SERVER-111122 Label access_control module APIs (#44606)

GitOrigin-RevId: 9cc50fc23b45b38ce7a25484d16a7bef0b0b88fb
2025-12-10 18:23:09 -08:00 · 2025-12-10 18:23:09 -08:00 · 0eb3f206cc
parent 615869f256
commit 0eb3f206cc
72 changed files with 180 additions and 97 deletions
--- a/src/mongo/db/auth/access_checks.idl
+++ b/src/mongo/db/auth/access_checks.idl
@ -27,6 +27,7 @@
 #
 global:
    cpp_namespace: "mongo"
    mod_visibility: public
 enums:
    AccessCheck:
--- a/src/mongo/db/auth/action_set.h
+++ b/src/mongo/db/auth/action_set.h
@ -32,6 +32,7 @@
 #include "mongo/base/status.h"
 #include "mongo/base/string_data.h"
 #include "mongo/db/auth/action_type.h"
 #include "mongo/util/modules.h"
 #include <bitset>
 #include <initializer_list>
@ -46,7 +47,7 @@ namespace mongo {
 *  If the special ActionType::anyAction is granted to this set, it automatically sets all bits
 *  in the bitmask, indicating that it contains all possible actions.
 */
-class ActionSet {
+class MONGO_MOD_PUBLIC ActionSet {
 public:
    ActionSet() = default;
    ActionSet(std::initializer_list<ActionType> actions);
--- a/src/mongo/db/auth/action_type.h
+++ b/src/mongo/db/auth/action_type.h
@ -33,6 +33,7 @@
 #include "mongo/base/status_with.h"
 #include "mongo/base/string_data.h"
 #include "mongo/db/auth/action_type_gen.h"
 #include "mongo/util/modules.h"
 #include <array>
 #include <cstdint>
@ -40,7 +41,7 @@
 #include <string>
 #include <vector>
-namespace mongo {
+namespace MONGO_MOD_PUBLIC mongo {
 /**
 * List describing the ActionTypes that should be created.
@ -56,4 +57,4 @@ StringData toStringData(ActionType a);
 std::string toString(ActionType a);
 std::ostream& operator<<(std::ostream& os, const ActionType& a);
-}  // namespace mongo
+}  // namespace MONGO_MOD_PUBLIC mongo
--- a/src/mongo/db/auth/action_type.idl
+++ b/src/mongo/db/auth/action_type.idl
@ -34,6 +34,7 @@
 # Actions marked "ID only" are not used for permission checks, but to identify events in logs.
 global:
    cpp_namespace: "mongo"
    mod_visibility: public
 imports:
    - "mongo/db/basic_types.idl"
--- a/src/mongo/db/auth/address_restriction.h
+++ b/src/mongo/db/auth/address_restriction.h
@ -40,6 +40,7 @@
 #include "mongo/db/auth/restriction.h"
 #include "mongo/db/auth/restriction_environment.h"
 #include "mongo/db/auth/restriction_set.h"
 #include "mongo/util/modules.h"
 #include "mongo/util/net/cidr.h"
 #include <memory>
--- a/src/mongo/db/auth/auth_name.h
+++ b/src/mongo/db/auth/auth_name.h
@ -37,6 +37,7 @@
 #include "mongo/bson/bsonobjbuilder.h"
 #include "mongo/db/database_name.h"
 #include "mongo/db/tenant_id.h"
 #include "mongo/util/modules.h"
 #include "mongo/util/str.h"
 #include <compare>
@ -60,7 +61,7 @@ namespace mongo {
 * Consists of a general "name" part, and a "database name" part.
 */
 template <typename T>
-class AuthName {
+class MONGO_MOD_PUBLIC AuthName {
 public:
    AuthName() = default;
@ -200,7 +201,7 @@ static inline Stream& operator<<(Stream& os, const AuthName<T>& name) {
 * Iterator over an unspecified container of AuthName objects.
 */
 template <typename T>
-class AuthNameIterator {
+class MONGO_MOD_PUBLIC AuthNameIterator {
 public:
    class Impl {
    public:
--- a/src/mongo/db/auth/auth_op_observer.h
+++ b/src/mongo/db/auth/auth_op_observer.h
@ -40,6 +40,7 @@
 #include "mongo/db/session/logical_session_id.h"
 #include "mongo/db/shard_role/shard_catalog/collection.h"
 #include "mongo/db/shard_role/shard_catalog/collection_options.h"
 #include "mongo/util/modules.h"
 #include "mongo/util/uuid.h"
 #include <cstdint>
@ -54,7 +55,7 @@ namespace mongo {
 * OpObserver for authentication. Observes all secondary replication traffic and filters down to
 * relevant entries for authentication.
 */
-class AuthOpObserver final : public OpObserverNoop {
+class MONGO_MOD_PUBLIC AuthOpObserver final : public OpObserverNoop {
    AuthOpObserver(const AuthOpObserver&) = delete;
    AuthOpObserver& operator=(const AuthOpObserver&) = delete;
--- a/src/mongo/db/auth/authentication_metrics.h
+++ b/src/mongo/db/auth/authentication_metrics.h
@ -29,6 +29,7 @@
 #pragma once
 #include "mongo/util/modules.h"
 #include "mongo/util/tick_source.h"
 #include "mongo/util/timer.h"
--- a/src/mongo/db/auth/authentication_session.h
+++ b/src/mongo/db/auth/authentication_session.h
@ -40,6 +40,7 @@
 #include "mongo/db/operation_context.h"
 #include "mongo/db/stats/counters.h"
 #include "mongo/util/assert_util.h"
 #include "mongo/util/modules.h"
 #include "mongo/util/timer.h"
 #include <memory>
@ -68,7 +69,7 @@ private:
 /**
 * Type representing an ongoing authentication session.
 */
-class AuthenticationSession {
+class MONGO_MOD_PUBLIC AuthenticationSession {
    AuthenticationSession(const AuthenticationSession&) = delete;
    AuthenticationSession& operator=(const AuthenticationSession&) = delete;
--- a/src/mongo/db/auth/authorization_backend_local.h
+++ b/src/mongo/db/auth/authorization_backend_local.h
@ -31,6 +31,7 @@
 #include "mongo/db/auth/authorization_backend_interface.h"
 #include "mongo/db/auth/authorization_manager.h"
 #include "mongo/db/shard_role/shard_catalog/db_raii.h"
 #include "mongo/util/modules.h"
 namespace mongo::auth {
--- a/src/mongo/db/auth/authorization_backend_mock.h
+++ b/src/mongo/db/auth/authorization_backend_mock.h
@ -35,6 +35,7 @@
 #include "mongo/db/auth/authorization_manager.h"
 #include "mongo/db/namespace_string.h"
 #include "mongo/db/operation_context.h"
 #include "mongo/util/modules.h"
 #include <functional>
 #include <map>
@ -46,7 +47,7 @@
 namespace mongo::auth {
-class AuthorizationBackendMock : public AuthorizationBackendLocal {
+class MONGO_MOD_PUBLIC AuthorizationBackendMock : public AuthorizationBackendLocal {
 public:
    /**
     * Inserts the given user object into the "admin" database.
--- a/src/mongo/db/auth/authorization_checks.h
+++ b/src/mongo/db/auth/authorization_checks.h
@ -42,6 +42,7 @@
 #include "mongo/db/query/write_ops/write_ops.h"
 #include "mongo/db/query/write_ops/write_ops_parsers.h"
 #include "mongo/db/shard_role/shard_catalog/collection_options.h"
 #include "mongo/util/modules.h"
 #include <boost/optional/optional.hpp>
@ -50,72 +51,75 @@ namespace mongo::auth {
 // Checks if this connection has the privileges necessary to perform a find operation
 // on the supplied namespace identifier.
-Status checkAuthForFind(AuthorizationSession* authSession, const NamespaceString& ns, bool hasTerm);
+MONGO_MOD_PUBLIC Status checkAuthForFind(AuthorizationSession* authSession,
                                         const NamespaceString& ns,
                                         bool hasTerm);
 // Checks if this connection has the privileges necessary to perform a getMore operation on
 // the identified cursor, supposing that cursor is associated with the supplied namespace
 // identifier.
-Status checkAuthForGetMore(AuthorizationSession* authSession,
+MONGO_MOD_PUBLIC Status checkAuthForGetMore(AuthorizationSession* authSession,
-                           const NamespaceString& ns,
+                                            const NamespaceString& ns,
-                           long long cursorID,
+                                            long long cursorID,
-                           bool hasTerm);
+                                            bool hasTerm);
 // Checks if this connection has the privileges necessary to perform the given update on the
 // given namespace.
-Status checkAuthForUpdate(AuthorizationSession* authSession,
+MONGO_MOD_PUBLIC Status checkAuthForUpdate(AuthorizationSession* authSession,
-                          OperationContext* opCtx,
+                                           OperationContext* opCtx,
-                          const NamespaceString& ns,
+                                           const NamespaceString& ns,
-                          const BSONObj& query,
+                                           const BSONObj& query,
-                          const write_ops::UpdateModification& update,
+                                           const write_ops::UpdateModification& update,
-                          bool upsert);
+                                           bool upsert);
 // Checks if this connection has the privileges necessary to insert to the given namespace.
-Status checkAuthForInsert(AuthorizationSession* authSession,
+MONGO_MOD_PUBLIC Status checkAuthForInsert(AuthorizationSession* authSession,
-                          OperationContext* opCtx,
+                                           OperationContext* opCtx,
-                          const NamespaceString& ns);
+                                           const NamespaceString& ns);
 // Checks if this connection has the privileges necessary to perform a delete on the given
 // namespace.
-Status checkAuthForDelete(AuthorizationSession* authSession,
+MONGO_MOD_PUBLIC Status checkAuthForDelete(AuthorizationSession* authSession,
-                          OperationContext* opCtx,
+                                           OperationContext* opCtx,
-                          const NamespaceString& ns,
+                                           const NamespaceString& ns,
-                          const BSONObj& query);
+                                           const BSONObj& query);
 // Checks if this connection has the privileges necessary to perform a killCursor on
 // the identified cursor, supposing that cursor is associated with the supplied namespace
 // identifier.
-Status checkAuthForKillCursors(AuthorizationSession* authSession,
+MONGO_MOD_PUBLIC Status checkAuthForKillCursors(AuthorizationSession* authSession,
-                               const NamespaceString& cursorNss,
+                                                const NamespaceString& cursorNss,
-                               const boost::optional<UserName>& cursorOwner);
+                                                const boost::optional<UserName>& cursorOwner);
 // Checks if this connection has the privileges necessary to perform a releaseMemory on
 // the identified cursor, supposing that cursor is associated with the supplied namespace
 // identifier.
-Status checkAuthForReleaseMemory(AuthorizationSession* authSession,
+MONGO_MOD_PUBLIC Status checkAuthForReleaseMemory(AuthorizationSession* authSession,
-                                 const NamespaceString& cursorNss);
+                                                  const NamespaceString& cursorNss);
 // Attempts to get the privileges necessary to run the aggregation pipeline specified in
 // 'request' on the namespace 'ns' either directly on mongoD or via mongoS.
-StatusWith<PrivilegeVector> getPrivilegesForAggregate(OperationContext* opCtx,
+MONGO_MOD_PUBLIC StatusWith<PrivilegeVector> getPrivilegesForAggregate(
-                                                      AuthorizationSession* authSession,
+    OperationContext* opCtx,
-                                                      const NamespaceString& ns,
+    AuthorizationSession* authSession,
-                                                      const AggregateCommandRequest& request,
+    const NamespaceString& ns,
-                                                      bool isMongos);
+    const AggregateCommandRequest& request,
    bool isMongos);
 // Checks if this connection has the privileges necessary to create 'ns' with the options
 // supplied in 'cmdObj' either directly on mongoD or via mongoS.
-Status checkAuthForCreate(OperationContext* opCtx,
+MONGO_MOD_PUBLIC Status checkAuthForCreate(OperationContext* opCtx,
-                          AuthorizationSession* authSession,
+                                           AuthorizationSession* authSession,
-                          const CreateCommand& cmd,
+                                           const CreateCommand& cmd,
-                          bool isMongos);
+                                           bool isMongos);
 // Checks if this connection has the privileges necessary to modify 'ns' with the options
 // supplied in 'cmdObj' either directly on mongoD or via mongoS.
-Status checkAuthForCollMod(OperationContext* opCtx,
+MONGO_MOD_PUBLIC Status checkAuthForCollMod(OperationContext* opCtx,
-                           AuthorizationSession* authSession,
+                                            AuthorizationSession* authSession,
-                           const NamespaceString& ns,
+                                            const NamespaceString& ns,
-                           const BSONObj& cmdObj,
+                                            const BSONObj& cmdObj,
-                           bool isMongos,
+                                            bool isMongos,
-                           const SerializationContext& serializationContext);
+                                            const SerializationContext& serializationContext);
 }  // namespace mongo::auth
--- a/src/mongo/db/auth/authorization_client_handle.h
+++ b/src/mongo/db/auth/authorization_client_handle.h
@ -35,6 +35,7 @@
 #include "mongo/db/database_name.h"
 #include "mongo/db/operation_context.h"
 #include "mongo/db/service_context.h"
 #include "mongo/util/modules.h"
 namespace mongo {
--- a/src/mongo/db/auth/authorization_client_handle_router.h
+++ b/src/mongo/db/auth/authorization_client_handle_router.h
@ -34,6 +34,7 @@
 #include "mongo/db/auth/authz_session_external_state_router.h"
 #include "mongo/db/database_name.h"
 #include "mongo/db/operation_context.h"
 #include "mongo/util/modules.h"
 namespace mongo {
--- a/src/mongo/db/auth/authorization_client_handle_shard.h
+++ b/src/mongo/db/auth/authorization_client_handle_shard.h
@ -35,6 +35,7 @@
 #include "mongo/db/database_name.h"
 #include "mongo/db/operation_context.h"
 #include "mongo/db/service_context.h"
 #include "mongo/util/modules.h"
 namespace mongo {
--- a/src/mongo/db/auth/authorization_contract.h
+++ b/src/mongo/db/auth/authorization_contract.h
@ -36,6 +36,7 @@
 #include "mongo/db/auth/privilege.h"
 #include "mongo/stdx/mutex.h"
 #include "mongo/util/concurrency/with_lock.h"
 #include "mongo/util/modules.h"
 #include <array>
 #include <bitset>
@ -59,7 +60,7 @@ namespace mongo {
 * When commands execute other commands via DBDirectClient, we only want
 * the top-level command to accumulate authorization checks.
 */
-class AuthorizationContract {
+class MONGO_MOD_PUBLIC AuthorizationContract {
 public:
    AuthorizationContract() = default;
    AuthorizationContract(bool isTestModeEnabled) : _isTestModeEnabled(isTestModeEnabled) {};
--- a/src/mongo/db/auth/authorization_contract_guard.h
+++ b/src/mongo/db/auth/authorization_contract_guard.h
@ -30,10 +30,11 @@
 #pragma once
 #include "mongo/db/auth/authorization_session.h"
 #include "mongo/util/modules.h"
 namespace mongo {
-class AuthorizationContractGuard {
+class MONGO_MOD_PUBLIC AuthorizationContractGuard {
 public:
    explicit AuthorizationContractGuard(AuthorizationSession* authSession)
        : _authSession(authSession) {
--- a/src/mongo/db/auth/authorization_manager.h
+++ b/src/mongo/db/auth/authorization_manager.h
@ -52,6 +52,7 @@
 #include "mongo/db/service_context.h"
 #include "mongo/db/tenant_id.h"
 #include "mongo/stdx/unordered_set.h"
 #include "mongo/util/modules.h"
 #include <cstdint>
 #include <memory>
@ -60,7 +61,7 @@
 #include <boost/optional.hpp>
 #include <boost/optional/optional.hpp>
-namespace mongo {
+namespace MONGO_MOD_PUBLIC mongo {
 class AuthorizationSession;
 class Client;
@ -70,7 +71,7 @@ class ServiceContext;
 /**
 * Internal secret key info.
 */
-struct SystemAuthInfo {
+struct MONGO_MOD_NEEDS_REPLACEMENT SystemAuthInfo {
    std::shared_ptr<UserHandle> getUser() {
        return std::atomic_load(&_user);  // NOLINT
    }
@ -86,12 +87,13 @@ struct SystemAuthInfo {
 private:
    std::shared_ptr<UserHandle> _user;
 };
 extern SystemAuthInfo internalSecurity;
 /**
 * How user management functions should structure the BSON representation of privileges and roles.
 */
-enum class AuthenticationRestrictionsFormat {
+enum class MONGO_MOD_PRIVATE AuthenticationRestrictionsFormat {
    kOmit,  // AuthenticationRestrictions should not be included in the BSON representation.
    kShow,  // AuthenticationRestrictions should be included in the BSON representation.
 };
@ -265,4 +267,4 @@ public:
     * Otherwise, they will be equal to boost::none.
     */
 };
-}  // namespace mongo
+}  // namespace MONGO_MOD_PUBLIC mongo
--- a/src/mongo/db/auth/authorization_manager_factory.h
+++ b/src/mongo/db/auth/authorization_manager_factory.h
@ -35,8 +35,9 @@
 #include "mongo/db/auth/authorization_manager.h"
 #include "mongo/db/operation_context.h"
 #include "mongo/db/service_context.h"
 #include "mongo/util/modules.h"
-namespace mongo {
+namespace MONGO_MOD_PUBLIC mongo {
 /**
 * Factory class for generating the correct authorization manager for the
@ -62,4 +63,4 @@ public:
 extern std::unique_ptr<AuthorizationManagerFactory> globalAuthzManagerFactory;
-}  // namespace mongo
+}  // namespace MONGO_MOD_PUBLIC mongo
--- a/src/mongo/db/auth/authorization_manager_factory_impl.h
+++ b/src/mongo/db/auth/authorization_manager_factory_impl.h
@ -32,6 +32,7 @@
 #include "mongo/db/auth/authorization_manager.h"
 #include "mongo/db/auth/authorization_manager_factory.h"
 #include "mongo/db/service_context.h"
 #include "mongo/util/modules.h"
 namespace mongo {
--- a/src/mongo/db/auth/authorization_manager_factory_mock.h
+++ b/src/mongo/db/auth/authorization_manager_factory_mock.h
@ -35,6 +35,7 @@
 #include "mongo/db/auth/authorization_manager_factory.h"
 #include "mongo/db/operation_context.h"
 #include "mongo/db/service_context.h"
 #include "mongo/util/modules.h"
 namespace mongo {
@ -44,7 +45,8 @@ namespace mongo {
 * based on the arguments provided.
 */
-class AuthorizationManagerFactoryMock : public AuthorizationManagerFactory {
+class MONGO_MOD_PUBLIC_FOR_TECHNICAL_REASONS AuthorizationManagerFactoryMock
    : public AuthorizationManagerFactory {
 public:
    std::unique_ptr<AuthorizationManager> createRouter(Service* service) override;
--- a/src/mongo/db/auth/authorization_manager_impl.h
+++ b/src/mongo/db/auth/authorization_manager_impl.h
@ -56,6 +56,7 @@
 #include "mongo/util/concurrency/thread_pool.h"
 #include "mongo/util/concurrency/thread_pool_interface.h"
 #include "mongo/util/invalidating_lru_cache.h"
 #include "mongo/util/modules.h"
 #include "mongo/util/read_through_cache.h"
 #include <map>
--- a/src/mongo/db/auth/authorization_router.h
+++ b/src/mongo/db/auth/authorization_router.h
@ -30,12 +30,13 @@
 #pragma once
 #include "mongo/db/auth/user.h"
 #include "mongo/util/modules.h"
 namespace mongo {
 class AuthorizationManager;
 class AuthzSessionExternalState;
-class AuthorizationRouter {
+class MONGO_MOD_PUBLIC AuthorizationRouter {
 public:
    AuthorizationRouter(const AuthorizationRouter&) = delete;
    AuthorizationRouter& operator=(const AuthorizationRouter&) = delete;
--- a/src/mongo/db/auth/authorization_router_impl.h
+++ b/src/mongo/db/auth/authorization_router_impl.h
@ -32,6 +32,7 @@
 #include "mongo/db/auth/authorization_client_handle.h"
 #include "mongo/db/auth/authorization_router.h"
 #include "mongo/util/concurrency/thread_pool.h"
 #include "mongo/util/modules.h"
 namespace mongo {
 class AuthorizationRouterImpl : public AuthorizationRouter {
--- a/src/mongo/db/auth/authorization_router_impl_for_test.h
+++ b/src/mongo/db/auth/authorization_router_impl_for_test.h
@ -31,6 +31,7 @@
 #include "mongo/db/auth/authorization_router_impl.h"
 #include "mongo/unittest/unittest.h"
 #include "mongo/util/modules.h"
 namespace mongo {
--- a/src/mongo/db/auth/authorization_session.h
+++ b/src/mongo/db/auth/authorization_session.h
@ -51,6 +51,7 @@
 #include "mongo/db/session/logical_session_id_gen.h"
 #include "mongo/db/tenant_id.h"
 #include "mongo/util/concurrency/with_lock.h"
 #include "mongo/util/modules.h"
 #include "mongo/util/time_support.h"
 #include <memory>
@ -82,7 +83,7 @@ class ListCollections;
 * every operation looks at one consistent view of each user for every auth check required over
 * the lifetime of the operation.
 */
-class AuthorizationSession {
+class MONGO_MOD_PUBLIC AuthorizationSession {
    AuthorizationSession(const AuthorizationSession&) = delete;
    AuthorizationSession& operator=(const AuthorizationSession&) = delete;
@ -314,8 +315,8 @@ public:
 // access a cursor in the specified `cursorSessionId` parameter.  Returns `Status::OK()`, when the
 // session is accessible.  Returns a `mongo::Status` with information regarding the nature of
 // session inaccessibility when the session is not accessible.
-inline Status checkCursorSessionPrivilege(OperationContext* const opCtx,
+MONGO_MOD_PUBLIC inline Status checkCursorSessionPrivilege(
-                                          const boost::optional<LogicalSessionId> cursorSessionId) {
+    OperationContext* const opCtx, const boost::optional<LogicalSessionId> cursorSessionId) {
    if (!AuthorizationSession::exists(opCtx->getClient())) {
        return Status::OK();
    }
--- a/src/mongo/db/auth/authorization_session_for_test.h
+++ b/src/mongo/db/auth/authorization_session_for_test.h
@ -36,6 +36,7 @@
 #include "mongo/db/auth/role_name.h"
 #include "mongo/db/auth/user.h"
 #include "mongo/db/database_name.h"
 #include "mongo/util/modules.h"
 #include <memory>
 #include <vector>
--- a/src/mongo/db/auth/authorization_session_impl.h
+++ b/src/mongo/db/auth/authorization_session_impl.h
@ -51,6 +51,7 @@
 #include "mongo/db/session/logical_session_id_gen.h"
 #include "mongo/db/tenant_id.h"
 #include "mongo/util/concurrency/with_lock.h"
 #include "mongo/util/modules.h"
 #include "mongo/util/time_support.h"
 #include <memory>
--- a/src/mongo/db/auth/authorization_session_test_fixture.h
+++ b/src/mongo/db/auth/authorization_session_test_fixture.h
@ -38,6 +38,7 @@
 #include "mongo/db/service_context_d_test_fixture.h"
 #include "mongo/transport/transport_layer_mock.h"
 #include "mongo/util/clock_source_mock.h"
 #include "mongo/util/modules.h"
 #include <vector>
--- a/src/mongo/db/auth/authz_session_external_state.h
+++ b/src/mongo/db/auth/authz_session_external_state.h
@ -34,6 +34,7 @@
 #include "mongo/db/auth/user_name.h"
 #include "mongo/db/client.h"
 #include "mongo/db/operation_context.h"
 #include "mongo/util/modules.h"
 #include <memory>
 #include <string>
--- a/src/mongo/db/auth/authz_session_external_state_mock.h
+++ b/src/mongo/db/auth/authz_session_external_state_mock.h
@ -34,6 +34,7 @@
 #include "mongo/db/auth/authz_session_external_state.h"
 #include "mongo/db/client.h"
 #include "mongo/db/operation_context.h"
 #include "mongo/util/modules.h"
 namespace mongo {
--- a/src/mongo/db/auth/authz_session_external_state_router.h
+++ b/src/mongo/db/auth/authz_session_external_state_router.h
@ -35,6 +35,7 @@
 #include "mongo/db/auth/authz_session_external_state_server_common.h"
 #include "mongo/db/client.h"
 #include "mongo/db/operation_context.h"
 #include "mongo/util/modules.h"
 namespace mongo {
--- a/src/mongo/db/auth/authz_session_external_state_server_common.h
+++ b/src/mongo/db/auth/authz_session_external_state_server_common.h
@ -34,6 +34,7 @@
 #include "mongo/db/auth/authz_session_external_state.h"
 #include "mongo/db/client.h"
 #include "mongo/db/operation_context.h"
 #include "mongo/util/modules.h"
 namespace mongo {
--- a/src/mongo/db/auth/authz_session_external_state_shard.h
+++ b/src/mongo/db/auth/authz_session_external_state_shard.h
@ -34,6 +34,7 @@
 #include "mongo/db/auth/authz_session_external_state_server_common.h"
 #include "mongo/db/client.h"
 #include "mongo/db/operation_context.h"
 #include "mongo/util/modules.h"
 namespace mongo {
--- a/src/mongo/db/auth/builtin_roles.h
+++ b/src/mongo/db/auth/builtin_roles.h
@ -34,6 +34,7 @@
 #include "mongo/db/database_name.h"
 #include "mongo/db/tenant_id.h"
 #include "mongo/stdx/unordered_set.h"
 #include "mongo/util/modules.h"
 #include <boost/optional.hpp>
 #include <boost/optional/optional.hpp>
@ -47,22 +48,24 @@ namespace auth {
 * "privileges".  Addition of new privileges is done as with
 * Privilege::addPrivilegeToPrivilegeVector.
 */
-bool addPrivilegesForBuiltinRole(const RoleName& role, PrivilegeVector* privileges);
+MONGO_MOD_PUBLIC bool addPrivilegesForBuiltinRole(const RoleName& role,
                                                  PrivilegeVector* privileges);
 /**
 * Ennumerate all builtin RoleNames for the given database.
 */
-stdx::unordered_set<RoleName> getBuiltinRoleNamesForDB(const DatabaseName& dbname);
+MONGO_MOD_PUBLIC stdx::unordered_set<RoleName> getBuiltinRoleNamesForDB(const DatabaseName& dbname);
 /**
 * Adds to "privileges" the necessary privileges to do absolutely anything on the system.
 */
-void generateUniversalPrivileges(PrivilegeVector* privileges, const boost::optional<TenantId>&);
+MONGO_MOD_PUBLIC void generateUniversalPrivileges(PrivilegeVector* privileges,
                                                  const boost::optional<TenantId>&);
 /**
 * Returns whether the given role corresponds to a built-in role.
 */
-bool isBuiltinRole(const RoleName& role);
+MONGO_MOD_PUBLIC bool isBuiltinRole(const RoleName& role);
 }  // namespace auth
 }  // namespace mongo
--- a/src/mongo/db/auth/cluster_auth_mode.h
+++ b/src/mongo/db/auth/cluster_auth_mode.h
@ -31,6 +31,7 @@
 #include "mongo/base/status_with.h"
 #include "mongo/base/string_data.h"
 #include "mongo/util/modules.h"
 namespace mongo {
@ -39,7 +40,7 @@ class ServiceContext;
 /**
 * ClusterAuthMode is a thin wrapper around an enum for decorated storage and semantic utility.
 */
-class ClusterAuthMode {
+class MONGO_MOD_PUBLIC ClusterAuthMode {
    enum class Value {
        kUndefined,
        /**
--- a/src/mongo/db/auth/ldap_cumulative_operation_stats.h
+++ b/src/mongo/db/auth/ldap_cumulative_operation_stats.h
@ -34,6 +34,7 @@
 #include "mongo/bson/util/builder_fwd.h"
 #include "mongo/stdx/mutex.h"
 #include "mongo/util/duration.h"
 #include "mongo/util/modules.h"
 #include "mongo/util/tick_source.h"
 #include <cstdint>
@ -47,7 +48,7 @@ class LDAPOperationStats;
 * Class used to track statistics associated with LDAP operations for a specfic
 * UserAcquisitionStats object.
 */
-class LDAPCumulativeOperationStats {
+class MONGO_MOD_PUBLIC LDAPCumulativeOperationStats {
 public:
    LDAPCumulativeOperationStats() = default;
    ~LDAPCumulativeOperationStats() = default;
--- a/src/mongo/db/auth/ldap_operation_stats.h
+++ b/src/mongo/db/auth/ldap_operation_stats.h
@ -36,6 +36,7 @@
 #include "mongo/db/service_context.h"
 #include "mongo/util/assert_util.h"
 #include "mongo/util/duration.h"
 #include "mongo/util/modules.h"
 #include "mongo/util/modules_incompletely_marked_header.h"
 #include "mongo/util/tick_source.h"
@ -49,7 +50,7 @@ namespace mongo {
 * UserAcquisitionStats object. All methods must be called while holding that UserAcquisitionStats'
 * lock.
 */
-class LDAPOperationStats {
+class MONGO_MOD_PUBLIC LDAPOperationStats {
 public:
    LDAPOperationStats() = default;
    ~LDAPOperationStats() = default;
@ -156,6 +157,6 @@ private:
     * Metrics associated with binding and search/querying an LDAP server.
     */
    Stats _bindStats;
-    MONGO_MOD_NEEDS_REPLACEMENT Stats _searchStats;  // Used by a friend-ed test.
+    Stats _searchStats;  // Used by a friend-ed test.
 };
 }  // namespace mongo
--- a/src/mongo/db/auth/oauth_discovery_factory.h
+++ b/src/mongo/db/auth/oauth_discovery_factory.h
@ -31,6 +31,7 @@
 #include "mongo/base/string_data.h"
 #include "mongo/db/auth/oauth_authorization_server_metadata_gen.h"
 #include "mongo/util/modules.h"
 #include "mongo/util/net/http_client.h"
 #include <memory>
@ -42,7 +43,7 @@ namespace mongo {
 /**
 * Uses RFC8414 to acquire Authorization Server metadata for an issuer.
 */
-class OAuthDiscoveryFactory {
+class MONGO_MOD_PUBLIC OAuthDiscoveryFactory {
 public:
    OAuthDiscoveryFactory(std::unique_ptr<HttpClient> client) : _client(std::move(client)) {}
--- a/src/mongo/db/auth/parsed_privilege.idl
+++ b/src/mongo/db/auth/parsed_privilege.idl
@ -28,6 +28,7 @@
 global:
    cpp_namespace: "mongo::auth"
    mod_visibility: public
 imports:
    - "mongo/db/basic_types.idl"
--- a/src/mongo/db/auth/privilege.h
+++ b/src/mongo/db/auth/privilege.h
@ -36,6 +36,7 @@
 #include "mongo/db/auth/resource_pattern.h"
 #include "mongo/db/exec/mutable_bson/element.h"
 #include "mongo/db/tenant_id.h"
 #include "mongo/util/modules.h"
 #include <string>
 #include <vector>
@ -43,7 +44,7 @@
 #include <boost/optional.hpp>
 #include <boost/optional/optional.hpp>
-namespace mongo {
+namespace MONGO_MOD_PUBLIC mongo {
 class Privilege;
 class TenantId;
@ -137,4 +138,4 @@ inline bool operator==(const Privilege& lhs, const Privilege& rhs) {
        lhs.getActions() == rhs.getActions();
 }
-}  // namespace mongo
+}  // namespace MONGO_MOD_PUBLIC mongo
--- a/src/mongo/db/auth/privilege_format.h
+++ b/src/mongo/db/auth/privilege_format.h
@ -32,6 +32,7 @@
 #include "mongo/base/string_data.h"
 #include "mongo/bson/bsonelement.h"
 #include "mongo/bson/bsonobjbuilder.h"
 #include "mongo/util/modules.h"
 namespace mongo {
--- a/src/mongo/db/auth/resolve_role_option.h
+++ b/src/mongo/db/auth/resolve_role_option.h
@ -53,6 +53,8 @@
 #pragma once
 #include "mongo/util/modules.h"
 #include <cstdint>
 namespace mongo::auth {
--- a/src/mongo/db/auth/resource_pattern.h
+++ b/src/mongo/db/auth/resource_pattern.h
@ -36,6 +36,7 @@
 #include "mongo/db/namespace_string.h"
 #include "mongo/db/tenant_id.h"
 #include "mongo/util/assert_util.h"
 #include "mongo/util/modules.h"
 #include <iosfwd>
 #include <string>
@ -58,7 +59,7 @@ namespace mongo {
 * part of the access control system.  See buildResourceSearchList() in
 * authorization_session.cpp for details.
 */
-class ResourcePattern {
+class MONGO_MOD_PUBLIC ResourcePattern {
    friend class AuthorizationContract;
 public:
@ -304,6 +305,6 @@ private:
    NamespaceString _ns;
 };
-std::ostream& operator<<(std::ostream& os, const ResourcePattern& pattern);
+MONGO_MOD_FILE_PRIVATE std::ostream& operator<<(std::ostream& os, const ResourcePattern& pattern);
 }  // namespace mongo
--- a/src/mongo/db/auth/resource_pattern_search_list.h
+++ b/src/mongo/db/auth/resource_pattern_search_list.h
@ -33,6 +33,7 @@
 #include "mongo/db/auth/resource_pattern.h"
 #include "mongo/db/namespace_string.h"
 #include "mongo/util/assert_util.h"
 #include "mongo/util/modules.h"
 #include "mongo/util/namespace_string_util.h"
 #include <array>
--- a/src/mongo/db/auth/restriction.h
+++ b/src/mongo/db/auth/restriction.h
@ -35,6 +35,7 @@
 #include "mongo/bson/util/builder.h"
 #include "mongo/bson/util/builder_fwd.h"
 #include "mongo/db/auth/restriction_environment.h"
 #include "mongo/util/modules.h"
 #include <sstream>
 #include <string>
--- a/src/mongo/db/auth/restriction_environment.h
+++ b/src/mongo/db/auth/restriction_environment.h
@ -31,6 +31,7 @@
 #include "mongo/base/status.h"
 #include "mongo/db/tenant_id.h"
 #include "mongo/util/modules.h"
 #include "mongo/util/net/sockaddr.h"
 #include <memory>
@ -53,7 +54,7 @@ inline Status validateClientSourceAuthenticationRestrictionMode(StringData mode,
 // It must be constructed and attached to a Client object while a server is accepting a connection.
 // Clients created by internal server operations may not have a RestrictionEnvironment. Clients
 // which attempt to perform authentication or authorization must have a RestrictionEnvironment.
-class RestrictionEnvironment {
+class MONGO_MOD_PUBLIC RestrictionEnvironment {
 public:
    RestrictionEnvironment() = default;
    RestrictionEnvironment(SockAddr clientSource, SockAddr serverAddress)
--- a/src/mongo/db/auth/restriction_mock.h
+++ b/src/mongo/db/auth/restriction_mock.h
@ -31,12 +31,13 @@
 #include "mongo/base/status.h"
 #include "mongo/db/auth/restriction.h"
 #include "mongo/util/modules.h"
 #include <string>
 namespace mongo {
-class RestrictionMock : public UnnamedRestriction {
+class MONGO_MOD_FILE_PRIVATE RestrictionMock : public UnnamedRestriction {
 public:
    explicit RestrictionMock(bool shouldPass) : _shouldPass(shouldPass) {}
--- a/src/mongo/db/auth/restriction_set.h
+++ b/src/mongo/db/auth/restriction_set.h
@ -30,6 +30,7 @@
 #pragma once
 #include "mongo/db/auth/restriction.h"
 #include "mongo/util/modules.h"
 #include <memory>
 #include <vector>
--- a/src/mongo/db/auth/role_name.h
+++ b/src/mongo/db/auth/role_name.h
@ -30,8 +30,9 @@
 #pragma once
 #include "mongo/db/auth/auth_name.h"
 #include "mongo/util/modules.h"
-namespace mongo {
+namespace MONGO_MOD_PUBLIC mongo {
 /**
 * Representation of a name of a role in a MongoDB system.
@ -75,4 +76,4 @@ Container roleNameIteratorToContainer(RoleNameIterator it) {
    return container;
 }
-}  // namespace mongo
+}  // namespace MONGO_MOD_PUBLIC mongo
--- a/src/mongo/db/auth/role_name_or_string.h
+++ b/src/mongo/db/auth/role_name_or_string.h
@ -34,6 +34,7 @@
 #include "mongo/bson/bsonobjbuilder.h"
 #include "mongo/db/auth/role_name.h"
 #include "mongo/db/database_name.h"
 #include "mongo/util/modules.h"
 #include <string>
 #include <type_traits>
--- a/src/mongo/db/auth/sasl_commands.h
+++ b/src/mongo/db/auth/sasl_commands.h
@ -33,14 +33,15 @@
 #include "mongo/bson/bsonobjbuilder.h"
 #include "mongo/db/auth/authentication_session.h"
 #include "mongo/db/auth/sasl_commands_gen.h"
 #include "mongo/util/modules.h"
 namespace mongo {
 class OperationContext;
 namespace auth {
-SaslReply runSaslStart(OperationContext* opCtx,
+MONGO_MOD_PUBLIC SaslReply runSaslStart(OperationContext* opCtx,
-                       AuthenticationSession* session,
+                                        AuthenticationSession* session,
-                       const SaslStartCommand& request);
+                                        const SaslStartCommand& request);
 }  // namespace auth
@ -48,7 +49,7 @@ SaslReply runSaslStart(OperationContext* opCtx,
 /**
 * Handle hello: { speculativeAuthenticate: {...} }
 */
-void doSpeculativeSaslStart(OperationContext* opCtx,
+MONGO_MOD_PUBLIC void doSpeculativeSaslStart(OperationContext* opCtx,
-                            const BSONObj& sourceObj,
+                                             const BSONObj& sourceObj,
-                            BSONObjBuilder* result);
+                                             BSONObjBuilder* result);
 }  // namespace mongo
--- a/src/mongo/db/auth/sasl_mechanism_policies.h
+++ b/src/mongo/db/auth/sasl_mechanism_policies.h
@ -32,6 +32,7 @@
 #include "mongo/base/string_data.h"
 #include "mongo/crypto/hash_block.h"
 #include "mongo/db/auth/sasl_mechanism_registry.h"
 #include "mongo/util/modules.h"
 namespace mongo {
--- a/src/mongo/db/auth/sasl_mechanism_registry.h
+++ b/src/mongo/db/auth/sasl_mechanism_registry.h
@ -45,6 +45,7 @@
 #include "mongo/db/operation_context.h"
 #include "mongo/db/service_context.h"
 #include "mongo/util/assert_util.h"
 #include "mongo/util/modules.h"
 #include "mongo/util/time_support.h"
 #include <algorithm>
@ -362,7 +363,7 @@ public:
 * mechanism from. Also capable of producing a list of mechanisms which would be valid for a
 * particular user.
 */
-class SASLServerMechanismRegistry {
+class MONGO_MOD_PUBLIC SASLServerMechanismRegistry {
 public:
    static SASLServerMechanismRegistry& get(Service* service);
    static void set(Service* service, std::unique_ptr<SASLServerMechanismRegistry> registry);
--- a/src/mongo/db/auth/sasl_options.h
+++ b/src/mongo/db/auth/sasl_options.h
@ -31,12 +31,13 @@
 #include "mongo/base/status.h"
 #include "mongo/platform/atomic_word.h"
 #include "mongo/util/modules.h"
 #include <atomic>
 #include <string>
 #include <vector>
-namespace mongo {
+namespace MONGO_MOD_PUBLIC mongo {
 namespace optionenvironment {
 class OptionSection;
@ -95,8 +96,8 @@ struct SASLGlobalParams {
    Atomic<int> numTimesScramSHA256IterationCountSet;
 };
-Status addSASLOptions(moe::OptionSection* options);
+MONGO_MOD_PRIVATE Status addSASLOptions(moe::OptionSection* options);
-Status storeSASLOptions(const moe::Environment& params);
+MONGO_MOD_PRIVATE Status storeSASLOptions(const moe::Environment& params);
-}  // namespace mongo
+}  // namespace MONGO_MOD_PUBLIC mongo
--- a/src/mongo/db/auth/sasl_options.idl
+++ b/src/mongo/db/auth/sasl_options.idl
@ -27,6 +27,7 @@
 #
 global:
    mod_visibility: public
    cpp_namespace: "mongo"
    cpp_includes:
        - "mongo/db/auth/sasl_options.h"
--- a/src/mongo/db/auth/sasl_payload.h
+++ b/src/mongo/db/auth/sasl_payload.h
@ -32,6 +32,7 @@
 #include "mongo/base/string_data.h"
 #include "mongo/bson/bsonelement.h"
 #include "mongo/bson/bsonobjbuilder.h"
 #include "mongo/util/modules.h"
 #include <string>
 #include <utility>
--- a/src/mongo/db/auth/sasl_plain_server_conversation.h
+++ b/src/mongo/db/auth/sasl_plain_server_conversation.h
@ -38,6 +38,7 @@
 #include "mongo/db/auth/user.h"
 #include "mongo/db/operation_context.h"
 #include "mongo/db/service_context.h"
 #include "mongo/util/modules.h"
 #include <string>
 #include <tuple>
--- a/src/mongo/db/auth/sasl_scram_server_conversation.h
+++ b/src/mongo/db/auth/sasl_scram_server_conversation.h
@ -40,6 +40,7 @@
 #include "mongo/db/auth/user.h"
 #include "mongo/db/operation_context.h"
 #include "mongo/util/icu.h"
 #include "mongo/util/modules.h"
 #include <algorithm>
 #include <cstring>
--- a/src/mongo/db/auth/sasl_x509_server_conversation.h
+++ b/src/mongo/db/auth/sasl_x509_server_conversation.h
@ -31,6 +31,7 @@
 #include "mongo/db/auth/sasl_mechanism_policies.h"
 #include "mongo/db/auth/sasl_mechanism_registry.h"
 #include "mongo/util/modules.h"
 namespace mongo::auth {
--- a/src/mongo/db/auth/security_file.h
+++ b/src/mongo/db/auth/security_file.h
@ -29,6 +29,8 @@
 #pragma once
 #include "mongo/util/modules.h"
 #include <string>
 #include <vector>
@ -45,7 +47,9 @@ class StatusWith;
 * Whitespace within each key will be stripped from the final keys (e.g. "key 1" = "key1").
 *
 * This will return an error if the file was empty or contained invalid characters.
 *
 *
 */
-StatusWith<std::vector<std::string>> readSecurityFile(const std::string& filename);
+MONGO_MOD_PUBLIC StatusWith<std::vector<std::string>> readSecurityFile(const std::string& filename);
 }  // namespace mongo
--- a/src/mongo/db/auth/security_key.h
+++ b/src/mongo/db/auth/security_key.h
@ -30,6 +30,7 @@
 #pragma once
 #include "mongo/db/auth/cluster_auth_mode.h"
 #include "mongo/util/modules.h"
 #include <string>
--- a/src/mongo/db/auth/security_token_authentication_guard.h
+++ b/src/mongo/db/auth/security_token_authentication_guard.h
@ -32,6 +32,7 @@
 #include "mongo/db/auth/validated_tenancy_scope.h"
 #include "mongo/db/client.h"
 #include "mongo/db/operation_context.h"
 #include "mongo/util/modules.h"
 namespace mongo {
 namespace auth {
@ -41,7 +42,7 @@ namespace auth {
 * that user will be authenticated against the client until this guard dies.
 * This is used in ServiceEntryPoint to scope authentication to a single operation.
 */
-class SecurityTokenAuthenticationGuard {
+class MONGO_MOD_PUBLIC SecurityTokenAuthenticationGuard {
 public:
    SecurityTokenAuthenticationGuard() = delete;
    SecurityTokenAuthenticationGuard(OperationContext*, const ValidatedTenancyScope&);
--- a/src/mongo/db/auth/umc_info_command_arg.h
+++ b/src/mongo/db/auth/umc_info_command_arg.h
@ -35,6 +35,7 @@
 #include "mongo/db/auth/role_name.h"
 #include "mongo/db/auth/user_name.h"
 #include "mongo/db/database_name.h"
 #include "mongo/util/modules.h"
 #include "mongo/util/serialization_context.h"
 #include <string>
@ -58,7 +59,7 @@ namespace auth {
 * Then use getElements(dbname) for isExact() form to get list of T names.
 */
 template <typename T, bool enableForAllDBs>
-class UMCInfoCommandArg {
+class MONGO_MOD_PUBLIC UMCInfoCommandArg {
 public:
    UMCInfoCommandArg() : UMCInfoCommandArg(AllOnCurrentDB{}) {}
    static_assert(std::is_same<UserName, T>::value || std::is_same<RoleName, T>::value,
--- a/src/mongo/db/auth/user.h
+++ b/src/mongo/db/auth/user.h
@ -47,6 +47,7 @@
 #include "mongo/stdx/unordered_set.h"
 #include "mongo/util/assert_util.h"
 #include "mongo/util/base64.h"
 #include "mongo/util/modules.h"
 #include "mongo/util/read_through_cache.h"
 #include <algorithm>
@ -62,7 +63,7 @@
 #include <boost/optional/optional.hpp>
-namespace mongo {
+namespace MONGO_MOD_PUBLIC mongo {
 /**
 * Represents the properties required to request a UserHandle.
@ -495,4 +496,4 @@ using UserCache = ReadThroughCache<UserRequest::UserRequestCacheKey,
                                   SharedUserAcquisitionStats>;
 using UserHandle = UserCache::ValueHandle;
-}  // namespace mongo
+}  // namespace MONGO_MOD_PUBLIC mongo
--- a/src/mongo/db/auth/user_acquisition_stats.h
+++ b/src/mongo/db/auth/user_acquisition_stats.h
@ -36,11 +36,12 @@
 #include "mongo/db/client.h"
 #include "mongo/stdx/mutex.h"
 #include "mongo/util/duration.h"
 #include "mongo/util/modules.h"
 #include "mongo/util/tick_source.h"
 #include <memory>
-namespace mongo {
+namespace MONGO_MOD_PUBLIC mongo {
 enum UserAcquisitionOpType { kCache, kBind, kSearch, kSuccessfulReferral, kFailedReferral };
 /**
@ -286,4 +287,4 @@ private:
    TickSource* _tickSource;
    UserAcquisitionOpType _type;
 };
-}  // namespace mongo
+}  // namespace MONGO_MOD_PUBLIC mongo
--- a/src/mongo/db/auth/user_cache_access_stats.h
+++ b/src/mongo/db/auth/user_cache_access_stats.h
@ -34,6 +34,7 @@
 #include "mongo/db/client.h"
 #include "mongo/util/assert_util.h"
 #include "mongo/util/duration.h"
 #include "mongo/util/modules.h"
 #include "mongo/util/tick_source.h"
 #include <cstdint>
@ -46,7 +47,7 @@ namespace mongo {
 * Tracks and stores statistics related to user cache access on a per-operation
 * basis. These statistics are tracked and reported from within CurOp.
 */
-class UserCacheAccessStats {
+class MONGO_MOD_PUBLIC UserCacheAccessStats {
    using AccessInterval = std::pair<Microseconds, Microseconds>;
 public:
--- a/src/mongo/db/auth/user_cache_invalidator_job.h
+++ b/src/mongo/db/auth/user_cache_invalidator_job.h
@ -33,6 +33,7 @@
 #include "mongo/bson/timestamp.h"
 #include "mongo/db/service_context.h"
 #include "mongo/util/duration.h"
 #include "mongo/util/modules.h"
 #include "mongo/util/periodic_runner.h"
 #include <memory>
@ -49,7 +50,7 @@ class OperationContext;
 * AuthorizationManager to throw out its in-memory cache of User objects (which contains the
 * users' credentials, roles, privileges, etc).
 */
-class UserCacheInvalidator {
+class MONGO_MOD_PUBLIC UserCacheInvalidator {
 public:
    using OIDorTimestamp = std::variant<OID, Timestamp>;
--- a/src/mongo/db/auth/user_document_parser.h
+++ b/src/mongo/db/auth/user_document_parser.h
@ -33,6 +33,7 @@
 #include "mongo/bson/bsonobj.h"
 #include "mongo/db/auth/user.h"
 #include "mongo/db/tenant_id.h"
 #include "mongo/util/modules.h"
 #include <utility>
--- a/src/mongo/db/auth/user_management_commands_parser.h
+++ b/src/mongo/db/auth/user_management_commands_parser.h
@ -37,6 +37,7 @@
 #include "mongo/db/auth/role_name.h"
 #include "mongo/db/auth/user.h"
 #include "mongo/db/auth/user_name.h"
 #include "mongo/util/modules.h"
 #include <string>
 #include <vector>
--- a/src/mongo/db/auth/user_name.h
+++ b/src/mongo/db/auth/user_name.h
@ -30,10 +30,11 @@
 #pragma once
 #include "mongo/db/auth/auth_name.h"
 #include "mongo/util/modules.h"
 namespace mongo {
-class UserName : public AuthName<UserName> {
+class MONGO_MOD_PUBLIC UserName : public AuthName<UserName> {
 public:
    static constexpr auto kName = "UserName"_sd;
    static constexpr auto kFieldName = "user"_sd;
--- a/src/mongo/db/auth/user_request_x509.h
+++ b/src/mongo/db/auth/user_request_x509.h
@ -32,6 +32,7 @@
 #include "mongo/db/auth/user.h"
 #include "mongo/db/auth/user_name.h"
 #include "mongo/util/modules.h"
 #include "mongo/util/net/ssl_peer_info.h"
 #include <boost/optional.hpp>