diff options
Diffstat (limited to 'src/mongo/db/auth/auth_decorations.cpp')
-rw-r--r-- | src/mongo/db/auth/auth_decorations.cpp | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/src/mongo/db/auth/auth_decorations.cpp b/src/mongo/db/auth/auth_decorations.cpp index 9dc6ccf868e..c4eb1af64af 100644 --- a/src/mongo/db/auth/auth_decorations.cpp +++ b/src/mongo/db/auth/auth_decorations.cpp @@ -34,6 +34,7 @@ #include "mongo/db/auth/authorization_manager.h" #include "mongo/db/auth/authorization_session.h" +#include "mongo/db/auth/cluster_auth_mode.h" #include "mongo/db/auth/sasl_options.h" #include "mongo/db/client.h" #include "mongo/db/commands/authentication_commands.h" @@ -56,6 +57,9 @@ struct DisabledAuthMechanisms { const auto getDisabledAuthMechanisms = ServiceContext::declareDecoration<DisabledAuthMechanisms>(); +const auto getClusterAuthMode = + ServiceContext::declareDecoration<synchronized_value<ClusterAuthMode>>(); + class AuthzClientObserver final : public ServiceContext::ClientObserver { public: void onCreateClient(Client* client) override { @@ -133,6 +137,21 @@ void AuthorizationSession::set(Client* client, authzSession = std::move(authorizationSession); } +ClusterAuthMode ClusterAuthMode::get(ServiceContext* svcCtx) { + return getClusterAuthMode(svcCtx).get(); +} + +ClusterAuthMode ClusterAuthMode::set(ServiceContext* svcCtx, const ClusterAuthMode& mode) { + auto sv = getClusterAuthMode(svcCtx).synchronize(); + if (!sv->canTransitionTo(mode)) { + uasserted(5579202, + fmt::format("Illegal state transition for clusterAuthMode from '{}' to '{}'", + sv->toString(), + mode.toString())); + } + return std::exchange(*sv, mode); +} + void disableX509Auth(ServiceContext* svcCtx) { getDisabledAuthMechanisms(svcCtx).x509 = true; } |