summaryrefslogtreecommitdiff
path: root/src/mongo/db/auth/authorization_manager.cpp
Commit message (Collapse)AuthorAgeFilesLines
* SERVER-45717 Allow changes to clusterIpSourceAllowlist without restartsergey.galtsev2021-11-011-1/+1
|
* SERVER-48426 Cleaned up admin.system.new_users dead codeMina Mahmood2020-06-241-1/+0
|
* SERVER-44978 Thread-through ServiceContext and ThreadPool to ReadThroughCacheKaloian Manassiev2020-02-151-2/+2
| | | | | | There are no functional changes to this CR, it just instantiates every usage of ReadThroughCache with a ServiceContext and ThreadPool, which will be used for making the acquire method asynchronous.
* SERVER-43721 Make the AuthorizationManager use DistCacheKaloian Manassiev2020-01-161-33/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The DistCache (to be later renamed to ReadThroughCache) was derived from the same implementation under AuthorizationManager and this change removes the code duplication. In addition, it makes the following changes to InvalidatingLRUCache and the DistCache: * Simplifies and optimises the InvalidatingLRUCache: The way it is implemented now, it performs up to 3 operations per lookup, unvalidates entries unnecessarily and has overly complicated logic, which is source of a crash. Instead of fixing the bug, this change rewrites it in a simpler way, which introduces a ValueHandle instead of bare shared_ptr for the return value, and only performs additional work if entries fall off the underlying LRUCache. * Moves the DistCache under src/util and adds unit tests: This change pulls the DistCache (which is the main consumer of InvalidatingLRUCache) into its own library and moves it to be under src/util like the other caches and adds unit tests. delete mode 100644 jstests/auth/pinned_users.js create mode 100644 jstests/auth/pinned_users_clear_pinned_user_list.js create mode 100644 jstests/auth/pinned_users_exclusive_lock_on_admin.js create mode 100644 jstests/auth/pinned_users_remove_user_document_unpins_user.js create mode 100644 src/mongo/util/dist_cache.cpp rename src/mongo/{db => util}/dist_cache.h (56%) create mode 100644 src/mongo/util/dist_cache_test.cpp
* SERVER-44372 WeakFunction: a simplification of SHIM_ macrosBilly Donahue2019-11-071-1/+6
|
* SERVER-42165 Replace uses of stdx::mutex with mongo::MutexBen Caimano2019-09-171-1/+1
|
* SERVER-39339 Remove `stdx/memory.h`ADAM David Alan Martin2019-06-101-1/+0
|
* SERVER-40476 remove mongoutils::strBilly Donahue2019-04-091-1/+1
| | | | | | Rename utils/mongoutils/str.h => utils/str.h Rename namespace mongoutils::str => str Rename mongo::strcasecmp => str::caseInsensitiveCompare.
* SERVER-38984 Validate unique User ID on UserCache hitSara Golemon2019-02-141-0/+1
|
* SERVER-39560 - remove leading blank line on all C++ filesBilly Donahue2019-02-131-1/+0
| | | | | | Remove leading comments that are just stating the filename. Move any file-level comments below the copyright banner. Remove leading blank lines.
* SERVER-38249 Implement stdx unordered_map and unordered_set as absl node ↵Henrik Edin2018-12-201-1/+0
| | | | | | | | | | hash map/set. Remove stdx::unordered_multimap and multiset. Custom hashers to stdx::unordered_map are not trusted by default, we will rehash the produced hash with absl again to ensure we have a good hash function.
* SERVER-37651 Update header files with new licenseRamon Fernandez2018-10-221-14/+16
|
* SERVER-8240 Convert std::string parameters in auth module to StringData, as ↵Kashish Garg2018-06-081-8/+9
| | | | appropriate
* SERVER-33008 Slice Authorization frameworkADAM David Alan Martin2018-05-111-705/+29
| | | | | | | | The Authorization framework was intertwined with many subsystems and needed to be properly abstracted in order to facilitate cutting down on certain unnecessary dependencies in some libraries. This also facilitates creating a reduced authorization framework for use in embedded builds.
* SERVER-33275 Remove `platform/unordered_`* headersADAM David Alan Martin2018-02-141-6/+8
| | | | | | These headers date from before C++11 support and the `::mongo::stdx::` namespace. They can be removed and uses of the names therein can be changed to `::mongo::stdx::unordered_`* forms.
* SERVER-32951 Add lib for embedded options where we can have a different set ↵Henrik Edin2018-02-141-1/+1
| | | | of startup options. Also reduce dependencies on embedded.
* SERVER-30580 No more status locationsMathias Stearn2017-08-161-2/+1
|
* SERVER-30566: Unwind SERVER-28190Spencer Jackson2017-08-111-35/+3
|
* SERVER-29371 Move auth privilege.h/.cpp into own library for use in aggJames Wahlin2017-07-251-0/+1
|
* SERVER-29183 Add restriction support to rolesInfoSara Golemon2017-07-241-3/+6
|
* SERVER-29173: Parse authentication restrictions from user documentsSara Golemon2017-07-141-0/+4
|
* SERVER-29176: Implement --clusterIpSourceWhitelistADAM David Alan Martin2017-07-121-3/+25
|
* SERVER-29175: Add restriction support to AuthorizationSessionSpencer Jackson2017-07-111-0/+3
|
* SERVER-27244 Status usage compile-time facilities.ADAM David Alan Martin2017-06-181-9/+9
| | | | | | | | | | | | | | | | | There are numerous places in the codebase where `mongo::Status` or `mongo::StatusWith< T >` objects are returned and never checked. Many of these are innocuous, but many of them are potentially severe bugs. This change introduces facilities to permit compile-time warning of unchecked `Status` and `StatusWith` usage on clang compilers. It introduces an `ignore` function which is useful to state that a specific "ignored status" case was intentional. It not presently an error, in clang builds, to forget to check a `Status` -- this will come in a later commit. This also introduces a `transitional_ignore` function, which allows for easy continual auditing of the codebase for current "whitelisted" unchecked-status instances. All present "ignored status" cases have been marked `transitional_ignore`.
* SERVER-28190 Add internal tracking ids to userssamantharitter2017-05-051-3/+35
|
* SERVER-28534 Pass collection names around as NamespaceStrings more oftenGeert Bosch2017-04-021-18/+21
| | | | | | | Before this patch 'ns' values were often passed around as std::string or char* containing either a dbname (no '.'), a dbname with '.$cmd', or a fully qualified collection name. Instead pass either plain 'dbName' value (as string) or a fully qualified name using the actual NamespaceString type.
* SERVER-27938 Rename all OperationContext variables to opCtxMaria van Keulen2017-03-071-21/+21
| | | | | | This commit is an automated rename of all whole word instances of txn, _txn, and txnPtr to opCtx, _opCtx, and opCtxPtr, respectively in all .cpp and .h files in src/mongo.
* SERVER-24991 log redaction for bson, client, auth, catalogThomas Schubert2016-09-021-2/+2
|
* SERVER-22826 Support X509 AuthorizationSpencer Jackson2016-08-111-4/+12
|
* Revert "SERVER-22826 Support X509 Authorization"Spencer Jackson2016-08-101-12/+4
| | | | This reverts commit d930f4832631eca7092ada4328d780f2b8d19d31.
* SERVER-22826 Support X509 AuthorizationSpencer Jackson2016-08-091-4/+12
|
* SERVER-21378 add setParameter startupAuthSchemaValidation used to bypass ↵Hai-Kinh Hoang2016-08-041-0/+8
| | | | auth metadata startup validation checks
* SERVER-23971 Clang-Format codeMark Benvenuto2016-05-281-6/+10
|
* SERVER-23548 Remove VS2013 workaroundsMark Benvenuto2016-05-031-2/+0
|
* SERVER-23394: Prevent AuthorizationManager deadlock with profilingSpencer Jackson2016-04-201-1/+1
|
* SERVER-22057 refactor OpObserver::onUpdate and ↵Dianna Hohensee2016-01-151-1/+1
| | | | MigrationSourceManager::logUpdateOp to directly take the updated document
* SERVER-19543 Thread OperationContext through to everywhere that accesses the ↵Spencer T Brody2015-08-121-4/+6
| | | | CatalogManager
* SERVER-19313 Remove some obsoleted usages of boostAndrew Morrow2015-07-091-1/+0
|
* SERVER-18579: Clang-Format - reformat code, no comment reflowMark Benvenuto2015-06-201-573/+550
|
* SERVER-18723 boost -> stdx for mutex, unique_lock, and lock_guardAdam Midvidy2015-06-171-3/+3
|
* SERVER-17309 Replace std::auto_ptr<T> with std::unique_ptr<T>Andrew Morrow2015-06-101-4/+4
|
* SERVER-18007 support non-default constructible types in StatusWithAdam Midvidy2015-06-041-6/+4
|
* SERVER-18328 SERVER-18478 AuthzManagerExternalState for mongos should go ↵Daniel Alabi2015-05-221-9/+0
| | | | through the catalog manager
* SERVER-18478 Clean up AuthzManagerExternalStateDaniel Alabi2015-05-211-119/+0
| | | | Removed insert/remove/update from the AuthzManagerExternalState* interfaces
* SERVER-18478 Remove unused update*Credentials and upgradeSchema* from the ↵Daniel Alabi2015-05-211-145/+0
| | | | AuthorizationManager interface
* SERVER-18478 Get rid of UpdateGuard and simplify locking for user management ↵Daniel Alabi2015-05-181-9/+0
| | | | commands on mongod
* SERVER-18244: Refactor AuthorizationManagerExternalState creationSpencer Jackson2015-05-061-2/+3
|
* SERVER-18290: Fix user string parsing from oplogSpencer Jackson2015-05-011-1/+1
|
* SERVER-17817 When setting up ClientBasic, get AuthorizationSession object ↵Andy Schwerin2015-04-061-1/+7
| | | | from AuthorizationManager.
* SERVER-17496 Move sharding-specific auth code out of clientKaloian Manassiev2015-03-261-1/+0
|
View Lorry Controller Status