/*
* Copyright (C) 2010 10gen Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see .
*
* As a special exception, the copyright holders give permission to link the
* code of portions of this program with the OpenSSL library under certain
* conditions as described in each individual source file and distribute
* linked combinations including the program with the OpenSSL library. You
* must comply with the GNU Affero General Public License in all respects for
* all of the code used other than as permitted herein. If you modify file(s)
* with this exception, you may extend this exception to your version of the
* file(s), but you are not obligated to do so. If you do not wish to do so,
* delete this exception statement from your version. If you delete this
* exception statement from all source files in the program, then also delete
* it in the license file.
*/
#include "mongo/platform/basic.h"
#include "mongo/bson/util/bson_extract.h"
#include "mongo/db/auth/authorization_manager.h"
#include "mongo/db/auth/authorization_session.h"
#include "mongo/db/commands.h"
namespace mongo {
using std::string;
using std::stringstream;
class CmdConnectionStatus : public Command {
public:
CmdConnectionStatus() : Command("connectionStatus") {}
virtual bool slaveOk() const {
return true;
}
virtual bool isWriteCommandForConfigServer() const {
return false;
}
virtual void addRequiredPrivileges(const std::string& dbname,
const BSONObj& cmdObj,
std::vector* out) {} // No auth required
void help(stringstream& h) const {
h << "Returns connection-specific information such as logged-in users and their roles";
}
bool run(OperationContext* txn,
const string&,
BSONObj& cmdObj,
int,
string& errmsg,
BSONObjBuilder& result) {
AuthorizationSession* authSession = AuthorizationSession::get(ClientBasic::getCurrent());
bool showPrivileges;
Status status =
bsonExtractBooleanFieldWithDefault(cmdObj, "showPrivileges", false, &showPrivileges);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
BSONObjBuilder authInfo(result.subobjStart("authInfo"));
{
BSONArrayBuilder authenticatedUsers(authInfo.subarrayStart("authenticatedUsers"));
UserNameIterator nameIter = authSession->getAuthenticatedUserNames();
for (; nameIter.more(); nameIter.next()) {
BSONObjBuilder userInfoBuilder(authenticatedUsers.subobjStart());
userInfoBuilder.append(AuthorizationManager::USER_NAME_FIELD_NAME,
nameIter->getUser());
userInfoBuilder.append(AuthorizationManager::USER_DB_FIELD_NAME, nameIter->getDB());
}
}
{
BSONArrayBuilder authenticatedRoles(authInfo.subarrayStart("authenticatedUserRoles"));
RoleNameIterator roleIter = authSession->getAuthenticatedRoleNames();
for (; roleIter.more(); roleIter.next()) {
BSONObjBuilder roleInfoBuilder(authenticatedRoles.subobjStart());
roleInfoBuilder.append(AuthorizationManager::ROLE_NAME_FIELD_NAME,
roleIter->getRole());
roleInfoBuilder.append(AuthorizationManager::ROLE_DB_FIELD_NAME, roleIter->getDB());
}
}
if (showPrivileges) {
BSONArrayBuilder authenticatedPrivileges(
authInfo.subarrayStart("authenticatedUserPrivileges"));
// Create a unified map of resources to privileges, to avoid duplicate
// entries in the connection status output.
User::ResourcePrivilegeMap unifiedResourcePrivilegeMap;
UserNameIterator nameIter = authSession->getAuthenticatedUserNames();
for (; nameIter.more(); nameIter.next()) {
User* authUser = authSession->lookupUser(*nameIter);
const User::ResourcePrivilegeMap& resourcePrivilegeMap = authUser->getPrivileges();
for (User::ResourcePrivilegeMap::const_iterator it = resourcePrivilegeMap.begin();
it != resourcePrivilegeMap.end();
++it) {
if (unifiedResourcePrivilegeMap.find(it->first) ==
unifiedResourcePrivilegeMap.end()) {
unifiedResourcePrivilegeMap[it->first] = it->second;
} else {
unifiedResourcePrivilegeMap[it->first].addActions(it->second.getActions());
}
}
}
for (User::ResourcePrivilegeMap::const_iterator it =
unifiedResourcePrivilegeMap.begin();
it != unifiedResourcePrivilegeMap.end();
++it) {
authenticatedPrivileges << it->second.toBSON();
}
}
authInfo.doneFast();
return true;
}
} cmdConnectionStatus;
}