Status AuthorizationManager::acquirePrivilege(const Privilege& privilege, const PrincipalName& authorizingPrincipal) { if (!_authenticatedPrincipals.lookup(authorizingPrincipal)) { return Status(ErrorCodes::UserNotFound, mongoutils::str::stream() << "No authenticated principle found with name: " << authorizingPrincipal.getUser() << " from database " << authorizingPrincipal.getDB(), 0); } _acquiredPrivileges.grantPrivilege(privilege, authorizingPrincipal); return Status::OK(); }
Status AuthExternalState::getPrivilegeDocument(const std::string& dbname, const PrincipalName& principalName, BSONObj* result) { if (principalName.getUser() == internalSecurity.user) { if (internalSecurity.pwd.empty()) { return Status(ErrorCodes::UserNotFound, "key file must be used to log in with internal user", 15889); } *result = BSON(USER_FIELD << internalSecurity.user << PASSWORD_FIELD << internalSecurity.pwd).getOwned(); return Status::OK(); } std::string usersNamespace = dbname + ".system.users"; BSONObj userBSONObj; BSONObjBuilder queryBuilder; queryBuilder.append(USER_FIELD, principalName.getUser()); if (principalName.getDB() == dbname) { queryBuilder.appendNull(USER_SOURCE_FIELD); } else { queryBuilder.append(USER_SOURCE_FIELD, principalName.getDB()); } bool found = _findUser(usersNamespace, queryBuilder.obj(), &userBSONObj); if (!found) { return Status(ErrorCodes::UserNotFound, mongoutils::str::stream() << "auth: couldn't find user " << principalName.toString() << ", " << usersNamespace, 0); } *result = userBSONObj.getOwned(); return Status::OK(); }
Status AuthorizationManager::acquirePrivilegesFromPrivilegeDocument( const std::string& dbname, const PrincipalName& principal, const BSONObj& privilegeDocument) { if (!_authenticatedPrincipals.lookup(principal)) { return Status(ErrorCodes::UserNotFound, mongoutils::str::stream() << "No authenticated principle found with name: " << principal.getUser() << " from database " << principal.getDB(), 0); } if (principal.getUser() == internalSecurity.user) { // Grant full access to internal user ActionSet allActions; allActions.addAllActions(); return acquirePrivilege(Privilege(PrivilegeSet::WILDCARD_RESOURCE, allActions), principal); } return buildPrivilegeSet(dbname, principal, privilegeDocument, &_acquiredPrivileges); }