summaryrefslogtreecommitdiff
path: root/src/mongo/db/auth
Commit message (Collapse)AuthorAgeFilesLines
* SERVER-42652 Fix issue with rename collectionAdam Cooper2019-09-031-2/+9
| | | | (cherry picked from commit cdde32442328fdd65bd1ae016164bcafff15fa92)
* SERVER-41152 strip white space from auth mechanismsJason Piao2019-07-301-5/+30
| | | | (cherry picked from commit c31362708f26397dd20818ab780a5180e257d5a7)
* SERVER-41069 Add option to disable embedded roles from X509 certificatesJonathan Reams2019-07-092-0/+9
| | | | | (cherry picked from commit 85ec26ff72f4029c52c40fab796ad53533828e60) (cherry picked from commit 20c801587e1dab2d9cb2d468a4b10e3549d91e24)
* SERVER-40156 Replica sets support Split HorizonsADAM David Alan Martin2019-05-291-6/+8
| | | | | | | | | | | | | | | | | | | | Replica sets can now respond to `isMaster` requests with different hostnames and ports, if contacted via alternate names using TLS. The `horizons` field in replica set member configurations can be used to control which `HostAndPort` to reply with for which "horizon view" of a replica set. (cherry picked from commit 6784f6568cc45fe25510e2d2393be57daffb5411) Conflicts: src/mongo/db/client.h src/mongo/db/repl/SConscript src/mongo/db/repl/replication_coordinator_impl_test.cpp src/mongo/db/repl/replication_info.cpp src/mongo/db/repl/topology_coordinator.h src/mongo/transport/session_asio.h src/mongo/util/net/ssl_manager_openssl.cpp
* SERVER-40817 Handle createIndexes on roles collection in RoleGraphUpdateSpencer Jackson2019-05-141-0/+18
|
* SERVER-39864 Only request principal name during saslStart when neededSara Golemon2019-04-171-1/+6
| | | | (cherry picked from commit 70a2729673f629f1881abc042e3374e6cffa05bb)
* SERVER-39820 Include client IP in log message for successful authenticationJonathan Reams2019-04-081-1/+2
| | | | (cherry picked from commit 0a847ef8453015e8b622595692b2fde0488486a6)
* SERVER-38984 Validate unique User ID on UserCache hitSara Golemon2019-03-308-5/+75
| | | | (cherry picked from commit e55d6e2292e5dbe2f97153251d8193d1cc89f5d7)
* SERVER-39178 fix lintShreyas Kalyan2019-03-291-1/+1
|
* SERVER-39178 Negotiate SCRAM mechanism in MongoURI::connect()Shreyas Kalyan2019-03-291-0/+8
| | | | (cherry picked from commit 6f083bd87264e9d9c3d637fae62103c36a65316a)
* SERVER-39058 Synchronize user set modification in AuthorizationSession with ↵Shreyas Kalyan2019-03-014-16/+42
| | | | | | Client (cherry picked from commit a9277e874039f32ce0d848fcdfb10de705c96fd9)
* SERVER-39056 Further refine readWriteAnyDatabaseShreyas Kalyan2019-02-262-1/+7
| | | | (cherry picked from commit 1b1cf52e94c49ca4c6d8ba693e949c2b655e74b5)
* SERVER-37565 Unlock memory held during SCRAM authenticationPatrick Freed2019-01-223-5/+6
| | | | | | This fixes a bug where the server would crash if a large number of parallel connections occurred at once (cherry picked from commit 916a5553a2db8ae7553fea7c3703ef8fef75b055)
* SERVER-9043/SERVER-31156 Link flushRouterConfig on MongoD and make it accept ↵Kaloian Manassiev2019-01-211-1/+0
| | | | | | a namespace argument (cherry picked from commit e4f26d25632f94a6577028ccefd32069550628b6)
* SERVER-38983 Differentiate UserNotFound from AuthenticationFailure in audit logSara Golemon2019-01-141-12/+12
| | | | (cherry picked from commit ddb5d16aa7a5854d326bff0b6d094b33f1b662b5)
* SERVER-37527 Fix lifecycle management and clarify isDone->isSuccessSara Golemon2018-12-014-22/+20
| | | | (cherry picked from commit 662bec7c902c7e2eacdbeed0c8fca59563d73155)
* SERVER-37678 Extend cpplint's CheckForCopyright() to check for SSPL.Max Hirschhorn2018-11-141-2/+27
| | | | (cherry picked from commit bbaca57b62a510f0f8711d2a3224d0751e9cf786)
* SERVER-37754 Remove duplicate copyright headersRamon Fernandez2018-10-251-26/+22
|
* SERVER-37651 Fix incorrect copyright headers in python filesRamon Fernandez2018-10-241-27/+22
|
* SERVER-37651 Update header files with new licenseRamon Fernandez2018-10-19101-1601/+1845
|
* SERVER-34798 Remove ServiceContext subclasses and use new ServiceContext in ↵Henrik Edin2018-09-1313-152/+129
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | every unit test. This patch does several loosely related and surprisingly hard to separate things. 1.) Make the ServiceContext class final 2.) Create a mechanism, called ConstructorActions, for running methods on ServiceContexts immediately after they're built and immediately before they're destroyed. 3.) Introduce / improve test fixture base classes for tests, giving them fresh ServiceContext instances for each test case. There is one fixture for tests that need a storage engine and another for those that do not. 4.) Make several remaining global variables SC decorations in support of (3) 5.) Replace many MONGO_INITIALIZERS that access getGlobalServiceContext with the new constructor-actions system, which is needed for (3.) 6.) Fix up tests to use the fixtures from (3) and fix tests that silently used different service contexts in together in a technically illegal fashion that now breaks. 7.) Utilize (2) as necessary to simplify initialization of new ServiceContexts, simplifying the fixtures in (3). (cherry picked from commit d520be0814492c262515cf0a5d62a127ace70dce) SERVER-35985 Destroy clients started in other threads. (cherry picked from commit 9a68eb0cc65a93233b4ff5746330f9eb77de9b90) SERVER-36258 Construct ServiceContext after mongo initializers complete. (cherry picked from commit bfe170e49b1dc10b2badde45bc13c057a2f8ab61) SERVER-36400 Explicitly destroy the client on exiting run() of each BackgroundJob (cherry picked from commit b079e4713d897b5541c2804386025817ec720800) SERVER-36351 Fix so ServiceContextMongoDTest removes the temp directory in its destructor. (cherry picked from commit 4c16f0f336f4db77034e8aa594bbd4a5bac3f40c) SERVER-36347 Fix parse_zone_info.py after ServiceContext refactor. (cherry picked from commit c9d4204b6243e5eee6fe0b5e2c34d02af9ac5edb)
* SERVER-35566 Proxy Cyrus/LDAP selection at runtime.Sara Golemon2018-06-144-12/+8
| | | | (cherry picked from commit 940ed1e95db94d132f018a82343fe0109b157272)
* SERVER-34822: Make role graph ignore irrelevant createIndexesSpencer Jackson2018-06-071-1/+2
| | | | (cherry picked from commit f0227671de94cd54a3d8e1653400aa1ee9d8b2fa)
* SERVER-35272 Remove dependencies on ssl_manager and transport_layer from ↵Henrik Edin2018-06-071-0/+1
| | | | | | embedded when not dragged in by sharding. (cherry picked from commit 5dd6fcae8bedcf9dcb8a4e2e26b70320b369b48c)
* SERVER-34944 Create a shim-override mechanism.ADAM David Alan Martin2018-05-241-1/+4
| | | | | | | | | Modules for MongoDB need to be able to indicate their own overrides of shimmed funcitons. These overrides must be able to access the underlying registered shim. Further, the overrides must be installed in the correct position in the initializer dependency graph. (cherry picked from commit 1de64a4eb0a3655df083bc2160e5720d66f3c6fe)
* Revert "SERVER-34944 Create a shim-override mechanism."Louis Williams2018-05-241-4/+1
| | | | This reverts commit 56c53c382daef891ac0951464e5e23ccdd5c0263.
* SERVER-34944 Create a shim-override mechanism.ADAM David Alan Martin2018-05-231-1/+4
| | | | | | | | | Modules for MongoDB need to be able to indicate their own overrides of shimmed funcitons. These overrides must be able to access the underlying registered shim. Further, the overrides must be installed in the correct position in the initializer dependency graph. (cherry picked from commit bad5afd612e8fc917fb035d8333cffd7d68a37cc)
* SERVER-34894 Embedded authorization componentsADAM David Alan Martin2018-05-225-125/+224
| | | | | | | | | To facilitate using the mongodb code as an in-process embeddable library, we have created a dummy auth layer which can stand in for the real auth system in these contexts. Several link edges needed to be retargetted, and some tests needed to be relaxed. (cherry picked from commit ac1ceb8cb4994e235abe9a364c3dd7a2bfa84a62)
* SERVER-34963 Fix linking on dynamic community builds.ADAM David Alan Martin2018-05-1610-178/+228
| | | | | | | | | | | There were hidden transitive dependencies through `auth` into other subsystems which were not detected through the normal content integration pathway. This adds some necessary dependency edges in order to fix building on those platforms. It also removes a few transitional ignores and fixes some uses of ambiguous stream operators. The `str::stream` object should not directly be streamed.
* SERVER-32942: Let users listcollections their own collectionsSpencer Jackson2018-05-166-14/+161
|
* SERVER-34735 Extract structured data from X509 subject namesSara Golemon2018-05-152-5/+21
|
* SERVER-34345 replace ...WITH_VALIDATOR macros to ->withValidator syntax.Billy Donahue2018-05-151-21/+22
| | | | | | metaprogramming compactness mark unused auto pointer change is_same value use from {} to ::value
* SERVER-33008 Slice Authorization frameworkADAM David Alan Martin2018-05-1130-2129/+2717
| | | | | | | | The Authorization framework was intertwined with many subsystems and needed to be properly abstracted in order to facilitate cutting down on certain unnecessary dependencies in some libraries. This also facilitates creating a reduced authorization framework for use in embedded builds.
* SERVER-34628 Really remove appendCommandStatusMathias Stearn2018-05-081-10/+4
| | | | | | | | | | All remaining callers are transitioned to some form of usassert. This was done with an elaborate set of vim macros to make this tractable. Therefore it should not be considered an example of the best way to write new code, just as an improvement on what was there before. In particular, I couldn't easily remove Status's that are named then only used once in uassertStatusOK, nor could I convert the pattern of checking a StatusWith<T>'s getStatus() then calling getValue() to just call uassertStatusOK(returnsStatusWith()).
* SERVER-34628 Prep for removing appendCommandStatusMathias Stearn2018-05-081-1/+1
| | | | | | | | | * Added appendCommandStatusNoThrow matching the current aCS behavior * Make appendCommandStatus call uassertStatusOK then aCS on success * Make the few places that need to not throw call aCSNT A following commit will completely remove appendCommandStatus. It is split out because that commit is fairly huge.
* SERVER-34805 Refactor the network libraries and move messages types to ↵Andrew Morrow2018-05-054-4/+4
| | | | rpc/protocol
* SERVER-34626: Remove SCRAM-SHA-1 specific auth checks from SCRAM-SHA-256Spencer Jackson2018-05-041-1/+2
|
* SERVER-34580 Plumb commit time to commit handlers when availableJudah Schvimer2018-05-031-1/+1
|
* SERVER-34794 Construct the global ServiceContext inside a MONGO_INITIALIZERAndy Schwerin2018-05-022-31/+33
|
* SERVER-34653 Add 'AuthorizationSession::isAuthenticated()'Billy Donahue2018-05-022-9/+13
|
* SERVER-34698 cleanup physical structure of CmdAuthenticateBilly Donahue2018-04-271-2/+2
|
* SERVER-34364 replace references to invariantOK with invariantBenety Goh2018-04-261-2/+2
|
* SERVER-34421: isMaster saslSupportedMechs shouldn't error on UserNotFoundSpencer Jackson2018-04-242-7/+16
|
* SERVER-34230 Add ActionType and Commands for Free MonitoringSara Golemon2018-04-182-1/+5
|
* SERVER-34541 Remove MessagePort and ListenerAndrew Morrow2018-04-183-1/+2
| | | | Also removes the unimportant but flaky scoped_db_conn_test
* SERVER-34446: Remove normalization of SCRAM-SHA-256 prinicpal namesSpencer Jackson2018-04-133-118/+11
|
* SERVER-34401: Add support for {forAllDBs: true} to usersInfoSpencer Jackson2018-04-133-2/+11
|
* SERVER-33548 Enable profiling for batch writes within transactionsTess Avitabile2018-04-131-1/+1
|
* SERVER-34179 refactor isGenericArgumentBilly Donahue2018-04-021-2/+2
| | | | | | | | | Remove the static tables floating around at namespace scope. break CommandHelpers::isGenericArgument into command_generic_argument library so it doesn't have to be inline. Some callers depend on it but would have a circularity if they actually added db/commands to their LIBDEPS.
* SERVER-34246 Add getDatabaseVersion command on shards for support and testingEsha Maharishi2018-04-022-0/+2
|
View Lorry Controller Status