本文整理汇总了C++中AuthorizationManager类的典型用法代码示例。如果您正苦于以下问题:C++ AuthorizationManager类的具体用法?C++ AuthorizationManager怎么用?C++ AuthorizationManager使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了AuthorizationManager类的14个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: run
bool CmdLogout::run(const string& dbname , BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl) {
AuthenticationInfo *ai = ClientInfo::get()->getAuthenticationInfo();
AuthorizationManager* authManager = ClientInfo::get()->getAuthorizationManager();
ai->logout(dbname);
authManager->logoutDatabase(dbname);
return true;
}示例2: run
bool run(const string& dbname,
BSONObj& cmdObj,
int options,
string& errmsg,
BSONObjBuilder& result,
bool fromRepl) {
AuthorizationManager* authzManager = getGlobalAuthorizationManager();
AuthzDocumentsUpdateGuard updateGuard(authzManager);
if (!updateGuard.tryLock("Create role")) {
addStatus(Status(ErrorCodes::LockBusy, "Could not lock auth data update lock."),
result);
return false;
}
BSONObj roleObj;
BSONObj writeConcern;
Status status = auth::parseAndValidateCreateRoleCommand(cmdObj,
dbname,
authzManager,
&roleObj,
&writeConcern);
if (!status.isOK()) {
addStatus(status, result);
return false;
}
status = authzManager->insertRoleDocument(roleObj, writeConcern);
if (!status.isOK()) {
addStatus(status, result);
return false;
}
return true;
}示例3: uassertStatusOK
void SASLServerMechanismRegistry::advertiseMechanismNamesForUser(OperationContext* opCtx,
const BSONObj& isMasterCmd,
BSONObjBuilder* builder) {
BSONElement saslSupportedMechs = isMasterCmd["saslSupportedMechs"];
if (saslSupportedMechs.type() == BSONType::String) {
UserName userName = uassertStatusOK(UserName::parse(saslSupportedMechs.String()));
// Authenticating the [email protected] user to the admin database on mongos is required
// by the auth passthrough test suite.
if (getTestCommandsEnabled() &&
userName.getUser() == internalSecurity.user->getName().getUser() &&
userName.getDB() == "admin") {
userName = internalSecurity.user->getName();
}
AuthorizationManager* authManager = AuthorizationManager::get(opCtx->getServiceContext());
UserHandle user;
const auto swUser = authManager->acquireUser(opCtx, userName);
if (!swUser.isOK()) {
auto& status = swUser.getStatus();
if (status.code() == ErrorCodes::UserNotFound) {
log() << "Supported SASL mechanisms requested for unknown user '" << userName
<< "'";
return;
}
uassertStatusOK(status);
}
user = std::move(swUser.getValue());
BSONArrayBuilder mechanismsBuilder;
const auto& mechList = _getMapRef(userName.getDB());
for (const auto& factoryIt : mechList) {
SecurityPropertySet properties = factoryIt->properties();
if (!properties.hasAllProperties(SecurityPropertySet{SecurityProperty::kNoPlainText,
SecurityProperty::kMutualAuth}) &&
userName.getDB() != "$external") {
continue;
}
auto mechanismEnabled = _mechanismSupportedByConfig(factoryIt->mechanismName());
if (!mechanismEnabled && userName == internalSecurity.user->getName()) {
mechanismEnabled = factoryIt->isInternalAuthMech();
}
if (mechanismEnabled && factoryIt->canMakeMechanismForUser(user.get())) {
mechanismsBuilder << factoryIt->mechanismName();
}
}
builder->appendArray("saslSupportedMechs", mechanismsBuilder.arr());
}
}示例4: run
bool run(OperationContext* txn,
const string& dbname,
BSONObj& cmdObj,
int options,
string& errmsg,
BSONObjBuilder& result) {
AuthorizationManager* authzManager = getGlobalAuthorizationManager();
invariant(authzManager);
authzManager->invalidateUserCache();
return true;
}示例5: _authorizePrincipal
void _authorizePrincipal(const std::string& principalName, bool readOnly) {
Principal* principal = new Principal(PrincipalName(principalName, "local"));
ActionSet actions = AuthorizationManager::getActionsForOldStyleUser(
"admin", readOnly);
AuthorizationManager* authorizationManager = cc().getAuthorizationManager();
authorizationManager->addAuthorizedPrincipal(principal);
Status status = authorizationManager->acquirePrivilege(
Privilege(PrivilegeSet::WILDCARD_RESOURCE, actions), principal->getName());
verify (status == Status::OK());
}示例6: authenticateAndAuthorizePrincipal
Status authenticateAndAuthorizePrincipal(const std::string& principalName,
const std::string& dbname,
const BSONObj& userObj) {
AuthorizationManager* authorizationManager =
ClientBasic::getCurrent()->getAuthorizationManager();
Principal* principal = new Principal(principalName, dbname);
authorizationManager->addAuthorizedPrincipal(principal);
return authorizationManager->acquirePrivilegesFromPrivilegeDocument(dbname,
principal,
userObj);
}示例7: conn
void ClientInfo::_setupAuth() {
std::string adminNs = "admin";
DBConfigPtr config = grid.getDBConfig(adminNs);
Shard shard = config->getShard(adminNs);
ShardConnection conn(shard, adminNs);
AuthorizationManager* authManager = new AuthorizationManager(new AuthExternalStateImpl());
Status status = authManager->initialize(conn.get());
massert(16479,
mongoutils::str::stream() << "Error initializing AuthorizationManager: "
<< status.reason(),
status == Status::OK());
setAuthorizationManager(authManager);
}示例8: connPtr
void ClientInfo::_setupAuth() {
std::string adminNs = "admin";
DBConfigPtr config = grid.getDBConfig(adminNs);
Shard shard = config->getShard(adminNs);
scoped_ptr<ScopedDbConnection> connPtr(
ScopedDbConnection::getInternalScopedDbConnection(shard.getConnString(), 30.0));
ScopedDbConnection& conn = *connPtr;
//
// Note: The connection mechanism here is *not* ideal, and should not be used elsewhere.
// It is safe in this particular case because the admin database is always on the config
// server and does not move.
//
AuthorizationManager* authManager = new AuthorizationManager(new AuthExternalStateImpl());
Status status = authManager->initialize(conn.get());
massert(16479,
mongoutils::str::stream() << "Error initializing AuthorizationManager: "
<< status.reason(),
status == Status::OK());
setAuthorizationManager(authManager);
}示例9: Status
StatusWith<std::tuple<bool, std::string>> SASLPlainServerMechanism::stepImpl(
OperationContext* opCtx, StringData inputData) {
if (_authenticationDatabase == "$external") {
return Status(ErrorCodes::AuthenticationFailed,
"PLAIN mechanism must be used with internal users");
}
AuthorizationManager* authManager = AuthorizationManager::get(opCtx->getServiceContext());
// Expecting user input on the form: [authz-id]\0authn-id\0pwd
std::string input = inputData.toString();
SecureAllocatorAuthDomain::SecureString pwd = "";
try {
size_t firstNull = inputData.find('\0');
if (firstNull == std::string::npos) {
return Status(
ErrorCodes::AuthenticationFailed,
str::stream()
<< "Incorrectly formatted PLAIN client message, missing first NULL delimiter");
}
size_t secondNull = inputData.find('\0', firstNull + 1);
if (secondNull == std::string::npos) {
return Status(
ErrorCodes::AuthenticationFailed,
str::stream()
<< "Incorrectly formatted PLAIN client message, missing second NULL delimiter");
}
std::string authorizationIdentity = input.substr(0, firstNull);
ServerMechanismBase::_principalName =
input.substr(firstNull + 1, (secondNull - firstNull) - 1);
if (ServerMechanismBase::_principalName.empty()) {
return Status(ErrorCodes::AuthenticationFailed,
str::stream()
<< "Incorrectly formatted PLAIN client message, empty username");
} else if (!authorizationIdentity.empty() &&
authorizationIdentity != ServerMechanismBase::_principalName) {
return Status(ErrorCodes::AuthenticationFailed,
str::stream()
<< "SASL authorization identity must match authentication identity");
}
pwd = SecureAllocatorAuthDomain::SecureString(input.substr(secondNull + 1).c_str());
if (pwd->empty()) {
return Status(ErrorCodes::AuthenticationFailed,
str::stream()
<< "Incorrectly formatted PLAIN client message, empty password");
}
} catch (std::out_of_range&) {
return Status(ErrorCodes::AuthenticationFailed,
str::stream() << "Incorrectly formatted PLAIN client message");
}
// The authentication database is also the source database for the user.
auto swUser = authManager->acquireUser(
opCtx, UserName(ServerMechanismBase::_principalName, _authenticationDatabase));
if (!swUser.isOK()) {
return swUser.getStatus();
}
auto userObj = std::move(swUser.getValue());
const auto creds = userObj->getCredentials();
const auto sha256Status = trySCRAM<SHA256Block>(creds, pwd->c_str());
if (!sha256Status.isOK()) {
return sha256Status.getStatus();
}
if (sha256Status.getValue()) {
return std::make_tuple(true, std::string());
}
const auto authDigest = createPasswordDigest(ServerMechanismBase::_principalName, pwd->c_str());
const auto sha1Status = trySCRAM<SHA1Block>(creds, authDigest);
if (!sha1Status.isOK()) {
return sha1Status.getStatus();
}
if (sha1Status.getValue()) {
return std::make_tuple(true, std::string());
}
return Status(ErrorCodes::AuthenticationFailed, str::stream() << "No credentials available.");
return std::make_tuple(true, std::string());
}示例10: _initAndListen
//.........这里部分代码省略.........
{
stringstream ss;
ss << "repairpath (" << storageGlobalParams.repairpath << ") does not exist";
uassert(12590, ss.str().c_str(), boost::filesystem::exists(storageGlobalParams.repairpath));
}
// TODO: This should go into a MONGO_INITIALIZER once we have figured out the correct
// dependencies.
if (snmpInit) {
snmpInit();
}
if (!storageGlobalParams.readOnly) {
boost::filesystem::remove_all(storageGlobalParams.dbpath + "/_tmp/");
}
if (mmapv1GlobalOptions.journalOptions & MMAPV1Options::JournalRecoverOnly)
return EXIT_NET_ERROR;
if (mongodGlobalParams.scriptingEnabled) {
ScriptEngine::setup();
}
auto startupOpCtx = getGlobalServiceContext()->makeOperationContext(&cc());
repairDatabasesAndCheckVersion(startupOpCtx.get());
if (storageGlobalParams.upgrade) {
log() << "finished checking dbs";
exitCleanly(EXIT_CLEAN);
}
uassertStatusOK(getGlobalAuthorizationManager()->initialize(startupOpCtx.get()));
/* this is for security on certain platforms (nonce generation) */
srand((unsigned)(curTimeMicros64() ^ startupSrandTimer.micros()));
// The snapshot thread provides historical collection level and lock statistics for use
// by the web interface. Only needed when HTTP is enabled.
if (serverGlobalParams.isHttpInterfaceEnabled) {
statsSnapshotThread.go();
invariant(dbWebServer);
stdx::thread web(stdx::bind(&webServerListenThread, dbWebServer));
web.detach();
}
#ifndef _WIN32
mongo::signalForkSuccess();
#endif
AuthorizationManager* globalAuthzManager = getGlobalAuthorizationManager();
if (globalAuthzManager->shouldValidateAuthSchemaOnStartup()) {
Status status = authindex::verifySystemIndexes(startupOpCtx.get());
if (!status.isOK()) {
log() << redact(status);
exitCleanly(EXIT_NEED_UPGRADE);
}
// SERVER-14090: Verify that auth schema version is schemaVersion26Final.
int foundSchemaVersion;
status =
globalAuthzManager->getAuthorizationVersion(startupOpCtx.get(), &foundSchemaVersion);
if (!status.isOK()) {
log() << "Auth schema version is incompatible: "
<< "User and role management commands require auth data to have "示例11: LOG
void CursorCache::gotKillCursors(Message& m ) {
int *x = (int *) m.singleData()->_data;
x++; // reserved
int n = *x++;
if ( n > 2000 ) {
LOG( n < 30000 ? LL_WARNING : LL_ERROR ) << "receivedKillCursors, n=" << n << endl;
}
uassert( 13286 , "sent 0 cursors to kill" , n >= 1 );
uassert( 13287 , "too many cursors to kill" , n < 30000 );
long long * cursors = (long long *)x;
AuthorizationManager* authManager =
ClientBasic::getCurrent()->getAuthorizationManager();
for ( int i=0; i<n; i++ ) {
long long id = cursors[i];
LOG(_myLogLevel) << "CursorCache::gotKillCursors id: " << id << endl;
if ( ! id ) {
LOG( LL_WARNING ) << " got cursor id of 0 to kill" << endl;
continue;
}
string server;
{
scoped_lock lk( _mutex );
MapSharded::iterator i = _cursors.find( id );
if ( i != _cursors.end() ) {
if (authManager->checkAuthorization(i->second->getNS(),
ActionType::killCursors)) {
_cursors.erase( i );
}
continue;
}
MapNormal::iterator refsIt = _refs.find(id);
MapNormal::iterator refsNSIt = _refsNS.find(id);
if (refsIt == _refs.end()) {
LOG( LL_WARNING ) << "can't find cursor: " << id << endl;
continue;
}
verify(refsNSIt != _refsNS.end());
if (!authManager->checkAuthorization(refsNSIt->second, ActionType::killCursors)) {
continue;
}
server = refsIt->second;
_refs.erase(refsIt);
_refsNS.erase(refsNSIt);
}
LOG(_myLogLevel) << "CursorCache::found gotKillCursors id: " << id << " server: " << server << endl;
verify( server.size() );
scoped_ptr<ScopedDbConnection> conn(
ScopedDbConnection::getScopedDbConnection( server ) );
conn->get()->killCursor( id );
conn->done();
}
}示例12: run
bool run(const string& dbname, BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl) {
_runCalled = true;
long long start = Listener::getElapsedTimeMillis();
BSONObjBuilder timeBuilder(256);
const ClientBasic* myClientBasic = ClientBasic::getCurrent();
AuthorizationManager* authManager = myClientBasic->getAuthorizationManager();
// --- basic fields that are global
result.append("host", prettyHostName() );
result.append("version", versionString);
result.append("process",cmdLine.binaryName);
result.append("pid", (int)getpid());
result.append("uptime",(double) (time(0)-cmdLine.started));
result.append("uptimeMillis", (long long)(curTimeMillis64()-_started));
result.append("uptimeEstimate",(double) (start/1000));
result.appendDate( "localTime" , jsTime() );
timeBuilder.appendNumber( "after basic" , Listener::getElapsedTimeMillis() - start );
// --- all sections
for ( SectionMap::const_iterator i = _sections->begin(); i != _sections->end(); ++i ) {
ServerStatusSection* section = i->second;
std::vector<Privilege> requiredPrivileges;
section->addRequiredPrivileges(&requiredPrivileges);
if (!authManager->checkAuthForPrivileges(requiredPrivileges).isOK())
continue;
bool include = section->includeByDefault();
BSONElement e = cmdObj[section->getSectionName()];
if ( e.type() ) {
include = e.trueValue();
}
if ( ! include )
continue;
BSONObj data = section->generateSection(e);
if ( data.isEmpty() )
continue;
result.append( section->getSectionName(), data );
timeBuilder.appendNumber( static_cast<string>(str::stream() << "after " << section->getSectionName()),
Listener::getElapsedTimeMillis() - start );
}
// --- counters
if ( MetricTree::theMetricTree ) {
MetricTree::theMetricTree->appendTo( result );
}
// --- some hard coded global things hard to pull out
{
RamLog* rl = RamLog::get( "warnings" );
massert(15880, "no ram log for warnings?" , rl);
if (rl->lastWrite() >= time(0)-(10*60)){ // only show warnings from last 10 minutes
vector<const char*> lines;
rl->get( lines );
BSONArrayBuilder arr( result.subarrayStart( "warnings" ) );
for ( unsigned i=std::max(0,(int)lines.size()-10); i<lines.size(); i++ )
arr.append( lines[i] );
arr.done();
}
}
timeBuilder.appendNumber( "at end" , Listener::getElapsedTimeMillis() - start );
if ( Listener::getElapsedTimeMillis() - start > 1000 ) {
BSONObj t = timeBuilder.obj();
log() << "serverStatus was very slow: " << t << endl;
result.append( "timing" , t );
}
return true;
}示例13: handleSpecialNamespaces
bool handleSpecialNamespaces( Request& r , QueryMessage& q ) {
const char * ns = r.getns();
ns = strstr( r.getns() , ".$cmd.sys." );
if ( ! ns )
return false;
ns += 10;
BSONObjBuilder b;
vector<Shard> shards;
AuthorizationManager* authManager =
ClientBasic::getCurrent()->getAuthorizationManager();
if ( strcmp( ns , "inprog" ) == 0 ) {
uassert(16545,
"not authorized to run inprog",
authManager->checkAuthorization(AuthorizationManager::SERVER_RESOURCE_NAME,
ActionType::inprog));
Shard::getAllShards( shards );
BSONArrayBuilder arr( b.subarrayStart( "inprog" ) );
for ( unsigned i=0; i<shards.size(); i++ ) {
Shard shard = shards[i];
scoped_ptr<ScopedDbConnection> conn(
ScopedDbConnection::getScopedDbConnection( shard.getConnString() ) );
BSONObj temp = conn->get()->findOne( r.getns() , q.query );
if ( temp["inprog"].isABSONObj() ) {
BSONObjIterator i( temp["inprog"].Obj() );
while ( i.more() ) {
BSONObjBuilder x;
BSONObjIterator j( i.next().Obj() );
while( j.more() ) {
BSONElement e = j.next();
if ( str::equals( e.fieldName() , "opid" ) ) {
stringstream ss;
ss << shard.getName() << ':' << e.numberInt();
x.append( "opid" , ss.str() );
}
else if ( str::equals( e.fieldName() , "client" ) ) {
x.appendAs( e , "client_s" );
}
else {
x.append( e );
}
}
arr.append( x.obj() );
}
}
conn->done();
}
arr.done();
}
else if ( strcmp( ns , "killop" ) == 0 ) {
uassert(16546,
"not authorized to run killop",
authManager->checkAuthorization(AuthorizationManager::SERVER_RESOURCE_NAME,
ActionType::killop));
BSONElement e = q.query["op"];
if ( e.type() != String ) {
b.append( "err" , "bad op" );
b.append( e );
}
else {
b.append( e );
string s = e.String();
string::size_type i = s.find( ':' );
if ( i == string::npos ) {
b.append( "err" , "bad opid" );
}
else {
string shard = s.substr( 0 , i );
int opid = atoi( s.substr( i + 1 ).c_str() );
b.append( "shard" , shard );
b.append( "shardid" , opid );
log() << "want to kill op: " << e << endl;
Shard s(shard);
scoped_ptr<ScopedDbConnection> conn(
ScopedDbConnection::getScopedDbConnection( s.getConnString() ) );
conn->get()->findOne( r.getns() , BSON( "op" << opid ) );
conn->done();
}
}
}
else if ( strcmp( ns , "unlock" ) == 0 ) {
b.append( "err" , "can't do unlock through mongos" );
}
else {
LOG( LL_WARNING ) << "unknown sys command [" << ns << "]" << endl;
return false;
}
BSONObj x = b.done();
replyToQuery(0, r.p(), r.m(), x);
//.........这里部分代码省略.........
示例14: verify
void Command::execCommandClientBasic(Command * c ,
ClientBasic& client,
int queryOptions,
const char *ns,
BSONObj& cmdObj,
BSONObjBuilder& result,
bool fromRepl ) {
verify(c);
std::string dbname = nsToDatabase(ns);
// Access control checks
if (!noauth) {
std::vector<Privilege> privileges;
c->addRequiredPrivileges(dbname, cmdObj, &privileges);
AuthorizationManager* authManager = client.getAuthorizationManager();
if (!authManager->checkAuthForPrivileges(privileges).isOK()) {
result.append("note", str::stream() << "not authorized for command: " <<
c->name << " on database " << dbname);
appendCommandStatus(result, false, "unauthorized");
return;
}
}
if (c->adminOnly() && c->localHostOnlyIfNoAuth(cmdObj) && noauth &&
!client.getIsLocalHostConnection()) {
log() << "command denied: " << cmdObj.toString() << endl;
appendCommandStatus(result,
false,
"unauthorized: this command must run from localhost when running db "
"without auth");
return;
}
if (c->adminOnly() && !startsWith(ns, "admin.")) {
log() << "command denied: " << cmdObj.toString() << endl;
appendCommandStatus(result, false, "access denied - use admin db");
return;
}
// End of access control checks
if (cmdObj.getBoolField("help")) {
stringstream help;
help << "help for: " << c->name << " ";
c->help( help );
result.append( "help" , help.str() );
result.append( "lockType" , c->locktype() );
appendCommandStatus(result, true, "");
return;
}
std::string errmsg;
bool ok;
try {
ok = c->run( dbname , cmdObj, queryOptions, errmsg, result, false );
}
catch (DBException& e) {
ok = false;
int code = e.getCode();
if (code == RecvStaleConfigCode) { // code for StaleConfigException
throw;
}
stringstream ss;
ss << "exception: " << e.what();
errmsg = ss.str();
result.append( "code" , code );
}
appendCommandStatus(result, ok, errmsg);
}