Exemplo n.º 1
0
    void AuthorizationSession::addAuthorizedPrincipal(Principal* principal) {

        // Log out any already-logged-in user on the same database as "principal".
        logoutDatabase(principal->getName().getDB().toString());  // See SERVER-8144.

        _authenticatedPrincipals.add(principal);
        if (!principal->isImplicitPrivilegeAcquisitionEnabled())
            return;

        const std::string dbname = principal->getName().getDB().toString();
        if (dbname == StringData("local", StringData::LiteralTag()) &&
            principal->getName().getUser() == internalSecurity.user) {

            // Grant full access to internal user
            ActionSet allActions;
            allActions.addAllActions();
            acquirePrivilege(Privilege(PrivilegeSet::WILDCARD_RESOURCE, allActions),
                             principal->getName());
            return;
        }

        _acquirePrivilegesForPrincipalFromDatabase(ADMIN_DBNAME, principal->getName());
        principal->markDatabaseAsProbed(ADMIN_DBNAME);
        _acquirePrivilegesForPrincipalFromDatabase(dbname, principal->getName());
        principal->markDatabaseAsProbed(dbname);
        _externalState->onAddAuthorizedPrincipal(principal);
    }
Exemplo n.º 2
0
    void AuthorizationManager::grantInternalAuthorization(const std::string& principalName) {
        Principal* principal = new Principal(PrincipalName(principalName, "local"));
        ActionSet actions;
        actions.addAllActions();

        addAuthorizedPrincipal(principal);
        fassert(16581, acquirePrivilege(Privilege(PrivilegeSet::WILDCARD_RESOURCE, actions),
                                    principal->getName()).isOK());
    }
Exemplo n.º 3
0
    void AuthorizationSession::grantInternalAuthorization(const UserName& userName) {
        Principal* principal = new Principal(userName);
        ActionSet actions;
        actions.addAllActions();

        addAuthorizedPrincipal(principal);
        fassert(16581, acquirePrivilege(Privilege(PrivilegeSet::WILDCARD_RESOURCE, actions),
                                    principal->getName()).isOK());
    }
Exemplo n.º 4
0
 void AuthorizationManager::grantInternalAuthorization() {
     Principal* internalPrincipal = new Principal("__system");
     _authenticatedPrincipals.add(internalPrincipal);
     ActionSet allActions;
     allActions.addAllActions();
     AcquiredPrivilege privilege(Privilege("*", allActions), internalPrincipal);
     Status status = acquirePrivilege(privilege);
     verify (status == Status::OK());
 }
Exemplo n.º 5
0
 Status AuthorizationManager::acquirePrivilegesFromPrivilegeDocument(
         const std::string& dbname, const PrincipalName& principal, const BSONObj& privilegeDocument) {
     if (!_authenticatedPrincipals.lookup(principal)) {
         return Status(ErrorCodes::UserNotFound,
                       mongoutils::str::stream()
                               << "No authenticated principle found with name: "
                               << principal.getUser()
                               << " from database "
                               << principal.getDB(),
                       0);
     }
     if (principal.getUser() == internalSecurity.user) {
         // Grant full access to internal user
         ActionSet allActions;
         allActions.addAllActions();
         return acquirePrivilege(Privilege(PrivilegeSet::WILDCARD_RESOURCE, allActions),
                                 principal);
     }
     return buildPrivilegeSet(dbname, principal, privilegeDocument, &_acquiredPrivileges);
 }