summaryrefslogtreecommitdiff
path: root/src/mongo/db
diff options
context:
space:
mode:
authormatt dannenberg <matt.dannenberg@10gen.com>2013-10-29 10:49:28 -0400
committermatt dannenberg <matt.dannenberg@10gen.com>2013-10-30 17:02:41 -0400
commit98fcff0c91c39794d37a08a86c37334406af2873 (patch)
tree20955b40c720908f989e5447570a4ac2ef7fb9b4 /src/mongo/db
parentc63749eda51417e26bee88654845c689701bd919 (diff)
downloadmongo-98fcff0c91c39794d37a08a86c37334406af2873.tar.gz
SERVER-11426 change C++ drive to accept both userSource and db as the DB to authenticate against in the auth helper
Diffstat (limited to 'src/mongo/db')
-rw-r--r--src/mongo/db/auth/auth_index_d.cpp4
-rw-r--r--src/mongo/db/auth/authorization_manager.cpp8
-rw-r--r--src/mongo/db/auth/authorization_manager.h2
-rw-r--r--src/mongo/db/auth/authz_manager_external_state.cpp4
-rw-r--r--src/mongo/db/auth/authz_manager_external_state_d.cpp2
-rw-r--r--src/mongo/db/auth/authz_manager_external_state_mock.cpp2
-rw-r--r--src/mongo/db/auth/authz_manager_external_state_s.cpp2
-rw-r--r--src/mongo/db/auth/security_key.cpp2
-rw-r--r--src/mongo/db/auth/user_document_parser.cpp20
-rw-r--r--src/mongo/db/auth/user_management_commands_parser.cpp4
-rw-r--r--src/mongo/db/commands/user_management_commands.cpp10
-rw-r--r--src/mongo/db/initialize_server_global_state.cpp2
-rw-r--r--src/mongo/db/introspect.cpp2
13 files changed, 32 insertions, 32 deletions
diff --git a/src/mongo/db/auth/auth_index_d.cpp b/src/mongo/db/auth/auth_index_d.cpp
index 2e2490f746f..eb1e8bdbfe4 100644
--- a/src/mongo/db/auth/auth_index_d.cpp
+++ b/src/mongo/db/auth/auth_index_d.cpp
@@ -55,13 +55,13 @@ namespace {
v1SystemUsersKeyPattern = BSON(AuthorizationManager::V1_USER_NAME_FIELD_NAME << 1 <<
AuthorizationManager::V1_USER_SOURCE_FIELD_NAME << 1);
v2SystemUsersKeyPattern = BSON(AuthorizationManager::USER_NAME_FIELD_NAME << 1 <<
- AuthorizationManager::USER_SOURCE_FIELD_NAME << 1);
+ AuthorizationManager::USER_DB_FIELD_NAME << 1);
v2SystemRolesKeyPattern = BSON(AuthorizationManager::ROLE_NAME_FIELD_NAME << 1 <<
AuthorizationManager::ROLE_SOURCE_FIELD_NAME << 1);
v2SystemUsersIndexName = std::string(
str::stream() <<
AuthorizationManager::USER_NAME_FIELD_NAME << "_1_" <<
- AuthorizationManager::USER_SOURCE_FIELD_NAME << "_1");
+ AuthorizationManager::USER_DB_FIELD_NAME << "_1");
v2SystemRolesIndexName = std::string(
str::stream() <<
AuthorizationManager::ROLE_NAME_FIELD_NAME << "_1_" <<
diff --git a/src/mongo/db/auth/authorization_manager.cpp b/src/mongo/db/auth/authorization_manager.cpp
index 032425a4135..e570489cd9e 100644
--- a/src/mongo/db/auth/authorization_manager.cpp
+++ b/src/mongo/db/auth/authorization_manager.cpp
@@ -76,7 +76,7 @@ namespace mongo {
}
const std::string AuthorizationManager::USER_NAME_FIELD_NAME = "user";
- const std::string AuthorizationManager::USER_SOURCE_FIELD_NAME = "db";
+ const std::string AuthorizationManager::USER_DB_FIELD_NAME = "db";
const std::string AuthorizationManager::ROLE_NAME_FIELD_NAME = "role";
const std::string AuthorizationManager::ROLE_SOURCE_FIELD_NAME = "db";
const std::string AuthorizationManager::PASSWORD_FIELD_NAME = "pwd";
@@ -863,7 +863,7 @@ namespace mongo {
const UserName& name = user.getName();
builder.append(AuthorizationManager::USER_NAME_FIELD_NAME, name.getUser());
- builder.append(AuthorizationManager::USER_SOURCE_FIELD_NAME, name.getDB());
+ builder.append(AuthorizationManager::USER_DB_FIELD_NAME, name.getDB());
const User::CredentialData& credentials = user.getCredentials();
if (!credentials.isExternal) {
@@ -878,7 +878,7 @@ namespace mongo {
const RoleName& role = roles.next();
BSONObjBuilder roleBuilder(rolesArray.subobjStart());
roleBuilder.append(AuthorizationManager::USER_NAME_FIELD_NAME, role.getRole());
- roleBuilder.append(AuthorizationManager::USER_SOURCE_FIELD_NAME, role.getDB());
+ roleBuilder.append(AuthorizationManager::USER_DB_FIELD_NAME, role.getDB());
roleBuilder.doneFast();
}
rolesArray.doneFast();
@@ -971,7 +971,7 @@ namespace mongo {
return status;
status = _externalState->createIndex(
newusersCollectionNamespace,
- BSON(USER_NAME_FIELD_NAME << 1 << USER_SOURCE_FIELD_NAME << 1),
+ BSON(USER_NAME_FIELD_NAME << 1 << USER_DB_FIELD_NAME << 1),
true, // unique
writeConcern
);
diff --git a/src/mongo/db/auth/authorization_manager.h b/src/mongo/db/auth/authorization_manager.h
index 6cc0ae093a4..c1621d8390e 100644
--- a/src/mongo/db/auth/authorization_manager.h
+++ b/src/mongo/db/auth/authorization_manager.h
@@ -75,7 +75,7 @@ namespace mongo {
~AuthorizationManager();
static const std::string USER_NAME_FIELD_NAME;
- static const std::string USER_SOURCE_FIELD_NAME;
+ static const std::string USER_DB_FIELD_NAME;
static const std::string ROLE_NAME_FIELD_NAME;
static const std::string ROLE_SOURCE_FIELD_NAME;
static const std::string PASSWORD_FIELD_NAME;
diff --git a/src/mongo/db/auth/authz_manager_external_state.cpp b/src/mongo/db/auth/authz_manager_external_state.cpp
index 10ab4a32360..abc118b2212 100644
--- a/src/mongo/db/auth/authz_manager_external_state.cpp
+++ b/src/mongo/db/auth/authz_manager_external_state.cpp
@@ -102,7 +102,7 @@ namespace mongo {
}
if (status.code() == ErrorCodes::DuplicateKey) {
std::string name = userObj[AuthorizationManager::USER_NAME_FIELD_NAME].String();
- std::string source = userObj[AuthorizationManager::USER_SOURCE_FIELD_NAME].String();
+ std::string source = userObj[AuthorizationManager::USER_DB_FIELD_NAME].String();
return Status(ErrorCodes::DuplicateKey,
mongoutils::str::stream() << "User \"" << name << "@" << source <<
"\" already exists");
@@ -118,7 +118,7 @@ namespace mongo {
Status status = updateOne(
NamespaceString("admin.system.users"),
BSON(AuthorizationManager::USER_NAME_FIELD_NAME << user.getUser() <<
- AuthorizationManager::USER_SOURCE_FIELD_NAME << user.getDB()),
+ AuthorizationManager::USER_DB_FIELD_NAME << user.getDB()),
updateObj,
false,
writeConcern);
diff --git a/src/mongo/db/auth/authz_manager_external_state_d.cpp b/src/mongo/db/auth/authz_manager_external_state_d.cpp
index 99c61c95fb4..a11b52eb6b3 100644
--- a/src/mongo/db/auth/authz_manager_external_state_d.cpp
+++ b/src/mongo/db/auth/authz_manager_external_state_d.cpp
@@ -146,7 +146,7 @@ namespace {
Status status = _findUser(
"admin.system.users",
BSON(AuthorizationManager::USER_NAME_FIELD_NAME << userName.getUser() <<
- AuthorizationManager::USER_SOURCE_FIELD_NAME << userName.getDB()),
+ AuthorizationManager::USER_DB_FIELD_NAME << userName.getDB()),
&userDoc);
if (!status.isOK())
return status;
diff --git a/src/mongo/db/auth/authz_manager_external_state_mock.cpp b/src/mongo/db/auth/authz_manager_external_state_mock.cpp
index 8002baa577e..d0e6ee99bd3 100644
--- a/src/mongo/db/auth/authz_manager_external_state_mock.cpp
+++ b/src/mongo/db/auth/authz_manager_external_state_mock.cpp
@@ -99,7 +99,7 @@ namespace {
Status status = _findUser(
"admin.system.users",
BSON(AuthorizationManager::USER_NAME_FIELD_NAME << userName.getUser() <<
- AuthorizationManager::USER_SOURCE_FIELD_NAME << userName.getDB()),
+ AuthorizationManager::USER_DB_FIELD_NAME << userName.getDB()),
&privDoc);
if (!status.isOK())
return status;
diff --git a/src/mongo/db/auth/authz_manager_external_state_s.cpp b/src/mongo/db/auth/authz_manager_external_state_s.cpp
index 6a21fc9ef93..2af8e2d74b4 100644
--- a/src/mongo/db/auth/authz_manager_external_state_s.cpp
+++ b/src/mongo/db/auth/authz_manager_external_state_s.cpp
@@ -120,7 +120,7 @@ namespace {
BSON("usersInfo" <<
BSON_ARRAY(BSON(AuthorizationManager::USER_NAME_FIELD_NAME <<
userName.getUser() <<
- AuthorizationManager::USER_SOURCE_FIELD_NAME <<
+ AuthorizationManager::USER_DB_FIELD_NAME <<
userName.getDB())) <<
"showPrivileges" << true <<
"showCredentials" << true),
diff --git a/src/mongo/db/auth/security_key.cpp b/src/mongo/db/auth/security_key.cpp
index 7227c025511..3ebf9a59044 100644
--- a/src/mongo/db/auth/security_key.cpp
+++ b/src/mongo/db/auth/security_key.cpp
@@ -145,7 +145,7 @@ namespace mongo {
serverGlobalParams.clusterAuthMode == "sendKeyFile") {
setInternalUserAuthParams(
BSON(saslCommandMechanismFieldName << "MONGODB-CR" <<
- saslCommandUserSourceFieldName <<
+ saslCommandUserDBFieldName <<
internalSecurity.user->getName().getDB() <<
saslCommandUserFieldName << internalSecurity.user->getName().getUser() <<
saslCommandPasswordFieldName << credentials.password <<
diff --git a/src/mongo/db/auth/user_document_parser.cpp b/src/mongo/db/auth/user_document_parser.cpp
index ce3b66543af..088d226eec6 100644
--- a/src/mongo/db/auth/user_document_parser.cpp
+++ b/src/mongo/db/auth/user_document_parser.cpp
@@ -226,7 +226,7 @@ namespace {
Status V2UserDocumentParser::checkValidUserDocument(const BSONObj& doc) const {
BSONElement userElement = doc[AuthorizationManager::USER_NAME_FIELD_NAME];
- BSONElement userSourceElement = doc[AuthorizationManager::USER_SOURCE_FIELD_NAME];
+ BSONElement userDBElement = doc[AuthorizationManager::USER_DB_FIELD_NAME];
BSONElement credentialsElement = doc[CREDENTIALS_FIELD_NAME];
BSONElement rolesElement = doc[ROLES_FIELD_NAME];
@@ -236,14 +236,14 @@ namespace {
if (makeStringDataFromBSONElement(userElement).empty())
return _badValue("User document needs 'user' field to be non-empty", 0);
- // Validate the "userSource" element
- if (userSourceElement.type() != String ||
- makeStringDataFromBSONElement(userSourceElement).empty()) {
+ // Validate the "db" element
+ if (userDBElement.type() != String ||
+ makeStringDataFromBSONElement(userDBElement).empty()) {
return _badValue("User document needs 'db' field to be a non-empty string", 0);
}
- StringData userSourceStr = makeStringDataFromBSONElement(userSourceElement);
- if (!NamespaceString::validDBName(userSourceStr) && userSourceStr != "$external") {
- return _badValue(mongoutils::str::stream() << "'" << userSourceStr <<
+ StringData userDBStr = makeStringDataFromBSONElement(userDBElement);
+ if (!NamespaceString::validDBName(userDBStr) && userDBStr != "$external") {
+ return _badValue(mongoutils::str::stream() << "'" << userDBStr <<
"' is not a valid value for the db field.",
0);
}
@@ -262,7 +262,7 @@ namespace {
return _badValue("User document needs 'credentials' field to be a non-empty object",
0);
}
- if (userSourceStr == "$external") {
+ if (userDBStr == "$external") {
BSONElement externalElement = credentialsObj[MONGODB_EXTERNAL_CREDENTIAL_FIELD_NAME];
if (externalElement.eoo() || externalElement.type() != Bool ||
!externalElement.Bool()) {
@@ -298,14 +298,14 @@ namespace {
Status V2UserDocumentParser::initializeUserCredentialsFromUserDocument(
User* user, const BSONObj& privDoc) const {
User::CredentialData credentials;
- std::string userSource = privDoc[AuthorizationManager::USER_SOURCE_FIELD_NAME].String();
+ std::string userDB = privDoc[AuthorizationManager::USER_DB_FIELD_NAME].String();
BSONElement credentialsElement = privDoc[CREDENTIALS_FIELD_NAME];
if (!credentialsElement.eoo()) {
if (credentialsElement.type() != Object) {
return Status(ErrorCodes::UnsupportedFormat,
"'credentials' field in user documents must be an object");
}
- if (userSource == "$external") {
+ if (userDB == "$external") {
BSONElement externalCredentialElement =
credentialsElement.Obj()[MONGODB_EXTERNAL_CREDENTIAL_FIELD_NAME];
if (!externalCredentialElement.eoo()) {
diff --git a/src/mongo/db/auth/user_management_commands_parser.cpp b/src/mongo/db/auth/user_management_commands_parser.cpp
index cc2615ad13b..6e406055f06 100644
--- a/src/mongo/db/auth/user_management_commands_parser.cpp
+++ b/src/mongo/db/auth/user_management_commands_parser.cpp
@@ -143,7 +143,7 @@ namespace auth {
return _parseNamesFromBSONArray(usersArray,
dbname,
AuthorizationManager::USER_NAME_FIELD_NAME,
- AuthorizationManager::USER_SOURCE_FIELD_NAME,
+ AuthorizationManager::USER_DB_FIELD_NAME,
parsedUserNames);
}
@@ -371,7 +371,7 @@ namespace auth {
status = _parseNameFromBSONElement(cmdObj["usersInfo"],
dbname,
AuthorizationManager::USER_NAME_FIELD_NAME,
- AuthorizationManager::USER_SOURCE_FIELD_NAME,
+ AuthorizationManager::USER_DB_FIELD_NAME,
&name);
if (!status.isOK()) {
return status;
diff --git a/src/mongo/db/commands/user_management_commands.cpp b/src/mongo/db/commands/user_management_commands.cpp
index f88123449d5..2a6f78c918b 100644
--- a/src/mongo/db/commands/user_management_commands.cpp
+++ b/src/mongo/db/commands/user_management_commands.cpp
@@ -358,7 +358,7 @@ namespace mongo {
args.userName.getUser());
userObjBuilder.append(AuthorizationManager::USER_NAME_FIELD_NAME,
args.userName.getUser());
- userObjBuilder.append(AuthorizationManager::USER_SOURCE_FIELD_NAME,
+ userObjBuilder.append(AuthorizationManager::USER_DB_FIELD_NAME,
args.userName.getDB());
if (args.hasHashedPassword) {
userObjBuilder.append("credentials", BSON("MONGODB-CR" << args.hashedPassword));
@@ -663,7 +663,7 @@ namespace mongo {
status = authzManager->removePrivilegeDocuments(
BSON(AuthorizationManager::USER_NAME_FIELD_NAME << userName.getUser() <<
- AuthorizationManager::USER_SOURCE_FIELD_NAME << userName.getDB()),
+ AuthorizationManager::USER_DB_FIELD_NAME << userName.getDB()),
writeConcern,
&numUpdated);
// Must invalidate even on bad status - what if the write succeeded but the GLE failed?
@@ -754,7 +754,7 @@ namespace mongo {
audit::logDropAllUsersFromDatabase(ClientBasic::getCurrent(), dbname);
status = authzManager->removePrivilegeDocuments(
- BSON(AuthorizationManager::USER_SOURCE_FIELD_NAME << dbname),
+ BSON(AuthorizationManager::USER_DB_FIELD_NAME << dbname),
writeConcern,
&numRemoved);
// Must invalidate even on bad status - what if the write succeeded but the GLE failed?
@@ -1114,13 +1114,13 @@ namespace mongo {
// If you don't need privileges, you can just do a regular query on system.users
BSONObjBuilder queryBuilder;
if (args.allForDB) {
- queryBuilder.append(AuthorizationManager::USER_SOURCE_FIELD_NAME, dbname);
+ queryBuilder.append(AuthorizationManager::USER_DB_FIELD_NAME, dbname);
} else {
BSONArrayBuilder usersMatchArray;
for (size_t i = 0; i < args.userNames.size(); ++i) {
usersMatchArray.append(BSON(AuthorizationManager::USER_NAME_FIELD_NAME <<
args.userNames[i].getUser() <<
- AuthorizationManager::USER_SOURCE_FIELD_NAME <<
+ AuthorizationManager::USER_DB_FIELD_NAME <<
args.userNames[i].getDB()));
}
queryBuilder.append("$or", usersMatchArray.arr());
diff --git a/src/mongo/db/initialize_server_global_state.cpp b/src/mongo/db/initialize_server_global_state.cpp
index d9324cd3ae5..3e40a4da25c 100644
--- a/src/mongo/db/initialize_server_global_state.cpp
+++ b/src/mongo/db/initialize_server_global_state.cpp
@@ -337,7 +337,7 @@ namespace mongo {
if (serverGlobalParams.clusterAuthMode == "x509" ||
serverGlobalParams.clusterAuthMode == "sendX509") {
setInternalUserAuthParams(BSON(saslCommandMechanismFieldName << "MONGODB-X509" <<
- saslCommandUserSourceFieldName << "$external" <<
+ saslCommandUserDBFieldName << "$external" <<
saslCommandUserFieldName <<
getSSLManager()->getClientSubjectName()));
}
diff --git a/src/mongo/db/introspect.cpp b/src/mongo/db/introspect.cpp
index 4642e9655d1..09d1ca58a80 100644
--- a/src/mongo/db/introspect.cpp
+++ b/src/mongo/db/introspect.cpp
@@ -64,7 +64,7 @@ namespace {
for ( ; nameIter.more(); nameIter.next()) {
BSONObjBuilder nextUser(allUsers.subobjStart());
nextUser.append(AuthorizationManager::USER_NAME_FIELD_NAME, nameIter->getUser());
- nextUser.append(AuthorizationManager::USER_SOURCE_FIELD_NAME, nameIter->getDB());
+ nextUser.append(AuthorizationManager::USER_DB_FIELD_NAME, nameIter->getDB());
nextUser.doneFast();
if (nameIter->getDB() == opdb) {
View Lorry Controller Status