1
/* Copyright 2012 10gen Inc.
3
* Licensed under the Apache License, Version 2.0 (the "License");
4
* you may not use this file except in compliance with the License.
5
* You may obtain a copy of the License at
7
* http://www.apache.org/licenses/LICENSE-2.0
9
* Unless required by applicable law or agreed to in writing, software
10
* distributed under the License is distributed on an "AS IS" BASIS,
11
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
* See the License for the specific language governing permissions and
13
* limitations under the License.
20
#include "mongo/base/disallow_copying.h"
21
#include "mongo/db/auth/action_set.h"
22
#include "mongo/db/auth/action_type.h"
23
#include "mongo/db/auth/privilege.h"
24
#include "mongo/db/auth/principal_name.h"
25
#include "mongo/util/string_map.h"
30
* A collection of privileges describing which authenticated principals bestow the client the
31
* ability to perform various actions on specific resources. Since every privilege comes from
32
* an authenticated principal, removing that principal removes all privileges granted by that
35
* Resources are arranged hierarchically, with a wildcard resource,
36
* PrivilegeSet::WILDCARD_RESOURCE, matching any resource. In the current implementation, the
37
* only two levels of the hierarchy are the wildcard and one level below, which is analagous to
38
* the name of a database. It is future work to support collection or other sub-database
41
* This class does not do any locking/synchronization, the consumer will be responsible for
42
* synchronizing access.
45
MONGO_DISALLOW_COPYING(PrivilegeSet);
47
static const std::string WILDCARD_RESOURCE;
53
* Adds the specified privilege to the set, associating it with the named principal.
55
* The privilege should be on a specific resource, or on the WILDCARD_RESOURCE.
57
void grantPrivilege(const Privilege& privilege, const PrincipalName& authorizingPrincipal);
60
* Adds the specified privileges to the set, associating them with the named principal.
62
void grantPrivileges(const std::vector<Privilege>& privileges,
63
const PrincipalName& authorizingPrincipal);
66
* Removes from the set all privileges associated with the given principal.
68
* If multiple princpals enable the same privilege, the set will continue to
69
* contain those privileges until all authorizing principals have had their
70
* privileges revoked from the set.
72
void revokePrivilegesFromPrincipal(const PrincipalName& principal);
75
* Returns true if the set authorizes "desiredPrivilege".
77
* The set is considered to authorize "desiredPrivilege" if each action in
78
* "desiredPrivilege" is satisfied either on the database component of
79
* "desiredPrivilege.getResource()" or on WILDCARD_RESOURCE.
81
* TODO: Support checking for the privilege on the full resource name as well as the
82
* database component, to support sub-database granularity privilege assignment.
84
bool hasPrivilege(const Privilege& desiredPrivilege);
87
* Same as hasPrivilege, except checks all the privileges in a vector.
89
bool hasPrivileges(const std::vector<Privilege>& desiredPrivileges);
94
* Information about privileges held on a resource.
96
* Instances are stored in the _byResource map, and accelerate the fast path of
97
* hasPrivilege(). Privilege revocations via revokePrivilegesFromPrincipal() can make these
98
* entries invalid, at which point they are marked "dirty". Dirty entries are rebuilt via
99
* _rebuildEntry(), below, during execution of hasPrivilege().
101
class ResourcePrivilegeCacheEntry {
103
ResourcePrivilegeCacheEntry() : actions(), dirty(false) {}
105
// All actions enabled on the associated resource, provided that "dirty" is false.
108
// False if this data is consistent with the full privilege information, stored in the
114
* Type of map from resource names to authorized actions.
116
typedef StringMap<ResourcePrivilegeCacheEntry> ResourcePrivilegeCache;
119
* Type of map from principal identity to information about the principal's privileges. The
120
* values in the map are themselves maps from resource names to associated actions.
122
typedef std::map<PrincipalName, StringMap<ActionSet> > PrincipalPrivilegeMap;
124
void _rebuildEntry(const StringData& resource, ResourcePrivilegeCacheEntry* summary);
126
ResourcePrivilegeCacheEntry* _lookupEntry(const StringData& resource);
127
ResourcePrivilegeCacheEntry* _lookupOrInsertEntry(const StringData& resource);
129
// Information about privileges available on all resources.
130
ResourcePrivilegeCacheEntry _globalPrivilegeEntry;
132
// Cache of privilege information, by resource.
133
ResourcePrivilegeCache _byResource;
135
// Directory of privilege information, by principal.
136
PrincipalPrivilegeMap _byPrincipal;