disable http interface authentication for localhost

2024-12-01 09:32:32 +01:00 · 2009-05-13 12:28:59 -04:00 · 2009-05-13 12:28:59 -04:00 · f79e2e6b15
commit f79e2e6b15
parent 92aa0ce095
4 changed files with 16 additions and 9 deletions
--- a/db/dbwebserver.cpp
+++ b/db/dbwebserver.cpp
@ -176,7 +176,10 @@ namespace mongo {
            ss << "\nreplInfo:  " << replInfo << '\n';
        }
        
-        bool allowed( const char * rq , vector<string>& headers ){
+        bool allowed( const char * rq , vector<string>& headers, const SockAddr &from ){
+            
+            if ( from.localhost() )
+                return true;
            
            if ( db.findOne( "admin.system.users" , BSONObj() ).isEmpty() )
                return true;
@ -238,13 +241,14 @@ namespace mongo {
            // set these and return them:
            string& responseMsg,
            int& responseCode,
-            vector<string>& headers // if completely empty, content-type: text/html will be added
+            vector<string>& headers, // if completely empty, content-type: text/html will be added
+            const SockAddr &from
        )
        {
            //out() << "url [" << url << "]" << endl;
            
            if ( url.size() > 1 ) {
-                if ( ! allowed( rq , headers ) ){
+                if ( ! allowed( rq , headers, from ) ){
                    responseCode = 401;
                    responseMsg = "not allowed\n";
                    return;
@ -290,7 +294,7 @@ namespace mongo {
            responseMsg = ss.str();

            // we want to return context from before the authentication was performed
-            if ( ! allowed( rq , headers ) ){
+            if ( ! allowed( rq , headers, from ) ){
                responseCode = 401;
                responseMsg = "not allowed\n";
                return;
--- a/util/miniwebserver.cpp
+++ b/util/miniwebserver.cpp
@ -137,7 +137,7 @@ namespace mongo {
        return false;
    }

-    void MiniWebServer::accepted(int s) {
+    void MiniWebServer::accepted(int s, const SockAddr &from) {
        char buf[4096];
        int len = 0;
        while ( 1 ) {
@ -155,7 +155,7 @@ namespace mongo {
        string responseMsg;
        int responseCode = 599;
        vector<string> headers;
-        doRequest(buf, parseURL( buf ), responseMsg, responseCode, headers);
+        doRequest(buf, parseURL( buf ), responseMsg, responseCode, headers, from);

        stringstream ss;
        ss << "HTTP/1.0 " << responseCode;
@ -206,7 +206,7 @@ namespace mongo {
            }
            disableNagle(s);
            RARELY log() << "MiniWebServer: connection accepted from " << from.toString() << endl;
-            accepted( s );
+            accepted( s, from );
            closesocket(s);
        }
    }
--- a/util/miniwebserver.h
+++ b/util/miniwebserver.h
@ -36,7 +36,8 @@ namespace mongo {
            // set these and return them:
            string& responseMsg,
            int& responseCode,
-            vector<string>& headers // if completely empty, content-type: text/html will be added
+            vector<string>& headers, // if completely empty, content-type: text/html will be added
+            const SockAddr &from
        ) = 0;

        int socket() const { return sock; }
@ -49,7 +50,7 @@ namespace mongo {
        static const char *body( const char *buf );

    private:
-        void accepted(int s);
+        void accepted(int s, const SockAddr &from);
        static bool fullReceive( const char *buf );

        int port;
--- a/util/sock.h
+++ b/util/sock.h
@ -132,6 +132,8 @@ namespace mongo {
            return sa.sin_port;
        }

+        bool localhost() const { return inet_addr( "127.0.0.1" ) == sa.sin_addr.s_addr; }
+        
        bool operator==(const SockAddr& r) const {
            return sa.sin_addr.s_addr == r.sa.sin_addr.s_addr &&
                   sa.sin_port == r.sa.sin_port;