Add initialize method to AuthorizationManager to move admin user exis…

…tance check outside of the constructor. SERVER-7126 SERVER-7572

src/mongo/db/auth/auth_external_state.cpp

@@ -16,19 +16,32 @@
 
 #include "mongo/db/auth/auth_external_state_impl.h"
 
+#include "mongo/base/status.h"
+#include "mongo/client/dbclientinterface.h"
 #include "mongo/db/auth/authorization_manager.h"
 #include "mongo/db/client.h"
+#include "mongo/util/debug_util.h"
 
 namespace mongo {
 
- AuthExternalStateImpl::AuthExternalStateImpl(DBClientBase* adminDBConnection) {
- _adminUserExists = AuthorizationManager::hasPrivilegeDocument(adminDBConnection, "admin");
- if (!_adminUserExists) {
- log() << "note: no users configured in admin.system.users, allowing localhost access"
- << endl;
+ Status AuthExternalStateImpl::initialize(DBClientBase* adminDBConnection) {
+ try {
+ _adminUserExists = AuthorizationManager::hasPrivilegeDocument(adminDBConnection,
+ "admin");
+ } catch (DBException& e) {
+ return Status(ErrorCodes::InternalError,
+ mongoutils::str::stream() << "An error occurred while checking for the "
+ "existence of an admin user: " << e.what(),
+ 0);
  }
+ ONCE {
+ if (!_adminUserExists) {
+ log() << "note: no users configured in admin.system.users, allowing localhost access"
+ << endl;
+ }
+ }
+ return Status::OK();
  }
- AuthExternalStateImpl::~AuthExternalStateImpl() {}
 
  bool AuthExternalStateImpl::shouldIgnoreAuthChecks() const {
  // TODO: uncomment part that checks if connection is localhost by looking in cc()

src/mongo/db/auth/auth_external_state.h

@@ -17,6 +17,7 @@
 #pragma once
 
 #include "mongo/base/disallow_copying.h"
+#include "mongo/base/status.h"
 #include "mongo/client/dbclientinterface.h"
 
 namespace mongo {
@@ -40,6 +41,13 @@ namespace mongo {
  // or the connection is a "god" connection.
  virtual bool shouldIgnoreAuthChecks() const = 0;
 
+ // adminDBConnection is a connection that can be used to access the admin database. It is
+ // used to determine if there are any admin users configured for the cluster, and thus if
+ // localhost connections should be given special admin access.
+ // This function *must* be called on any new AuthExternalState, after the constructor but
+ // before any other methods are called on the AuthExternalState.
+ virtual Status initialize(DBClientBase* adminDBConnection) = 0;
+
  protected:
  AuthExternalState() {}; // This class should never be instantiated directly.
  };

src/mongo/db/auth/auth_external_state_impl.h

@@ -17,6 +17,7 @@
 #pragma once
 
 #include "mongo/base/disallow_copying.h"
+#include "mongo/base/status.h"
 #include "mongo/client/dbclientinterface.h"
 #include "mongo/db/auth/auth_external_state.h"
 
@@ -30,20 +31,22 @@ namespace mongo {
 
  public:
 
- // adminDBConnection is a connection that can be used to access the admin database. It is
- // used to determine if there are any admin users configured for the cluster, and thus if
- // localhost connections should be given special admin access.
- // adminDBConnection is used only in the constructor, no pointer to it is stored, so it
- // can be deleted as soon as the constructor returns.
- AuthExternalStateImpl(DBClientBase* adminDBConnection);
- virtual ~AuthExternalStateImpl();
+ AuthExternalStateImpl() {};
+ virtual ~AuthExternalStateImpl() {};
 
  // Returns true if this connection should be treated as if it has full access to do
  // anything, regardless of the current auth state. Currently the reasons why this could be
  // are that auth isn't enabled, the connection is from localhost and there are admin users,
  // or the connection is a "god" connection.
  virtual bool shouldIgnoreAuthChecks() const;
 
+ // adminDBConnection is a connection that can be used to access the admin database. It is
+ // used to determine if there are any admin users configured for the cluster, and thus if
+ // localhost connections should be given special admin access.
+ // This function *must* be called on any new AuthExternalState, after the constructor but
+ // before any other methods are called on the AuthExternalState.
+ virtual Status initialize(DBClientBase* adminDBConnection);
+
  private:
 
  bool _adminUserExists;

src/mongo/db/auth/auth_external_state_mock.h

@@ -17,6 +17,8 @@
 #pragma once
 
 #include "mongo/base/disallow_copying.h"
+#include "mongo/base/status.h"
+#include "mongo/client/dbclientinterface.h"
 #include "mongo/db/auth/auth_external_state.h"
 
 namespace mongo {
@@ -38,6 +40,9 @@ namespace mongo {
  _returnValue = returnValue;
  }
 
+ // This is a no-op for the mock
+ virtual Status initialize(DBClientBase* adminDBConnection) { return Status::OK(); }
+
  private:
  bool _returnValue;
  };

src/mongo/db/auth/authorization_manager.cpp

@@ -137,12 +137,27 @@ namespace mongo {
  return Status::OK();
  }
 
- AuthorizationManager::AuthorizationManager(AuthExternalState* externalState) {
+ AuthorizationManager::AuthorizationManager(AuthExternalState* externalState) :
+ _initialized(false) {
  _externalState.reset(externalState);
  }
 
  AuthorizationManager::~AuthorizationManager(){}
 
+ Status AuthorizationManager::initialize(DBClientBase* adminDBConnection) {
+ if (_initialized) {
+ // This should never happen.
+ return Status(ErrorCodes::InternalError,
+ "AuthorizationManager already initialized!",
+ 0);
+ }
+ Status status = _externalState->initialize(adminDBConnection);
+ if (status == Status::OK()) {
+ _initialized = true;
+ }
+ return status;
+ }
+
  void AuthorizationManager::addAuthorizedPrincipal(Principal* principal) {
  _authenticatedPrincipals.add(principal);
  }
@@ -266,6 +281,8 @@ namespace mongo {
 
  const Principal* AuthorizationManager::checkAuthorization(const std::string& resource,
  ActionType action) const {
+ massert(16470, "AuthorizationManager has not been initialized!", _initialized);
+
  if (_externalState->shouldIgnoreAuthChecks()) {
  return &specialAdminPrincipal;
  }

src/mongo/db/auth/authorization_manager.h

@@ -45,6 +45,13 @@ namespace mongo {
  explicit AuthorizationManager(AuthExternalState* externalState);
  ~AuthorizationManager();
 
+ // adminDBConnection is a connection that can be used to access the admin database. It is
+ // used to determine if there are any admin users configured for the cluster, and thus if
+ // localhost connections should be given special admin access.
+ // This function *must* be called on any new AuthorizationManager, after the constructor but
+ // before any other methods are called on the AuthorizationManager.
+ Status initialize(DBClientBase* adminDBConnection);
+
  // Takes ownership of the principal (by putting into _authenticatedPrincipals).
  void addAuthorizedPrincipal(Principal* principal);
  // Removes and deletes the given principal from the set of authenticated principals.
@@ -101,6 +108,7 @@ namespace mongo {
  PrivilegeSet _acquiredPrivileges;
  // All principals who have been authenticated on this connection
  PrincipalSet _authenticatedPrincipals;
+ bool _initialized;
  };
 
 } // namespace mongo

src/mongo/db/auth/authorization_manager_test.cpp

@@ -38,6 +38,7 @@ namespace {
  AcquiredPrivilege allDBsWritePrivilege(Privilege("*", actions), principal);
  AuthExternalStateMock* externalState = new AuthExternalStateMock();
  AuthorizationManager authManager(externalState);
+ authManager.initialize(NULL);
 
  ASSERT_NULL(authManager.checkAuthorization("test", ActionType::insert));
  externalState->setReturnValueForShouldIgnoreAuthChecks(true);
@@ -60,6 +61,7 @@ namespace {
  TEST(AuthorizationManagerTest, GrantInternalAuthorization) {
  AuthExternalStateMock* externalState = new AuthExternalStateMock();
  AuthorizationManager authManager(externalState);
+ authManager.initialize(NULL);
 
  ASSERT_NULL(authManager.checkAuthorization("test", ActionType::insert));
  ASSERT_NULL(authManager.checkAuthorization("test", ActionType::replSetHeartbeat));