1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
|
/*
* Copyright (C) 2012 10gen Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* As a special exception, the copyright holders give permission to link the
* code of portions of this program with the OpenSSL library under certain
* conditions as described in each individual source file and distribute
* linked combinations including the program with the OpenSSL library. You
* must comply with the GNU Affero General Public License in all respects for
* all of the code used other than as permitted herein. If you modify file(s)
* with this exception, you may extend this exception to your version of the
* file(s), but you are not obligated to do so. If you do not wish to do so,
* delete this exception statement from your version. If you delete this
* exception statement from all source files in the program, then also delete
* it in the license file.
*/
#pragma once
#include <string>
#include <vector>
#include "mongo/base/disallow_copying.h"
#include "mongo/base/status.h"
#include "mongo/db/auth/role_name.h"
#include "mongo/db/auth/user_name.h"
#include "mongo/db/jsobj.h"
#include "mongo/db/namespace_string.h"
#include "mongo/stdx/functional.h"
namespace mongo {
class OperationContext;
/**
* Public interface for a class that encapsulates all the information related to system
* state not stored in AuthorizationManager. This is primarily to make AuthorizationManager
* easier to test as well as to allow different implementations for mongos and mongod.
*/
class AuthzManagerExternalState {
MONGO_DISALLOW_COPYING(AuthzManagerExternalState);
public:
virtual ~AuthzManagerExternalState();
/**
* Initializes the external state object. Must be called after construction and before
* calling other methods. Object may not be used after this method returns something other
* than Status::OK().
*/
virtual Status initialize(OperationContext* txn) = 0;
/**
* Retrieves the schema version of the persistent data describing users and roles.
* Will leave *outVersion unmodified on non-OK status return values.
*/
virtual Status getStoredAuthorizationVersion(OperationContext* txn, int* outVersion) = 0;
/**
* Writes into "result" a document describing the named user and returns Status::OK(). The
* description includes the user credentials, if present, the user's role membership and
* delegation information, a full list of the user's privileges, and a full list of the
* user's roles, including those roles held implicitly through other roles (indirect roles).
* In the event that some of this information is inconsistent, the document will contain a
* "warnings" array, with std::string messages describing inconsistencies.
*
* If the user does not exist, returns ErrorCodes::UserNotFound.
*/
virtual Status getUserDescription(
OperationContext* txn, const UserName& userName, BSONObj* result) = 0;
/**
* Writes into "result" a document describing the named role and returns Status::OK(). The
* description includes the roles in which the named role has membership and a full list of
* the roles of which the named role is a member, including those roles memberships held
* implicitly through other roles (indirect roles). If "showPrivileges" is true, then the
* description documents will also include a full list of the role's privileges.
* In the event that some of this information is inconsistent, the document will contain a
* "warnings" array, with std::string messages describing inconsistencies.
*
* If the role does not exist, returns ErrorCodes::RoleNotFound.
*/
virtual Status getRoleDescription(const RoleName& roleName,
bool showPrivileges,
BSONObj* result) = 0;
/**
* Writes into "result" documents describing the roles that are defined on the given
* database. Each role description document includes the other roles in which the role has
* membership and a full list of the roles of which the named role is a member,
* including those roles memberships held implicitly through other roles (indirect roles).
* If showPrivileges is true, then the description documents will also include a full list
* of the role's privileges. If showBuiltinRoles is true, then the result array will
* contain description documents for all the builtin roles for the given database, if it
* is false the result will just include user defined roles.
* In the event that some of the information in a given role description is inconsistent,
* the document will contain a "warnings" array, with std::string messages describing
* inconsistencies.
*/
virtual Status getRoleDescriptionsForDB(const std::string dbname,
bool showPrivileges,
bool showBuiltinRoles,
std::vector<BSONObj>* result) = 0;
/**
* Returns true if there exists at least one privilege document in the system.
*/
bool hasAnyPrivilegeDocuments(OperationContext* txn);
/**
* Creates the given user object in the given database.
*
* TODO(spencer): remove dbname argument once users are only written into the admin db
*/
Status insertPrivilegeDocument(OperationContext* txn,
const std::string& dbname,
const BSONObj& userObj,
const BSONObj& writeConcern);
/**
* Updates the given user object with the given update modifier.
*/
Status updatePrivilegeDocument(OperationContext* txn,
const UserName& user,
const BSONObj& updateObj,
const BSONObj& writeConcern);
/**
* Removes users for the given database matching the given query.
* Writes into *numRemoved the number of user documents that were modified.
*/
Status removePrivilegeDocuments(OperationContext* txn,
const BSONObj& query,
const BSONObj& writeConcern,
int* numRemoved);
/**
* Finds a document matching "query" in "collectionName", and store a shared-ownership
* copy into "result".
*
* Returns Status::OK() on success. If no match is found, returns
* ErrorCodes::NoMatchingDocument. Other errors returned as appropriate.
*/
virtual Status findOne(OperationContext* txn,
const NamespaceString& collectionName,
const BSONObj& query,
BSONObj* result) = 0;
/**
* Finds all documents matching "query" in "collectionName". For each document returned,
* calls the function resultProcessor on it.
*/
virtual Status query(OperationContext* txn,
const NamespaceString& collectionName,
const BSONObj& query,
const BSONObj& projection,
const stdx::function<void(const BSONObj&)>& resultProcessor) = 0;
/**
* Inserts "document" into "collectionName".
* If there is a duplicate key error, returns a Status with code DuplicateKey.
*/
virtual Status insert(OperationContext* txn,
const NamespaceString& collectionName,
const BSONObj& document,
const BSONObj& writeConcern) = 0;
/**
* Update one document matching "query" according to "updatePattern" in "collectionName".
*
* If "upsert" is true and no document matches "query", inserts one using "query" as a
* template.
* If "upsert" is false and no document matches "query", return a Status with the code
* NoMatchingDocument. The Status message in that case is not very descriptive and should
* not be displayed to the end user.
*/
virtual Status updateOne(OperationContext* txn,
const NamespaceString& collectionName,
const BSONObj& query,
const BSONObj& updatePattern,
bool upsert,
const BSONObj& writeConcern);
/**
* Updates documents matching "query" according to "updatePattern" in "collectionName".
*/
virtual Status update(OperationContext* txn,
const NamespaceString& collectionName,
const BSONObj& query,
const BSONObj& updatePattern,
bool upsert,
bool multi,
const BSONObj& writeConcern,
int* nMatched) = 0;
/**
* Removes all documents matching "query" from "collectionName".
*/
virtual Status remove(OperationContext* txn,
const NamespaceString& collectionName,
const BSONObj& query,
const BSONObj& writeConcern,
int* numRemoved) = 0;
/**
* Tries to acquire the global lock guarding modifications to all persistent data related
* to authorization, namely the admin.system.users, admin.system.roles, and
* admin.system.version collections. This serializes all writers to the authorization
* documents, but does not impact readers.
*/
virtual bool tryAcquireAuthzUpdateLock(const StringData& why) = 0;
/**
* Releases the lock guarding modifications to persistent authorization data, which must
* already be held.
*/
virtual void releaseAuthzUpdateLock() = 0;
virtual void logOp(
OperationContext* txn,
const char* op,
const char* ns,
const BSONObj& o,
BSONObj* o2,
bool* b) {}
protected:
AuthzManagerExternalState(); // This class should never be instantiated directly.
static const long long _authzUpdateLockAcquisitionTimeoutMillis = 5000;
};
} // namespace mongo
|
