Principal* PrincipalSet::lookup(const UserName& name) const { Principal* principal = lookupByDBName(name.getDB()); if (principal && principal->getName() == name) { return principal; } return NULL; }
void AuthorizationManager::logoutDatabase(const std::string& dbname) { Principal* principal = _authenticatedPrincipals.lookupByDBName(dbname); if (!principal) return; _acquiredPrivileges.revokePrivilegesFromPrincipal(principal->getName()); _authenticatedPrincipals.removeByDBName(dbname); }
void AuthorizationSession::logoutDatabase(const std::string& dbname) { Principal* principal = _authenticatedPrincipals.lookupByDBName(dbname); if (!principal) return; _acquiredPrivileges.revokePrivilegesFromUser(principal->getName()); _authenticatedPrincipals.removeByDBName(dbname); _externalState->onLogoutDatabase(dbname); }
void AuthorizationManager::grantInternalAuthorization(const std::string& principalName) { Principal* principal = new Principal(PrincipalName(principalName, "local")); ActionSet actions; actions.addAllActions(); addAuthorizedPrincipal(principal); fassert(16581, acquirePrivilege(Privilege(PrivilegeSet::WILDCARD_RESOURCE, actions), principal->getName()).isOK()); }
void AuthorizationSession::grantInternalAuthorization(const UserName& userName) { Principal* principal = new Principal(userName); ActionSet actions; actions.addAllActions(); addAuthorizedPrincipal(principal); fassert(16581, acquirePrivilege(Privilege(PrivilegeSet::WILDCARD_RESOURCE, actions), principal->getName()).isOK()); }
Principal* PrincipalSet::lookupByDBName(const StringData& dbname) const { for (std::vector<Principal*>::const_iterator it = _principals.begin(); it != _principals.end(); ++it) { Principal* current = *it; if (current->getName().getDB() == dbname) { return current; } } return NULL; }
void _authorizePrincipal(const std::string& principalName, bool readOnly) { Principal* principal = new Principal(PrincipalName(principalName, "local")); ActionSet actions = AuthorizationManager::getActionsForOldStyleUser( "admin", readOnly); AuthorizationManager* authorizationManager = cc().getAuthorizationManager(); authorizationManager->addAuthorizedPrincipal(principal); Status status = authorizationManager->acquirePrivilege( Privilege(PrivilegeSet::WILDCARD_RESOURCE, actions), principal->getName()); verify (status == Status::OK()); }
void PrincipalSet::removeByDBName(const StringData& dbname) { for (std::vector<Principal*>::iterator it = _principals.begin(); it != _principals.end(); ++it) { Principal* current = *it; if (current->getName().getDB() == dbname) { delete current; _principals.erase(it); break; } } }
void PrincipalSet::add(Principal* principal) { for (std::vector<Principal*>::iterator it = _principals.begin(); it != _principals.end(); ++it) { Principal* current = *it; if (current->getName().getDB() == principal->getName().getDB()) { // There can be only one principal per database. delete current; *it = principal; return; } } _principals.push_back(principal); }
Status AuthorizationManager::_probeForPrivilege(const Privilege& privilege) { Privilege modifiedPrivilege = _modifyPrivilegeForSpecialCases(privilege); if (_acquiredPrivileges.hasPrivilege(modifiedPrivilege)) return Status::OK(); std::string dbname = nsToDatabase(modifiedPrivilege.getResource()); for (PrincipalSet::iterator iter = _authenticatedPrincipals.begin(), end = _authenticatedPrincipals.end(); iter != end; ++iter) { Principal* principal = *iter; if (!principal->isImplicitPrivilegeAcquisitionEnabled()) continue; if (principal->isDatabaseProbed(dbname)) continue; _acquirePrivilegesForPrincipalFromDatabase(dbname, principal->getName()); principal->markDatabaseAsProbed(dbname); if (_acquiredPrivileges.hasPrivilege(modifiedPrivilege)) return Status::OK(); } return Status(ErrorCodes::Unauthorized, "unauthorized", 0); }