bool Strategy::handleSpecialNamespaces( Request& r , QueryMessage& q ) {
const char * ns = strstr( r.getns() , ".$cmd.sys." );
if ( ! ns )
return false;
ns += 10;
BSONObjBuilder b;
vector<Shard> shards;
ClientBasic* client = ClientBasic::getCurrent();
AuthorizationSession* authSession = client->getAuthorizationSession();
if ( strcmp( ns , "inprog" ) == 0 ) {
const bool isAuthorized = authSession->isAuthorizedForActionsOnResource(
ResourcePattern::forClusterResource(), ActionType::inprog);
audit::logInProgAuthzCheck(
client, q.query, isAuthorized ? ErrorCodes::OK : ErrorCodes::Unauthorized);
uassert(ErrorCodes::Unauthorized, "not authorized to run inprog", isAuthorized);
Shard::getAllShards( shards );
BSONArrayBuilder arr( b.subarrayStart( "inprog" ) );
for ( unsigned i=0; i<shards.size(); i++ ) {
Shard shard = shards[i];
ScopedDbConnection conn(shard.getConnString());
BSONObj temp = conn->findOne( r.getns() , q.query );
if ( temp["inprog"].isABSONObj() ) {
BSONObjIterator i( temp["inprog"].Obj() );
while ( i.more() ) {
BSONObjBuilder x;
BSONObjIterator j( i.next().Obj() );
while( j.more() ) {
BSONElement e = j.next();
if ( str::equals( e.fieldName() , "opid" ) ) {
stringstream ss;
ss << shard.getName() << ':' << e.numberInt();
x.append( "opid" , ss.str() );
}
else if ( str::equals( e.fieldName() , "client" ) ) {
x.appendAs( e , "client_s" );
}
else {
x.append( e );
}
}
arr.append( x.obj() );
}
}
conn.done();
}
arr.done();
}
else if ( strcmp( ns , "killop" ) == 0 ) {
const bool isAuthorized = authSession->isAuthorizedForActionsOnResource(
ResourcePattern::forClusterResource(), ActionType::killop);
audit::logKillOpAuthzCheck(
client,
q.query,
isAuthorized ? ErrorCodes::OK : ErrorCodes::Unauthorized);
uassert(ErrorCodes::Unauthorized, "not authorized to run killop", isAuthorized);
BSONElement e = q.query["op"];
if ( e.type() != String ) {
b.append( "err" , "bad op" );
b.append( e );
}
else {
b.append( e );
string s = e.String();
string::size_type i = s.find( ':' );
if ( i == string::npos ) {
b.append( "err" , "bad opid" );
}
else {
string shard = s.substr( 0 , i );
int opid = atoi( s.substr( i + 1 ).c_str() );
b.append( "shard" , shard );
b.append( "shardid" , opid );
log() << "want to kill op: " << e << endl;
Shard s(shard);
ScopedDbConnection conn(s.getConnString());
conn->findOne( r.getns() , BSON( "op" << opid ) );
conn.done();
}
}
}
else if ( strcmp( ns , "unlock" ) == 0 ) {
b.append( "err" , "can't do unlock through mongos" );
}
else {
warning() << "unknown sys command [" << ns << "]" << endl;
return false;
}
BSONObj x = b.done();
replyToQuery(0, r.p(), r.m(), x);
return true;
}
void Strategy::getMore( Request& r ) {
Timer getMoreTimer;
const char *ns = r.getns();
// TODO: Handle stale config exceptions here from coll being dropped or sharded during op
// for now has same semantics as legacy request
DBConfigPtr config = grid.getDBConfig( ns );
ShardPtr primary;
ChunkManagerPtr info;
config->getChunkManagerOrPrimary( ns, info, primary );
//
// TODO: Cleanup cursor cache, consolidate into single codepath
//
int ntoreturn = r.d().pullInt();
long long id = r.d().pullInt64();
string host = cursorCache.getRef( id );
ShardedClientCursorPtr cursor = cursorCache.get( id );
int cursorMaxTimeMS = cursorCache.getMaxTimeMS( id );
// Cursor ids should not overlap between sharded and unsharded cursors
massert( 17012, str::stream() << "duplicate sharded and unsharded cursor id "
<< id << " detected for " << ns
<< ", duplicated on host " << host,
NULL == cursorCache.get( id ).get() || host.empty() );
ClientBasic* client = ClientBasic::getCurrent();
NamespaceString nsString(ns);
AuthorizationSession* authSession = client->getAuthorizationSession();
Status status = authSession->checkAuthForGetMore( nsString, id );
audit::logGetMoreAuthzCheck( client, nsString, id, status.code() );
uassertStatusOK(status);
if( !host.empty() ){
LOG(3) << "single getmore: " << ns << endl;
// we used ScopedDbConnection because we don't get about config versions
// not deleting data is handled elsewhere
// and we don't want to call setShardVersion
ScopedDbConnection conn(host);
Message response;
bool ok = conn->callRead( r.m() , response);
uassert( 10204 , "dbgrid: getmore: error calling db", ok);
bool hasMore = (response.singleData()->getCursor() != 0);
if ( !hasMore ) {
cursorCache.removeRef( id );
}
r.reply( response , "" /*conn->getServerAddress() */ );
conn.done();
return;
}
else if ( cursor ) {
if ( cursorMaxTimeMS == kMaxTimeCursorTimeLimitExpired ) {
cursorCache.remove( id );
uasserted( ErrorCodes::ExceededTimeLimit, "operation exceeded time limit" );
}
// TODO: Try to match logic of mongod, where on subsequent getMore() we pull lots more data?
BufBuilder buffer( ShardedClientCursor::INIT_REPLY_BUFFER_SIZE );
int docCount = 0;
const int startFrom = cursor->getTotalSent();
bool hasMore = cursor->sendNextBatch( r, ntoreturn, buffer, docCount );
if ( hasMore ) {
// still more data
cursor->accessed();
if ( cursorMaxTimeMS != kMaxTimeCursorNoTimeLimit ) {
// Update remaining amount of time in cursor cache.
int cursorLeftoverMillis = cursorMaxTimeMS - getMoreTimer.millis();
if ( cursorLeftoverMillis <= 0 ) {
cursorLeftoverMillis = kMaxTimeCursorTimeLimitExpired;
}
cursorCache.updateMaxTimeMS( id, cursorLeftoverMillis );
}
}
else {
// we've exhausted the cursor
cursorCache.remove( id );
}
replyToQuery( 0, r.p(), r.m(), buffer.buf(), buffer.len(), docCount,
startFrom, hasMore ? cursor->getId() : 0 );
return;
}
else {
LOG( 3 ) << "could not find cursor " << id << " in cache for " << ns << endl;
replyToQuery( ResultFlag_CursorNotFound , r.p() , r.m() , 0 , 0 , 0 );
return;
}
}
bool CmdAuthenticate::authenticateCR(const string& dbname,
BSONObj& cmdObj,
string& errmsg,
BSONObjBuilder& result) {
string user = cmdObj.getStringField("user");
if (!_areNonceAuthenticateCommandsEnabled) {
// SERVER-8461, MONGODB-CR must be enabled for authenticating the internal user, so that
// cluster members may communicate with each other.
if (dbname != StringData("local", StringData::LiteralTag()) ||
user != internalSecurity.user) {
errmsg = _nonceAuthenticateCommandsDisabledMessage;
result.append(saslCommandCodeFieldName, ErrorCodes::AuthenticationFailed);
return false;
}
}
string key = cmdObj.getStringField("key");
string received_nonce = cmdObj.getStringField("nonce");
if( user.empty() || key.empty() || received_nonce.empty() ) {
log() << "field missing/wrong type in received authenticate command "
<< dbname
<< endl;
errmsg = "auth fails";
sleepmillis(10);
result.append(saslCommandCodeFieldName, ErrorCodes::AuthenticationFailed);
return false;
}
stringstream digestBuilder;
{
bool reject = false;
ClientBasic *client = ClientBasic::getCurrent();
AuthenticationSession *session = client->getAuthenticationSession();
if (!session || session->getType() != AuthenticationSession::SESSION_TYPE_MONGO) {
reject = true;
LOG(1) << "auth: No pending nonce" << endl;
}
else {
nonce64 nonce = static_cast<MongoAuthenticationSession*>(session)->getNonce();
digestBuilder << hex << nonce;
reject = digestBuilder.str() != received_nonce;
if ( reject ) {
LOG(1) << "auth: Authentication failed for " << dbname << '$' << user << endl;
}
}
client->resetAuthenticationSession(NULL);
if ( reject ) {
log() << "auth: bad nonce received or getnonce not called. could be a driver bug or a security attack. db:" << dbname << endl;
errmsg = "auth fails";
sleepmillis(30);
result.append(saslCommandCodeFieldName, ErrorCodes::AuthenticationFailed);
return false;
}
}
BSONObj userObj;
string pwd;
Status status = getGlobalAuthorizationManager()->getPrivilegeDocument(
dbname, UserName(user, dbname), &userObj);
if (!status.isOK()) {
log() << status.reason() << std::endl;
errmsg = "auth fails";
result.append(saslCommandCodeFieldName, ErrorCodes::AuthenticationFailed);
return false;
}
pwd = userObj["pwd"].String();
md5digest d;
{
digestBuilder << user << pwd;
string done = digestBuilder.str();
md5_state_t st;
md5_init(&st);
md5_append(&st, (const md5_byte_t *) done.c_str(), done.size());
md5_finish(&st, d);
}
string computed = digestToString( d );
if ( key != computed ) {
log() << "auth: key mismatch " << user << ", ns:" << dbname << endl;
errmsg = "auth fails";
result.append(saslCommandCodeFieldName, ErrorCodes::AuthenticationFailed);
return false;
}
AuthorizationSession* authorizationSession =
ClientBasic::getCurrent()->getAuthorizationSession();
Principal* principal = new Principal(UserName(user, dbname));
principal->setImplicitPrivilegeAcquisition(true);
authorizationSession->addAuthorizedPrincipal(principal);
result.append( "dbname" , dbname );
result.append( "user" , user );
return true;
}
void Strategy::queryOp( Request& r ) {
verify( !NamespaceString( r.getns() ).isCommand() );
Timer queryTimer;
QueryMessage q( r.d() );
NamespaceString ns(q.ns);
ClientBasic* client = ClientBasic::getCurrent();
AuthorizationSession* authSession = client->getAuthorizationSession();
Status status = authSession->checkAuthForQuery(ns, q.query);
audit::logQueryAuthzCheck(client, ns, q.query, status.code());
uassertStatusOK(status);
LOG(3) << "shard query: " << q.ns << " " << q.query << endl;
if ( q.ntoreturn == 1 && strstr(q.ns, ".$cmd") )
throw UserException( 8010 , "something is wrong, shouldn't see a command here" );
QuerySpec qSpec( (string)q.ns, q.query, q.fields, q.ntoskip, q.ntoreturn, q.queryOptions );
// Parse "$maxTimeMS".
StatusWith<int> maxTimeMS = LiteParsedQuery::parseMaxTimeMSQuery( q.query );
uassert( 17233,
maxTimeMS.getStatus().reason(),
maxTimeMS.isOK() );
if ( _isSystemIndexes( q.ns ) && doShardedIndexQuery( r, qSpec )) {
return;
}
ParallelSortClusteredCursor * cursor = new ParallelSortClusteredCursor( qSpec, CommandInfo() );
verify( cursor );
// TODO: Move out to Request itself, not strategy based
try {
cursor->init();
if ( qSpec.isExplain() ) {
BSONObjBuilder explain_builder;
cursor->explain( explain_builder );
explain_builder.appendNumber( "millis",
static_cast<long long>(queryTimer.millis()) );
BSONObj b = explain_builder.obj();
replyToQuery( 0 , r.p() , r.m() , b );
delete( cursor );
return;
}
}
catch(...) {
delete cursor;
throw;
}
// TODO: Revisit all of this when we revisit the sharded cursor cache
if (cursor->getNumQueryShards() != 1) {
// More than one shard (or zero), manage with a ShardedClientCursor
// NOTE: We may also have *zero* shards here when the returnPartial flag is set.
// Currently the code in ShardedClientCursor handles this.
ShardedClientCursorPtr cc (new ShardedClientCursor( q , cursor ));
BufBuilder buffer( ShardedClientCursor::INIT_REPLY_BUFFER_SIZE );
int docCount = 0;
const int startFrom = cc->getTotalSent();
bool hasMore = cc->sendNextBatch( r, q.ntoreturn, buffer, docCount );
if ( hasMore ) {
LOG(5) << "storing cursor : " << cc->getId() << endl;
int cursorLeftoverMillis = maxTimeMS.getValue() - queryTimer.millis();
if ( maxTimeMS.getValue() == 0 ) { // 0 represents "no limit".
cursorLeftoverMillis = kMaxTimeCursorNoTimeLimit;
}
else if ( cursorLeftoverMillis <= 0 ) {
cursorLeftoverMillis = kMaxTimeCursorTimeLimitExpired;
}
cursorCache.store( cc, cursorLeftoverMillis );
}
replyToQuery( 0, r.p(), r.m(), buffer.buf(), buffer.len(), docCount,
startFrom, hasMore ? cc->getId() : 0 );
}
else{
// Only one shard is used
// Remote cursors are stored remotely, we shouldn't need this around.
scoped_ptr<ParallelSortClusteredCursor> cursorDeleter( cursor );
ShardPtr shard = cursor->getQueryShard();
verify( shard.get() );
DBClientCursorPtr shardCursor = cursor->getShardCursor(*shard);
// Implicitly stores the cursor in the cache
r.reply( *(shardCursor->getMessage()) , shardCursor->originalHost() );
// We don't want to kill the cursor remotely if there's still data left
shardCursor->decouple();
}
}
Status CmdAuthenticate::_authenticateCR(const UserName& user, const BSONObj& cmdObj) {
if (user == internalSecurity.user->getName() && cmdLine.clusterAuthMode == "x509") {
return Status(ErrorCodes::AuthenticationFailed,
"Mechanism x509 is required for internal cluster authentication");
}
if (!_areNonceAuthenticateCommandsEnabled) {
// SERVER-8461, MONGODB-CR must be enabled for authenticating the internal user, so that
// cluster members may communicate with each other.
if (user != internalSecurity.user->getName()) {
return Status(ErrorCodes::BadValue, _nonceAuthenticateCommandsDisabledMessage);
}
}
string key = cmdObj.getStringField("key");
string received_nonce = cmdObj.getStringField("nonce");
if( user.getUser().empty() || key.empty() || received_nonce.empty() ) {
sleepmillis(10);
return Status(ErrorCodes::ProtocolError,
"field missing/wrong type in received authenticate command");
}
stringstream digestBuilder;
{
ClientBasic *client = ClientBasic::getCurrent();
boost::scoped_ptr<AuthenticationSession> session;
client->swapAuthenticationSession(session);
if (!session || session->getType() != AuthenticationSession::SESSION_TYPE_MONGO) {
sleepmillis(30);
return Status(ErrorCodes::ProtocolError, "No pending nonce");
}
else {
nonce64 nonce = static_cast<MongoAuthenticationSession*>(session.get())->getNonce();
digestBuilder << hex << nonce;
if (digestBuilder.str() != received_nonce) {
sleepmillis(30);
return Status(ErrorCodes::AuthenticationFailed, "Received wrong nonce.");
}
}
}
User* userObj;
Status status = getGlobalAuthorizationManager()->acquireUser(user, &userObj);
if (!status.isOK()) {
// Failure to find the privilege document indicates no-such-user, a fact that we do not
// wish to reveal to the client. So, we return AuthenticationFailed rather than passing
// through the returned status.
return Status(ErrorCodes::AuthenticationFailed, status.toString());
}
string pwd = userObj->getCredentials().password;
getGlobalAuthorizationManager()->releaseUser(userObj);
md5digest d;
{
digestBuilder << user.getUser() << pwd;
string done = digestBuilder.str();
md5_state_t st;
md5_init(&st);
md5_append(&st, (const md5_byte_t *) done.c_str(), done.size());
md5_finish(&st, d);
}
string computed = digestToString( d );
if ( key != computed ) {
return Status(ErrorCodes::AuthenticationFailed, "key mismatch");
}
AuthorizationSession* authorizationSession =
ClientBasic::getCurrent()->getAuthorizationSession();
Principal* principal = new Principal(user);
authorizationSession->addAndAuthorizePrincipal(principal);
status = authorizationSession->addAndAuthorizeUser(user);
if (!status.isOK()) {
return status;
}
return Status::OK();
}
void Command::execCommandClientBasic(Command * c ,
ClientBasic& client,
int queryOptions,
const char *ns,
BSONObj& cmdObj,
BSONObjBuilder& result,
bool fromRepl ) {
verify(c);
std::string dbname = nsToDatabase(ns);
// Access control checks
if (AuthorizationManager::isAuthEnabled()) {
std::vector<Privilege> privileges;
c->addRequiredPrivileges(dbname, cmdObj, &privileges);
AuthorizationSession* authSession = client.getAuthorizationSession();
if (!authSession->checkAuthForPrivileges(privileges).isOK()) {
result.append("note", str::stream() << "not authorized for command: " <<
c->name << " on database " << dbname);
appendCommandStatus(result, false, "unauthorized");
return;
}
}
if (c->adminOnly() &&
c->localHostOnlyIfNoAuth(cmdObj) &&
!AuthorizationManager::isAuthEnabled() &&
!client.getIsLocalHostConnection()) {
log() << "command denied: " << cmdObj.toString() << endl;
appendCommandStatus(result,
false,
"unauthorized: this command must run from localhost when running db "
"without auth");
return;
}
if (c->adminOnly() && !startsWith(ns, "admin.")) {
log() << "command denied: " << cmdObj.toString() << endl;
appendCommandStatus(result, false, "access denied - use admin db");
return;
}
// End of access control checks
if (cmdObj.getBoolField("help")) {
stringstream help;
help << "help for: " << c->name << " ";
c->help( help );
result.append( "help" , help.str() );
result.append( "lockType" , c->locktype() );
appendCommandStatus(result, true, "");
return;
}
std::string errmsg;
bool ok;
try {
ok = c->run( dbname , cmdObj, queryOptions, errmsg, result, false );
}
catch (DBException& e) {
ok = false;
int code = e.getCode();
if (code == RecvStaleConfigCode) { // code for StaleConfigException
throw;
}
stringstream ss;
ss << "exception: " << e.what();
errmsg = ss.str();
result.append( "code" , code );
}
appendCommandStatus(result, ok, errmsg);
}
bool AuthzSessionExternalStateServerCommon::shouldIgnoreAuthChecks() const {
ClientBasic* client = ClientBasic::getCurrent();
return !AuthorizationManager::isAuthEnabled() ||
(enableLocalhostAuthBypass &&client->getIsLocalHostConnection() && _allowLocalhost);
}
void CursorCache::gotKillCursors(Message& m ) {
DbMessage dbmessage(m);
int n = dbmessage.pullInt();
if ( n > 2000 ) {
( n < 30000 ? warning() : error() ) << "receivedKillCursors, n=" << n << endl;
}
uassert( 13286 , "sent 0 cursors to kill" , n >= 1 );
uassert( 13287 , "too many cursors to kill" , n < 30000 );
massert( 18632 , str::stream() << "bad kill cursors size: " << m.dataSize(),
m.dataSize() == 8 + ( 8 * n ) );
const long long* cursors = dbmessage.getArray(n);
ClientBasic* client = ClientBasic::getCurrent();
AuthorizationSession* authSession = client->getAuthorizationSession();
for ( int i=0; i<n; i++ ) {
long long id = cursors[i];
LOG(_myLogLevel) << "CursorCache::gotKillCursors id: " << id << endl;
if ( ! id ) {
warning() << " got cursor id of 0 to kill" << endl;
continue;
}
string server;
{
scoped_lock lk( _mutex );
MapSharded::iterator i = _cursors.find( id );
if ( i != _cursors.end() ) {
const bool isAuthorized = authSession->isAuthorizedForActionsOnNamespace(
NamespaceString(i->second->getNS()), ActionType::killCursors);
audit::logKillCursorsAuthzCheck(
client,
NamespaceString(i->second->getNS()),
id,
isAuthorized ? ErrorCodes::OK : ErrorCodes::Unauthorized);
if (isAuthorized) {
_cursorsMaxTimeMS.erase( i->second->getId() );
_cursors.erase( i );
}
continue;
}
MapNormal::iterator refsIt = _refs.find(id);
MapNormal::iterator refsNSIt = _refsNS.find(id);
if (refsIt == _refs.end()) {
warning() << "can't find cursor: " << id << endl;
continue;
}
verify(refsNSIt != _refsNS.end());
const bool isAuthorized = authSession->isAuthorizedForActionsOnNamespace(
NamespaceString(refsNSIt->second), ActionType::killCursors);
audit::logKillCursorsAuthzCheck(
client,
NamespaceString(refsNSIt->second),
id,
isAuthorized ? ErrorCodes::OK : ErrorCodes::Unauthorized);
if (!isAuthorized) {
continue;
}
server = refsIt->second;
_refs.erase(refsIt);
_refsNS.erase(refsNSIt);
}
LOG(_myLogLevel) << "CursorCache::found gotKillCursors id: " << id << " server: " << server << endl;
verify( server.size() );
ScopedDbConnection conn(server);
conn->killCursor( id );
conn.done();
}
}
bool AuthzSessionExternalStateServerCommon::shouldAllowLocalhost() const {
ClientBasic* client = ClientBasic::getCurrent();
return _allowLocalhost && client->getIsLocalHostConnection();
}
