コード例 #1
0
    Status AuthzManagerExternalStateMongod::_initializeRoleGraph() {
        boost::lock_guard<boost::mutex> lkInitialzeRoleGraph(_roleGraphMutex);
        switch (_roleGraphState) {
        case roleGraphStateInitial:
        case roleGraphStateHasCycle:
            break;
        case roleGraphStateConsistent:
            return Status(ErrorCodes::AlreadyInitialized,
                          "Role graph already initialized and consistent.");
        default:
            return Status(ErrorCodes::InternalError,
                          mongoutils::str::stream() << "Invalid role graph state " <<
                          _roleGraphState);
        }

        RoleGraph newRoleGraph;
        Status status = query(
                AuthorizationManager::rolesCollectionNamespace,
                BSONObj(),
                BSONObj(),
                boost::bind(addRoleFromDocumentOrWarn, &newRoleGraph, _1));
        if (!status.isOK())
            return status;

        status = newRoleGraph.recomputePrivilegeData();

        RoleGraphState newState;
        if (status == ErrorCodes::GraphContainsCycle) {
            error() << "Inconsistent role graph during authorization manager intialization.  Only "
                "direct privileges available. " << status.reason();
            newState = roleGraphStateHasCycle;
            status = Status::OK();
        }
        else if (status.isOK()) {
            newState = roleGraphStateConsistent;
        }
        else {
            newState = roleGraphStateInitial;
            newRoleGraph = RoleGraph();
        }

        if (status.isOK()) {
            _roleGraph.swap(newRoleGraph);
            _roleGraphState = newState;
        }
        return status;
    }
コード例 #2
0
    Status AuthzManagerExternalStateLocal::_initializeRoleGraph(OperationContext* txn) {
        boost::lock_guard<boost::mutex> lkInitialzeRoleGraph(_roleGraphMutex);

        _roleGraphState = roleGraphStateInitial;
        _roleGraph = RoleGraph();

        RoleGraph newRoleGraph;
        Status status = query(
                txn,
                AuthorizationManager::rolesCollectionNamespace,
                BSONObj(),
                BSONObj(),
                stdx::bind(addRoleFromDocumentOrWarn, &newRoleGraph, stdx::placeholders::_1));
        if (!status.isOK())
            return status;

        status = newRoleGraph.recomputePrivilegeData();

        RoleGraphState newState;
        if (status == ErrorCodes::GraphContainsCycle) {
            error() << "Inconsistent role graph during authorization manager initialization.  Only "
                "direct privileges available. " << status.reason();
            newState = roleGraphStateHasCycle;
            status = Status::OK();
        }
        else if (status.isOK()) {
            newState = roleGraphStateConsistent;
        }
        else {
            newState = roleGraphStateInitial;
        }

        if (status.isOK()) {
            _roleGraph.swap(newRoleGraph);
            _roleGraphState = newState;
        }
        return status;
    }
コード例 #3
0
ファイル: role_graph.cpp プロジェクト: AshishSanju/mongo
void swap(RoleGraph& lhs, RoleGraph& rhs) {
    lhs.swap(rhs);
}