diff options
Diffstat (limited to 'src/mongo')
-rw-r--r-- | src/mongo/db/auth/authorization_manager.h | 5 | ||||
-rw-r--r-- | src/mongo/db/auth/authorization_manager_global.cpp | 18 | ||||
-rw-r--r-- | src/mongo/db/auth/authorization_manager_global.h | 9 | ||||
-rw-r--r-- | src/mongo/db/auth/client_auth_session.cpp | 27 | ||||
-rw-r--r-- | src/mongo/db/curop_test.cpp | 8 | ||||
-rw-r--r-- | src/mongo/db/db.cpp | 12 | ||||
-rw-r--r-- | src/mongo/db/mongod_options.cpp | 6 | ||||
-rw-r--r-- | src/mongo/db/mongod_options_init.cpp | 4 | ||||
-rw-r--r-- | src/mongo/db/server_options.h | 1 | ||||
-rw-r--r-- | src/mongo/dbtests/dbtests.cpp | 4 | ||||
-rw-r--r-- | src/mongo/s/client/shard_connection_test.cpp | 6 | ||||
-rw-r--r-- | src/mongo/s/mongos_options_init.cpp | 4 | ||||
-rw-r--r-- | src/mongo/s/server.cpp | 12 |
13 files changed, 68 insertions, 48 deletions
diff --git a/src/mongo/db/auth/authorization_manager.h b/src/mongo/db/auth/authorization_manager.h index 46f0ab7da5e..0cf864ae3dc 100644 --- a/src/mongo/db/auth/authorization_manager.h +++ b/src/mongo/db/auth/authorization_manager.h @@ -54,6 +54,7 @@ namespace mongo { class AuthorizationSession; class AuthzManagerExternalState; class OperationContext; + class ServiceContext; class UserDocumentParser; /** @@ -70,6 +71,10 @@ namespace mongo { class AuthorizationManager { MONGO_DISALLOW_COPYING(AuthorizationManager); public: + static AuthorizationManager* get(ServiceContext* service); + static AuthorizationManager* get(ServiceContext& service); + static void set(ServiceContext* service, + std::unique_ptr<AuthorizationManager> authzManager); // The newly constructed AuthorizationManager takes ownership of "externalState" explicit AuthorizationManager(AuthzManagerExternalState* externalState); diff --git a/src/mongo/db/auth/authorization_manager_global.cpp b/src/mongo/db/auth/authorization_manager_global.cpp index 91ccec7ba0d..cc5ee6513f5 100644 --- a/src/mongo/db/auth/authorization_manager_global.cpp +++ b/src/mongo/db/auth/authorization_manager_global.cpp @@ -33,12 +33,11 @@ #include "mongo/db/auth/authorization_manager.h" #include "mongo/db/auth/authorization_manager_global.h" #include "mongo/db/server_parameters.h" +#include "mongo/db/service_context.h" #include "mongo/util/assert_util.h" namespace mongo { namespace { - AuthorizationManager* globalAuthManager = NULL; - class AuthzVersionParameter : public ServerParameter { MONGO_DISALLOW_COPYING(AuthzVersionParameter); public: @@ -79,19 +78,10 @@ namespace { const std::string authSchemaVersionServerParameter = "authSchemaVersion"; - void setGlobalAuthorizationManager(AuthorizationManager* authManager) { - fassert(16841, globalAuthManager == NULL); - globalAuthManager = authManager; - } - - void clearGlobalAuthorizationManager() { - fassert(16843, globalAuthManager != NULL); - delete globalAuthManager; - globalAuthManager = NULL; - } - AuthorizationManager* getGlobalAuthorizationManager() { - fassert(16842, globalAuthManager != NULL); + AuthorizationManager* globalAuthManager = AuthorizationManager::get( + getGlobalServiceContext()); + fassert(16842, globalAuthManager != nullptr); return globalAuthManager; } diff --git a/src/mongo/db/auth/authorization_manager_global.h b/src/mongo/db/auth/authorization_manager_global.h index 08ce75d1da6..b0ef39f0069 100644 --- a/src/mongo/db/auth/authorization_manager_global.h +++ b/src/mongo/db/auth/authorization_manager_global.h @@ -40,13 +40,4 @@ namespace mongo { // Gets the singleton AuthorizationManager object for this server process. AuthorizationManager* getGlobalAuthorizationManager(); - // Sets the singleton AuthorizationManager object for this server process. - // Must be called once at startup and then never again (unless clearGlobalAuthorizationManager - // is called, at which point this can be called again, but should only happen in tests). - void setGlobalAuthorizationManager(AuthorizationManager* authManager); - - // Sets the singleton AuthorizationManager object for this server process to NULL. - // Should only be used in tests. - void clearGlobalAuthorizationManager(); - } // namespace mongo diff --git a/src/mongo/db/auth/client_auth_session.cpp b/src/mongo/db/auth/client_auth_session.cpp index e2cb57522cb..46a38c64ac1 100644 --- a/src/mongo/db/auth/client_auth_session.cpp +++ b/src/mongo/db/auth/client_auth_session.cpp @@ -32,8 +32,11 @@ #include <utility> #include "mongo/db/auth/authentication_session.h" +#include "mongo/db/auth/authorization_manager.h" #include "mongo/db/auth/authorization_session.h" #include "mongo/db/client_basic.h" +#include "mongo/db/service_context.h" +#include "mongo/util/assert_util.h" namespace mongo { namespace { @@ -41,6 +44,9 @@ namespace { const auto getAuthenticationSession = ClientBasic::declareDecoration<std::unique_ptr<AuthenticationSession>>(); + const auto getAuthorizationManager = + ServiceContext::declareDecoration<std::unique_ptr<AuthorizationManager>>(); + const auto getAuthorizationSession = ClientBasic::declareDecoration<std::unique_ptr<AuthorizationSession>>(); @@ -59,6 +65,22 @@ namespace { swap(getAuthenticationSession(client), other); } + AuthorizationManager* AuthorizationManager::get(ServiceContext* service) { + return getAuthorizationManager(service).get(); + } + + AuthorizationManager* AuthorizationManager::get(ServiceContext& service) { + return getAuthorizationManager(service).get(); + } + + void AuthorizationManager::set(ServiceContext* service, + std::unique_ptr<AuthorizationManager> authzManager) { + auto& manager = getAuthorizationManager(service); + invariant(authzManager); + invariant(!manager); + manager = std::move(authzManager); + } + AuthorizationSession* AuthorizationSession::get(ClientBasic* client) { return get(*client); } @@ -78,7 +100,10 @@ namespace { void AuthorizationSession::set( ClientBasic* client, std::unique_ptr<AuthorizationSession> authorizationSession) { - getAuthorizationSession(client) = std::move(authorizationSession); + auto& authzSession = getAuthorizationSession(client); + invariant(authorizationSession); + invariant(!authzSession); + authzSession = std::move(authorizationSession); } } // namespace mongo diff --git a/src/mongo/db/curop_test.cpp b/src/mongo/db/curop_test.cpp index 85ad5d98973..26a4472078c 100644 --- a/src/mongo/db/curop_test.cpp +++ b/src/mongo/db/curop_test.cpp @@ -74,9 +74,11 @@ namespace mongo { sleepmillis(10); } - setGlobalServiceContext(stdx::make_unique<ServiceContextNoop>()); - setGlobalAuthorizationManager( - new AuthorizationManager(new AuthzManagerExternalStateMock())); + auto service = stdx::make_unique<ServiceContextNoop>(); + AuthorizationManager::set( + service.get(), + stdx::make_unique<AuthorizationManager>(new AuthzManagerExternalStateMock())); + setGlobalServiceContext(std::move(service)); Client::initThread("CurOpTestMain"); return Status::OK(); } diff --git a/src/mongo/db/db.cpp b/src/mongo/db/db.cpp index 1abffa3aebf..734e71ae4b1 100644 --- a/src/mongo/db/db.cpp +++ b/src/mongo/db/db.cpp @@ -757,12 +757,16 @@ static void startupConfigActions(const std::vector<std::string>& args) { } MONGO_INITIALIZER_GENERAL(CreateAuthorizationManager, - ("SetupInternalSecurityUser", "OIDGeneration"), + ("SetupInternalSecurityUser", + "OIDGeneration", + "SetGlobalEnvironment", + "EndStartupOptionStorage"), MONGO_NO_DEPENDENTS) (InitializerContext* context) { - AuthorizationManager* authzManager = - new AuthorizationManager(new AuthzManagerExternalStateMongod()); - setGlobalAuthorizationManager(authzManager); + auto authzManager = stdx::make_unique<AuthorizationManager>( + new AuthzManagerExternalStateMongod()); + authzManager->setAuthEnabled(serverGlobalParams.isAuthEnabled); + AuthorizationManager::set(getGlobalServiceContext(), std::move(authzManager)); return Status::OK(); } diff --git a/src/mongo/db/mongod_options.cpp b/src/mongo/db/mongod_options.cpp index 075d422416d..289ad83ffe2 100644 --- a/src/mongo/db/mongod_options.cpp +++ b/src/mongo/db/mongod_options.cpp @@ -38,8 +38,6 @@ #include "mongo/base/status.h" #include "mongo/bson/util/builder.h" #include "mongo/config.h" -#include "mongo/db/auth/authorization_manager.h" -#include "mongo/db/auth/authorization_manager_global.h" #include "mongo/db/db.h" #include "mongo/db/instance.h" #include "mongo/db/repl/repl_settings.h" @@ -955,11 +953,11 @@ namespace mongo { } if (params.count("security.authorization") && params["security.authorization"].as<std::string>() == "disabled") { - getGlobalAuthorizationManager()->setAuthEnabled(false); + serverGlobalParams.isAuthEnabled = false; } if (params.count("security.authorization") && params["security.authorization"].as<std::string>() == "enabled") { - getGlobalAuthorizationManager()->setAuthEnabled(true); + serverGlobalParams.isAuthEnabled = true; } if (params.count("storage.mmapv1.quota.enforced")) { mmapv1GlobalOptions.quota = params["storage.mmapv1.quota.enforced"].as<bool>(); diff --git a/src/mongo/db/mongod_options_init.cpp b/src/mongo/db/mongod_options_init.cpp index e8cfa3ef1a0..a8c8ebb74cd 100644 --- a/src/mongo/db/mongod_options_init.cpp +++ b/src/mongo/db/mongod_options_init.cpp @@ -65,9 +65,7 @@ namespace mongo { } MONGO_INITIALIZER_GENERAL(MongodOptions_Store, - ("BeginStartupOptionStorage", - "CreateAuthorizationManager"), // Requried to call - // getGlobalAuthorizationManager(). + ("BeginStartupOptionStorage"), ("EndStartupOptionStorage")) (InitializerContext* context) { Status ret = storeMongodOptions(moe::startupOptionsParsed, context->args()); diff --git a/src/mongo/db/server_options.h b/src/mongo/db/server_options.h index 9df17b544c2..46579e2484a 100644 --- a/src/mongo/db/server_options.h +++ b/src/mongo/db/server_options.h @@ -118,6 +118,7 @@ namespace mongo { BSONArray argvArray; BSONObj parsedOpts; + bool isAuthEnabled = false; AtomicInt32 clusterAuthMode; // --clusterAuthMode, the internal cluster auth mode enum ClusterAuthModes { diff --git a/src/mongo/dbtests/dbtests.cpp b/src/mongo/dbtests/dbtests.cpp index 53e5f54b5ec..230277f966c 100644 --- a/src/mongo/dbtests/dbtests.cpp +++ b/src/mongo/dbtests/dbtests.cpp @@ -111,7 +111,9 @@ int dbtestsMain( int argc, char** argv, char** envp ) { repl::setGlobalReplicationCoordinator(new repl::ReplicationCoordinatorMock(replSettings)); Command::testCommandsEnabled = 1; mongo::runGlobalInitializersOrDie(argc, argv, envp); - setGlobalAuthorizationManager(new AuthorizationManager(new AuthzManagerExternalStateMongod())); + AuthorizationManager::set( + getGlobalServiceContext(), + stdx::make_unique<AuthorizationManager>(new AuthzManagerExternalStateMongod())); StartupTest::runTests(); return mongo::dbtests::runDbTests(argc, argv); } diff --git a/src/mongo/s/client/shard_connection_test.cpp b/src/mongo/s/client/shard_connection_test.cpp index 9468f778afc..72e4e0c862c 100644 --- a/src/mongo/s/client/shard_connection_test.cpp +++ b/src/mongo/s/client/shard_connection_test.cpp @@ -60,9 +60,11 @@ namespace { MONGO_INITIALIZER(SCFTestGlobalServiceContext)(InitializerContext*) { invariant(!hasGlobalServiceContext()); - mongo::setGlobalAuthorizationManager(new mongo::AuthorizationManager( - new mongo::AuthzManagerExternalStateMock())); setGlobalServiceContext(stdx::make_unique<ServiceContextNoop>()); + AuthorizationManager::set( + getGlobalServiceContext(), + stdx::make_unique<AuthorizationManager>( + new mongo::AuthzManagerExternalStateMock())); return Status::OK(); } diff --git a/src/mongo/s/mongos_options_init.cpp b/src/mongo/s/mongos_options_init.cpp index d11832c6234..0ec9bca0b91 100644 --- a/src/mongo/s/mongos_options_init.cpp +++ b/src/mongo/s/mongos_options_init.cpp @@ -63,9 +63,7 @@ namespace mongo { } MONGO_INITIALIZER_GENERAL(MongosOptions_Store, - ("BeginStartupOptionStorage", - "CreateAuthorizationManager"), // Requried to call - // getGlobalAuthorizationManager(). + ("BeginStartupOptionStorage"), ("EndStartupOptionStorage")) (InitializerContext* context) { Status ret = storeMongosOptions(moe::startupOptionsParsed, context->args()); diff --git a/src/mongo/s/server.cpp b/src/mongo/s/server.cpp index b69ac75720e..df31706bd0e 100644 --- a/src/mongo/s/server.cpp +++ b/src/mongo/s/server.cpp @@ -404,12 +404,16 @@ namespace mongo { #endif MONGO_INITIALIZER_GENERAL(CreateAuthorizationManager, - ("SetupInternalSecurityUser", "OIDGeneration"), + ("SetupInternalSecurityUser", + "OIDGeneration", + "SetGlobalEnvironment", + "EndStartupOptionStorage"), MONGO_NO_DEPENDENTS) (InitializerContext* context) { - AuthorizationManager* authzManager = - new AuthorizationManager(new AuthzManagerExternalStateMongos()); - setGlobalAuthorizationManager(authzManager); + auto authzManager = stdx::make_unique<AuthorizationManager>( + new AuthzManagerExternalStateMongos()); + authzManager->setAuthEnabled(serverGlobalParams.isAuthEnabled); + AuthorizationManager::set(getGlobalServiceContext(), std::move(authzManager)); return Status::OK(); } |