diff options
author | matt dannenberg <matt.dannenberg@10gen.com> | 2013-10-29 10:49:28 -0400 |
---|---|---|
committer | matt dannenberg <matt.dannenberg@10gen.com> | 2013-10-30 17:02:41 -0400 |
commit | 98fcff0c91c39794d37a08a86c37334406af2873 (patch) | |
tree | 20955b40c720908f989e5447570a4ac2ef7fb9b4 /src/mongo/db | |
parent | c63749eda51417e26bee88654845c689701bd919 (diff) | |
download | mongo-98fcff0c91c39794d37a08a86c37334406af2873.tar.gz |
SERVER-11426 change C++ drive to accept both userSource and db as the DB to authenticate against in the auth helper
Diffstat (limited to 'src/mongo/db')
-rw-r--r-- | src/mongo/db/auth/auth_index_d.cpp | 4 | ||||
-rw-r--r-- | src/mongo/db/auth/authorization_manager.cpp | 8 | ||||
-rw-r--r-- | src/mongo/db/auth/authorization_manager.h | 2 | ||||
-rw-r--r-- | src/mongo/db/auth/authz_manager_external_state.cpp | 4 | ||||
-rw-r--r-- | src/mongo/db/auth/authz_manager_external_state_d.cpp | 2 | ||||
-rw-r--r-- | src/mongo/db/auth/authz_manager_external_state_mock.cpp | 2 | ||||
-rw-r--r-- | src/mongo/db/auth/authz_manager_external_state_s.cpp | 2 | ||||
-rw-r--r-- | src/mongo/db/auth/security_key.cpp | 2 | ||||
-rw-r--r-- | src/mongo/db/auth/user_document_parser.cpp | 20 | ||||
-rw-r--r-- | src/mongo/db/auth/user_management_commands_parser.cpp | 4 | ||||
-rw-r--r-- | src/mongo/db/commands/user_management_commands.cpp | 10 | ||||
-rw-r--r-- | src/mongo/db/initialize_server_global_state.cpp | 2 | ||||
-rw-r--r-- | src/mongo/db/introspect.cpp | 2 |
13 files changed, 32 insertions, 32 deletions
diff --git a/src/mongo/db/auth/auth_index_d.cpp b/src/mongo/db/auth/auth_index_d.cpp index 2e2490f746f..eb1e8bdbfe4 100644 --- a/src/mongo/db/auth/auth_index_d.cpp +++ b/src/mongo/db/auth/auth_index_d.cpp @@ -55,13 +55,13 @@ namespace { v1SystemUsersKeyPattern = BSON(AuthorizationManager::V1_USER_NAME_FIELD_NAME << 1 << AuthorizationManager::V1_USER_SOURCE_FIELD_NAME << 1); v2SystemUsersKeyPattern = BSON(AuthorizationManager::USER_NAME_FIELD_NAME << 1 << - AuthorizationManager::USER_SOURCE_FIELD_NAME << 1); + AuthorizationManager::USER_DB_FIELD_NAME << 1); v2SystemRolesKeyPattern = BSON(AuthorizationManager::ROLE_NAME_FIELD_NAME << 1 << AuthorizationManager::ROLE_SOURCE_FIELD_NAME << 1); v2SystemUsersIndexName = std::string( str::stream() << AuthorizationManager::USER_NAME_FIELD_NAME << "_1_" << - AuthorizationManager::USER_SOURCE_FIELD_NAME << "_1"); + AuthorizationManager::USER_DB_FIELD_NAME << "_1"); v2SystemRolesIndexName = std::string( str::stream() << AuthorizationManager::ROLE_NAME_FIELD_NAME << "_1_" << diff --git a/src/mongo/db/auth/authorization_manager.cpp b/src/mongo/db/auth/authorization_manager.cpp index 032425a4135..e570489cd9e 100644 --- a/src/mongo/db/auth/authorization_manager.cpp +++ b/src/mongo/db/auth/authorization_manager.cpp @@ -76,7 +76,7 @@ namespace mongo { } const std::string AuthorizationManager::USER_NAME_FIELD_NAME = "user"; - const std::string AuthorizationManager::USER_SOURCE_FIELD_NAME = "db"; + const std::string AuthorizationManager::USER_DB_FIELD_NAME = "db"; const std::string AuthorizationManager::ROLE_NAME_FIELD_NAME = "role"; const std::string AuthorizationManager::ROLE_SOURCE_FIELD_NAME = "db"; const std::string AuthorizationManager::PASSWORD_FIELD_NAME = "pwd"; @@ -863,7 +863,7 @@ namespace mongo { const UserName& name = user.getName(); builder.append(AuthorizationManager::USER_NAME_FIELD_NAME, name.getUser()); - builder.append(AuthorizationManager::USER_SOURCE_FIELD_NAME, name.getDB()); + builder.append(AuthorizationManager::USER_DB_FIELD_NAME, name.getDB()); const User::CredentialData& credentials = user.getCredentials(); if (!credentials.isExternal) { @@ -878,7 +878,7 @@ namespace mongo { const RoleName& role = roles.next(); BSONObjBuilder roleBuilder(rolesArray.subobjStart()); roleBuilder.append(AuthorizationManager::USER_NAME_FIELD_NAME, role.getRole()); - roleBuilder.append(AuthorizationManager::USER_SOURCE_FIELD_NAME, role.getDB()); + roleBuilder.append(AuthorizationManager::USER_DB_FIELD_NAME, role.getDB()); roleBuilder.doneFast(); } rolesArray.doneFast(); @@ -971,7 +971,7 @@ namespace mongo { return status; status = _externalState->createIndex( newusersCollectionNamespace, - BSON(USER_NAME_FIELD_NAME << 1 << USER_SOURCE_FIELD_NAME << 1), + BSON(USER_NAME_FIELD_NAME << 1 << USER_DB_FIELD_NAME << 1), true, // unique writeConcern ); diff --git a/src/mongo/db/auth/authorization_manager.h b/src/mongo/db/auth/authorization_manager.h index 6cc0ae093a4..c1621d8390e 100644 --- a/src/mongo/db/auth/authorization_manager.h +++ b/src/mongo/db/auth/authorization_manager.h @@ -75,7 +75,7 @@ namespace mongo { ~AuthorizationManager(); static const std::string USER_NAME_FIELD_NAME; - static const std::string USER_SOURCE_FIELD_NAME; + static const std::string USER_DB_FIELD_NAME; static const std::string ROLE_NAME_FIELD_NAME; static const std::string ROLE_SOURCE_FIELD_NAME; static const std::string PASSWORD_FIELD_NAME; diff --git a/src/mongo/db/auth/authz_manager_external_state.cpp b/src/mongo/db/auth/authz_manager_external_state.cpp index 10ab4a32360..abc118b2212 100644 --- a/src/mongo/db/auth/authz_manager_external_state.cpp +++ b/src/mongo/db/auth/authz_manager_external_state.cpp @@ -102,7 +102,7 @@ namespace mongo { } if (status.code() == ErrorCodes::DuplicateKey) { std::string name = userObj[AuthorizationManager::USER_NAME_FIELD_NAME].String(); - std::string source = userObj[AuthorizationManager::USER_SOURCE_FIELD_NAME].String(); + std::string source = userObj[AuthorizationManager::USER_DB_FIELD_NAME].String(); return Status(ErrorCodes::DuplicateKey, mongoutils::str::stream() << "User \"" << name << "@" << source << "\" already exists"); @@ -118,7 +118,7 @@ namespace mongo { Status status = updateOne( NamespaceString("admin.system.users"), BSON(AuthorizationManager::USER_NAME_FIELD_NAME << user.getUser() << - AuthorizationManager::USER_SOURCE_FIELD_NAME << user.getDB()), + AuthorizationManager::USER_DB_FIELD_NAME << user.getDB()), updateObj, false, writeConcern); diff --git a/src/mongo/db/auth/authz_manager_external_state_d.cpp b/src/mongo/db/auth/authz_manager_external_state_d.cpp index 99c61c95fb4..a11b52eb6b3 100644 --- a/src/mongo/db/auth/authz_manager_external_state_d.cpp +++ b/src/mongo/db/auth/authz_manager_external_state_d.cpp @@ -146,7 +146,7 @@ namespace { Status status = _findUser( "admin.system.users", BSON(AuthorizationManager::USER_NAME_FIELD_NAME << userName.getUser() << - AuthorizationManager::USER_SOURCE_FIELD_NAME << userName.getDB()), + AuthorizationManager::USER_DB_FIELD_NAME << userName.getDB()), &userDoc); if (!status.isOK()) return status; diff --git a/src/mongo/db/auth/authz_manager_external_state_mock.cpp b/src/mongo/db/auth/authz_manager_external_state_mock.cpp index 8002baa577e..d0e6ee99bd3 100644 --- a/src/mongo/db/auth/authz_manager_external_state_mock.cpp +++ b/src/mongo/db/auth/authz_manager_external_state_mock.cpp @@ -99,7 +99,7 @@ namespace { Status status = _findUser( "admin.system.users", BSON(AuthorizationManager::USER_NAME_FIELD_NAME << userName.getUser() << - AuthorizationManager::USER_SOURCE_FIELD_NAME << userName.getDB()), + AuthorizationManager::USER_DB_FIELD_NAME << userName.getDB()), &privDoc); if (!status.isOK()) return status; diff --git a/src/mongo/db/auth/authz_manager_external_state_s.cpp b/src/mongo/db/auth/authz_manager_external_state_s.cpp index 6a21fc9ef93..2af8e2d74b4 100644 --- a/src/mongo/db/auth/authz_manager_external_state_s.cpp +++ b/src/mongo/db/auth/authz_manager_external_state_s.cpp @@ -120,7 +120,7 @@ namespace { BSON("usersInfo" << BSON_ARRAY(BSON(AuthorizationManager::USER_NAME_FIELD_NAME << userName.getUser() << - AuthorizationManager::USER_SOURCE_FIELD_NAME << + AuthorizationManager::USER_DB_FIELD_NAME << userName.getDB())) << "showPrivileges" << true << "showCredentials" << true), diff --git a/src/mongo/db/auth/security_key.cpp b/src/mongo/db/auth/security_key.cpp index 7227c025511..3ebf9a59044 100644 --- a/src/mongo/db/auth/security_key.cpp +++ b/src/mongo/db/auth/security_key.cpp @@ -145,7 +145,7 @@ namespace mongo { serverGlobalParams.clusterAuthMode == "sendKeyFile") { setInternalUserAuthParams( BSON(saslCommandMechanismFieldName << "MONGODB-CR" << - saslCommandUserSourceFieldName << + saslCommandUserDBFieldName << internalSecurity.user->getName().getDB() << saslCommandUserFieldName << internalSecurity.user->getName().getUser() << saslCommandPasswordFieldName << credentials.password << diff --git a/src/mongo/db/auth/user_document_parser.cpp b/src/mongo/db/auth/user_document_parser.cpp index ce3b66543af..088d226eec6 100644 --- a/src/mongo/db/auth/user_document_parser.cpp +++ b/src/mongo/db/auth/user_document_parser.cpp @@ -226,7 +226,7 @@ namespace { Status V2UserDocumentParser::checkValidUserDocument(const BSONObj& doc) const { BSONElement userElement = doc[AuthorizationManager::USER_NAME_FIELD_NAME]; - BSONElement userSourceElement = doc[AuthorizationManager::USER_SOURCE_FIELD_NAME]; + BSONElement userDBElement = doc[AuthorizationManager::USER_DB_FIELD_NAME]; BSONElement credentialsElement = doc[CREDENTIALS_FIELD_NAME]; BSONElement rolesElement = doc[ROLES_FIELD_NAME]; @@ -236,14 +236,14 @@ namespace { if (makeStringDataFromBSONElement(userElement).empty()) return _badValue("User document needs 'user' field to be non-empty", 0); - // Validate the "userSource" element - if (userSourceElement.type() != String || - makeStringDataFromBSONElement(userSourceElement).empty()) { + // Validate the "db" element + if (userDBElement.type() != String || + makeStringDataFromBSONElement(userDBElement).empty()) { return _badValue("User document needs 'db' field to be a non-empty string", 0); } - StringData userSourceStr = makeStringDataFromBSONElement(userSourceElement); - if (!NamespaceString::validDBName(userSourceStr) && userSourceStr != "$external") { - return _badValue(mongoutils::str::stream() << "'" << userSourceStr << + StringData userDBStr = makeStringDataFromBSONElement(userDBElement); + if (!NamespaceString::validDBName(userDBStr) && userDBStr != "$external") { + return _badValue(mongoutils::str::stream() << "'" << userDBStr << "' is not a valid value for the db field.", 0); } @@ -262,7 +262,7 @@ namespace { return _badValue("User document needs 'credentials' field to be a non-empty object", 0); } - if (userSourceStr == "$external") { + if (userDBStr == "$external") { BSONElement externalElement = credentialsObj[MONGODB_EXTERNAL_CREDENTIAL_FIELD_NAME]; if (externalElement.eoo() || externalElement.type() != Bool || !externalElement.Bool()) { @@ -298,14 +298,14 @@ namespace { Status V2UserDocumentParser::initializeUserCredentialsFromUserDocument( User* user, const BSONObj& privDoc) const { User::CredentialData credentials; - std::string userSource = privDoc[AuthorizationManager::USER_SOURCE_FIELD_NAME].String(); + std::string userDB = privDoc[AuthorizationManager::USER_DB_FIELD_NAME].String(); BSONElement credentialsElement = privDoc[CREDENTIALS_FIELD_NAME]; if (!credentialsElement.eoo()) { if (credentialsElement.type() != Object) { return Status(ErrorCodes::UnsupportedFormat, "'credentials' field in user documents must be an object"); } - if (userSource == "$external") { + if (userDB == "$external") { BSONElement externalCredentialElement = credentialsElement.Obj()[MONGODB_EXTERNAL_CREDENTIAL_FIELD_NAME]; if (!externalCredentialElement.eoo()) { diff --git a/src/mongo/db/auth/user_management_commands_parser.cpp b/src/mongo/db/auth/user_management_commands_parser.cpp index cc2615ad13b..6e406055f06 100644 --- a/src/mongo/db/auth/user_management_commands_parser.cpp +++ b/src/mongo/db/auth/user_management_commands_parser.cpp @@ -143,7 +143,7 @@ namespace auth { return _parseNamesFromBSONArray(usersArray, dbname, AuthorizationManager::USER_NAME_FIELD_NAME, - AuthorizationManager::USER_SOURCE_FIELD_NAME, + AuthorizationManager::USER_DB_FIELD_NAME, parsedUserNames); } @@ -371,7 +371,7 @@ namespace auth { status = _parseNameFromBSONElement(cmdObj["usersInfo"], dbname, AuthorizationManager::USER_NAME_FIELD_NAME, - AuthorizationManager::USER_SOURCE_FIELD_NAME, + AuthorizationManager::USER_DB_FIELD_NAME, &name); if (!status.isOK()) { return status; diff --git a/src/mongo/db/commands/user_management_commands.cpp b/src/mongo/db/commands/user_management_commands.cpp index f88123449d5..2a6f78c918b 100644 --- a/src/mongo/db/commands/user_management_commands.cpp +++ b/src/mongo/db/commands/user_management_commands.cpp @@ -358,7 +358,7 @@ namespace mongo { args.userName.getUser()); userObjBuilder.append(AuthorizationManager::USER_NAME_FIELD_NAME, args.userName.getUser()); - userObjBuilder.append(AuthorizationManager::USER_SOURCE_FIELD_NAME, + userObjBuilder.append(AuthorizationManager::USER_DB_FIELD_NAME, args.userName.getDB()); if (args.hasHashedPassword) { userObjBuilder.append("credentials", BSON("MONGODB-CR" << args.hashedPassword)); @@ -663,7 +663,7 @@ namespace mongo { status = authzManager->removePrivilegeDocuments( BSON(AuthorizationManager::USER_NAME_FIELD_NAME << userName.getUser() << - AuthorizationManager::USER_SOURCE_FIELD_NAME << userName.getDB()), + AuthorizationManager::USER_DB_FIELD_NAME << userName.getDB()), writeConcern, &numUpdated); // Must invalidate even on bad status - what if the write succeeded but the GLE failed? @@ -754,7 +754,7 @@ namespace mongo { audit::logDropAllUsersFromDatabase(ClientBasic::getCurrent(), dbname); status = authzManager->removePrivilegeDocuments( - BSON(AuthorizationManager::USER_SOURCE_FIELD_NAME << dbname), + BSON(AuthorizationManager::USER_DB_FIELD_NAME << dbname), writeConcern, &numRemoved); // Must invalidate even on bad status - what if the write succeeded but the GLE failed? @@ -1114,13 +1114,13 @@ namespace mongo { // If you don't need privileges, you can just do a regular query on system.users BSONObjBuilder queryBuilder; if (args.allForDB) { - queryBuilder.append(AuthorizationManager::USER_SOURCE_FIELD_NAME, dbname); + queryBuilder.append(AuthorizationManager::USER_DB_FIELD_NAME, dbname); } else { BSONArrayBuilder usersMatchArray; for (size_t i = 0; i < args.userNames.size(); ++i) { usersMatchArray.append(BSON(AuthorizationManager::USER_NAME_FIELD_NAME << args.userNames[i].getUser() << - AuthorizationManager::USER_SOURCE_FIELD_NAME << + AuthorizationManager::USER_DB_FIELD_NAME << args.userNames[i].getDB())); } queryBuilder.append("$or", usersMatchArray.arr()); diff --git a/src/mongo/db/initialize_server_global_state.cpp b/src/mongo/db/initialize_server_global_state.cpp index d9324cd3ae5..3e40a4da25c 100644 --- a/src/mongo/db/initialize_server_global_state.cpp +++ b/src/mongo/db/initialize_server_global_state.cpp @@ -337,7 +337,7 @@ namespace mongo { if (serverGlobalParams.clusterAuthMode == "x509" || serverGlobalParams.clusterAuthMode == "sendX509") { setInternalUserAuthParams(BSON(saslCommandMechanismFieldName << "MONGODB-X509" << - saslCommandUserSourceFieldName << "$external" << + saslCommandUserDBFieldName << "$external" << saslCommandUserFieldName << getSSLManager()->getClientSubjectName())); } diff --git a/src/mongo/db/introspect.cpp b/src/mongo/db/introspect.cpp index 4642e9655d1..09d1ca58a80 100644 --- a/src/mongo/db/introspect.cpp +++ b/src/mongo/db/introspect.cpp @@ -64,7 +64,7 @@ namespace { for ( ; nameIter.more(); nameIter.next()) { BSONObjBuilder nextUser(allUsers.subobjStart()); nextUser.append(AuthorizationManager::USER_NAME_FIELD_NAME, nameIter->getUser()); - nextUser.append(AuthorizationManager::USER_SOURCE_FIELD_NAME, nameIter->getDB()); + nextUser.append(AuthorizationManager::USER_DB_FIELD_NAME, nameIter->getDB()); nextUser.doneFast(); if (nameIter->getDB() == opdb) { |