mongodb/db/security.cpp

// security.cpp

/**
 *    Copyright (C) 2009 10gen Inc.
 *
 *    This program is free software: you can redistribute it and/or  modify
 *    it under the terms of the GNU Affero General Public License, version 3,
 *    as published by the Free Software Foundation.
 *
 *    This program is distributed in the hope that it will be useful,
 *    but WITHOUT ANY WARRANTY; without even the implied warranty of
 *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *    GNU Affero General Public License for more details.
 *
 *    You should have received a copy of the GNU Affero General Public License
 *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

#include "pch.h"
#include "security.h"
#include "instance.h"
#include "client.h"
#include "curop.h"
#include "db.h"
#include "dbhelpers.h"

namespace mongo {

    bool noauth = true;
    
	int AuthenticationInfo::warned = 0;

    void AuthenticationInfo::print(){
        cout << "AuthenticationInfo: " << this << '\n';
        for ( map<string,Auth>::iterator i=m.begin(); i!=m.end(); i++ ){
            cout << "\t" << i->first << "\t" << i->second.level << '\n';
        }
        cout << "END" << endl;
    }


    bool AuthenticationInfo::_isAuthorizedSpecialChecks( const string& dbname ) {
        if ( cc().isGod() ){
            return true;
        }
        
        if ( isLocalHost ){
            atleastreadlock l(""); 
            Client::GodScope gs;
            Client::Context c("admin.system.users");
            BSONObj result;
            if( ! Helpers::getSingleton("admin.system.users", result) ){
                if( warned == 0 ) {
                    warned++;
                    log() << "note: no users configured in admin.system.users, allowing localhost access" << endl;
                }
                return true;
            }
        }
        return false;
    }

} // namespace mongo
suppress a couple compiler warnings 2009-01-19 01:13:12 +01:00			`// security.cpp`

Fix dependency problem 2009-01-23 17:28:29 +01:00			`/**`
			`* Copyright (C) 2009 10gen Inc.`
			`*`
			`* This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License, version 3,`
			`* as published by the Free Software Foundation.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`

stdafx->pch 2010-04-27 21:27:52 +02:00			`#include "pch.h"`
suppress a couple compiler warnings 2009-01-19 01:13:12 +01:00			`#include "security.h"`
clean up MR temp tables SERVER-327 Client shutdown hook 2009-10-14 16:20:53 +02:00			`#include "instance.h"`
make lasterror threadsafe rename Connection -> Client lasterror code easier to read bunch of windows warnings eliminated 2009-10-12 21:12:16 +02:00			`#include "client.h"`
move CurOp into Client and make inprog handle multiple in progress 2009-10-16 21:36:34 +02:00			`#include "curop.h"`
cleaning up security - moving to centralized location 2010-02-04 16:49:19 +01:00			`#include "db.h"`
			`#include "dbhelpers.h"`
suppress a couple compiler warnings 2009-01-19 01:13:12 +01:00
			`namespace mongo {`

basic security 2009-01-19 02:31:33 +01:00			`bool noauth = true;`
cleaning up security - moving to centralized location 2010-02-04 16:49:19 +01:00
security cleanup / segault fix in currentOp SERVER-384 2009-10-25 05:47:43 +01:00			`int AuthenticationInfo::warned = 0;`
if no admin.system.users, allow access to everything from localhost 2009-01-21 23:26:16 +01:00
cleaning up security - moving to centralized location 2010-02-04 16:49:19 +01:00			`void AuthenticationInfo::print(){`
rs 2010-04-20 18:29:00 +02:00			`cout << "AuthenticationInfo: " << this << '\n';`
cleaning up security - moving to centralized location 2010-02-04 16:49:19 +01:00			`for ( map<string,Auth>::iterator i=m.begin(); i!=m.end(); i++ ){`
rs 2010-04-20 18:29:00 +02:00			`cout << "\t" << i->first << "\t" << i->second.level << '\n';`
cleaning up security - moving to centralized location 2010-02-04 16:49:19 +01:00			`}`
			`cout << "END" << endl;`
			`}`


			`bool AuthenticationInfo::_isAuthorizedSpecialChecks( const string& dbname ) {`
			`if ( cc().isGod() ){`
			`return true;`
			`}`

			`if ( isLocalHost ){`
fix auth recursive lock issue 2010-02-25 19:47:59 +01:00			`atleastreadlock l("");`
cleaning up security - moving to centralized location 2010-02-04 16:49:19 +01:00			`Client::GodScope gs;`
			`Client::Context c("admin.system.users");`
			`BSONObj result;`
			`if( ! Helpers::getSingleton("admin.system.users", result) ){`
			`if( warned == 0 ) {`
			`warned++;`
			`log() << "note: no users configured in admin.system.users, allowing localhost access" << endl;`
			`}`
			`return true;`
			`}`
			`}`
			`return false;`
			`}`

suppress a couple compiler warnings 2009-01-19 01:13:12 +01:00			`} // namespace mongo`