ b/src/mongo/db/initialize_server_security_state.cpp @@ -0,0 +1,77 @@ +/** + * Copyright (C) 2018-present MongoDB, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the Server Side Public License, version 1, + * as published by MongoDB, Inc. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * Server Side Public License for more details. + * + * You should have received a copy of the Server Side Public License + * along with this program. If not, see + * <http://www.mongodb.com/licensing/server-side-public-license>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the Server Side Public License in all respects for + * all of the code used other than as permitted herein. If you modify file(s) + * with this exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do so, + * delete this exception statement from your version. If you delete this + * exception statement from all source files in the program, then also delete + * it in the license file. + */ + +#include "mongo/platform/basic.h" + +#include "mongo/db/initialize_server_global_state.h" + +#include "mongo/client/authenticate.h" +#include "mongo/config.h" +#include "mongo/db/auth/authorization_manager.h" +#include "mongo/db/auth/sasl_command_constants.h" +#include "mongo/db/auth/security_key.h" +#include "mongo/db/server_options.h" +#include "mongo/util/net/ssl_manager.h" + +namespace mongo { + +bool initializeServerSecurityGlobalState(ServiceContext* service) { + + int clusterAuthMode = serverGlobalParams.clusterAuthMode.load(); + if (!serverGlobalParams.keyFile.empty() && + clusterAuthMode != ServerGlobalParams::ClusterAuthMode_x509) { + if (!setUpSecurityKey(serverGlobalParams.keyFile)) { + // error message printed in setUpPrivateKey + return false; + } + } + + // Auto-enable auth unless we are in mixed auth/no-auth or clusterAuthMode was not provided. + // clusterAuthMode defaults to "keyFile" if a --keyFile parameter is provided. + if (clusterAuthMode != ServerGlobalParams::ClusterAuthMode_undefined && + !serverGlobalParams.transitionToAuth) { + AuthorizationManager::get(service)->setAuthEnabled(true); + } + +#ifdef MONGO_CONFIG_SSL + if (clusterAuthMode == ServerGlobalParams::ClusterAuthMode_x509 || + clusterAuthMode == ServerGlobalParams::ClusterAuthMode_sendX509) { + auth::setInternalUserAuthParams( + BSON(saslCommandMechanismFieldName + << "MONGODB-X509" + << saslCommandUserDBFieldName + << "$external" + << saslCommandUserFieldName + << getSSLManager()->getSSLConfiguration().clientSubjectName.toString())); + } +#endif + + return true; +} +} // namespace mongo diff --git a/src/mongo/db/initialize_server_security_state.h b/src/mongo/db/initialize_server_security_state.h new file mode 100644 index 00000000000..d6c4d18b08e --- /dev/null +++ b/src/mongo/db/initialize_server_security_state.h @@ -0,0 +1,41 @@ +/** + * Copyright (C) 2018-present MongoDB, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the Server Side Public License, version 1, + * as published by MongoDB, Inc. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * Server Side Public License for more details. + * + * You should have received a copy of the Server Side Public License + * along with this program. If not, see + * <http://www.mongodb.com/licensing/server-side-public-license>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the Server Side Public License in all respects for + * all of the code used other than as permitted herein. If you modify file(s) + * with this exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do so, + * delete this exception statement from your version. If you delete this + * exception statement from all source files in the program, then also delete + * it in the license file. + */ + +#pragma once + +namespace mongo { + +class ServiceContext; + +/** + * Perform security initialization activity for mongod and mongos. + */ +bool initializeServerSecurityGlobalState(ServiceContext* service); + +} // namespace mongo diff --git a/src/mongo/s/server.cpp b/src/mongo/s/server.cpp index 5558bed206b..0b79526e63c 100644 --- a/src/mongo/s/server.cpp +++ b/src/mongo/s/server.cpp @@ -51,6 +51,7 @@ #include "mongo/db/client.h" #include "mongo/db/ftdc/ftdc_mongos.h" #include "mongo/db/initialize_server_global_state.h" +#include "mongo/db/initialize_server_security_state.h" #include "mongo/db/kill_sessions.h" #include "mongo/db/lasterror.h" #include "mongo/db/log_process_details.h" @@ -601,6 +602,9 @@ ExitCode mongoSMain(int argc, char* argv[], char** envp) { if (!initializeServerGlobalState(service)) return EXIT_ABRUPT; + if (!initializeServerSecurityGlobalState(service)) + quickExit(EXIT_FAILURE); + startSignalProcessingThread(); return main(service); |