boy1212
diff --git a/‎src/mongo/SConscript‎
Lines changed: 3 additions & 3 deletions b/‎src/mongo/SConscript‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎src/mongo/db/auth/SConscript‎
Lines changed: 12 additions & 1 deletion b/‎src/mongo/db/auth/SConscript‎
Lines changed: 12 additions & 1 deletion
diff --git a/‎src/mongo/db/auth/auth_external_state.cpp‎
Lines changed: 27 additions & 25 deletions b/‎src/mongo/db/auth/auth_external_state.cpp‎
Lines changed: 27 additions & 25 deletions
diff --git a/‎src/mongo/db/auth/auth_external_state.h‎
Lines changed: 20 additions & 2 deletions b/‎src/mongo/db/auth/auth_external_state.h‎
Lines changed: 20 additions & 2 deletions
diff --git a/‎src/mongo/db/auth/auth_external_state_d.cpp‎
Lines changed: 39 additions & 0 deletions b/‎src/mongo/db/auth/auth_external_state_d.cpp‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎src/mongo/db/auth/auth_external_state_d.h‎
Lines changed: 41 additions & 0 deletions b/‎src/mongo/db/auth/auth_external_state_d.h‎
Lines changed: 41 additions & 0 deletions
diff --git a/‎src/mongo/db/auth/auth_external_state_mock.h‎
Lines changed: 6 additions & 0 deletions b/‎src/mongo/db/auth/auth_external_state_mock.h‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎src/mongo/db/auth/auth_external_state_s.cpp‎
Lines changed: 51 additions & 0 deletions b/‎src/mongo/db/auth/auth_external_state_s.cpp‎
Lines changed: 51 additions & 0 deletions
diff --git a/‎src/mongo/db/auth/auth_external_state_s.h‎
Lines changed: 41 additions & 0 deletions b/‎src/mongo/db/auth/auth_external_state_s.h‎
Lines changed: 41 additions & 0 deletions
@@ -242,8 +242,7 @@ env.StaticLibrary("coredb", [
         "db/stats/top.cpp",
         "s/shardconnection.cpp",
         ],
-                  LIBDEPS=['db/auth/auth',
-                           'db/auth/serverauth',
+                  LIBDEPS=['db/auth/serverauth',
                            'server_parameters'])
 
 coreServerFiles = [ "db/common.cpp",
@@ -439,7 +438,7 @@ mongosLibraryFiles = [
     "s/security.cpp",
     ]
 
-env.Library( "mongoscore" , mongosLibraryFiles )
+env.Library( "mongoscore" , mongosLibraryFiles, LIBDEPS=['db/auth/authmongos'] )
 
 env.CppUnitTest( "balancer_policy_test" , [ "s/balancer_policy_tests.cpp" ] ,
                  LIBDEPS=["mongoscore", "coreshard","mongocommon","coreserver","coredb","dbcmdline","mongodandmongos"] ,
@@ -505,6 +504,7 @@ env.CppUnitTest("geojsonparser_test", [ "db/geo/geojsonparser_test.cpp" ], LIBDE
 
 env.StaticLibrary("serveronly", serverOnlyFiles,
                   LIBDEPS=["coreshard",
+                           "db/auth/authmongod",
                            "dbcmdline",
                            "defaultversion",
                            "geojson",
 
@@ -10,14 +10,25 @@ env.Command(['action_type.h', 'action_type.cpp'], ['generate_action_types.py', '
 # Just the data structures used
 env.StaticLibrary('authcore', ['action_set.cpp',
                                'action_type.cpp',
+                               'auth_external_state.cpp',
                                'authorization_manager.cpp',
                                'principal.cpp',
                                'principal_set.cpp',
                                'privilege.cpp',
                                'privilege_set.cpp'],
                   LIBDEPS=['$BUILD_DIR/mongo/base/base', '$BUILD_DIR/mongo/stringutils'])
 
-env.StaticLibrary('auth', ['auth_external_state.cpp'], LIBDEPS=['authcore'])
+env.StaticLibrary('authservercommon',
+                  ['auth_external_state_server_common.cpp'],
+                  LIBDEPS=['authcore'])
+
+env.StaticLibrary('authmongod',
+                  ['auth_external_state_d.cpp'],
+                  LIBDEPS=['authservercommon'])
+
+env.StaticLibrary('authmongos',
+                  ['auth_external_state_s.cpp'],
+                  LIBDEPS=['authservercommon'])
 
 env.CppUnitTest('action_set_test', 'action_set_test.cpp', LIBDEPS=['authcore'])
 env.CppUnitTest('principal_set_test', 'principal_set_test.cpp', LIBDEPS=['authcore'])
 
@@ -14,41 +14,43 @@
 *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-#include "mongo/db/auth/auth_external_state_impl.h"
+#include "mongo/db/auth/auth_external_state.h"
 
-#include "mongo/base/status.h"
-#include "mongo/client/dbclientinterface.h"
 #include "mongo/db/auth/authorization_manager.h"
-#include "mongo/db/client.h"
-#include "mongo/util/debug_util.h"
 
 namespace mongo {
 
-    Status AuthExternalStateImpl::initialize(DBClientBase* adminDBConnection) {
-        if (noauth) {
+    AuthExternalState::AuthExternalState() {}
+    AuthExternalState::~AuthExternalState() {}
+
+    Status AuthExternalState::getPrivilegeDocumentOverConnection(DBClientBase* conn,
+                                                                 const std::string& dbname,
+                                                                 const std::string& principalName,
+                                                                 BSONObj* result) {
+        if (principalName == internalSecurity.user) {
+            if (internalSecurity.pwd.empty()) {
+                return Status(ErrorCodes::UserNotFound,
+                              "key file must be used to log in with internal user",
+                              15889);
+            }
+            *result = BSON("user" << principalName << "pwd" << internalSecurity.pwd).getOwned();
             return Status::OK();
         }
 
-        try {
-            _adminUserExists = AuthorizationManager::hasPrivilegeDocument(adminDBConnection,
-                                                                          "admin");
-        } catch (DBException& e) {
-            return Status(ErrorCodes::InternalError,
-                          mongoutils::str::stream() << "An error occurred while checking for the "
-                                  "existence of an admin user: " << e.what(),
+        std::string usersNamespace = dbname + ".system.users";
+
+        BSONObj userBSONObj;
+        BSONObj query = BSON("user" << principalName);
+        userBSONObj = conn->findOne(usersNamespace, query, 0, QueryOption_SlaveOk);
+        if (userBSONObj.isEmpty()) {
+            return Status(ErrorCodes::UserNotFound,
+                          mongoutils::str::stream() << "auth: couldn't find user " << principalName
+                                                    << ", " << usersNamespace,
                           0);
         }
-        ONCE {
-            if (!_adminUserExists) {
-                log() << "note: no users configured in admin.system.users, allowing localhost access"
-                      << endl;
-            }
-        }
-        return Status::OK();
-    }
 
-    bool AuthExternalStateImpl::shouldIgnoreAuthChecks() const {
-        return noauth || (!_adminUserExists && cc().getIsLocalHostConnection()) || cc().isGod();
+        *result = userBSONObj.getOwned();
+        return Status::OK();
     }
 
-} // namespace mongo
+}  // namespace mongo
@@ -16,6 +16,8 @@
 
 #pragma once
 
+#include <string>
+
 #include "mongo/base/disallow_copying.h"
 #include "mongo/base/status.h"
 #include "mongo/client/dbclientinterface.h"
@@ -33,7 +35,7 @@ namespace mongo {
 
     public:
 
-        virtual ~AuthExternalState() {};
+        virtual ~AuthExternalState();
 
         // Returns true if this connection should be treated as if it has full access to do
         // anything, regardless of the current auth state.  Currently the reasons why this could be
@@ -48,8 +50,24 @@ namespace mongo {
         // before any other methods are called on the AuthExternalState.
         virtual Status initialize(DBClientBase* adminDBConnection) = 0;
 
+        // Gets the privilege information document for "principalName" on "dbname".
+        //
+        // On success, returns Status::OK() and stores a shared-ownership copy of the document into
+        // "result".
+        virtual Status getPrivilegeDocument(const std::string& dbname,
+                                            const std::string& principalName,
+                                            BSONObj* result) = 0;
+
+
     protected:
-        AuthExternalState() {}; // This class should never be instantiated directly.
+        // Look up the privilege document for "principalName" in database "dbname", over "conn".
+        static Status getPrivilegeDocumentOverConnection(DBClientBase* conn,
+                                                         const std::string& dbname,
+                                                         const std::string& userName,
+                                                         BSONObj* result);
+
+
+        AuthExternalState(); // This class should never be instantiated directly.
     };
 
 } // namespace mongo
@@ -0,0 +1,39 @@
+/**
+*    Copyright (C) 2012 10gen Inc.
+*
+*    This program is free software: you can redistribute it and/or  modify
+*    it under the terms of the GNU Affero General Public License, version 3,
+*    as published by the Free Software Foundation.
+*
+*    This program is distributed in the hope that it will be useful,
+*    but WITHOUT ANY WARRANTY; without even the implied warranty of
+*    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*    GNU Affero General Public License for more details.
+*
+*    You should have received a copy of the GNU Affero General Public License
+*    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "mongo/db/auth/auth_external_state_d.h"
+
+#include "mongo/base/status.h"
+#include "mongo/client/dbclientinterface.h"
+#include "mongo/db/auth/authorization_manager.h"
+#include "mongo/db/client.h"
+#include "mongo/db/instance.h"
+#include "mongo/util/debug_util.h"
+
+namespace mongo {
+
+    AuthExternalStateMongod::AuthExternalStateMongod() {}
+    AuthExternalStateMongod::~AuthExternalStateMongod() {}
+
+    Status AuthExternalStateMongod::getPrivilegeDocument(const string& dbname,
+                                                         const string& principalName,
+                                                         BSONObj* result) {
+        Client::GodScope gs;
+        DBDirectClient conn;
+        return getPrivilegeDocumentOverConnection(&conn, dbname, principalName, result);
+    }
+
+} // namespace mongo
@@ -0,0 +1,41 @@
+/**
+*    Copyright (C) 2012 10gen Inc.
+*
+*    This program is free software: you can redistribute it and/or  modify
+*    it under the terms of the GNU Affero General Public License, version 3,
+*    as published by the Free Software Foundation.
+*
+*    This program is distributed in the hope that it will be useful,
+*    but WITHOUT ANY WARRANTY; without even the implied warranty of
+*    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*    GNU Affero General Public License for more details.
+*
+*    You should have received a copy of the GNU Affero General Public License
+*    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#pragma once
+
+#include "mongo/base/disallow_copying.h"
+#include "mongo/base/status.h"
+#include "mongo/client/dbclientinterface.h"
+#include "mongo/db/auth/auth_external_state_server_common.h"
+
+namespace mongo {
+
+    /**
+     * The implementation of AuthExternalState functionality for mongod.
+     */
+    class AuthExternalStateMongod : public AuthExternalStateServerCommon {
+        MONGO_DISALLOW_COPYING(AuthExternalStateMongod);
+
+    public:
+        AuthExternalStateMongod();
+        virtual ~AuthExternalStateMongod();
+
+        virtual Status getPrivilegeDocument(const string& dbname,
+                                            const string& principalName,
+                                            BSONObj* result);
+    };
+
+} // namespace mongo
@@ -43,6 +43,12 @@ namespace mongo {
         // This is a no-op for the mock
         virtual Status initialize(DBClientBase* adminDBConnection) { return Status::OK(); }
 
+        virtual Status getPrivilegeDocument(const string& dbname,
+                                            const string& user,
+                                            BSONObj* result) {
+            return Status(ErrorCodes::InternalError, "Not Implemented!");
+        }
+
     private:
         bool _returnValue;
     };
 
@@ -0,0 +1,51 @@
+/**
+*    Copyright (C) 2012 10gen Inc.
+*
+*    This program is free software: you can redistribute it and/or  modify
+*    it under the terms of the GNU Affero General Public License, version 3,
+*    as published by the Free Software Foundation.
+*
+*    This program is distributed in the hope that it will be useful,
+*    but WITHOUT ANY WARRANTY; without even the implied warranty of
+*    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*    GNU Affero General Public License for more details.
+*
+*    You should have received a copy of the GNU Affero General Public License
+*    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "mongo/db/auth/auth_external_state_s.h"
+
+#include "mongo/base/status.h"
+#include "mongo/client/dbclientinterface.h"
+#include "mongo/db/auth/authorization_manager.h"
+#include "mongo/s/grid.h"
+
+namespace mongo {
+
+    AuthExternalStateMongos::AuthExternalStateMongos() {}
+    AuthExternalStateMongos::~AuthExternalStateMongos() {}
+
+    Status AuthExternalStateMongos::getPrivilegeDocument(const string& dbname,
+                                                         const string& principalName,
+                                                         BSONObj* result) {
+
+        //
+        // Note: The connection mechanism here is *not* ideal, and should not be used elsewhere.
+        // If the primary for the collection moves, this approach may throw rather than handle
+        // version exceptions.
+        //
+
+        std::string systemUsers = dbname + ".system.users";
+        DBConfigPtr config = grid.getDBConfig(systemUsers);
+        Shard s = config->getShard(systemUsers);
+
+        scoped_ptr<ScopedDbConnection> conn(
+                ScopedDbConnection::getInternalScopedDbConnection(s.getConnString(), 30.0));
+        Status status = getPrivilegeDocumentOverConnection(
+                conn->get(), dbname, principalName, result);
+        conn->done();
+        return status;
+    }
+
+} // namespace mongo
@@ -0,0 +1,41 @@
+/**
+*    Copyright (C) 2012 10gen Inc.
+*
+*    This program is free software: you can redistribute it and/or  modify
+*    it under the terms of the GNU Affero General Public License, version 3,
+*    as published by the Free Software Foundation.
+*
+*    This program is distributed in the hope that it will be useful,
+*    but WITHOUT ANY WARRANTY; without even the implied warranty of
+*    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*    GNU Affero General Public License for more details.
+*
+*    You should have received a copy of the GNU Affero General Public License
+*    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#pragma once
+
+#include "mongo/base/disallow_copying.h"
+#include "mongo/base/status.h"
+#include "mongo/client/dbclientinterface.h"
+#include "mongo/db/auth/auth_external_state_server_common.h"
+
+namespace mongo {
+
+    /**
+     * The implementation of AuthExternalState functionality for mongos.
+     */
+    class AuthExternalStateMongos : public AuthExternalStateServerCommon {
+        MONGO_DISALLOW_COPYING(AuthExternalStateMongos);
+
+    public:
+        AuthExternalStateMongos();
+        virtual ~AuthExternalStateMongos();
+
+        virtual Status getPrivilegeDocument(const string& dbname,
+                                            const string& principalName,
+                                            BSONObj* result);
+    };
+
+} // namespace mongo