Permalink
Browse files

SERVER-7934 Have AuthorizationManager::getPrivilegeDocument take Prin…

…cipalName, not Principal*.
  • Loading branch information...
1 parent 079c9a7 commit ea655580c27ada4ffe4cd62a660c356f25ff44f7 @andy10gen andy10gen committed Dec 12, 2012
@@ -22,32 +22,44 @@
namespace mongo {
+ static const char USER_FIELD[] = "user";
+ static const char USER_SOURCE_FIELD[] = "userSource";
+ static const char PASSWORD_FIELD[] = "pwd";
+
AuthExternalState::AuthExternalState() {}
AuthExternalState::~AuthExternalState() {}
Status AuthExternalState::getPrivilegeDocumentOverConnection(DBClientBase* conn,
const std::string& dbname,
- const std::string& principalName,
+ const PrincipalName& principalName,
BSONObj* result) {
- if (principalName == internalSecurity.user) {
+ if (principalName.getUser() == internalSecurity.user) {
if (internalSecurity.pwd.empty()) {
return Status(ErrorCodes::UserNotFound,
"key file must be used to log in with internal user",
15889);
}
- *result = BSON("user" << principalName << "pwd" << internalSecurity.pwd).getOwned();
+ *result = BSON(USER_FIELD << internalSecurity.user <<
+ PASSWORD_FIELD << internalSecurity.pwd).getOwned();
return Status::OK();
}
std::string usersNamespace = dbname + ".system.users";
BSONObj userBSONObj;
- BSONObj query = BSON("user" << principalName);
- userBSONObj = conn->findOne(usersNamespace, query, 0, QueryOption_SlaveOk);
+ BSONObjBuilder queryBuilder;
+ queryBuilder.append(USER_FIELD, principalName.getUser());
+ if (principalName.getDB() == dbname) {
+ queryBuilder.appendNull(USER_SOURCE_FIELD);
+ }
+ else {
+ queryBuilder.append(USER_SOURCE_FIELD, principalName.getDB());
+ }
+ userBSONObj = conn->findOne(usersNamespace, queryBuilder.obj(), 0, QueryOption_SlaveOk);
if (userBSONObj.isEmpty()) {
return Status(ErrorCodes::UserNotFound,
- mongoutils::str::stream() << "auth: couldn't find user " << principalName
- << ", " << usersNamespace,
+ mongoutils::str::stream() << "auth: couldn't find user " <<
+ principalName.toString() << ", " << usersNamespace,
0);
}
@@ -21,6 +21,7 @@
#include "mongo/base/disallow_copying.h"
#include "mongo/base/status.h"
#include "mongo/client/dbclientinterface.h"
+#include "mongo/db/auth/principal_name.h"
namespace mongo {
@@ -48,14 +49,14 @@ namespace mongo {
// On success, returns Status::OK() and stores a shared-ownership copy of the document into
// "result".
virtual Status getPrivilegeDocument(const std::string& dbname,
- const std::string& principalName,
+ const PrincipalName& principalName,
BSONObj* result) = 0;
protected:
// Look up the privilege document for "principalName" in database "dbname", over "conn".
static Status getPrivilegeDocumentOverConnection(DBClientBase* conn,
const std::string& dbname,
- const std::string& userName,
+ const PrincipalName& principalName,
BSONObj* result);
AuthExternalState(); // This class should never be instantiated directly.
@@ -29,7 +29,7 @@ namespace mongo {
AuthExternalStateMongod::~AuthExternalStateMongod() {}
Status AuthExternalStateMongod::getPrivilegeDocument(const string& dbname,
- const string& principalName,
+ const PrincipalName& principalName,
BSONObj* result) {
Client::GodScope gs;
Client::ReadContext(dbname + ".system.users");
@@ -33,7 +33,7 @@ namespace mongo {
virtual ~AuthExternalStateMongod();
virtual Status getPrivilegeDocument(const string& dbname,
- const string& principalName,
+ const PrincipalName& principalName,
BSONObj* result);
virtual bool shouldIgnoreAuthChecks() const;
@@ -40,7 +40,7 @@ namespace mongo {
}
virtual Status getPrivilegeDocument(const string& dbname,
- const string& user,
+ const PrincipalName& user,
BSONObj* result) {
return Status(ErrorCodes::InternalError, "Not Implemented!");
}
@@ -46,7 +46,7 @@ namespace mongo {
}
Status AuthExternalStateMongos::getPrivilegeDocument(const std::string& dbname,
- const std::string& principalName,
+ const PrincipalName& principalName,
BSONObj* result) {
scoped_ptr<ScopedDbConnection> conn(getConnectionForUsersCollection(dbname));
Status status = getPrivilegeDocumentOverConnection(
@@ -33,7 +33,7 @@ namespace mongo {
virtual ~AuthExternalStateMongos();
virtual Status getPrivilegeDocument(const string& dbname,
- const string& principalName,
+ const PrincipalName& principalName,
BSONObj* result);
protected:
@@ -101,7 +101,7 @@ namespace mongo {
// Returns the privilege document with the given user name in the given database. Currently
// this information comes from the system.users collection in that database.
Status getPrivilegeDocument(const std::string& dbname,
- const std::string& userName,
+ const PrincipalName& userName,
BSONObj* result) {
return _externalState->getPrivilegeDocument(dbname, userName, result);
}
@@ -159,7 +159,7 @@ namespace mongo {
BSONObj userObj;
string pwd;
Status status = ClientBasic::getCurrent()->getAuthorizationManager()->getPrivilegeDocument(
- dbname, user, &userObj);
+ dbname, PrincipalName(user, dbname), &userObj);
if (!status.isOK()) {
log() << status.reason() << std::endl;
errmsg = status.reason();

0 comments on commit ea65558

Please sign in to comment.