bool isSelf(const HostAndPort& hostAndPort) {
// Fastpath: check if the host&port in question is bound to one
// of the interfaces on this machine.
// No need for ip match if the ports do not match
if (hostAndPort.port() == serverGlobalParams.port) {
std::vector<std::string> myAddrs = serverGlobalParams.bind_ip.empty() ?
getBoundAddrs(IPv6Enabled()) :
std::vector<std::string>();
if (!serverGlobalParams.bind_ip.empty()) {
boost::split(myAddrs, serverGlobalParams.bind_ip, boost::is_any_of(", "));
}
const std::vector<std::string> hostAddrs = getAddrsForHost(hostAndPort.host(),
hostAndPort.port(),
IPv6Enabled());
for (std::vector<std::string>::const_iterator i = myAddrs.begin();
i != myAddrs.end(); ++i) {
for (std::vector<std::string>::const_iterator j = hostAddrs.begin();
j != hostAddrs.end(); ++j) {
if (*i == *j) {
return true;
}
}
}
}
if (!Listener::getTimeTracker()) {
// this ensures we are actually running a server
// this may return true later, so may want to retry
return false;
}
try {
DBClientConnection conn;
std::string errmsg;
if (!conn.connect(hostAndPort, errmsg)) {
return false;
}
if (getGlobalAuthorizationManager()->isAuthEnabled() && isInternalAuthSet()) {
if (!authenticateInternalUser(&conn)) {
return false;
}
}
BSONObj out;
bool ok = conn.simpleCommand("admin" , &out, "_isSelf");
bool me = ok && out["id"].type() == jstOID && instanceId == out["id"].OID();
return me;
}
catch (const std::exception& e) {
warning() << "could't check isSelf (" << hostAndPort << ") " << e.what() << std::endl;
}
return false;
}
bool SyncSourceFeedback::replAuthenticate() {
if (!getGlobalAuthorizationManager()->isAuthEnabled())
return true;
if (!isInternalAuthSet())
return false;
return authenticateInternalUser(_connection.get());
}
bool replAuthenticate(DBClientBase *conn) {
if (!getGlobalAuthorizationManager()->isAuthEnabled())
return true;
if (!isInternalAuthSet())
return false;
return authenticateInternalUser(conn);
}
// we should already be locked...
bool ScopedConn::connect() {
std::string err;
if (!connInfo->cc->connect(HostAndPort(_hostport), err)) {
log() << "couldn't connect to " << _hostport << ": " << err;
return false;
}
connInfo->connected = true;
connInfo->tagPort();
// if we cannot authenticate against a member, then either its key file
// or our key file has to change. if our key file has to change, we'll
// be rebooting. if their file has to change, they'll be rebooted so the
// connection created above will go dead, reconnect, and reauth.
if (getGlobalAuthorizationManager()->isAuthEnabled()) {
return authenticateInternalUser(connInfo->cc.get());
}
return true;
}
bool SyncSourceFeedback::replAuthenticate(bool skipAuthCheck) {
if (!AuthorizationManager::isAuthEnabled()) {
return true;
}
if (!skipAuthCheck && !cc().getAuthorizationSession()->hasInternalAuthorization()) {
log() << "replauthenticate: requires internal authorization, failing" << endl;
return false;
}
if (internalSecurity.pwd.length() > 0) {
return authenticateInternalUser(_connection.get());
}
BSONObj user;
{
Client::ReadContext ctxt("local.");
if(!Helpers::findOne("local.system.users", userReplQuery, user) ||
// try the first user in local
!Helpers::getSingleton("local.system.users", user)) {
log() << "replauthenticate: no user in local.system.users to use"
<< "for authentication" << endl;
return false;
}
}
std::string u = user.getStringField("user");
std::string p = user.getStringField("pwd");
massert(16889, "bad user object? [1]", !u.empty());
massert(16887, "bad user object? [2]", !p.empty());
string err;
if( !_connection->auth("local", u.c_str(), p.c_str(), err, false) ) {
log() << "replauthenticate: can't authenticate to master server, user:" << u << endl;
return false;
}
return true;
}
bool HostAndPort::isSelf() const {
int _p = port();
int p = _p == -1 ? ServerGlobalParams::DefaultDBPort : _p;
string host = str::stream() << this->host() << ":" << p;
{
// check cache for this host
// debatably something _could_ change, but I'm not sure right now (erh 10/14/2010)
scoped_lock lk( isSelfCommand._cacheLock );
map<string,bool>::const_iterator i = isSelfCommand._cache.find( host );
if ( i != isSelfCommand._cache.end() )
return i->second;
}
#if !defined(_WIN32) && !defined(__sunos__)
// on linux and os x we can do a quick check for an ip match
// no need for ip match if the ports do not match
if (p == serverGlobalParams.port) {
const vector<string> myaddrs = getMyAddrs();
const vector<string> addrs = getAllIPs(_host);
for (vector<string>::const_iterator i=myaddrs.begin(), iend=myaddrs.end();
i!=iend; ++i) {
for (vector<string>::const_iterator j=addrs.begin(), jend=addrs.end();
j!=jend; ++j) {
string a = *i;
string b = *j;
if ( a == b || ( str::startsWith( a , "127." ) &&
str::startsWith( b , "127." ) ) // 127. is all loopback
) {
// add to cache
scoped_lock lk( isSelfCommand._cacheLock );
isSelfCommand._cache[host] = true;
return true;
}
}
}
}
#endif
if ( ! Listener::getTimeTracker() ) {
// this ensures we are actually running a server
// this may return true later, so may want to retry
return false;
}
try {
isSelfCommand.init();
DBClientConnection conn;
string errmsg;
if ( ! conn.connect( host , errmsg ) ) {
// should this go in the cache?
return false;
}
if (getGlobalAuthorizationManager()->isAuthEnabled() && isInternalAuthSet()) {
if (!authenticateInternalUser(&conn)) {
return false;
}
}
BSONObj out;
bool ok = conn.simpleCommand( "admin" , &out , "_isSelf" );
bool me = ok && out["id"].type() == jstOID && isSelfCommand._id == out["id"].OID();
// add to cache
scoped_lock lk( isSelfCommand._cacheLock );
isSelfCommand._cache[host] = me;
return me;
}
catch ( std::exception& e ) {
warning() << "could't check isSelf (" << host << ") " << e.what() << endl;
}
return false;
}
