diff options
-rw-r--r-- | src/mongo/db/auth/sasl_authentication_session_test.cpp | 2 | ||||
-rw-r--r-- | src/mongo/db/auth/sasl_mechanism_registry.cpp | 7 | ||||
-rw-r--r-- | src/mongo/db/auth/sasl_mechanism_registry.h | 13 | ||||
-rw-r--r-- | src/mongo/db/auth/sasl_mechanism_registry_test.cpp | 15 | ||||
-rw-r--r-- | src/mongo/db/auth/sasl_plain_server_conversation.h | 1 | ||||
-rw-r--r-- | src/mongo/db/auth/sasl_scram_server_conversation.h | 1 |
6 files changed, 30 insertions, 9 deletions
diff --git a/src/mongo/db/auth/sasl_authentication_session_test.cpp b/src/mongo/db/auth/sasl_authentication_session_test.cpp index e849832d6ff..39ead833986 100644 --- a/src/mongo/db/auth/sasl_authentication_session_test.cpp +++ b/src/mongo/db/auth/sasl_authentication_session_test.cpp @@ -95,7 +95,7 @@ SaslConversation::SaslConversation(std::string mech) std::unique_ptr<AuthzManagerExternalState>(authManagerExternalState), AuthorizationManagerImpl::InstallMockForTestingOrAuthImpl{})), authSession(authManager->makeAuthorizationSession()), - registry({"SCRAM-SHA-1", "SCRAM-SHA-256", "PLAIN"}), + registry(opCtx->getServiceContext(), {"SCRAM-SHA-1", "SCRAM-SHA-256", "PLAIN"}), mechanism(mech) { AuthorizationManager::set(getServiceContext(), diff --git a/src/mongo/db/auth/sasl_mechanism_registry.cpp b/src/mongo/db/auth/sasl_mechanism_registry.cpp index bfe479143d3..741dde39126 100644 --- a/src/mongo/db/auth/sasl_mechanism_registry.cpp +++ b/src/mongo/db/auth/sasl_mechanism_registry.cpp @@ -59,8 +59,9 @@ void SASLServerMechanismRegistry::set(ServiceContext* service, getSASLServerMechanismRegistry(service) = std::move(registry); } -SASLServerMechanismRegistry::SASLServerMechanismRegistry(std::vector<std::string> enabledMechanisms) - : _enabledMechanisms(std::move(enabledMechanisms)) {} +SASLServerMechanismRegistry::SASLServerMechanismRegistry(ServiceContext* svcCtx, + std::vector<std::string> enabledMechanisms) + : _svcCtx(svcCtx), _enabledMechanisms(std::move(enabledMechanisms)) {} void SASLServerMechanismRegistry::setEnabledMechanisms(std::vector<std::string> enabledMechanisms) { _enabledMechanisms = std::move(enabledMechanisms); @@ -149,7 +150,7 @@ ServiceContext::ConstructorActionRegisterer SASLServerMechanismRegistryInitializ "CreateSASLServerMechanismRegistry", {"EndStartupOptionStorage"}, [](ServiceContext* service) { SASLServerMechanismRegistry::set(service, std::make_unique<SASLServerMechanismRegistry>( - saslGlobalParams.authenticationMechanisms)); + service, saslGlobalParams.authenticationMechanisms)); }}; } // namespace diff --git a/src/mongo/db/auth/sasl_mechanism_registry.h b/src/mongo/db/auth/sasl_mechanism_registry.h index d9366eaaf59..960a93b2db5 100644 --- a/src/mongo/db/auth/sasl_mechanism_registry.h +++ b/src/mongo/db/auth/sasl_mechanism_registry.h @@ -209,6 +209,9 @@ protected: /** Base class for server mechanism factories. */ class ServerFactoryBase : public SaslServerCommonBase { public: + explicit ServerFactoryBase(ServiceContext*) {} + ServerFactoryBase() = default; + /** * Returns if the factory is capable of producing a server mechanism object which could * authenticate the provided user. @@ -266,6 +269,9 @@ public: using mechanism_type = ServerMechanism; using policy_type = typename ServerMechanism::policy_type; + explicit MakeServerFactory(ServiceContext*) {} + MakeServerFactory() = default; + virtual ServerMechanism* createImpl(std::string authenticationDatabase) override { return new ServerMechanism(std::move(authenticationDatabase)); } @@ -301,7 +307,8 @@ public: /** * Intialize the registry with a list of enabled mechanisms. */ - explicit SASLServerMechanismRegistry(std::vector<std::string> enabledMechanisms); + explicit SASLServerMechanismRegistry(ServiceContext* svcCtx, + std::vector<std::string> enabledMechanisms); /** * Sets a new list of enabled mechanisms - used in testing. @@ -349,7 +356,7 @@ public: } auto& list = _getMapRef(T::isInternal); - list.emplace_back(std::make_unique<T>()); + list.emplace_back(std::make_unique<T>(_svcCtx)); std::stable_sort(list.begin(), list.end(), [](const auto& a, const auto& b) { return (a->securityLevel() > b->securityLevel()); }); @@ -373,6 +380,8 @@ private: bool _mechanismSupportedByConfig(StringData mechName) const; + ServiceContext* _svcCtx = nullptr; + // Stores factories which make mechanisms for all databases other than $external MechList _internalMechs; // Stores factories which make mechanisms exclusively for $external diff --git a/src/mongo/db/auth/sasl_mechanism_registry_test.cpp b/src/mongo/db/auth/sasl_mechanism_registry_test.cpp index b16df4ec3f8..2b81bb86bc7 100644 --- a/src/mongo/db/auth/sasl_mechanism_registry_test.cpp +++ b/src/mongo/db/auth/sasl_mechanism_registry_test.cpp @@ -79,6 +79,7 @@ protected: template <typename Policy, bool argIsInternal> class BaseMockMechanismFactory : public MakeServerFactory<Policy> { public: + using MakeServerFactory<Policy>::MakeServerFactory; static constexpr bool isInternal = argIsInternal; bool canMakeMechanismForUser(const User* user) const final { return true; @@ -111,7 +112,10 @@ public: }; template <bool argIsInternal> -class FooMechanismFactory : public BaseMockMechanismFactory<FooMechanism, argIsInternal> {}; +class FooMechanismFactory : public BaseMockMechanismFactory<FooMechanism, argIsInternal> { +public: + using BaseMockMechanismFactory<FooMechanism, argIsInternal>::BaseMockMechanismFactory; +}; // Policy for a hypothetical "BAR" SASL mechanism. struct BarPolicy { @@ -138,7 +142,10 @@ public: }; template <bool argIsInternal> -class BarMechanismFactory : public BaseMockMechanismFactory<BarMechanism, argIsInternal> {}; +class BarMechanismFactory : public BaseMockMechanismFactory<BarMechanism, argIsInternal> { +public: + using BaseMockMechanismFactory<BarMechanism, argIsInternal>::BaseMockMechanismFactory; +}; // Policy for a hypothetical "InternalAuth" SASL mechanism. struct InternalAuthPolicy { @@ -165,6 +172,8 @@ public: }; class InternalAuthMechanismFactory : public BaseMockMechanismFactory<InternalAuthMechanism, true> { +public: + using BaseMockMechanismFactory<InternalAuthMechanism, true>::BaseMockMechanismFactory; }; class MechanismRegistryTest : public ServiceContextTest { @@ -176,7 +185,7 @@ public: std::unique_ptr<AuthzManagerExternalStateMock>(authManagerExternalState), AuthorizationManagerImpl::InstallMockForTestingOrAuthImpl{})), // By default the registry is initialized with all mechanisms enabled. - registry({"FOO", "BAR", "InternalAuth"}) { + registry(opCtx->getServiceContext(), {"FOO", "BAR", "InternalAuth"}) { AuthorizationManager::set(getServiceContext(), std::unique_ptr<AuthorizationManager>(authManager)); diff --git a/src/mongo/db/auth/sasl_plain_server_conversation.h b/src/mongo/db/auth/sasl_plain_server_conversation.h index d3c6af215ce..6902bae0106 100644 --- a/src/mongo/db/auth/sasl_plain_server_conversation.h +++ b/src/mongo/db/auth/sasl_plain_server_conversation.h @@ -46,6 +46,7 @@ private: class PLAINServerFactory : public MakeServerFactory<SASLPlainServerMechanism> { public: + using MakeServerFactory<SASLPlainServerMechanism>::MakeServerFactory; static constexpr bool isInternal = true; bool canMakeMechanismForUser(const User* user) const final { auto credentials = user->getCredentials(); diff --git a/src/mongo/db/auth/sasl_scram_server_conversation.h b/src/mongo/db/auth/sasl_scram_server_conversation.h index 29884d4db79..68b21da2d3d 100644 --- a/src/mongo/db/auth/sasl_scram_server_conversation.h +++ b/src/mongo/db/auth/sasl_scram_server_conversation.h @@ -96,6 +96,7 @@ extern template class SaslSCRAMServerMechanism<SCRAMSHA256Policy>; template <typename ScramMechanism> class SCRAMServerFactory : public MakeServerFactory<ScramMechanism> { public: + using MakeServerFactory<ScramMechanism>::MakeServerFactory; static constexpr bool isInternal = true; bool canMakeMechanismForUser(const User* user) const final { auto credentials = user->getCredentials(); |