diff options
Diffstat (limited to 'src/mongo/db/auth')
| -rw-r--r-- | src/mongo/db/auth/SConscript | 56 | ||||
| -rw-r--r-- | src/mongo/db/auth/auth_decorations.cpp | 12 | ||||
| -rw-r--r-- | src/mongo/db/auth/authorization_manager_global.cpp | 17 | ||||
| -rw-r--r-- | src/mongo/db/auth/authorization_manager_test.cpp | 82 | ||||
| -rw-r--r-- | src/mongo/db/auth/authorization_session_test.cpp | 8 | ||||
| -rw-r--r-- | src/mongo/db/auth/sasl_authentication_session_test.cpp | 14 | ||||
| -rw-r--r-- | src/mongo/db/auth/sasl_mechanism_registry.cpp | 24 | ||||
| -rw-r--r-- | src/mongo/db/auth/sasl_mechanism_registry.h | 15 | ||||
| -rw-r--r-- | src/mongo/db/auth/sasl_mechanism_registry_test.cpp | 13 | ||||
| -rw-r--r-- | src/mongo/db/auth/sasl_options.cpp | 6 | ||||
| -rw-r--r-- | src/mongo/db/auth/sasl_plain_server_conversation.cpp | 11 | ||||
| -rw-r--r-- | src/mongo/db/auth/sasl_scram_server_conversation.cpp | 13 | ||||
| -rw-r--r-- | src/mongo/db/auth/sasl_scram_test.cpp | 10 |
13 files changed, 129 insertions, 152 deletions
diff --git a/src/mongo/db/auth/SConscript b/src/mongo/db/auth/SConscript index a086c1e7d6f..35c418f448d 100644 --- a/src/mongo/db/auth/SConscript +++ b/src/mongo/db/auth/SConscript @@ -282,6 +282,7 @@ env.Library( LIBDEPS=[ '$BUILD_DIR/mongo/base', '$BUILD_DIR/mongo/db/server_parameters', + '$BUILD_DIR/mongo/util/net/network', '$BUILD_DIR/mongo/util/options_parser/options_parser', ], ) @@ -309,17 +310,15 @@ env.Library( ], ) -env.CppUnitTest( - target='sasl_mechanism_registry_test', - source=[ - 'sasl_mechanism_registry_test.cpp', - ], - LIBDEPS=[ - 'authmocks', - 'saslauth', - '$BUILD_DIR/mongo/db/service_context_noop_init', - ], -) +env.CppUnitTest(target='sasl_mechanism_registry_test', + source=[ + 'sasl_mechanism_registry_test.cpp', + ], + LIBDEPS=[ + '$BUILD_DIR/mongo/db/service_context_test_fixture', + 'authmocks', + 'saslauth', + ]) env.Library( target='authmongod', @@ -343,8 +342,7 @@ env.Library( source=[ 'authz_manager_external_state_s.cpp', 'authz_session_external_state_s.cpp', - 'user_cache_invalidator_job.cpp' - ], + 'user_cache_invalidator_job.cpp'], LIBDEPS=[ 'authservercommon', '$BUILD_DIR/mongo/s/catalog/dist_lock_manager', @@ -376,7 +374,7 @@ env.CppUnitTest( LIBDEPS=[ 'auth', 'authmocks', - '$BUILD_DIR/mongo/db/service_context_noop_init', + '$BUILD_DIR/mongo/db/service_context_test_fixture', ], ) @@ -388,7 +386,7 @@ env.CppUnitTest( LIBDEPS=[ 'auth', 'authmocks', - '$BUILD_DIR/mongo/db/service_context_noop_init', + '$BUILD_DIR/mongo/db/service_context_test_fixture', ], ) @@ -400,7 +398,7 @@ env.CppUnitTest( LIBDEPS=[ 'auth', 'authmocks', - '$BUILD_DIR/mongo/db/service_context_noop_init', + '$BUILD_DIR/mongo/db/service_context_test_fixture', ], ) @@ -412,7 +410,7 @@ env.CppUnitTest( LIBDEPS=[ 'auth', 'authmocks', - '$BUILD_DIR/mongo/db/service_context_noop_init', + '$BUILD_DIR/mongo/db/service_context_test_fixture', ], ) @@ -424,7 +422,7 @@ env.CppUnitTest( LIBDEPS=[ 'auth', 'authmocks', - '$BUILD_DIR/mongo/db/service_context_noop_init', + '$BUILD_DIR/mongo/db/service_context_test_fixture', ], ) @@ -436,35 +434,25 @@ env.CppUnitTest( LIBDEPS=[ 'auth', 'authmocks', - '$BUILD_DIR/mongo/db/service_context_noop_init', + '$BUILD_DIR/mongo/db/service_context_test_fixture', '$BUILD_DIR/mongo/transport/transport_layer_common', '$BUILD_DIR/mongo/transport/transport_layer_mock', ], ) -env.Library( - target='authorization_session_for_test', - source=[ - 'authorization_session_for_test.cpp', - ], - LIBDEPS=[ - 'auth', - 'auth_impl_internal', - ], -) - env.CppUnitTest( target='authorization_session_test', source=[ 'authorization_session_test.cpp', + 'authorization_session_for_test.cpp', ], LIBDEPS=[ 'auth', 'authmocks', + 'auth_impl_internal', 'saslauth', - 'authorization_session_for_test', '$BUILD_DIR/mongo/db/pipeline/pipeline', - '$BUILD_DIR/mongo/db/service_context_noop_init', + '$BUILD_DIR/mongo/db/service_context_test_fixture', '$BUILD_DIR/mongo/transport/transport_layer_mock', ], ) @@ -491,7 +479,7 @@ env.CppUnitTest( LIBDEPS=[ 'address_restriction', '$BUILD_DIR/mongo/base', - '$BUILD_DIR/mongo/db/service_context_noop_init', + '$BUILD_DIR/mongo/db/service_context_test_fixture', '$BUILD_DIR/mongo/util/net/network', ], ) @@ -506,7 +494,7 @@ env.CppUnitTest( 'authmocks', 'saslauth', '$BUILD_DIR/mongo/client/sasl_client', - '$BUILD_DIR/mongo/db/service_context_noop_init', + '$BUILD_DIR/mongo/db/service_context_test_fixture', ], ) diff --git a/src/mongo/db/auth/auth_decorations.cpp b/src/mongo/db/auth/auth_decorations.cpp index c78117b91e6..13b4edbc6b5 100644 --- a/src/mongo/db/auth/auth_decorations.cpp +++ b/src/mongo/db/auth/auth_decorations.cpp @@ -53,9 +53,9 @@ const auto getAuthorizationSession = class AuthzClientObserver final : public ServiceContext::ClientObserver { public: void onCreateClient(Client* client) override { - auto service = client->getServiceContext(); - AuthorizationSession::set(client, - AuthorizationManager::get(service)->makeAuthorizationSession()); + if (auto authzManager = AuthorizationManager::get(client->getServiceContext())) { + AuthorizationSession::set(client, authzManager->makeAuthorizationSession()); + } } void onDestroyClient(Client* client) override {} @@ -64,6 +64,11 @@ public: void onDestroyOperationContext(OperationContext* opCtx) override {} }; +ServiceContext::ConstructorActionRegisterer authzClientObserverRegisterer{ + "AuthzClientObserver", [](ServiceContext* service) { + service->registerClientObserver(std::make_unique<AuthzClientObserver>()); + }}; + } // namespace void AuthenticationSession::set(Client* client, std::unique_ptr<AuthenticationSession> newSession) { @@ -86,7 +91,6 @@ AuthorizationManager* AuthorizationManager::get(ServiceContext& service) { void AuthorizationManager::set(ServiceContext* service, std::unique_ptr<AuthorizationManager> authzManager) { getAuthorizationManager(service) = std::move(authzManager); - service->registerClientObserver(std::make_unique<AuthzClientObserver>()); } AuthorizationSession* AuthorizationSession::get(Client* client) { diff --git a/src/mongo/db/auth/authorization_manager_global.cpp b/src/mongo/db/auth/authorization_manager_global.cpp index 3f8a8808d04..0088ac451d5 100644 --- a/src/mongo/db/auth/authorization_manager_global.cpp +++ b/src/mongo/db/auth/authorization_manager_global.cpp @@ -91,23 +91,16 @@ AuthorizationManager* getGlobalAuthorizationManager() { MONGO_EXPORT_STARTUP_SERVER_PARAMETER(startupAuthSchemaValidation, bool, true); -GlobalInitializerRegisterer authorizationManagerInitializer( +ServiceContext::ConstructorActionRegisterer createAuthorizationManager( "CreateAuthorizationManager", - {MONGO_SHIM_DEPENDENCY(AuthorizationManager::create), - "OIDGeneration", + {"OIDGeneration", "EndStartupOptionStorage", - "ServiceContext"}, - [](InitializerContext* context) { + MONGO_SHIM_DEPENDENCY(AuthorizationManager::create)}, + [](ServiceContext* service) { auto authzManager = AuthorizationManager::create(); authzManager->setAuthEnabled(serverGlobalParams.authState == ServerGlobalParams::AuthState::kEnabled); authzManager->setShouldValidateAuthSchemaOnStartup(startupAuthSchemaValidation); - AuthorizationManager::set(getGlobalServiceContext(), std::move(authzManager)); - return Status::OK(); - }, - [](DeinitializerContext* context) { - AuthorizationManager::set(getGlobalServiceContext(), nullptr); - return Status::OK(); + AuthorizationManager::set(service, std::move(authzManager)); }); - } // namespace mongo diff --git a/src/mongo/db/auth/authorization_manager_test.cpp b/src/mongo/db/auth/authorization_manager_test.cpp index cfb62e5ff50..e0ba470d4f5 100644 --- a/src/mongo/db/auth/authorization_manager_test.cpp +++ b/src/mongo/db/auth/authorization_manager_test.cpp @@ -46,8 +46,9 @@ #include "mongo/db/auth/sasl_options.h" #include "mongo/db/jsobj.h" #include "mongo/db/namespace_string.h" -#include "mongo/db/operation_context_noop.h" -#include "mongo/db/service_context_noop.h" +#include "mongo/db/operation_context.h" +#include "mongo/db/service_context_test_fixture.h" +#include "mongo/db/storage/recovery_unit_noop.h" #include "mongo/stdx/memory.h" #include "mongo/transport/session.h" #include "mongo/transport/transport_layer_mock.h" @@ -73,21 +74,29 @@ void setX509PeerInfo(const transport::SessionHandle& session, SSLPeerInfo info) using std::vector; -class AuthorizationManagerTest : public ::mongo::unittest::Test { +class AuthorizationManagerTest : public ServiceContextTest { public: virtual ~AuthorizationManagerTest() { if (authzManager) authzManager->invalidateUserCache(); } - void setUp() override { + AuthorizationManagerTest() { auto localExternalState = std::make_unique<AuthzManagerExternalStateMock>(); externalState = localExternalState.get(); - authzManager = std::make_unique<AuthorizationManagerImpl>( + auto localAuthzManager = std::make_unique<AuthorizationManagerImpl>( std::move(localExternalState), AuthorizationManagerImpl::InstallMockForTestingOrAuthImpl{}); - externalState->setAuthorizationManager(authzManager.get()); + authzManager = localAuthzManager.get(); + externalState->setAuthorizationManager(authzManager); authzManager->setAuthEnabled(true); + AuthorizationManager::set(getServiceContext(), std::move(localAuthzManager)); + + // Re-initialize the client after setting the AuthorizationManager to get an + // AuthorizationSession. + Client::releaseCurrent(); + Client::initThread(getThreadName(), session); + opCtx = makeOperationContext(); credentials = BSON("SCRAM-SHA-1" << scram::Secrets<SHA1Block>::generateCredentials( @@ -97,15 +106,18 @@ public: "password", saslGlobalParams.scramSHA256IterationCount.load())); } - std::unique_ptr<AuthorizationManager> authzManager; + transport::TransportLayerMock transportLayer; + transport::SessionHandle session = transportLayer.createSession(); + AuthorizationManager* authzManager; AuthzManagerExternalStateMock* externalState; BSONObj credentials; + ServiceContext::UniqueOperationContext opCtx; }; TEST_F(AuthorizationManagerTest, testAcquireV2User) { - OperationContextNoop opCtx; - ASSERT_OK(externalState->insertPrivilegeDocument(&opCtx, + + ASSERT_OK(externalState->insertPrivilegeDocument(opCtx.get(), BSON("_id" << "admin.v2read" << "user" @@ -120,7 +132,7 @@ TEST_F(AuthorizationManagerTest, testAcquireV2User) { << "db" << "test"))), BSONObj())); - ASSERT_OK(externalState->insertPrivilegeDocument(&opCtx, + ASSERT_OK(externalState->insertPrivilegeDocument(opCtx.get(), BSON("_id" << "admin.v2cluster" << "user" @@ -137,7 +149,7 @@ TEST_F(AuthorizationManagerTest, testAcquireV2User) { BSONObj())); User* v2read; - ASSERT_OK(authzManager->acquireUser(&opCtx, UserName("v2read", "test"), &v2read)); + ASSERT_OK(authzManager->acquireUser(opCtx.get(), UserName("v2read", "test"), &v2read)); ASSERT_EQUALS(UserName("v2read", "test"), v2read->getName()); ASSERT(v2read->isValid()); ASSERT_EQUALS(1U, v2read->getRefCount()); @@ -151,7 +163,7 @@ TEST_F(AuthorizationManagerTest, testAcquireV2User) { authzManager->releaseUser(v2read); User* v2cluster; - ASSERT_OK(authzManager->acquireUser(&opCtx, UserName("v2cluster", "admin"), &v2cluster)); + ASSERT_OK(authzManager->acquireUser(opCtx.get(), UserName("v2cluster", "admin"), &v2cluster)); ASSERT_EQUALS(UserName("v2cluster", "admin"), v2cluster->getName()); ASSERT(v2cluster->isValid()); ASSERT_EQUALS(1U, v2cluster->getRefCount()); @@ -167,14 +179,9 @@ TEST_F(AuthorizationManagerTest, testAcquireV2User) { #ifdef MONGO_CONFIG_SSL TEST_F(AuthorizationManagerTest, testLocalX509Authorization) { - ServiceContextNoop serviceContext; - transport::TransportLayerMock transportLayer{}; - transport::SessionHandle session = transportLayer.createSession(); setX509PeerInfo( session, SSLPeerInfo(buildX509Name(), {RoleName("read", "test"), RoleName("readWrite", "test")})); - ServiceContext::UniqueClient client = serviceContext.makeClient("testClient", session); - ServiceContext::UniqueOperationContext opCtx = client->makeOperationContext(); User* x509User; ASSERT_OK( @@ -202,14 +209,9 @@ TEST_F(AuthorizationManagerTest, testLocalX509Authorization) { #endif TEST_F(AuthorizationManagerTest, testLocalX509AuthorizationInvalidUser) { - ServiceContextNoop serviceContext; - transport::TransportLayerMock transportLayer{}; - transport::SessionHandle session = transportLayer.createSession(); setX509PeerInfo( session, SSLPeerInfo(buildX509Name(), {RoleName("read", "test"), RoleName("write", "test")})); - ServiceContext::UniqueClient client = serviceContext.makeClient("testClient", session); - ServiceContext::UniqueOperationContext opCtx = client->makeOperationContext(); User* x509User; ASSERT_NOT_OK( @@ -217,12 +219,7 @@ TEST_F(AuthorizationManagerTest, testLocalX509AuthorizationInvalidUser) { } TEST_F(AuthorizationManagerTest, testLocalX509AuthenticationNoAuthorization) { - ServiceContextNoop serviceContext; - transport::TransportLayerMock transportLayer{}; - transport::SessionHandle session = transportLayer.createSession(); setX509PeerInfo(session, {}); - ServiceContext::UniqueClient client = serviceContext.makeClient("testClient", session); - ServiceContext::UniqueOperationContext opCtx = client->makeOperationContext(); User* x509User; ASSERT_NOT_OK( @@ -295,10 +292,10 @@ public: // Tests SERVER-21535, unrecognized actions should be ignored rather than causing errors. TEST_F(AuthorizationManagerTest, testAcquireV2UserWithUnrecognizedActions) { - OperationContextNoop opCtx; + ASSERT_OK(externalState->insertPrivilegeDocument( - &opCtx, + opCtx.get(), BSON("_id" << "admin.myUser" << "user" @@ -324,7 +321,7 @@ TEST_F(AuthorizationManagerTest, testAcquireV2UserWithUnrecognizedActions) { BSONObj())); User* myUser; - ASSERT_OK(authzManager->acquireUser(&opCtx, UserName("myUser", "test"), &myUser)); + ASSERT_OK(authzManager->acquireUser(opCtx.get(), UserName("myUser", "test"), &myUser)); ASSERT_EQUALS(UserName("myUser", "test"), myUser->getName()); ASSERT(myUser->isValid()); ASSERT_EQUALS(1U, myUser->getRefCount()); @@ -365,17 +362,16 @@ public: }; virtual void setUp() override { - opCtx.setRecoveryUnit(recoveryUnit, WriteUnitOfWork::RecoveryUnitState::kNotInUnitOfWork); + opCtx->setRecoveryUnit(recoveryUnit, WriteUnitOfWork::RecoveryUnitState::kNotInUnitOfWork); AuthorizationManagerTest::setUp(); } - OperationContextNoop opCtx; size_t registeredChanges = 0; MockRecoveryUnit* recoveryUnit = new MockRecoveryUnit(®isteredChanges); }; TEST_F(AuthorizationManagerLogOpTest, testDropDatabaseAddsRecoveryUnits) { - authzManager->logOp(&opCtx, + authzManager->logOp(opCtx.get(), "c", {"admin", "$cmd"}, BSON("dropDatabase" @@ -385,7 +381,7 @@ TEST_F(AuthorizationManagerLogOpTest, testDropDatabaseAddsRecoveryUnits) { } TEST_F(AuthorizationManagerLogOpTest, testDropAuthCollectionAddsRecoveryUnits) { - authzManager->logOp(&opCtx, + authzManager->logOp(opCtx.get(), "c", {"admin", "$cmd"}, BSON("drop" @@ -393,7 +389,7 @@ TEST_F(AuthorizationManagerLogOpTest, testDropAuthCollectionAddsRecoveryUnits) { nullptr); ASSERT_EQ(size_t(1), registeredChanges); - authzManager->logOp(&opCtx, + authzManager->logOp(opCtx.get(), "c", {"admin", "$cmd"}, BSON("drop" @@ -401,7 +397,7 @@ TEST_F(AuthorizationManagerLogOpTest, testDropAuthCollectionAddsRecoveryUnits) { nullptr); ASSERT_EQ(size_t(2), registeredChanges); - authzManager->logOp(&opCtx, + authzManager->logOp(opCtx.get(), "c", {"admin", "$cmd"}, BSON("drop" @@ -409,7 +405,7 @@ TEST_F(AuthorizationManagerLogOpTest, testDropAuthCollectionAddsRecoveryUnits) { nullptr); ASSERT_EQ(size_t(3), registeredChanges); - authzManager->logOp(&opCtx, + authzManager->logOp(opCtx.get(), "c", {"admin", "$cmd"}, BSON("drop" @@ -419,21 +415,21 @@ TEST_F(AuthorizationManagerLogOpTest, testDropAuthCollectionAddsRecoveryUnits) { } TEST_F(AuthorizationManagerLogOpTest, testCreateAnyCollectionAddsNoRecoveryUnits) { - authzManager->logOp(&opCtx, + authzManager->logOp(opCtx.get(), "c", {"admin", "$cmd"}, BSON("create" << "system.users"), nullptr); - authzManager->logOp(&opCtx, + authzManager->logOp(opCtx.get(), "c", {"admin", "$cmd"}, BSON("create" << "system.profile"), nullptr); - authzManager->logOp(&opCtx, + authzManager->logOp(opCtx.get(), "c", {"admin", "$cmd"}, BSON("create" @@ -444,7 +440,7 @@ TEST_F(AuthorizationManagerLogOpTest, testCreateAnyCollectionAddsNoRecoveryUnits } TEST_F(AuthorizationManagerLogOpTest, testRawInsertToRolesCollectionAddsRecoveryUnits) { - authzManager->logOp(&opCtx, + authzManager->logOp(opCtx.get(), "i", {"admin", "system.profile"}, BSON("_id" @@ -452,7 +448,7 @@ TEST_F(AuthorizationManagerLogOpTest, testRawInsertToRolesCollectionAddsRecovery nullptr); ASSERT_EQ(size_t(0), registeredChanges); - authzManager->logOp(&opCtx, + authzManager->logOp(opCtx.get(), "i", {"admin", "system.users"}, BSON("_id" @@ -460,7 +456,7 @@ TEST_F(AuthorizationManagerLogOpTest, testRawInsertToRolesCollectionAddsRecovery nullptr); ASSERT_EQ(size_t(0), registeredChanges); - authzManager->logOp(&opCtx, + authzManager->logOp(opCtx.get(), "i", {"admin", "system.roles"}, BSON("_id" diff --git a/src/mongo/db/auth/authorization_session_test.cpp b/src/mongo/db/auth/authorization_session_test.cpp index 19e29fcb6f3..e629f50cac5 100644 --- a/src/mongo/db/auth/authorization_session_test.cpp +++ b/src/mongo/db/auth/authorization_session_test.cpp @@ -47,7 +47,7 @@ #include "mongo/db/json.h" #include "mongo/db/namespace_string.h" #include "mongo/db/operation_context.h" -#include "mongo/db/service_context_noop.h" +#include "mongo/db/service_context.h" #include "mongo/stdx/memory.h" #include "mongo/transport/session.h" #include "mongo/transport/transport_layer_mock.h" @@ -89,7 +89,7 @@ public: FailureCapableAuthzManagerExternalStateMock* managerState; transport::TransportLayerMock transportLayer; transport::SessionHandle session; - ServiceContextNoop serviceContext; + ServiceContext::UniqueServiceContext serviceContext = ServiceContext::make(); ServiceContext::UniqueClient client; ServiceContext::UniqueOperationContext _opCtx; AuthzSessionExternalStateMock* sessionState; @@ -99,7 +99,7 @@ public: void setUp() { session = transportLayer.createSession(); - client = serviceContext.makeClient("testClient", session); + client = serviceContext->makeClient("testClient", session); RestrictionEnvironment::set( session, stdx::make_unique<RestrictionEnvironment>(SockAddr(), SockAddr())); _opCtx = client->makeOperationContext(); @@ -110,7 +110,7 @@ public: std::move(localManagerState), AuthorizationManagerImpl::InstallMockForTestingOrAuthImpl{}); authzManager = uniqueAuthzManager.get(); - AuthorizationManager::set(&serviceContext, std::move(uniqueAuthzManager)); + AuthorizationManager::set(serviceContext.get(), std::move(uniqueAuthzManager)); auto localSessionState = std::make_unique<AuthzSessionExternalStateMock>(authzManager); sessionState = localSessionState.get(); authzSession = std::make_unique<AuthorizationSessionForTest>( diff --git a/src/mongo/db/auth/sasl_authentication_session_test.cpp b/src/mongo/db/auth/sasl_authentication_session_test.cpp index 8497edcac37..70e07043966 100644 --- a/src/mongo/db/auth/sasl_authentication_session_test.cpp +++ b/src/mongo/db/auth/sasl_authentication_session_test.cpp @@ -22,8 +22,8 @@ #include "mongo/db/auth/sasl_plain_server_conversation.h" #include "mongo/db/auth/sasl_scram_server_conversation.h" #include "mongo/db/jsobj.h" -#include "mongo/db/operation_context_noop.h" -#include "mongo/db/service_context_noop.h" +#include "mongo/db/operation_context.h" +#include "mongo/db/service_context_test_fixture.h" #include "mongo/unittest/unittest.h" #include "mongo/util/log.h" #include "mongo/util/password_digest.h" @@ -32,7 +32,7 @@ namespace mongo { namespace { -class SaslConversation : public unittest::Test { +class SaslConversation : public ServiceContextTest { public: explicit SaslConversation(std::string mech); @@ -42,8 +42,6 @@ public: void testWrongClientMechanism(); void testWrongServerMechanism(); - ServiceContextNoop serviceContext; - ServiceContext::UniqueClient opClient; ServiceContext::UniqueOperationContext opCtx; AuthzManagerExternalStateMock* authManagerExternalState; AuthorizationManager* authManager; @@ -66,8 +64,7 @@ const std::string mockServiceName = "mocksvc"; const std::string mockHostName = "host.mockery.com"; SaslConversation::SaslConversation(std::string mech) - : opClient(serviceContext.makeClient("saslTest")), - opCtx(serviceContext.makeOperationContext(opClient.get())), + : opCtx(makeOperationContext()), authManagerExternalState(new AuthzManagerExternalStateMock), authManager(new AuthorizationManagerImpl( std::unique_ptr<AuthzManagerExternalState>(authManagerExternalState), @@ -75,7 +72,8 @@ SaslConversation::SaslConversation(std::string mech) authSession(authManager->makeAuthorizationSession()), mechanism(mech) { - AuthorizationManager::set(&serviceContext, std::unique_ptr<AuthorizationManager>(authManager)); + AuthorizationManager::set(getServiceContext(), + std::unique_ptr<AuthorizationManager>(authManager)); client.reset(SaslClientSession::create(mechanism)); diff --git a/src/mongo/db/auth/sasl_mechanism_registry.cpp b/src/mongo/db/auth/sasl_mechanism_registry.cpp index 3426ca97b80..cb588b9b829 100644 --- a/src/mongo/db/auth/sasl_mechanism_registry.cpp +++ b/src/mongo/db/auth/sasl_mechanism_registry.cpp @@ -124,23 +124,13 @@ bool SASLServerMechanismRegistry::_mechanismSupportedByConfig(StringData mechNam return sequenceContains(saslGlobalParams.authenticationMechanisms, mechName); } -GlobalInitializerRegisterer SASLServerMechanismRegistryInitializer( +namespace { +ServiceContext::ConstructorActionRegisterer SASLServerMechanismRegistryInitializer{ "CreateSASLServerMechanismRegistry", - {"ServiceContext"}, - [](InitializerContext* context) { - if (saslGlobalParams.hostName.empty()) - saslGlobalParams.hostName = getHostNameCached(); - if (saslGlobalParams.serviceName.empty()) - saslGlobalParams.serviceName = "mongodb"; - - auto registry = stdx::make_unique<SASLServerMechanismRegistry>(); - SASLServerMechanismRegistry::set(getGlobalServiceContext(), std::move(registry)); - return Status::OK(); - }, - [](DeinitializerContext* context) { - SASLServerMechanismRegistry::set(getGlobalServiceContext(), nullptr); - - return Status::OK(); - }); + {"EndStartupOptionStorage"}, + [](ServiceContext* service) { + SASLServerMechanismRegistry::set(service, std::make_unique<SASLServerMechanismRegistry>()); + }}; +} // namespace } // namespace mongo diff --git a/src/mongo/db/auth/sasl_mechanism_registry.h b/src/mongo/db/auth/sasl_mechanism_registry.h index 6d8fba8efd0..78c790b7223 100644 --- a/src/mongo/db/auth/sasl_mechanism_registry.h +++ b/src/mongo/db/auth/sasl_mechanism_registry.h @@ -28,6 +28,7 @@ #pragma once +#include <boost/optional.hpp> #include <memory> #include <unordered_map> @@ -333,4 +334,18 @@ private: stdx::unordered_map<std::string, std::unique_ptr<ServerFactoryBase>> _externalMap; }; +template <typename Factory> +class GlobalSASLMechanismRegisterer { +private: + boost::optional<ServiceContext::ConstructorActionRegisterer> registerer; + +public: + GlobalSASLMechanismRegisterer() { + registerer.emplace(std::string(typeid(Factory).name()), + std::vector<std::string>{"CreateSASLServerMechanismRegistry"}, + [](ServiceContext* service) { + SASLServerMechanismRegistry::get(service).registerFactory<Factory>(); + }); + } +}; } // namespace mongo diff --git a/src/mongo/db/auth/sasl_mechanism_registry_test.cpp b/src/mongo/db/auth/sasl_mechanism_registry_test.cpp index 6122498e20a..d7f4527f6e7 100644 --- a/src/mongo/db/auth/sasl_mechanism_registry_test.cpp +++ b/src/mongo/db/auth/sasl_mechanism_registry_test.cpp @@ -31,8 +31,8 @@ #include "mongo/db/auth/authorization_manager.h" #include "mongo/db/auth/authorization_manager_impl.h" #include "mongo/db/auth/authz_manager_external_state_mock.h" -#include "mongo/db/operation_context_noop.h" -#include "mongo/db/service_context_noop.h" +#include "mongo/db/operation_context.h" +#include "mongo/db/service_context_test_fixture.h" #include "mongo/unittest/unittest.h" namespace mongo { @@ -128,16 +128,15 @@ public: }; -class MechanismRegistryTest : public mongo::unittest::Test { +class MechanismRegistryTest : public ServiceContextTest { public: MechanismRegistryTest() - : opClient(serviceContext.makeClient("mechanismRegistryTest")), - opCtx(serviceContext.makeOperationContext(opClient.get())), + : opCtx(makeOperationContext()), authManagerExternalState(new AuthzManagerExternalStateMock()), authManager(new AuthorizationManagerImpl( std::unique_ptr<AuthzManagerExternalStateMock>(authManagerExternalState), AuthorizationManagerImpl::InstallMockForTestingOrAuthImpl{})) { - AuthorizationManager::set(&serviceContext, + AuthorizationManager::set(getServiceContext(), std::unique_ptr<AuthorizationManager>(authManager)); ASSERT_OK(authManagerExternalState->updateOne( @@ -181,8 +180,6 @@ public: BSONObj())); } - ServiceContextNoop serviceContext; - ServiceContext::UniqueClient opClient; ServiceContext::UniqueOperationContext opCtx; AuthzManagerExternalStateMock* authManagerExternalState; AuthorizationManager* authManager; diff --git a/src/mongo/db/auth/sasl_options.cpp b/src/mongo/db/auth/sasl_options.cpp index f35825c6d14..d3eb191a8b4 100644 --- a/src/mongo/db/auth/sasl_options.cpp +++ b/src/mongo/db/auth/sasl_options.cpp @@ -34,6 +34,7 @@ #include "mongo/db/server_parameters.h" #include "mongo/util/log.h" #include "mongo/util/mongoutils/str.h" +#include "mongo/util/net/socket_utils.h" #include "mongo/util/options_parser/startup_option_init.h" #include "mongo/util/options_parser/startup_options.h" @@ -172,6 +173,11 @@ Status storeSASLOptions(const moe::Environment& params) { } } + if (saslGlobalParams.hostName.empty()) + saslGlobalParams.hostName = getHostNameCached(); + if (saslGlobalParams.serviceName.empty()) + saslGlobalParams.serviceName = "mongodb"; + return Status::OK(); } diff --git a/src/mongo/db/auth/sasl_plain_server_conversation.cpp b/src/mongo/db/auth/sasl_plain_server_conversation.cpp index 3c32c9b7f58..7d89c2eaeb8 100644 --- a/src/mongo/db/auth/sasl_plain_server_conversation.cpp +++ b/src/mongo/db/auth/sasl_plain_server_conversation.cpp @@ -157,12 +157,7 @@ StatusWith<std::tuple<bool, std::string>> SASLPlainServerMechanism::stepImpl( return std::make_tuple(true, std::string()); } -MONGO_INITIALIZER_WITH_PREREQUISITES(SASLPLAINServerMechanism, - ("CreateSASLServerMechanismRegistry")) -(::mongo::InitializerContext* context) { - auto& registry = SASLServerMechanismRegistry::get(getGlobalServiceContext()); - registry.registerFactory<PLAINServerFactory>(); - return Status::OK(); -} - +namespace { +GlobalSASLMechanismRegisterer<PLAINServerFactory> plainRegisterer; +} // namespace } // namespace mongo diff --git a/src/mongo/db/auth/sasl_scram_server_conversation.cpp b/src/mongo/db/auth/sasl_scram_server_conversation.cpp index 28cbe4537fd..d3ded3c88f8 100644 --- a/src/mongo/db/auth/sasl_scram_server_conversation.cpp +++ b/src/mongo/db/auth/sasl_scram_server_conversation.cpp @@ -342,13 +342,8 @@ StatusWith<std::tuple<bool, std::string>> SaslSCRAMServerMechanism<Policy>::_sec template class SaslSCRAMServerMechanism<SCRAMSHA1Policy>; template class SaslSCRAMServerMechanism<SCRAMSHA256Policy>; -MONGO_INITIALIZER_WITH_PREREQUISITES(SASLSCRAMServerMechanism, - ("CreateSASLServerMechanismRegistry")) -(::mongo::InitializerContext* context) { - auto& registry = SASLServerMechanismRegistry::get(getGlobalServiceContext()); - registry.registerFactory<SCRAMSHA1ServerFactory>(); - registry.registerFactory<SCRAMSHA256ServerFactory>(); - return Status::OK(); -} - +namespace { +GlobalSASLMechanismRegisterer<SCRAMSHA1ServerFactory> scramsha1Registerer; +GlobalSASLMechanismRegisterer<SCRAMSHA256ServerFactory> scramsha256Registerer; +} // namespace } // namespace mongo diff --git a/src/mongo/db/auth/sasl_scram_test.cpp b/src/mongo/db/auth/sasl_scram_test.cpp index 2a347b6d464..4520586f0a4 100644 --- a/src/mongo/db/auth/sasl_scram_test.cpp +++ b/src/mongo/db/auth/sasl_scram_test.cpp @@ -43,7 +43,7 @@ #include "mongo/db/auth/authz_session_external_state_mock.h" #include "mongo/db/auth/sasl_mechanism_registry.h" #include "mongo/db/auth/sasl_scram_server_conversation.h" -#include "mongo/db/service_context_noop.h" +#include "mongo/db/service_context.h" #include "mongo/stdx/memory.h" #include "mongo/unittest/unittest.h" #include "mongo/util/base64.h" @@ -174,9 +174,9 @@ protected: const SCRAMStepsResult goalState = SCRAMStepsResult(SaslTestState(SaslTestState::kClient, 4), Status::OK()); - std::unique_ptr<ServiceContextNoop> serviceContext; - ServiceContextNoop::UniqueClient client; - ServiceContextNoop::UniqueOperationContext opCtx; + ServiceContext::UniqueServiceContext serviceContext; + ServiceContext::UniqueClient client; + ServiceContext::UniqueOperationContext opCtx; AuthzManagerExternalStateMock* authzManagerExternalState; AuthorizationManager* authzManager; @@ -186,7 +186,7 @@ protected: std::unique_ptr<NativeSaslClientSession> saslClientSession; void setUp() final { - serviceContext = stdx::make_unique<ServiceContextNoop>(); + serviceContext = ServiceContext::make(); client = serviceContext->makeClient("test"); opCtx = serviceContext->makeOperationContext(client.get()); |