Principal* PrincipalSet::lookup(const UserName& name) const {
Principal* principal = lookupByDBName(name.getDB());
if (principal && principal->getName() == name) {
return principal;
}
return NULL;
}
void AuthorizationManager::logoutDatabase(const std::string& dbname) {
Principal* principal = _authenticatedPrincipals.lookupByDBName(dbname);
if (!principal)
return;
_acquiredPrivileges.revokePrivilegesFromPrincipal(principal->getName());
_authenticatedPrincipals.removeByDBName(dbname);
}
void AuthorizationSession::logoutDatabase(const std::string& dbname) {
Principal* principal = _authenticatedPrincipals.lookupByDBName(dbname);
if (!principal)
return;
_acquiredPrivileges.revokePrivilegesFromUser(principal->getName());
_authenticatedPrincipals.removeByDBName(dbname);
_externalState->onLogoutDatabase(dbname);
}
void AuthorizationManager::grantInternalAuthorization(const std::string& principalName) {
Principal* principal = new Principal(PrincipalName(principalName, "local"));
ActionSet actions;
actions.addAllActions();
addAuthorizedPrincipal(principal);
fassert(16581, acquirePrivilege(Privilege(PrivilegeSet::WILDCARD_RESOURCE, actions),
principal->getName()).isOK());
}
void AuthorizationSession::grantInternalAuthorization(const UserName& userName) {
Principal* principal = new Principal(userName);
ActionSet actions;
actions.addAllActions();
addAuthorizedPrincipal(principal);
fassert(16581, acquirePrivilege(Privilege(PrivilegeSet::WILDCARD_RESOURCE, actions),
principal->getName()).isOK());
}
Principal* PrincipalSet::lookupByDBName(const StringData& dbname) const {
for (std::vector<Principal*>::const_iterator it = _principals.begin();
it != _principals.end(); ++it) {
Principal* current = *it;
if (current->getName().getDB() == dbname) {
return current;
}
}
return NULL;
}
void _authorizePrincipal(const std::string& principalName, bool readOnly) {
Principal* principal = new Principal(PrincipalName(principalName, "local"));
ActionSet actions = AuthorizationManager::getActionsForOldStyleUser(
"admin", readOnly);
AuthorizationManager* authorizationManager = cc().getAuthorizationManager();
authorizationManager->addAuthorizedPrincipal(principal);
Status status = authorizationManager->acquirePrivilege(
Privilege(PrivilegeSet::WILDCARD_RESOURCE, actions), principal->getName());
verify (status == Status::OK());
}
void PrincipalSet::removeByDBName(const StringData& dbname) {
for (std::vector<Principal*>::iterator it = _principals.begin();
it != _principals.end(); ++it) {
Principal* current = *it;
if (current->getName().getDB() == dbname) {
delete current;
_principals.erase(it);
break;
}
}
}
void PrincipalSet::add(Principal* principal) {
for (std::vector<Principal*>::iterator it = _principals.begin();
it != _principals.end(); ++it) {
Principal* current = *it;
if (current->getName().getDB() == principal->getName().getDB()) {
// There can be only one principal per database.
delete current;
*it = principal;
return;
}
}
_principals.push_back(principal);
}
Status AuthorizationManager::_probeForPrivilege(const Privilege& privilege) {
Privilege modifiedPrivilege = _modifyPrivilegeForSpecialCases(privilege);
if (_acquiredPrivileges.hasPrivilege(modifiedPrivilege))
return Status::OK();
std::string dbname = nsToDatabase(modifiedPrivilege.getResource());
for (PrincipalSet::iterator iter = _authenticatedPrincipals.begin(),
end = _authenticatedPrincipals.end();
iter != end; ++iter) {
Principal* principal = *iter;
if (!principal->isImplicitPrivilegeAcquisitionEnabled())
continue;
if (principal->isDatabaseProbed(dbname))
continue;
_acquirePrivilegesForPrincipalFromDatabase(dbname, principal->getName());
principal->markDatabaseAsProbed(dbname);
if (_acquiredPrivileges.hasPrivilege(modifiedPrivilege))
return Status::OK();
}
return Status(ErrorCodes::Unauthorized, "unauthorized", 0);
}
