diff options
| -rw-r--r-- | src/mongo/db/dbwebserver.cpp | 18 | ||||
| -rw-r--r-- | src/mongo/db/restapi.cpp | 14 | ||||
| -rw-r--r-- | src/mongo/db/restapi.h | 1 | ||||
| -rw-r--r-- | src/mongo/util/admin_access.h | 6 |
4 files changed, 15 insertions, 24 deletions
diff --git a/src/mongo/db/dbwebserver.cpp b/src/mongo/db/dbwebserver.cpp index 2c6311d463a..d4598fed49e 100644 --- a/src/mongo/db/dbwebserver.cpp +++ b/src/mongo/db/dbwebserver.cpp @@ -32,6 +32,7 @@ #include "mongo/db/auth/authorization_session.h" #include "mongo/db/auth/privilege.h" #include "mongo/db/auth/user_name.h" +#include "mongo/db/auth/user.h" #include "mongo/db/background.h" #include "mongo/db/cmdline.h" #include "mongo/db/commands.h" @@ -109,9 +110,20 @@ namespace mongo { // Only users in the admin DB are visible by the webserver UserName userName(parms["username"], "admin"); - BSONObj user = _webUsers->getAdminUser(userName); - if ( ! user.isEmpty() ) { - string ha1 = user["pwd"].str(); + User* user; + AuthorizationManager& authzManager = + cc().getAuthorizationSession()->getAuthorizationManager(); + Status status = authzManager.acquireUser(userName, &user); + if (!status.isOK()) { + if (status.code() != ErrorCodes::UserNotFound) { + uasserted(17051, status.reason()); + } + } else { + uassert(17090, + "External users don't have a password", + !user->getCredentials().isExternal); + string ha1 = user->getCredentials().password; + authzManager.releaseUser(user); string ha2 = md5simpledigest( (string)"GET" + ":" + parms["uri"] ); stringstream r; diff --git a/src/mongo/db/restapi.cpp b/src/mongo/db/restapi.cpp index 871456fc051..030af12050e 100644 --- a/src/mongo/db/restapi.cpp +++ b/src/mongo/db/restapi.cpp @@ -253,20 +253,6 @@ namespace mongo { return authzSession->getAuthorizationManager().hasAnyPrivilegeDocuments(); } - BSONObj RestAdminAccess::getAdminUser(const UserName& username) const { - AuthorizationSession* authzSession = cc().getAuthorizationSession(); - BSONObj user; - Status status = authzSession->getAuthorizationManager().getPrivilegeDocument(username, - &user); - if (status.isOK()) { - return user; - } - if (status.code() == ErrorCodes::UserNotFound) { - return BSONObj(); - } - uasserted(17051, status.reason()); - } - class LowLevelMongodStatus : public WebStatusPlugin { public: LowLevelMongodStatus() : WebStatusPlugin( "overview" , 5 , "(only reported if can acquire read lock quickly)" ) {} diff --git a/src/mongo/db/restapi.h b/src/mongo/db/restapi.h index 43eceb93c3c..a8c24c80b8a 100644 --- a/src/mongo/db/restapi.h +++ b/src/mongo/db/restapi.h @@ -32,7 +32,6 @@ namespace mongo { virtual ~RestAdminAccess() { } virtual bool haveAdminUsers() const; - virtual BSONObj getAdminUser(const UserName& username) const; }; } // namespace mongo diff --git a/src/mongo/util/admin_access.h b/src/mongo/util/admin_access.h index 9b986591bd3..cd58bbdaa0a 100644 --- a/src/mongo/util/admin_access.h +++ b/src/mongo/util/admin_access.h @@ -49,11 +49,6 @@ namespace mongo { * block for long and throw if can't get a lock if needed. */ virtual bool haveAdminUsers() const = 0; - - /** @return privileged user with this name. This should not block - * for long and throw if can't get a lock if needed - */ - virtual BSONObj getAdminUser(const UserName& username) const = 0; }; class NoAdminAccess : public AdminAccess { @@ -61,7 +56,6 @@ namespace mongo { virtual ~NoAdminAccess() { } virtual bool haveAdminUsers() const { return false; } - virtual BSONObj getAdminUser(const UserName& username) const { return BSONObj(); } }; } // namespace mongo |