0
0
mirror of https://github.com/mongodb/mongo.git synced 2024-12-01 01:21:03 +01:00
mongodb/db/security.h

79 lines
2.3 KiB
C
Raw Normal View History

2009-01-19 01:13:12 +01:00
// security.h
/**
* Copyright (C) 2009 10gen Inc.
*
2009-01-10 00:15:30 +01:00
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
2009-01-14 23:17:24 +01:00
#pragma once
#include <boost/thread/tss.hpp>
#undef assert
#define assert xassert
2009-01-23 17:28:29 +01:00
#include "nonce.h"
#include "concurrency.h"
2009-01-14 23:09:51 +01:00
namespace mongo {
2009-01-19 02:31:33 +01:00
// --noauth cmd line option
extern bool noauth;
/* for a particular db */
struct Auth {
2009-01-19 02:31:33 +01:00
Auth() { level = 0; }
int level;
};
class AuthenticationInfo : boost::noncopyable {
mongo::mutex _lock;
2009-01-19 01:01:51 +01:00
map<string, Auth> m; // dbname -> auth
static int warned;
public:
bool isLocalHost;
AuthenticationInfo() { isLocalHost = false; }
~AuthenticationInfo() {
}
void logout(const string& dbname ) {
scoped_lock lk(_lock);
m.erase(dbname);
}
void authorize(const string& dbname ) {
scoped_lock lk(_lock);
2009-01-19 02:31:33 +01:00
m[dbname].level = 2;
}
void authorizeReadOnly(const string& dbname) {
scoped_lock lk(_lock);
2010-01-27 02:04:09 +01:00
m[dbname].level = 1;
}
bool isAuthorized(const string& dbname) { return _isAuthorized( dbname, 2 ); }
bool isAuthorizedReads(const string& dbname) { return _isAuthorized( dbname, 1 ); }
bool isAuthorizedForLock(const string& dbname, int lockType ) { return _isAuthorized( dbname , lockType > 0 ? 2 : 1 ); }
void print();
2010-01-27 02:04:09 +01:00
protected:
bool _isAuthorized(const string& dbname, int level) {
2010-01-27 02:04:09 +01:00
if( m[dbname].level >= level ) return true;
if( noauth ) return true;
2010-01-27 02:04:09 +01:00
if( m["admin"].level >= level ) return true;
if( m["local"].level >= level ) return true;
return _isAuthorizedSpecialChecks( dbname );
2009-01-19 02:31:33 +01:00
}
bool _isAuthorizedSpecialChecks( const string& dbname );
};
2009-01-14 23:17:24 +01:00
} // namespace mongo