From f6bb7b0a3bff0495db6be1e04ff72d95862cbb6f Mon Sep 17 00:00:00 2001 From: Spencer Jackson Date: Wed, 10 Aug 2016 14:39:34 -0400 Subject: Revert "SERVER-22826 Support X509 Authorization" This reverts commit d930f4832631eca7092ada4328d780f2b8d19d31. --- src/mongo/transport/service_entry_point_test_suite.cpp | 6 ++---- src/mongo/transport/service_entry_point_test_suite.h | 3 +-- src/mongo/transport/session.cpp | 5 ++--- src/mongo/transport/session.h | 7 ++----- src/mongo/transport/transport_layer.h | 6 +++--- src/mongo/transport/transport_layer_legacy.cpp | 14 +++++++------- src/mongo/transport/transport_layer_legacy.h | 6 +++--- src/mongo/transport/transport_layer_manager.cpp | 5 ++--- src/mongo/transport/transport_layer_manager.h | 2 +- src/mongo/transport/transport_layer_mock.cpp | 17 ++++++----------- src/mongo/transport/transport_layer_mock.h | 10 ++-------- 11 files changed, 31 insertions(+), 50 deletions(-) (limited to 'src/mongo/transport') diff --git a/src/mongo/transport/service_entry_point_test_suite.cpp b/src/mongo/transport/service_entry_point_test_suite.cpp index c3814accc47..841851d5ccd 100644 --- a/src/mongo/transport/service_entry_point_test_suite.cpp +++ b/src/mongo/transport/service_entry_point_test_suite.cpp @@ -51,7 +51,6 @@ #include "mongo/transport/transport_layer.h" #include "mongo/unittest/unittest.h" #include "mongo/util/net/message.h" -#include "mongo/util/net/ssl_types.h" namespace mongo { @@ -149,9 +148,8 @@ void ServiceEntryPointTestSuite::MockTLHarness::asyncWait(Ticket&& ticket, return _asyncWait(std::move(ticket), std::move(callback)); } -SSLPeerInfo ServiceEntryPointTestSuite::MockTLHarness::getX509PeerInfo( - const Session& session) const { - return SSLPeerInfo("mock", {}); +std::string ServiceEntryPointTestSuite::MockTLHarness::getX509SubjectName(const Session& session) { + return "mock"; } void ServiceEntryPointTestSuite::MockTLHarness::registerTags(const Session& session) {} diff --git a/src/mongo/transport/service_entry_point_test_suite.h b/src/mongo/transport/service_entry_point_test_suite.h index 7f15d4723eb..2249c86b9bd 100644 --- a/src/mongo/transport/service_entry_point_test_suite.h +++ b/src/mongo/transport/service_entry_point_test_suite.h @@ -39,7 +39,6 @@ namespace mongo { class ServiceEntryPoint; -struct SSLPeerInfo; /** * Test class. Uses a mock TransportLayer to test that the ServiceEntryPoint @@ -130,7 +129,7 @@ private: Date_t expiration = transport::Ticket::kNoExpirationDate) override; Status wait(transport::Ticket&& ticket) override; void asyncWait(transport::Ticket&& ticket, TicketCallback callback) override; - SSLPeerInfo getX509PeerInfo(const transport::Session& session) const override; + std::string getX509SubjectName(const transport::Session& session) override; void registerTags(const transport::Session& session) override; Stats sessionStats() override; void end(transport::Session& session) override; diff --git a/src/mongo/transport/session.cpp b/src/mongo/transport/session.cpp index 851f348edc0..b341cd97630 100644 --- a/src/mongo/transport/session.cpp +++ b/src/mongo/transport/session.cpp @@ -32,7 +32,6 @@ #include "mongo/platform/atomic_word.h" #include "mongo/transport/transport_layer.h" -#include "mongo/util/net/ssl_types.h" namespace mongo { namespace transport { @@ -96,8 +95,8 @@ Ticket Session::sinkMessage(const Message& message, Date_t expiration) { return _tl->sinkMessage(*this, message, expiration); } -SSLPeerInfo Session::getX509PeerInfo() const { - return _tl->getX509PeerInfo(*this); +std::string Session::getX509SubjectName() const { + return _tl->getX509SubjectName(*this); } void Session::end() { diff --git a/src/mongo/transport/session.h b/src/mongo/transport/session.h index 76c2a975478..c7ec5cd28f0 100644 --- a/src/mongo/transport/session.h +++ b/src/mongo/transport/session.h @@ -37,9 +37,6 @@ #include "mongo/util/time_support.h" namespace mongo { - -struct SSLPeerInfo; - namespace transport { class TransportLayer; @@ -105,9 +102,9 @@ public: } /** - * Return the X509 peer information for this connection (SSL only). + * Return the X509 subject name for this connection (SSL only). */ - SSLPeerInfo getX509PeerInfo() const; + std::string getX509SubjectName() const; /** * Set this session's tags. This Session will register diff --git a/src/mongo/transport/transport_layer.h b/src/mongo/transport/transport_layer.h index c407eef1f0d..3634ec68de5 100644 --- a/src/mongo/transport/transport_layer.h +++ b/src/mongo/transport/transport_layer.h @@ -154,10 +154,10 @@ public: virtual void registerTags(const Session& session) = 0; /** - * Return the stored X509 peer information for this session. If the session does not - * exist in this TransportLayer, returns a default constructed object. + * Return the stored X509 subject name for this session. If the session does not + * exist in this TransportLayer, returns "". */ - virtual SSLPeerInfo getX509PeerInfo(const Session& session) const = 0; + virtual std::string getX509SubjectName(const Session& session) = 0; /** * Returns the number of sessions currently open in the transport layer. diff --git a/src/mongo/transport/transport_layer_legacy.cpp b/src/mongo/transport/transport_layer_legacy.cpp index 1a719d66e93..3c004eb793f 100644 --- a/src/mongo/transport/transport_layer_legacy.cpp +++ b/src/mongo/transport/transport_layer_legacy.cpp @@ -117,16 +117,16 @@ Ticket TransportLayerLegacy::sourceMessage(Session& session, Message* message, D return Ticket(this, stdx::make_unique(session, expiration, std::move(sourceCb))); } -SSLPeerInfo TransportLayerLegacy::getX509PeerInfo(const Session& session) const { +std::string TransportLayerLegacy::getX509SubjectName(const Session& session) { { stdx::lock_guard lk(_connectionsMutex); auto conn = _connections.find(session.id()); if (conn == _connections.end()) { // Return empty string if the session is not found - return SSLPeerInfo(); + return ""; } - return conn->second.sslPeerInfo.value_or(SSLPeerInfo()); + return conn->second.x509SubjectName.value_or(""); } } @@ -274,10 +274,10 @@ Status TransportLayerLegacy::_runTicket(Ticket ticket) { #ifdef MONGO_CONFIG_SSL // If we didn't have an X509 subject name, see if we have one now - if (!conn->second.sslPeerInfo) { - auto info = amp->getX509PeerInfo(); - if (info.subjectName != "") { - conn->second.sslPeerInfo = info; + if (!conn->second.x509SubjectName) { + auto name = amp->getX509SubjectName(); + if (name != "") { + conn->second.x509SubjectName = name; } } #endif diff --git a/src/mongo/transport/transport_layer_legacy.h b/src/mongo/transport/transport_layer_legacy.h index 873da5a2123..7472212ffc9 100644 --- a/src/mongo/transport/transport_layer_legacy.h +++ b/src/mongo/transport/transport_layer_legacy.h @@ -79,7 +79,7 @@ public: void asyncWait(Ticket&& ticket, TicketCallback callback) override; void registerTags(const Session& session) override; - SSLPeerInfo getX509PeerInfo(const Session& session) const override; + std::string getX509SubjectName(const Session& session) override; Stats sessionStats() override; @@ -150,7 +150,7 @@ private: const long long connectionId; - boost::optional sslPeerInfo; + boost::optional x509SubjectName; Session::TagMask tags; bool inUse; bool ended; @@ -161,7 +161,7 @@ private: std::unique_ptr _listener; stdx::thread _listenerThread; - mutable stdx::mutex _connectionsMutex; + stdx::mutex _connectionsMutex; std::unordered_map _connections; void _endSession_inlock(decltype(_connections.begin()) conn); diff --git a/src/mongo/transport/transport_layer_manager.cpp b/src/mongo/transport/transport_layer_manager.cpp index 6fc191bf49f..e513155e5cd 100644 --- a/src/mongo/transport/transport_layer_manager.cpp +++ b/src/mongo/transport/transport_layer_manager.cpp @@ -33,7 +33,6 @@ #include "mongo/base/status.h" #include "mongo/stdx/memory.h" #include "mongo/transport/session.h" -#include "mongo/util/net/ssl_types.h" #include "mongo/util/time_support.h" #include @@ -62,8 +61,8 @@ void TransportLayerManager::asyncWait(Ticket&& ticket, TicketCallback callback) return getTicketTransportLayer(ticket)->asyncWait(std::move(ticket), std::move(callback)); } -SSLPeerInfo TransportLayerManager::getX509PeerInfo(const Session& session) const { - return session.getX509PeerInfo(); +std::string TransportLayerManager::getX509SubjectName(const Session& session) { + return session.getX509SubjectName(); } template diff --git a/src/mongo/transport/transport_layer_manager.h b/src/mongo/transport/transport_layer_manager.h index 9648a0859f2..20d27d6571c 100644 --- a/src/mongo/transport/transport_layer_manager.h +++ b/src/mongo/transport/transport_layer_manager.h @@ -64,7 +64,7 @@ public: Status wait(Ticket&& ticket) override; void asyncWait(Ticket&& ticket, TicketCallback callback) override; - SSLPeerInfo getX509PeerInfo(const Session& session) const override; + std::string getX509SubjectName(const Session& session) override; void registerTags(const Session& session) override; Stats sessionStats() override; diff --git a/src/mongo/transport/transport_layer_mock.cpp b/src/mongo/transport/transport_layer_mock.cpp index 5b66c00bf91..e7fa76d2e9b 100644 --- a/src/mongo/transport/transport_layer_mock.cpp +++ b/src/mongo/transport/transport_layer_mock.cpp @@ -109,13 +109,8 @@ void TransportLayerMock::asyncWait(Ticket&& ticket, TicketCallback callback) { callback(Status::OK()); } -SSLPeerInfo TransportLayerMock::getX509PeerInfo(const Session& session) const { - return _sessions.at(session.id()).peerInfo; -} - - -void TransportLayerMock::setX509PeerInfo(const Session& session, SSLPeerInfo peerInfo) { - _sessions[session.id()].peerInfo = std::move(peerInfo); +std::string TransportLayerMock::getX509SubjectName(const Session& session) { + return session.getX509SubjectName(); } TransportLayer::Stats TransportLayerMock::sessionStats() { @@ -129,16 +124,16 @@ Session* TransportLayerMock::createSession() { stdx::make_unique(HostAndPort(), HostAndPort(), this); Session::Id sessionId = session->id(); - _sessions[sessionId] = Connection{std::move(session), SSLPeerInfo()}; + _sessions[sessionId] = std::move(session); - return _sessions[sessionId].session.get(); + return _sessions[sessionId].get(); } Session* TransportLayerMock::get(Session::Id id) { if (!owns(id)) return nullptr; - return _sessions[id].session.get(); + return _sessions[id].get(); } bool TransportLayerMock::owns(Session::Id id) { @@ -152,7 +147,7 @@ void TransportLayerMock::end(Session& session) { void TransportLayerMock::endAllSessions(Session::TagMask tags) { auto it = _sessions.begin(); while (it != _sessions.end()) { - end(*it->second.session.get()); + end(*it->second.get()); it++; } } diff --git a/src/mongo/transport/transport_layer_mock.h b/src/mongo/transport/transport_layer_mock.h index 10913f0cf96..38ab3eed0f1 100644 --- a/src/mongo/transport/transport_layer_mock.h +++ b/src/mongo/transport/transport_layer_mock.h @@ -36,7 +36,6 @@ #include "mongo/transport/ticket_impl.h" #include "mongo/transport/transport_layer.h" #include "mongo/util/net/message.h" -#include "mongo/util/net/ssl_types.h" #include "mongo/util/time_support.h" namespace mongo { @@ -87,8 +86,7 @@ public: Status wait(Ticket&& ticket) override; void asyncWait(Ticket&& ticket, TicketCallback callback) override; - SSLPeerInfo getX509PeerInfo(const Session& session) const override; - void setX509PeerInfo(const Session& session, SSLPeerInfo peerInfo); + std::string getX509SubjectName(const Session& session) override; void registerTags(const Session& session) override; Stats sessionStats() override; @@ -104,11 +102,7 @@ public: bool inShutdown() const; private: - struct Connection { - std::unique_ptr session; - SSLPeerInfo peerInfo; - }; - std::unordered_map _sessions; + std::unordered_map> _sessions; bool _shutdown; }; -- cgit v1.2.1