Skip to content

Commit

Permalink
SERVER-17496 Move sharding-specific auth code out of client
Browse files Browse the repository at this point in the history
  • Loading branch information
@kaloianm
kaloianm committed Mar 26, 2015
1 parent 8a80559 commit 73f7b64
Show file tree
Hide file tree
Showing 9 changed files with 65 additions and 145 deletions.
6 changes: 1 addition & 5 deletions src/mongo/SConscript
View file
Original file line number Diff line number Diff line change
Expand Up @@ -272,9 +272,6 @@ env.CppUnitTest(
'range_arithmetic'
])

env.Library('auth_helpers', ['client/auth_helpers.cpp'],
LIBDEPS=['clientdriver'])

env.Library('global_optime', ['db/global_optime.cpp'])

env.Library('spin_lock', ["util/concurrency/spin_lock.cpp"])
Expand Down Expand Up @@ -453,8 +450,7 @@ env.Library("fail_point",
LIBDEPS=["foundation", "bson"])

env.Library('mongocommon', commonFiles,
LIBDEPS=['auth_helpers',
'bson',
LIBDEPS=['bson',
'background_job',
'clientdriver',
'fail_point',
Expand Down
68 changes: 0 additions & 68 deletions src/mongo/client/auth_helpers.cpp
View file

This file was deleted.

48 changes: 0 additions & 48 deletions src/mongo/client/auth_helpers.h
View file

This file was deleted.

8 changes: 5 additions & 3 deletions src/mongo/db/auth/SConscript
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,7 @@ env.Library('authcore', ['action_set.cpp',
'user_management_commands_parser.cpp',
'user_name.cpp',
'user_set.cpp'],
LIBDEPS=['$BUILD_DIR/mongo/auth_helpers',
'$BUILD_DIR/mongo/base/base',
LIBDEPS=['$BUILD_DIR/mongo/base/base',
'$BUILD_DIR/mongo/bson',
'$BUILD_DIR/mongo/db/common',
'$BUILD_DIR/mongo/db/ops/update_driver',
Expand All @@ -56,7 +55,10 @@ env.Library('saslauth',
'sasl_plain_server_conversation.cpp',
'sasl_scramsha1_server_conversation.cpp',
'sasl_server_conversation.cpp'],
LIBDEPS=['authcore', '$BUILD_DIR/mongo/crypto/scramauth'])
LIBDEPS=[
'authcore',
'$BUILD_DIR/mongo/crypto/scramauth',
'$BUILD_DIR/mongo/network'])

env.Library('authmongod',
['authz_manager_external_state_d.cpp',
Expand Down
1 change: 0 additions & 1 deletion src/mongo/db/auth/authorization_manager.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,6 @@
#include "mongo/bson/mutable/document.h"
#include "mongo/bson/mutable/element.h"
#include "mongo/bson/util/bson_extract.h"
#include "mongo/client/auth_helpers.h"
#include "mongo/crypto/mechanism_scram.h"
#include "mongo/db/auth/action_set.h"
#include "mongo/db/auth/authz_documents_update_guard.h"
Expand Down
6 changes: 4 additions & 2 deletions src/mongo/db/auth/authorization_manager_global.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@

#include "mongo/base/disallow_copying.h"
#include "mongo/base/init.h"
#include "mongo/client/auth_helpers.h"
#include "mongo/db/auth/authorization_manager.h"
#include "mongo/db/auth/authorization_manager_global.h"
#include "mongo/db/server_parameters.h"
Expand All @@ -53,7 +52,7 @@ namespace {
MONGO_NO_PREREQUISITES,
("BeginStartupOptionParsing"))(InitializerContext*) {
new AuthzVersionParameter(ServerParameterSet::getGlobal(),
auth::schemaVersionServerParameter);
authSchemaVersionServerParameter);
return Status::OK();
}

Expand All @@ -75,8 +74,11 @@ namespace {
Status AuthzVersionParameter::setFromString(const std::string& newValueString) {
return Status(ErrorCodes::InternalError, "set called on unsettable server parameter");
}

} // namespace

const std::string authSchemaVersionServerParameter = "authSchemaVersion";

void setGlobalAuthorizationManager(AuthorizationManager* authManager) {
fassert(16841, globalAuthManager == NULL);
globalAuthManager = authManager;
Expand Down
5 changes: 5 additions & 0 deletions src/mongo/db/auth/authorization_manager_global.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,11 @@

namespace mongo {

/**
* Name of the server parameter used to report the auth schema version (via getParameter).
*/
extern const std::string authSchemaVersionServerParameter;

// Gets the singleton AuthorizationManager object for this server process.
AuthorizationManager* getGlobalAuthorizationManager();

Expand Down
67 changes: 50 additions & 17 deletions src/mongo/db/auth/authz_manager_external_state_s.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,9 @@
#include <boost/scoped_ptr.hpp>
#include <string>

#include "mongo/client/auth_helpers.h"
#include "mongo/client/dbclientinterface.h"
#include "mongo/db/auth/authorization_manager.h"
#include "mongo/db/auth/authorization_manager_global.h"
#include "mongo/db/auth/user_name.h"
#include "mongo/db/jsobj.h"
#include "mongo/s/catalog/catalog_manager.h"
Expand All @@ -56,35 +56,68 @@ namespace mongo {
using std::endl;
using std::vector;

AuthzManagerExternalStateMongos::AuthzManagerExternalStateMongos() {}
namespace {

AuthzManagerExternalStateMongos::~AuthzManagerExternalStateMongos() {}
ScopedDbConnection* getConnectionForAuthzCollection(const NamespaceString& ns) {
//
// Note: The connection mechanism here is *not* ideal, and should not be used elsewhere.
// If the primary for the collection moves, this approach may throw rather than handle
// version exceptions.
//

Status AuthzManagerExternalStateMongos::initialize(OperationContext* txn) {
return Status::OK();
}
DBConfigPtr config = grid.getDBConfig(ns.ns());
Shard s = config->getShard(ns.ns());

namespace {
ScopedDbConnection* getConnectionForAuthzCollection(const NamespaceString& ns) {
//
// Note: The connection mechanism here is *not* ideal, and should not be used elsewhere.
// If the primary for the collection moves, this approach may throw rather than handle
// version exceptions.
//
return new ScopedDbConnection(s.getConnString(), 30.0);
}

DBConfigPtr config = grid.getDBConfig(ns.ns());
Shard s = config->getShard(ns.ns());
Status getRemoteStoredAuthorizationVersion(DBClientBase* conn, int* outVersion) {
try {
BSONObj cmdResult;
conn->runCommand(
"admin",
BSON("getParameter" << 1 << authSchemaVersionServerParameter << 1),
cmdResult);
if (!cmdResult["ok"].trueValue()) {
std::string errmsg = cmdResult["errmsg"].str();
if (errmsg == "no option found to get" ||
StringData(errmsg).startsWith("no such cmd")) {

return new ScopedDbConnection(s.getConnString(), 30.0);
*outVersion = 1;
return Status::OK();
}
int code = cmdResult["code"].numberInt();
if (code == 0) {
code = ErrorCodes::UnknownError;
}
return Status(ErrorCodes::Error(code), errmsg);
}
BSONElement versionElement = cmdResult[authSchemaVersionServerParameter];
if (versionElement.eoo())
return Status(ErrorCodes::UnknownError, "getParameter misbehaved.");
*outVersion = versionElement.numberInt();
return Status::OK();
} catch (const DBException& e) {
return e.toStatus();
}
}

} // namespace

AuthzManagerExternalStateMongos::AuthzManagerExternalStateMongos() {}

AuthzManagerExternalStateMongos::~AuthzManagerExternalStateMongos() {}

Status AuthzManagerExternalStateMongos::initialize(OperationContext* txn) {
return Status::OK();
}

Status AuthzManagerExternalStateMongos::getStoredAuthorizationVersion(
OperationContext* txn, int* outVersion) {
try {
scoped_ptr<ScopedDbConnection> conn(getConnectionForAuthzCollection(
AuthorizationManager::usersCollectionNamespace));
Status status = auth::getRemoteStoredAuthorizationVersion(conn->get(), outVersion);
Status status = getRemoteStoredAuthorizationVersion(conn->get(), outVersion);
conn->done();
return status;
}
Expand Down
1 change: 0 additions & 1 deletion src/mongo/db/auth/user_management_commands_parser.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,6 @@

#include "mongo/base/status.h"
#include "mongo/bson/util/bson_extract.h"
#include "mongo/client/auth_helpers.h"
#include "mongo/db/auth/action_type.h"
#include "mongo/db/auth/authorization_manager.h"
#include "mongo/db/auth/privilege.h"
Expand Down

0 comments on commit 73f7b64

Please sign in to comment.