本文整理汇总了C++中AuthorizationSession类的典型用法代码示例。如果您正苦于以下问题:C++ AuthorizationSession类的具体用法?C++ AuthorizationSession怎么用?C++ AuthorizationSession使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了AuthorizationSession类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: checkAuthForRolesInfoCommand
Status checkAuthForRolesInfoCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
AuthorizationSession* authzSession = AuthorizationSession::get(client);
auth::RolesInfoArgs args;
Status status = auth::parseRolesInfoCommand(cmdObj, dbname, &args);
if (!status.isOK()) {
return status;
}
if (args.allForDB) {
if (!authzSession->isAuthorizedForActionsOnResource(
ResourcePattern::forDatabaseName(dbname), ActionType::viewRole)) {
return Status(ErrorCodes::Unauthorized,
str::stream() << "Not authorized to view roles from the " << dbname
<< " database");
}
} else {
for (size_t i = 0; i < args.roleNames.size(); ++i) {
if (authzSession->isAuthenticatedAsUserWithRole(args.roleNames[i])) {
continue; // Can always see roles that you are a member of
}
if (!authzSession->isAuthorizedForActionsOnResource(
ResourcePattern::forDatabaseName(args.roleNames[i].getDB()),
ActionType::viewRole)) {
return Status(ErrorCodes::Unauthorized,
str::stream() << "Not authorized to view roles from the "
<< args.roleNames[i].getDB() << " database");
}
}
}
return Status::OK();
}示例2: checkAuthForUsersInfoCommand
Status checkAuthForUsersInfoCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
AuthorizationSession* authzSession = AuthorizationSession::get(client);
auth::UsersInfoArgs args;
Status status = auth::parseUsersInfoCommand(cmdObj, dbname, &args);
if (!status.isOK()) {
return status;
}
if (args.allForDB) {
if (!authzSession->isAuthorizedForActionsOnResource(
ResourcePattern::forDatabaseName(dbname), ActionType::viewUser)) {
return Status(ErrorCodes::Unauthorized,
str::stream() << "Not authorized to view users from the " << dbname
<< " database");
}
} else {
for (size_t i = 0; i < args.userNames.size(); ++i) {
if (authzSession->lookupUser(args.userNames[i])) {
continue; // Can always view users you are logged in as
}
if (!authzSession->isAuthorizedForActionsOnResource(
ResourcePattern::forDatabaseName(args.userNames[i].getDB()),
ActionType::viewUser)) {
return Status(ErrorCodes::Unauthorized,
str::stream() << "Not authorized to view users from the " << dbname
<< " database");
}
}
}
return Status::OK();
}示例3: checkAuthForCreateUserCommand
Status checkAuthForCreateUserCommand(Client* client,
const std::string& dbname,
const BSONObj& cmdObj) {
AuthorizationSession* authzSession = AuthorizationSession::get(client);
auth::CreateOrUpdateUserArgs args;
Status status = auth::parseCreateOrUpdateUserCommands(cmdObj, "createUser", dbname, &args);
if (!status.isOK()) {
return status;
}
if (!authzSession->isAuthorizedForActionsOnResource(
ResourcePattern::forDatabaseName(args.userName.getDB()), ActionType::createUser)) {
return Status(ErrorCodes::Unauthorized,
str::stream() << "Not authorized to create users on db: "
<< args.userName.getDB());
}
status = checkAuthorizedToGrantRoles(authzSession, args.roles);
if (!status.isOK()) {
return status;
}
status = checkAuthorizedToSetRestrictions(
authzSession, static_cast<bool>(args.authenticationRestrictions), args.userName.getDB());
if (!status.isOK()) {
return status;
}
return Status::OK();
}示例4: checkAuthForUpdateRoleCommand
Status checkAuthForUpdateRoleCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
AuthorizationSession* authzSession = AuthorizationSession::get(client);
auth::CreateOrUpdateRoleArgs args;
Status status = auth::parseCreateOrUpdateRoleCommands(cmdObj, "updateRole", dbname, &args);
if (!status.isOK()) {
return status;
}
// You don't know what roles or privileges you might be revoking, so require the ability
// to revoke any role (or privilege) in the system.
if (!authzSession->isAuthorizedForActionsOnResource(ResourcePattern::forAnyNormalResource(),
ActionType::revokeRole)) {
return Status(ErrorCodes::Unauthorized,
"updateRole command required the ability to revoke any role in the "
"system");
}
status = checkAuthorizedToGrantRoles(authzSession, args.roles);
if (!status.isOK()) {
return status;
}
return checkAuthorizedToGrantPrivileges(authzSession, args.privileges);
}示例5: checkAuthForCreateRoleCommand
Status checkAuthForCreateRoleCommand(Client* client,
const std::string& dbname,
const BSONObj& cmdObj) {
AuthorizationSession* authzSession = AuthorizationSession::get(client);
auth::CreateOrUpdateRoleArgs args;
Status status = auth::parseCreateOrUpdateRoleCommands(cmdObj, "createRole", dbname, &args);
if (!status.isOK()) {
return status;
}
if (!authzSession->isAuthorizedToCreateRole(args)) {
return Status(ErrorCodes::Unauthorized,
str::stream() << "Not authorized to create roles on db: "
<< args.roleName.getDB());
}
status = checkAuthorizedToGrantRoles(authzSession, args.roles);
if (!status.isOK()) {
return status;
}
status = checkAuthorizedToGrantPrivileges(authzSession, args.privileges);
if (!status.isOK()) {
return status;
}
status = checkAuthorizedToSetRestrictions(
authzSession, static_cast<bool>(args.authenticationRestrictions), args.roleName.getDB());
if (!status.isOK()) {
return status;
}
return Status::OK();
}示例6: checkAuthForAuthSchemaUpgradeCommand
Status checkAuthForAuthSchemaUpgradeCommand(ClientBasic* client) {
AuthorizationSession* authzSession = AuthorizationSession::get(client);
if (!authzSession->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(),
ActionType::authSchemaUpgrade)) {
return Status(ErrorCodes::Unauthorized, "Not authorized to run authSchemaUpgrade command.");
}
return Status::OK();
}示例7: checkAuthForInvalidateUserCacheCommand
Status checkAuthForInvalidateUserCacheCommand(Client* client) {
AuthorizationSession* authzSession = AuthorizationSession::get(client);
if (!authzSession->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(),
ActionType::invalidateUserCache)) {
return Status(ErrorCodes::Unauthorized, "Not authorized to invalidate user cache");
}
return Status::OK();
}示例8: checkAuthForGetUserCacheGenerationCommand
Status checkAuthForGetUserCacheGenerationCommand(Client* client) {
AuthorizationSession* authzSession = AuthorizationSession::get(client);
if (!authzSession->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(),
ActionType::internal)) {
return Status(ErrorCodes::Unauthorized, "Not authorized to get cache generation");
}
return Status::OK();
}示例9: checkAuthForDropAllRolesFromDatabaseCommand
Status checkAuthForDropAllRolesFromDatabaseCommand(Client* client, const std::string& dbname) {
AuthorizationSession* authzSession = AuthorizationSession::get(client);
if (!authzSession->isAuthorizedForActionsOnResource(ResourcePattern::forDatabaseName(dbname),
ActionType::dropRole)) {
return Status(ErrorCodes::Unauthorized,
str::stream() << "Not authorized to drop roles from the " << dbname
<< " database");
}
return Status::OK();
}示例10: checkAuthForCommand
Status checkAuthForCommand(Client* client, const std::string& dbname, const BSONObj& cmdObj) {
AuthorizationSession* authzSession = AuthorizationSession::get(client);
ResourcePattern pattern = parseResourcePattern(dbname, cmdObj);
if (authzSession->isAuthorizedForActionsOnResource(pattern, _actionType)) {
return Status::OK();
}
return Status(ErrorCodes::Unauthorized, "unauthorized");
}示例11: checkAuthForCommand
Status checkAuthForCommand(Client* client,
const std::string& dbname,
const BSONObj& cmdObj) final {
AuthorizationSession* authzSession = AuthorizationSession::get(client);
if (authzSession->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(),
ActionType::replSetResizeOplog)) {
return Status::OK();
}
return Status(ErrorCodes::Unauthorized, "Unauthorized");
}示例12: Status
Status CmdAuthenticate::_authenticateX509(const UserName& user, const BSONObj& cmdObj) {
if (!getSSLManager()) {
return Status(ErrorCodes::ProtocolError,
"SSL support is required for the MONGODB-X509 mechanism.");
}
if(user.getDB() != "$external") {
return Status(ErrorCodes::ProtocolError,
"X.509 authentication must always use the $external database.");
}
ClientBasic *client = ClientBasic::getCurrent();
AuthorizationSession* authorizationSession = client->getAuthorizationSession();
std::string subjectName = client->port()->getX509SubjectName();
if (user.getUser() != subjectName) {
return Status(ErrorCodes::AuthenticationFailed,
"There is no x.509 client certificate matching the user.");
}
else {
std::string srvSubjectName = getSSLManager()->getServerSubjectName();
size_t srvClusterIdPos = srvSubjectName.find(",OU=");
size_t peerClusterIdPos = subjectName.find(",OU=");
std::string srvClusterId = srvClusterIdPos != std::string::npos ?
srvSubjectName.substr(srvClusterIdPos) : "";
std::string peerClusterId = peerClusterIdPos != std::string::npos ?
subjectName.substr(peerClusterIdPos) : "";
// Handle internal cluster member auth, only applies to server-server connections
int clusterAuthMode = serverGlobalParams.clusterAuthMode.load();
if (srvClusterId == peerClusterId && !srvClusterId.empty()) {
if (clusterAuthMode == ServerGlobalParams::ClusterAuthMode_undefined ||
clusterAuthMode == ServerGlobalParams::ClusterAuthMode_keyFile) {
return Status(ErrorCodes::AuthenticationFailed, "The provided certificate "
"can only be used for cluster authentication, not client "
"authentication. The current configuration does not allow "
"x.509 cluster authentication, check the --clusterAuthMode flag");
}
authorizationSession->grantInternalAuthorization();
}
// Handle normal client authentication, only applies to client-server connections
else {
if (_isX509AuthDisabled) {
return Status(ErrorCodes::BadValue,
_x509AuthenticationDisabledMessage);
}
Status status = authorizationSession->addAndAuthorizeUser(user);
if (!status.isOK()) {
return status;
}
}
return Status::OK();
}
}示例13: checkAuthForCommand
Status IndexFilterCommand::checkAuthForCommand(ClientBasic* client, const std::string& dbname,
const BSONObj& cmdObj) {
AuthorizationSession* authzSession = client->getAuthorizationSession();
ResourcePattern pattern = parseResourcePattern(dbname, cmdObj);
if (authzSession->isAuthorizedForActionsOnResource(pattern, ActionType::planCacheIndexFilter)) {
return Status::OK();
}
return Status(ErrorCodes::Unauthorized, "unauthorized");
}示例14: run
bool run(const string& dbname,
BSONObj& cmdObj,
int options,
string& errmsg,
BSONObjBuilder& result,
bool fromRepl) {
AuthorizationSession* authSession =
ClientBasic::getCurrent()->getAuthorizationSession();
authSession->logoutDatabase(dbname);
return true;
}示例15: checkAuthForOperation
Status checkAuthForOperation(OperationContext* opCtx,
const std::string& dbname,
const BSONObj& cmdObj) const override {
AuthorizationSession* authSession = AuthorizationSession::get(opCtx->getClient());
if (!authSession->isAuthorizedForPrivilege(
Privilege{ResourcePattern::forClusterResource(), ActionType::killAnySession})) {
return Status(ErrorCodes::Unauthorized, "Unauthorized");
}
return Status::OK();
}