diff options
author | Spencer T Brody <spencer@10gen.com> | 2013-09-24 13:49:39 -0400 |
---|---|---|
committer | Spencer T Brody <spencer@10gen.com> | 2013-09-24 14:29:54 -0400 |
commit | ff60a1debd72cda29197871d1c19f536fb434eac (patch) | |
tree | cac5f7a633e2a63b14e3ec000a228e12d4b5cdc3 /src | |
parent | 52cf8ca8e15295690a21d9442cbd7d066651fc62 (diff) | |
download | mongo-ff60a1debd72cda29197871d1c19f536fb434eac.tar.gz |
SERVER-6246 SERVER-9518 Invalidate users even if update returned bad Status
Diffstat (limited to 'src')
-rw-r--r-- | src/mongo/db/commands/user_management_commands.cpp | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/src/mongo/db/commands/user_management_commands.cpp b/src/mongo/db/commands/user_management_commands.cpp index bb6a52a9727..dd809623ab3 100644 --- a/src/mongo/db/commands/user_management_commands.cpp +++ b/src/mongo/db/commands/user_management_commands.cpp @@ -234,12 +234,13 @@ namespace mongo { } status = authzManager->updatePrivilegeDocument(userName, updateObj, writeConcern); + // Must invalidate even on bad status - what if the write succeeded but the GLE failed? + authzManager->invalidateUserByName(userName); if (!status.isOK()) { addStatus(status, result); return false; } - authzManager->invalidateUserByName(userName); return true; } @@ -313,6 +314,8 @@ namespace mongo { AuthorizationManager::USER_SOURCE_FIELD_NAME << dbname), writeConcern, &numUpdated); + // Must invalidate even on bad status - what if the write succeeded but the GLE failed? + authzManager->invalidateUserByName(UserName(user, dbname)); if (!status.isOK()) { addStatus(status, result); return false; @@ -326,7 +329,6 @@ namespace mongo { return false; } - authzManager->invalidateUserByName(UserName(user, dbname)); return true; } @@ -388,14 +390,14 @@ namespace mongo { BSON(AuthorizationManager::USER_SOURCE_FIELD_NAME << dbname), writeConcern, &numRemoved); + // Must invalidate even on bad status - what if the write succeeded but the GLE failed? + authzManager->invalidateUsersFromDB(dbname); if (!status.isOK()) { addStatus(status, result); return false; } result.append("n", numRemoved); - - authzManager->invalidateUsersFromDB(dbname); return true; } @@ -479,12 +481,13 @@ namespace mongo { BSONArray newRolesBSONArray = rolesToBSONArray(userRoles); status = authzManager->updatePrivilegeDocument( userName, BSON("$set" << BSON("roles" << newRolesBSONArray)), writeConcern); + // Must invalidate even on bad status - what if the write succeeded but the GLE failed? + authzManager->invalidateUserByName(userName); if (!status.isOK()) { addStatus(status, result); return false; } - authzManager->invalidateUserByName(userName); return true; } @@ -576,12 +579,13 @@ namespace mongo { BSONArray newRolesBSONArray = rolesToBSONArray(userRoles); status = authzManager->updatePrivilegeDocument( userName, BSON("$set" << BSON("roles" << newRolesBSONArray)), writeConcern); + // Must invalidate even on bad status - what if the write succeeded but the GLE failed? + authzManager->invalidateUserByName(userName); if (!status.isOK()) { addStatus(status, result); return false; } - authzManager->invalidateUserByName(userName); return true; } @@ -665,12 +669,13 @@ namespace mongo { BSONArray newRolesBSONArray = rolesToBSONArray(userRoles); status = authzManager->updatePrivilegeDocument( userName, BSON("$set" << BSON("roles" << newRolesBSONArray)), writeConcern); + // Must invalidate even on bad status - what if the write succeeded but the GLE failed? + authzManager->invalidateUserByName(userName); if (!status.isOK()) { addStatus(status, result); return false; } - authzManager->invalidateUserByName(userName); return true; } @@ -762,12 +767,13 @@ namespace mongo { BSONArray newRolesBSONArray = rolesToBSONArray(userRoles); status = authzManager->updatePrivilegeDocument( userName, BSON("$set" << BSON("roles" << newRolesBSONArray)), writeConcern); + // Must invalidate even on bad status - what if the write succeeded but the GLE failed? + authzManager->invalidateUserByName(userName); if (!status.isOK()) { addStatus(status, result); return false; } - authzManager->invalidateUserByName(userName); return true; } |