コード例 #1
0
Status AuthzManagerExternalStateMongos::getRoleDescription(OperationContext* opCtx,
                                                           const RoleName& roleName,
                                                           PrivilegeFormat showPrivileges,
                                                           BSONObj* result) {
    BSONObjBuilder rolesInfoCmd;
    rolesInfoCmd.append("rolesInfo",
                        BSON_ARRAY(BSON(AuthorizationManager::ROLE_NAME_FIELD_NAME
                                        << roleName.getRole()
                                        << AuthorizationManager::ROLE_DB_FIELD_NAME
                                        << roleName.getDB())));
    addShowPrivilegesToBuilder(&rolesInfoCmd, showPrivileges);

    BSONObjBuilder builder;
    const bool ok = Grid::get(opCtx)->catalogClient()->runUserManagementReadCommand(
        opCtx, "admin", rolesInfoCmd.obj(), &builder);
    BSONObj cmdResult = builder.obj();
    if (!ok) {
        return getStatusFromCommandResult(cmdResult);
    }

    std::vector<BSONElement> foundRoles = cmdResult[rolesFieldName(showPrivileges)].Array();
    if (foundRoles.size() == 0) {
        return Status(ErrorCodes::RoleNotFound, "Role \"" + roleName.toString() + "\" not found");
    }

    if (foundRoles.size() > 1) {
        return Status(ErrorCodes::RoleDataInconsistent,
                      str::stream() << "Found multiple roles on the \"" << roleName.getDB()
                                    << "\" database with name \""
                                    << roleName.getRole()
                                    << "\"");
    }
    *result = foundRoles[0].Obj().getOwned();
    return Status::OK();
}
コード例 #2
0
Status AuthzManagerExternalStateMongos::getRoleDescription(OperationContext* txn,
                                                           const RoleName& roleName,
                                                           bool showPrivileges,
                                                           BSONObj* result) {
    BSONObj rolesInfoCmd =
        BSON("rolesInfo" << BSON_ARRAY(BSON(
                                AuthorizationManager::ROLE_NAME_FIELD_NAME
                                << roleName.getRole() << AuthorizationManager::ROLE_DB_FIELD_NAME
                                << roleName.getDB())) << "showPrivileges" << showPrivileges);
    BSONObjBuilder builder;
    const bool ok = grid.catalogManager(txn)
                        ->runUserManagementReadCommand(txn, "admin", rolesInfoCmd, &builder);
    BSONObj cmdResult = builder.obj();
    if (!ok) {
        return Command::getStatusFromCommandResult(cmdResult);
    }

    std::vector<BSONElement> foundRoles = cmdResult["roles"].Array();
    if (foundRoles.size() == 0) {
        return Status(ErrorCodes::RoleNotFound, "Role \"" + roleName.toString() + "\" not found");
    }

    if (foundRoles.size() > 1) {
        return Status(ErrorCodes::RoleDataInconsistent,
                      str::stream() << "Found multiple roles on the \"" << roleName.getDB()
                                    << "\" database with name \"" << roleName.getRole() << "\"");
    }
    *result = foundRoles[0].Obj().getOwned();
    return Status::OK();
}
コード例 #3
0
    Status AuthzManagerExternalStateLocal::_getRoleDescription_inlock(const RoleName& roleName,
                                                                      bool showPrivileges,
                                                                      BSONObj* result) {
        if (!_roleGraph.roleExists(roleName))
            return Status(ErrorCodes::RoleNotFound, "No role named " + roleName.toString());

        mutablebson::Document resultDoc;
        fassert(17162, resultDoc.root().appendString(
                        AuthorizationManager::ROLE_NAME_FIELD_NAME, roleName.getRole()));
        fassert(17163, resultDoc.root().appendString(
                        AuthorizationManager::ROLE_SOURCE_FIELD_NAME, roleName.getDB()));
        fassert(17267,
                resultDoc.root().appendBool("isBuiltin", _roleGraph.isBuiltinRole(roleName)));
        mutablebson::Element rolesElement = resultDoc.makeElementArray("roles");
        fassert(17164, resultDoc.root().pushBack(rolesElement));
        mutablebson::Element inheritedRolesElement = resultDoc.makeElementArray("inheritedRoles");
        fassert(17165, resultDoc.root().pushBack(inheritedRolesElement));
        mutablebson::Element privilegesElement = resultDoc.makeElementArray("privileges");
        mutablebson::Element inheritedPrivilegesElement =
                resultDoc.makeElementArray("inheritedPrivileges");
        if (showPrivileges) {
            fassert(17166, resultDoc.root().pushBack(privilegesElement));
        }
        mutablebson::Element warningsElement = resultDoc.makeElementArray("warnings");

        addRoleNameObjectsToArrayElement(rolesElement, _roleGraph.getDirectSubordinates(roleName));
        if (_roleGraphState == roleGraphStateConsistent) {
            addRoleNameObjectsToArrayElement(
                    inheritedRolesElement, _roleGraph.getIndirectSubordinates(roleName));
            if (showPrivileges) {
                addPrivilegeObjectsOrWarningsToArrayElement(
                        privilegesElement,
                        warningsElement,
                        _roleGraph.getDirectPrivileges(roleName));

                addPrivilegeObjectsOrWarningsToArrayElement(
                        inheritedPrivilegesElement,
                        warningsElement,
                        _roleGraph.getAllPrivileges(roleName));

                fassert(17323, resultDoc.root().pushBack(inheritedPrivilegesElement));
            }
        }
        else if (showPrivileges) {
            warningsElement.appendString(
                    "", "Role graph state inconsistent; only direct privileges available.");
            addPrivilegeObjectsOrWarningsToArrayElement(
                    privilegesElement, warningsElement, _roleGraph.getDirectPrivileges(roleName));
        }
        if (warningsElement.hasChildren()) {
            fassert(17167, resultDoc.root().pushBack(warningsElement));
        }
        *result = resultDoc.getObject();
        return Status::OK();
    }
コード例 #4
0
    Status AuthzManagerExternalStateMongos::getRoleDescription(const RoleName& roleName,
                                                               bool showPrivileges,
                                                               BSONObj* result) {
        try {
            scoped_ptr<ScopedDbConnection> conn(getConnectionForAuthzCollection(
                    AuthorizationManager::rolesCollectionNamespace));
            BSONObj cmdResult;
            conn->get()->runCommand(
                    "admin",
                    BSON("rolesInfo" <<
                         BSON_ARRAY(BSON(AuthorizationManager::ROLE_NAME_FIELD_NAME <<
                                         roleName.getRole() <<
                                         AuthorizationManager::ROLE_SOURCE_FIELD_NAME <<
                                         roleName.getDB())) <<
                         "showPrivileges" << showPrivileges),
                    cmdResult);
            if (!cmdResult["ok"].trueValue()) {
                int code = cmdResult["code"].numberInt();
                if (code == 0) code = ErrorCodes::UnknownError;
                return Status(ErrorCodes::Error(code), cmdResult["errmsg"].str());
            }

            std::vector<BSONElement> foundRoles = cmdResult["roles"].Array();
            if (foundRoles.size() == 0) {
                return Status(ErrorCodes::RoleNotFound,
                              "Role \"" + roleName.toString() + "\" not found");
            }
            if (foundRoles.size() > 1) {
                return Status(ErrorCodes::RoleDataInconsistent,
                              mongoutils::str::stream() << "Found multiple roles on the \"" <<
                                      roleName.getDB() << "\" database with name \"" <<
                                      roleName.getRole() << "\"");
            }
            *result = foundRoles[0].Obj().getOwned();
            conn->done();
            return Status::OK();
        } catch (const DBException& e) {
            return e.toStatus();
        }
    }