bool run(const string&, BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl) { AuthorizationSession* authSession = ClientBasic::getCurrent()->getAuthorizationSession(); BSONObjBuilder authInfo(result.subobjStart("authInfo")); { BSONArrayBuilder authenticatedUsers(authInfo.subarrayStart("authenticatedUsers")); UserNameIterator nameIter = authSession->getAuthenticatedUserNames(); for ( ; nameIter.more(); nameIter.next()) { BSONObjBuilder userInfoBuilder(authenticatedUsers.subobjStart()); userInfoBuilder.append(AuthorizationManager::USER_NAME_FIELD_NAME, nameIter->getUser()); userInfoBuilder.append(AuthorizationManager::USER_DB_FIELD_NAME, nameIter->getDB()); userInfoBuilder.doneFast(); } authenticatedUsers.doneFast(); } authInfo.doneFast(); return true; }
bool run(OperationContext* txn, const string&, BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result) { AuthorizationSession* authSession = AuthorizationSession::get(ClientBasic::getCurrent()); bool showPrivileges; Status status = bsonExtractBooleanFieldWithDefault(cmdObj, "showPrivileges", false, &showPrivileges); if (!status.isOK()) { return appendCommandStatus(result, status); } BSONObjBuilder authInfo(result.subobjStart("authInfo")); { BSONArrayBuilder authenticatedUsers(authInfo.subarrayStart("authenticatedUsers")); UserNameIterator nameIter = authSession->getAuthenticatedUserNames(); for (; nameIter.more(); nameIter.next()) { BSONObjBuilder userInfoBuilder(authenticatedUsers.subobjStart()); userInfoBuilder.append(AuthorizationManager::USER_NAME_FIELD_NAME, nameIter->getUser()); userInfoBuilder.append(AuthorizationManager::USER_DB_FIELD_NAME, nameIter->getDB()); } } { BSONArrayBuilder authenticatedRoles(authInfo.subarrayStart("authenticatedUserRoles")); RoleNameIterator roleIter = authSession->getAuthenticatedRoleNames(); for (; roleIter.more(); roleIter.next()) { BSONObjBuilder roleInfoBuilder(authenticatedRoles.subobjStart()); roleInfoBuilder.append(AuthorizationManager::ROLE_NAME_FIELD_NAME, roleIter->getRole()); roleInfoBuilder.append(AuthorizationManager::ROLE_DB_FIELD_NAME, roleIter->getDB()); } } if (showPrivileges) { BSONArrayBuilder authenticatedPrivileges( authInfo.subarrayStart("authenticatedUserPrivileges")); // Create a unified map of resources to privileges, to avoid duplicate // entries in the connection status output. User::ResourcePrivilegeMap unifiedResourcePrivilegeMap; UserNameIterator nameIter = authSession->getAuthenticatedUserNames(); for (; nameIter.more(); nameIter.next()) { User* authUser = authSession->lookupUser(*nameIter); const User::ResourcePrivilegeMap& resourcePrivilegeMap = authUser->getPrivileges(); for (User::ResourcePrivilegeMap::const_iterator it = resourcePrivilegeMap.begin(); it != resourcePrivilegeMap.end(); ++it) { if (unifiedResourcePrivilegeMap.find(it->first) == unifiedResourcePrivilegeMap.end()) { unifiedResourcePrivilegeMap[it->first] = it->second; } else { unifiedResourcePrivilegeMap[it->first].addActions(it->second.getActions()); } } } for (User::ResourcePrivilegeMap::const_iterator it = unifiedResourcePrivilegeMap.begin(); it != unifiedResourcePrivilegeMap.end(); ++it) { authenticatedPrivileges << it->second.toBSON(); } } authInfo.doneFast(); return true; }