bool isSelf(const HostAndPort& hostAndPort) { // Fastpath: check if the host&port in question is bound to one // of the interfaces on this machine. // No need for ip match if the ports do not match if (hostAndPort.port() == serverGlobalParams.port) { std::vector<std::string> myAddrs = serverGlobalParams.bind_ip.empty() ? getBoundAddrs(IPv6Enabled()) : std::vector<std::string>(); if (!serverGlobalParams.bind_ip.empty()) { boost::split(myAddrs, serverGlobalParams.bind_ip, boost::is_any_of(", ")); } const std::vector<std::string> hostAddrs = getAddrsForHost(hostAndPort.host(), hostAndPort.port(), IPv6Enabled()); for (std::vector<std::string>::const_iterator i = myAddrs.begin(); i != myAddrs.end(); ++i) { for (std::vector<std::string>::const_iterator j = hostAddrs.begin(); j != hostAddrs.end(); ++j) { if (*i == *j) { return true; } } } } if (!Listener::getTimeTracker()) { // this ensures we are actually running a server // this may return true later, so may want to retry return false; } try { DBClientConnection conn; std::string errmsg; if (!conn.connect(hostAndPort, errmsg)) { return false; } if (getGlobalAuthorizationManager()->isAuthEnabled() && isInternalAuthSet()) { if (!authenticateInternalUser(&conn)) { return false; } } BSONObj out; bool ok = conn.simpleCommand("admin" , &out, "_isSelf"); bool me = ok && out["id"].type() == jstOID && instanceId == out["id"].OID(); return me; } catch (const std::exception& e) { warning() << "could't check isSelf (" << hostAndPort << ") " << e.what() << std::endl; } return false; }
bool SyncSourceFeedback::replAuthenticate() { if (!getGlobalAuthorizationManager()->isAuthEnabled()) return true; if (!isInternalAuthSet()) return false; return authenticateInternalUser(_connection.get()); }
bool replAuthenticate(DBClientBase *conn) { if (!getGlobalAuthorizationManager()->isAuthEnabled()) return true; if (!isInternalAuthSet()) return false; return authenticateInternalUser(conn); }
// we should already be locked... bool ScopedConn::connect() { std::string err; if (!connInfo->cc->connect(HostAndPort(_hostport), err)) { log() << "couldn't connect to " << _hostport << ": " << err; return false; } connInfo->connected = true; connInfo->tagPort(); // if we cannot authenticate against a member, then either its key file // or our key file has to change. if our key file has to change, we'll // be rebooting. if their file has to change, they'll be rebooted so the // connection created above will go dead, reconnect, and reauth. if (getGlobalAuthorizationManager()->isAuthEnabled()) { return authenticateInternalUser(connInfo->cc.get()); } return true; }
bool SyncSourceFeedback::replAuthenticate(bool skipAuthCheck) { if (!AuthorizationManager::isAuthEnabled()) { return true; } if (!skipAuthCheck && !cc().getAuthorizationSession()->hasInternalAuthorization()) { log() << "replauthenticate: requires internal authorization, failing" << endl; return false; } if (internalSecurity.pwd.length() > 0) { return authenticateInternalUser(_connection.get()); } BSONObj user; { Client::ReadContext ctxt("local."); if(!Helpers::findOne("local.system.users", userReplQuery, user) || // try the first user in local !Helpers::getSingleton("local.system.users", user)) { log() << "replauthenticate: no user in local.system.users to use" << "for authentication" << endl; return false; } } std::string u = user.getStringField("user"); std::string p = user.getStringField("pwd"); massert(16889, "bad user object? [1]", !u.empty()); massert(16887, "bad user object? [2]", !p.empty()); string err; if( !_connection->auth("local", u.c_str(), p.c_str(), err, false) ) { log() << "replauthenticate: can't authenticate to master server, user:" << u << endl; return false; } return true; }
bool HostAndPort::isSelf() const { int _p = port(); int p = _p == -1 ? ServerGlobalParams::DefaultDBPort : _p; string host = str::stream() << this->host() << ":" << p; { // check cache for this host // debatably something _could_ change, but I'm not sure right now (erh 10/14/2010) scoped_lock lk( isSelfCommand._cacheLock ); map<string,bool>::const_iterator i = isSelfCommand._cache.find( host ); if ( i != isSelfCommand._cache.end() ) return i->second; } #if !defined(_WIN32) && !defined(__sunos__) // on linux and os x we can do a quick check for an ip match // no need for ip match if the ports do not match if (p == serverGlobalParams.port) { const vector<string> myaddrs = getMyAddrs(); const vector<string> addrs = getAllIPs(_host); for (vector<string>::const_iterator i=myaddrs.begin(), iend=myaddrs.end(); i!=iend; ++i) { for (vector<string>::const_iterator j=addrs.begin(), jend=addrs.end(); j!=jend; ++j) { string a = *i; string b = *j; if ( a == b || ( str::startsWith( a , "127." ) && str::startsWith( b , "127." ) ) // 127. is all loopback ) { // add to cache scoped_lock lk( isSelfCommand._cacheLock ); isSelfCommand._cache[host] = true; return true; } } } } #endif if ( ! Listener::getTimeTracker() ) { // this ensures we are actually running a server // this may return true later, so may want to retry return false; } try { isSelfCommand.init(); DBClientConnection conn; string errmsg; if ( ! conn.connect( host , errmsg ) ) { // should this go in the cache? return false; } if (getGlobalAuthorizationManager()->isAuthEnabled() && isInternalAuthSet()) { if (!authenticateInternalUser(&conn)) { return false; } } BSONObj out; bool ok = conn.simpleCommand( "admin" , &out , "_isSelf" ); bool me = ok && out["id"].type() == jstOID && isSelfCommand._id == out["id"].OID(); // add to cache scoped_lock lk( isSelfCommand._cacheLock ); isSelfCommand._cache[host] = me; return me; } catch ( std::exception& e ) { warning() << "could't check isSelf (" << host << ") " << e.what() << endl; } return false; }