diff options
Diffstat (limited to 'src/mongo/db/auth')
| -rw-r--r-- | src/mongo/db/auth/SConscript | 5 | ||||
| -rw-r--r-- | src/mongo/db/auth/authorization_manager_global.cpp | 45 | ||||
| -rw-r--r-- | src/mongo/db/auth/authorization_manager_global_parameters.idl | 45 |
3 files changed, 57 insertions, 38 deletions
diff --git a/src/mongo/db/auth/SConscript b/src/mongo/db/auth/SConscript index 4f505f5c88a..9c71ac46304 100644 --- a/src/mongo/db/auth/SConscript +++ b/src/mongo/db/auth/SConscript @@ -216,6 +216,10 @@ env.Library( target='authorization_manager_global', source=[ 'authorization_manager_global.cpp', + env.Idlc('authorization_manager_global_parameters.idl')[0], + ], + LIBDEPS_PRIVATE=[ + '$BUILD_DIR/mongo/idl/server_parameter', ], LIBDEPS=[ 'auth', @@ -366,7 +370,6 @@ env.Library( '$BUILD_DIR/mongo/db/dbdirectclient', '$BUILD_DIR/mongo/db/dbhelpers', '$BUILD_DIR/mongo/db/repl/repl_coordinator_interface', - '$BUILD_DIR/mongo/db/server_parameters', ], LIBDEPS_PRIVATE=[ '$BUILD_DIR/mongo/db/concurrency/lock_manager', diff --git a/src/mongo/db/auth/authorization_manager_global.cpp b/src/mongo/db/auth/authorization_manager_global.cpp index 91ae1c0d742..8cac8ed933e 100644 --- a/src/mongo/db/auth/authorization_manager_global.cpp +++ b/src/mongo/db/auth/authorization_manager_global.cpp @@ -30,42 +30,21 @@ #include "mongo/platform/basic.h" -#include "mongo/base/disallow_copying.h" -#include "mongo/base/init.h" #include "mongo/db/auth/authorization_manager.h" +#include "mongo/db/auth/authorization_manager_global_parameters_gen.h" #include "mongo/db/auth/authz_manager_external_state.h" #include "mongo/db/operation_context.h" #include "mongo/db/server_options.h" -#include "mongo/db/server_parameters.h" #include "mongo/db/service_context.h" -#include "mongo/stdx/memory.h" #include "mongo/util/assert_util.h" namespace mongo { -namespace { -const std::string kAuthSchemaVersionServerParameter = "authSchemaVersion"; - -class AuthzVersionParameter : public ServerParameter { - MONGO_DISALLOW_COPYING(AuthzVersionParameter); - -public: - AuthzVersionParameter(ServerParameterSet* sps, const std::string& name); - virtual void append(OperationContext* opCtx, BSONObjBuilder& b, const std::string& name); - virtual Status set(const BSONElement& newValueElement); - virtual Status setFromString(const std::string& str); -}; - -MONGO_INITIALIZER_GENERAL(AuthzSchemaParameter, - MONGO_NO_PREREQUISITES, - ("BeginStartupOptionParsing")) -(InitializerContext*) { - new AuthzVersionParameter(ServerParameterSet::getGlobal(), kAuthSchemaVersionServerParameter); - return Status::OK(); -} - -AuthzVersionParameter::AuthzVersionParameter(ServerParameterSet* sps, const std::string& name) - : ServerParameter(sps, name, false, false) {} +// This setting is unique in that it is read-only. +// The IDL subststem doesn't actually allow for that, +// so we'll pretend it's startup-settable, then override it here. +AuthzVersionParameter::AuthzVersionParameter(StringData name, ServerParameterType) + : ServerParameter(ServerParameterSet::getGlobal(), name, false, false) {} void AuthzVersionParameter::append(OperationContext* opCtx, BSONObjBuilder& b, @@ -76,18 +55,10 @@ void AuthzVersionParameter::append(OperationContext* opCtx, b.append(name, authzVersion); } -Status AuthzVersionParameter::set(const BSONElement& newValueElement) { - return Status(ErrorCodes::InternalError, "set called on unsettable server parameter"); -} - Status AuthzVersionParameter::setFromString(const std::string& newValueString) { - return Status(ErrorCodes::InternalError, "set called on unsettable server parameter"); + return {ErrorCodes::InternalError, "set called on unsettable server parameter"}; } -} // namespace - -MONGO_EXPORT_STARTUP_SERVER_PARAMETER(startupAuthSchemaValidation, bool, true); - ServiceContext::ConstructorActionRegisterer createAuthorizationManager( "CreateAuthorizationManager", {"OIDGeneration", @@ -97,7 +68,7 @@ ServiceContext::ConstructorActionRegisterer createAuthorizationManager( auto authzManager = AuthorizationManager::create(); authzManager->setAuthEnabled(serverGlobalParams.authState == ServerGlobalParams::AuthState::kEnabled); - authzManager->setShouldValidateAuthSchemaOnStartup(startupAuthSchemaValidation); + authzManager->setShouldValidateAuthSchemaOnStartup(gStartupAuthSchemaValidation); AuthorizationManager::set(service, std::move(authzManager)); }); diff --git a/src/mongo/db/auth/authorization_manager_global_parameters.idl b/src/mongo/db/auth/authorization_manager_global_parameters.idl new file mode 100644 index 00000000000..b682bcd148d --- /dev/null +++ b/src/mongo/db/auth/authorization_manager_global_parameters.idl @@ -0,0 +1,45 @@ +# Copyright (C) 2018-present MongoDB, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the Server Side Public License, version 1, +# as published by MongoDB, Inc. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# Server Side Public License for more details. +# +# You should have received a copy of the Server Side Public License +# along with this program. If not, see +# <http://www.mongodb.com/licensing/server-side-public-license>. +# +# As a special exception, the copyright holders give permission to link the +# code of portions of this program with the OpenSSL library under certain +# conditions as described in each individual source file and distribute +# linked combinations including the program with the OpenSSL library. You +# must comply with the Server Side Public License in all respects for +# all of the code used other than as permitted herein. If you modify file(s) +# with this exception, you may extend this exception to your version of the +# file(s), but you are not obligated to do so. If you do not wish to do so, +# delete this exception statement from your version. If you delete this +# exception statement from all source files in the program, then also delete +# it in the license file. + +global: + cpp_namespace: mongo + cpp_includes: + - mongo/db/auth/authorization_manager_impl.h + +server_parameters: + authSchemaVersion: + description: 'Read-only value describing the current auth schema version' + set_at: startup # Actually, never. + cpp_class: + name: AuthzVersionParameter + override_ctor: true + startupAuthSchemaValidation: + description: 'Validate auth schema on startup' + set_at: startup + cpp_vartype: bool + cpp_varname: gStartupAuthSchemaValidation + default: true |