diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/mongo/db/auth/authorization_manager.cpp | 7 | ||||
| -rw-r--r-- | src/mongo/db/auth/authorization_manager.h | 5 | ||||
| -rw-r--r-- | src/mongo/db/auth/authz_manager_external_state.h | 5 | ||||
| -rw-r--r-- | src/mongo/db/auth/authz_manager_external_state_d.cpp | 3 | ||||
| -rw-r--r-- | src/mongo/db/auth/authz_manager_external_state_d.h | 3 | ||||
| -rw-r--r-- | src/mongo/db/auth/authz_manager_external_state_local.cpp | 7 | ||||
| -rw-r--r-- | src/mongo/db/auth/authz_manager_external_state_local.h | 4 | ||||
| -rw-r--r-- | src/mongo/db/auth/authz_manager_external_state_mock.cpp | 1 | ||||
| -rw-r--r-- | src/mongo/db/auth/authz_manager_external_state_mock.h | 3 | ||||
| -rw-r--r-- | src/mongo/db/auth/authz_manager_external_state_s.cpp | 3 | ||||
| -rw-r--r-- | src/mongo/db/auth/authz_manager_external_state_s.h | 5 | ||||
| -rw-r--r-- | src/mongo/db/commands/user_management_commands.cpp | 19 | ||||
| -rw-r--r-- | src/mongo/db/db.cpp | 6 | ||||
| -rw-r--r-- | src/mongo/db/repl/rs_initialsync.cpp | 2 | ||||
| -rw-r--r-- | src/mongo/db/repl/rs_rollback.cpp | 2 | ||||
| -rw-r--r-- | src/mongo/s/server.cpp | 5 |
16 files changed, 53 insertions, 27 deletions
diff --git a/src/mongo/db/auth/authorization_manager.cpp b/src/mongo/db/auth/authorization_manager.cpp index c507b721cf5..a8043af6d6e 100644 --- a/src/mongo/db/auth/authorization_manager.cpp +++ b/src/mongo/db/auth/authorization_manager.cpp @@ -390,11 +390,12 @@ namespace mongo { } Status AuthorizationManager::queryAuthzDocument( + OperationContext* txn, const NamespaceString& collectionName, const BSONObj& query, const BSONObj& projection, const stdx::function<void(const BSONObj&)>& resultProcessor) { - return _externalState->query(collectionName, query, projection, resultProcessor); + return _externalState->query(txn, collectionName, query, projection, resultProcessor); } Status AuthorizationManager::updateAuthzDocuments(const NamespaceString& collectionName, @@ -691,9 +692,9 @@ namespace mongo { _version = schemaVersionInvalid; } - Status AuthorizationManager::initialize() { + Status AuthorizationManager::initialize(OperationContext* txn) { invalidateUserCache(); - Status status = _externalState->initialize(); + Status status = _externalState->initialize(txn); if (!status.isOK()) return status; diff --git a/src/mongo/db/auth/authorization_manager.h b/src/mongo/db/auth/authorization_manager.h index b8f1fb714ae..6962e9d137a 100644 --- a/src/mongo/db/auth/authorization_manager.h +++ b/src/mongo/db/auth/authorization_manager.h @@ -256,7 +256,8 @@ namespace mongo { * Should only be called on collections with authorization documents in them * (ie admin.system.users and admin.system.roles). */ - Status queryAuthzDocument(const NamespaceString& collectionName, + Status queryAuthzDocument(OperationContext* txn, + const NamespaceString& collectionName, const BSONObj& query, const BSONObj& projection, const stdx::function<void(const BSONObj&)>& resultProcessor); @@ -348,7 +349,7 @@ namespace mongo { * system is at, this may involve building up the user cache and/or the roles graph. * Call this function at startup and after resynchronizing a slave/secondary. */ - Status initialize(); + Status initialize(OperationContext* txn); /** * Invalidates all of the contents of the user cache. diff --git a/src/mongo/db/auth/authz_manager_external_state.h b/src/mongo/db/auth/authz_manager_external_state.h index 1e73ae4974a..566299fcef0 100644 --- a/src/mongo/db/auth/authz_manager_external_state.h +++ b/src/mongo/db/auth/authz_manager_external_state.h @@ -60,7 +60,7 @@ namespace mongo { * calling other methods. Object may not be used after this method returns something other * than Status::OK(). */ - virtual Status initialize() = 0; + virtual Status initialize(OperationContext* txn) = 0; /** * Retrieves the schema version of the persistent data describing users and roles. @@ -166,7 +166,8 @@ namespace mongo { * Finds all documents matching "query" in "collectionName". For each document returned, * calls the function resultProcessor on it. */ - virtual Status query(const NamespaceString& collectionName, + virtual Status query(OperationContext* txn, + const NamespaceString& collectionName, const BSONObj& query, const BSONObj& projection, const stdx::function<void(const BSONObj&)>& resultProcessor) = 0; diff --git a/src/mongo/db/auth/authz_manager_external_state_d.cpp b/src/mongo/db/auth/authz_manager_external_state_d.cpp index 58ecb58b77e..a589e1a6998 100644 --- a/src/mongo/db/auth/authz_manager_external_state_d.cpp +++ b/src/mongo/db/auth/authz_manager_external_state_d.cpp @@ -91,12 +91,13 @@ namespace mongo { } Status AuthzManagerExternalStateMongod::query( + OperationContext* txn, const NamespaceString& collectionName, const BSONObj& query, const BSONObj& projection, const stdx::function<void(const BSONObj&)>& resultProcessor) { try { - DBDirectClient client; + DBDirectClient client(txn); client.query(resultProcessor, collectionName.ns(), query, &projection); return Status::OK(); } catch (const DBException& e) { diff --git a/src/mongo/db/auth/authz_manager_external_state_d.h b/src/mongo/db/auth/authz_manager_external_state_d.h index be24cba57cc..551bbba0850 100644 --- a/src/mongo/db/auth/authz_manager_external_state_d.h +++ b/src/mongo/db/auth/authz_manager_external_state_d.h @@ -57,7 +57,8 @@ namespace mongo { const NamespaceString& collectionName, const BSONObj& query, BSONObj* result); - virtual Status query(const NamespaceString& collectionName, + virtual Status query(OperationContext* txn, + const NamespaceString& collectionName, const BSONObj& query, const BSONObj& projection, const stdx::function<void(const BSONObj&)>& resultProcessor); diff --git a/src/mongo/db/auth/authz_manager_external_state_local.cpp b/src/mongo/db/auth/authz_manager_external_state_local.cpp index c078ba5d7bc..ed28d14da90 100644 --- a/src/mongo/db/auth/authz_manager_external_state_local.cpp +++ b/src/mongo/db/auth/authz_manager_external_state_local.cpp @@ -42,8 +42,8 @@ namespace mongo { _roleGraphState(roleGraphStateInitial) {} AuthzManagerExternalStateLocal::~AuthzManagerExternalStateLocal() {} - Status AuthzManagerExternalStateLocal::initialize() { - Status status = _initializeRoleGraph(); + Status AuthzManagerExternalStateLocal::initialize(OperationContext* txn) { + Status status = _initializeRoleGraph(txn); if (!status.isOK()) { if (status == ErrorCodes::GraphContainsCycle) { error() << "Cycle detected in admin.system.roles; role inheritance disabled. " @@ -310,7 +310,7 @@ namespace { } // namespace - Status AuthzManagerExternalStateLocal::_initializeRoleGraph() { + Status AuthzManagerExternalStateLocal::_initializeRoleGraph(OperationContext* txn) { boost::lock_guard<boost::mutex> lkInitialzeRoleGraph(_roleGraphMutex); _roleGraphState = roleGraphStateInitial; @@ -318,6 +318,7 @@ namespace { RoleGraph newRoleGraph; Status status = query( + txn, AuthorizationManager::rolesCollectionNamespace, BSONObj(), BSONObj(), diff --git a/src/mongo/db/auth/authz_manager_external_state_local.h b/src/mongo/db/auth/authz_manager_external_state_local.h index ba48862e277..78b7204cd6c 100644 --- a/src/mongo/db/auth/authz_manager_external_state_local.h +++ b/src/mongo/db/auth/authz_manager_external_state_local.h @@ -51,7 +51,7 @@ namespace mongo { public: virtual ~AuthzManagerExternalStateLocal(); - virtual Status initialize(); + virtual Status initialize(OperationContext* txn); virtual Status getStoredAuthorizationVersion(OperationContext* txn, int* outVersion); virtual Status getUserDescription( @@ -84,7 +84,7 @@ namespace mongo { /** * Initializes the role graph from the contents of the admin.system.roles collection. */ - Status _initializeRoleGraph(); + Status _initializeRoleGraph(OperationContext* txn); /** * Fetches the user document for "userName" from local storage, and stores it into "result". diff --git a/src/mongo/db/auth/authz_manager_external_state_mock.cpp b/src/mongo/db/auth/authz_manager_external_state_mock.cpp index c11ab6e7471..91a92519cf5 100644 --- a/src/mongo/db/auth/authz_manager_external_state_mock.cpp +++ b/src/mongo/db/auth/authz_manager_external_state_mock.cpp @@ -156,6 +156,7 @@ namespace { } Status AuthzManagerExternalStateMock::query( + OperationContext* txn, const NamespaceString& collectionName, const BSONObj& query, const BSONObj&, diff --git a/src/mongo/db/auth/authz_manager_external_state_mock.h b/src/mongo/db/auth/authz_manager_external_state_mock.h index fe3a37f6e0d..9078ed253db 100644 --- a/src/mongo/db/auth/authz_manager_external_state_mock.h +++ b/src/mongo/db/auth/authz_manager_external_state_mock.h @@ -66,7 +66,8 @@ namespace mongo { const BSONObj& query, BSONObj* result); - virtual Status query(const NamespaceString& collectionName, + virtual Status query(OperationContext* txn, + const NamespaceString& collectionName, const BSONObj& query, const BSONObj& projection, // Currently unused in mock const stdx::function<void(const BSONObj&)>& resultProcessor); diff --git a/src/mongo/db/auth/authz_manager_external_state_s.cpp b/src/mongo/db/auth/authz_manager_external_state_s.cpp index 7449f1975d7..848cd18c330 100644 --- a/src/mongo/db/auth/authz_manager_external_state_s.cpp +++ b/src/mongo/db/auth/authz_manager_external_state_s.cpp @@ -51,7 +51,7 @@ namespace mongo { AuthzManagerExternalStateMongos::~AuthzManagerExternalStateMongos() {} - Status AuthzManagerExternalStateMongos::initialize() { + Status AuthzManagerExternalStateMongos::initialize(OperationContext* txn) { return Status::OK(); } @@ -212,6 +212,7 @@ namespace mongo { } Status AuthzManagerExternalStateMongos::query( + OperationContext* txn, const NamespaceString& collectionName, const BSONObj& queryDoc, const BSONObj& projection, diff --git a/src/mongo/db/auth/authz_manager_external_state_s.h b/src/mongo/db/auth/authz_manager_external_state_s.h index 6cf39d7e3e3..44de008b21b 100644 --- a/src/mongo/db/auth/authz_manager_external_state_s.h +++ b/src/mongo/db/auth/authz_manager_external_state_s.h @@ -51,7 +51,7 @@ namespace mongo { AuthzManagerExternalStateMongos(); virtual ~AuthzManagerExternalStateMongos(); - virtual Status initialize(); + virtual Status initialize(OperationContext* txn); virtual Status getStoredAuthorizationVersion(OperationContext* txn, int* outVersion); virtual Status getUserDescription( OperationContext* txn, const UserName& userName, BSONObj* result); @@ -82,7 +82,8 @@ namespace mongo { * NOTE: The data returned from this helper may be from any config server or replica set * node. The first config server or primary node is preferred, when available. */ - virtual Status query(const NamespaceString& collectionName, + virtual Status query(OperationContext* txn, + const NamespaceString& collectionName, const BSONObj& query, const BSONObj& projection, const stdx::function<void(const BSONObj&)>& resultProcessor); diff --git a/src/mongo/db/commands/user_management_commands.cpp b/src/mongo/db/commands/user_management_commands.cpp index 41b8f8a0e66..e0fe630cf45 100644 --- a/src/mongo/db/commands/user_management_commands.cpp +++ b/src/mongo/db/commands/user_management_commands.cpp @@ -1155,7 +1155,8 @@ namespace mongo { appendBSONObjToBSONArrayBuilder, &usersArrayBuilder, stdx::placeholders::_1); - authzManager->queryAuthzDocument(usersNamespace, + authzManager->queryAuthzDocument(txn, + usersNamespace, queryBuilder.done(), projection.done(), function); @@ -2712,7 +2713,8 @@ namespace mongo { * Moves all user objects from usersCollName into admin.system.users. If drop is true, * removes any users that were in admin.system.users but not in usersCollName. */ - Status processUsers(AuthorizationManager* authzManager, + Status processUsers(OperationContext* txn, + AuthorizationManager* authzManager, const StringData& usersCollName, const StringData& db, bool drop, @@ -2736,6 +2738,7 @@ namespace mongo { AuthorizationManager::USER_DB_FIELD_NAME << 1); Status status = authzManager->queryAuthzDocument( + txn, AuthorizationManager::usersCollectionNamespace, query, fields, @@ -2748,6 +2751,7 @@ namespace mongo { } Status status = authzManager->queryAuthzDocument( + txn, NamespaceString(usersCollName), db.empty() ? BSONObj() : BSON(AuthorizationManager::USER_DB_FIELD_NAME << db), BSONObj(), @@ -2790,7 +2794,8 @@ namespace mongo { * Moves all user objects from usersCollName into admin.system.users. If drop is true, * removes any users that were in admin.system.users but not in usersCollName. */ - Status processRoles(AuthorizationManager* authzManager, + Status processRoles(OperationContext* txn, + AuthorizationManager* authzManager, const StringData& rolesCollName, const StringData& db, bool drop, @@ -2813,6 +2818,7 @@ namespace mongo { AuthorizationManager::ROLE_DB_FIELD_NAME << 1); Status status = authzManager->queryAuthzDocument( + txn, AuthorizationManager::rolesCollectionNamespace, query, fields, @@ -2825,6 +2831,7 @@ namespace mongo { } Status status = authzManager->queryAuthzDocument( + txn, NamespaceString(rolesCollName), db.empty() ? BSONObj() : BSON(AuthorizationManager::ROLE_DB_FIELD_NAME << db), @@ -2898,7 +2905,8 @@ namespace mongo { } if (!args.usersCollName.empty()) { - Status status = processUsers(authzManager, + Status status = processUsers(txn, + authzManager, args.usersCollName, args.db, args.drop, @@ -2909,7 +2917,8 @@ namespace mongo { } if (!args.rolesCollName.empty()) { - Status status = processRoles(authzManager, + Status status = processRoles(txn, + authzManager, args.rolesCollName, args.db, args.drop, diff --git a/src/mongo/db/db.cpp b/src/mongo/db/db.cpp index fad3e98d9da..07f7417fada 100644 --- a/src/mongo/db/db.cpp +++ b/src/mongo/db/db.cpp @@ -625,7 +625,11 @@ namespace mongo { exitCleanly(EXIT_CLEAN); } - uassertStatusOK(getGlobalAuthorizationManager()->initialize()); + { + OperationContextImpl txn; + + uassertStatusOK(getGlobalAuthorizationManager()->initialize(&txn)); + } /* this is for security on certain platforms (nonce generation) */ srand((unsigned) (curTimeMicros() ^ startupSrandTimer.micros())); diff --git a/src/mongo/db/repl/rs_initialsync.cpp b/src/mongo/db/repl/rs_initialsync.cpp index a9c03f72bb2..17daadbabca 100644 --- a/src/mongo/db/repl/rs_initialsync.cpp +++ b/src/mongo/db/repl/rs_initialsync.cpp @@ -459,7 +459,7 @@ namespace repl { // --------- - Status status = getGlobalAuthorizationManager()->initialize(); + Status status = getGlobalAuthorizationManager()->initialize(&txn); if (!status.isOK()) { warning() << "Failed to reinitialize auth data after initial sync. " << status; return; diff --git a/src/mongo/db/repl/rs_rollback.cpp b/src/mongo/db/repl/rs_rollback.cpp index 1ca35ae1e83..7aab1a71bc0 100644 --- a/src/mongo/db/repl/rs_rollback.cpp +++ b/src/mongo/db/repl/rs_rollback.cpp @@ -662,7 +662,7 @@ namespace repl { // TODO: fatal error if this throws? oplogCollection->temp_cappedTruncateAfter(txn, fixUpInfo.commonPointOurDiskloc, false); - Status status = getGlobalAuthorizationManager()->initialize(); + Status status = getGlobalAuthorizationManager()->initialize(txn); if (!status.isOK()) { warning() << "Failed to reinitialize auth data after rollback: " << status; warn = true; diff --git a/src/mongo/s/server.cpp b/src/mongo/s/server.cpp index ba488db4408..fcbe2027740 100644 --- a/src/mongo/s/server.cpp +++ b/src/mongo/s/server.cpp @@ -52,6 +52,7 @@ #include "mongo/db/instance.h" #include "mongo/db/lasterror.h" #include "mongo/db/log_process_details.h" +#include "mongo/db/operation_context_noop.h" #include "mongo/platform/process_id.h" #include "mongo/s/balance.h" #include "mongo/s/chunk.h" @@ -283,7 +284,9 @@ static bool runMongosServer( bool doUpgrade ) { boost::thread web( stdx::bind(&webServerThread, new NoAdminAccess())); // takes ownership - Status status = getGlobalAuthorizationManager()->initialize(); + OperationContextNoop txn; + + Status status = getGlobalAuthorizationManager()->initialize(&txn); if (!status.isOK()) { log() << "Initializing authorization data failed: " << status; return false; |