summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorSpencer Jackson <spencer.jackson@mongodb.com>2017-08-08 15:13:51 -0400
committerSpencer Jackson <spencer.jackson@mongodb.com>2017-08-11 15:19:33 -0400
commit718e9c68e0526e2db4fbfd0ecac31eae1b3a095a (patch)
treeeb077f4a2facde33afbd5eb65b33f027d32ad586 /src
parentba11e4172e8d5f9149a212a0b42da60873338527 (diff)
downloadmongo-718e9c68e0526e2db4fbfd0ecac31eae1b3a095a.tar.gz
SERVER-30566: Unwind SERVER-28190
Diffstat (limited to 'src')
-rw-r--r--src/mongo/db/auth/authorization_manager.cpp38
-rw-r--r--src/mongo/db/auth/authorization_manager.h50
-rw-r--r--src/mongo/db/auth/authorization_manager_test.cpp19
-rw-r--r--src/mongo/db/auth/authorization_session.cpp6
-rw-r--r--src/mongo/db/auth/authorization_session.h5
-rw-r--r--src/mongo/db/auth/sasl_plain_server_conversation.cpp11
-rw-r--r--src/mongo/db/auth/sasl_scramsha1_server_conversation.cpp6
-rw-r--r--src/mongo/db/auth/user.cpp20
-rw-r--r--src/mongo/db/auth/user.h18
-rw-r--r--src/mongo/db/auth/user_document_parser.cpp15
-rw-r--r--src/mongo/db/auth/user_document_parser.h2
-rw-r--r--src/mongo/db/auth/user_document_parser_test.cpp46
-rw-r--r--src/mongo/db/commands/authentication_commands.cpp3
-rw-r--r--src/mongo/db/commands/user_management_commands.cpp9
-rw-r--r--src/mongo/db/logical_session_id.idl12
-rw-r--r--src/mongo/db/logical_session_id_helpers.cpp11
-rw-r--r--src/mongo/db/sessions_collection.cpp2
17 files changed, 44 insertions, 229 deletions
diff --git a/src/mongo/db/auth/authorization_manager.cpp b/src/mongo/db/auth/authorization_manager.cpp
index 0cac76e7398..0e97504b782 100644
--- a/src/mongo/db/auth/authorization_manager.cpp
+++ b/src/mongo/db/auth/authorization_manager.cpp
@@ -108,7 +108,6 @@ MONGO_INITIALIZER_WITH_PREREQUISITES(SetupInternalSecurityUser, ("EndStartupOpti
}
const std::string AuthorizationManager::USER_NAME_FIELD_NAME = "user";
-const std::string AuthorizationManager::USER_ID_FIELD_NAME = "userId";
const std::string AuthorizationManager::USER_DB_FIELD_NAME = "db";
const std::string AuthorizationManager::ROLE_NAME_FIELD_NAME = "role";
const std::string AuthorizationManager::ROLE_DB_FIELD_NAME = "db";
@@ -411,7 +410,6 @@ Status AuthorizationManager::_initializeUserFromPrivilegeDocument(User* user,
const BSONObj& privDoc) {
V2UserDocumentParser parser;
std::string userName = parser.extractUserNameFromUserDocument(privDoc);
-
if (userName != user->getName().getUser()) {
return Status(ErrorCodes::BadValue,
mongoutils::str::stream() << "User name from privilege document \""
@@ -422,8 +420,6 @@ Status AuthorizationManager::_initializeUserFromPrivilegeDocument(User* user,
0);
}
- user->setID(parser.extractUserIDFromUserDocument(privDoc));
-
Status status = parser.initializeUserCredentialsFromUserDocument(user, privDoc);
if (!status.isOK()) {
return status;
@@ -481,36 +477,9 @@ Status AuthorizationManager::getRoleDescriptionsForDB(OperationContext* opCtx,
opCtx, dbname, privileges, restrictions, showBuiltinRoles, result);
}
-Status AuthorizationManager::acquireUserToRefreshSessionCache(OperationContext* opCtx,
- const UserName& userName,
- boost::optional<OID> id,
- User** acquiredUser) {
- // Funnel down to acquireUserForInitialAuth, and then do the id checking.
- auto status = acquireUserForInitialAuth(opCtx, userName, acquiredUser);
- if (!status.isOK()) {
- // If we got a non-ok status, no acquiredUser should be set, so we can simply
- // return without doing an id check.
- return status;
- }
-
- // Verify that the returned user matches the id that we were passed.
- if (id != (*acquiredUser)->getID()) {
- // If the generations don't match, then fail.
- releaseUser(*acquiredUser);
- *acquiredUser = nullptr;
- return Status(ErrorCodes::UserNotFound,
- mongoutils::str::stream() << "User id from privilege document \""
- << userName.toString()
- << "\" doesn't match provided user id",
- 0);
- }
-
- return status;
-}
-
-Status AuthorizationManager::acquireUserForInitialAuth(OperationContext* opCtx,
- const UserName& userName,
- User** acquiredUser) {
+Status AuthorizationManager::acquireUser(OperationContext* opCtx,
+ const UserName& userName,
+ User** acquiredUser) {
if (userName == internalSecurity.user->getName()) {
*acquiredUser = internalSecurity.user;
return Status::OK();
@@ -577,7 +546,6 @@ Status AuthorizationManager::acquireUserForInitialAuth(OperationContext* opCtx,
authzVersion = schemaVersionInvalid;
}
-
if (!status.isOK())
return status;
diff --git a/src/mongo/db/auth/authorization_manager.h b/src/mongo/db/auth/authorization_manager.h
index e8840838e11..578d9b384e5 100644
--- a/src/mongo/db/auth/authorization_manager.h
+++ b/src/mongo/db/auth/authorization_manager.h
@@ -31,8 +31,6 @@
#include <memory>
#include <string>
-#include <boost/optional.hpp>
-
#include "mongo/base/disallow_copying.h"
#include "mongo/base/status.h"
#include "mongo/bson/mutable/element.h"
@@ -92,7 +90,6 @@ public:
~AuthorizationManager();
static const std::string USER_NAME_FIELD_NAME;
- static const std::string USER_ID_FIELD_NAME;
static const std::string USER_DB_FIELD_NAME;
static const std::string ROLE_NAME_FIELD_NAME;
static const std::string ROLE_DB_FIELD_NAME;
@@ -278,41 +275,16 @@ public:
std::vector<BSONObj>* result);
/**
- * Returns the User object for the given userName in the out parameter "acquiredUser".
- *
- * This method should be used only when initially authenticating a user, in contexts when
- * the caller does not yet have an id for this user. When the caller already has access
- * to a user document, acquireUserToRefreshSessionCache should be used instead.
- *
- * If no user object for this user name exists yet in the cache, read the user's privilege
- * document from disk, build up a User object, sets the refcount to 1, and give that out.
- *
- * The returned user may be invalid by the time the caller gets access to it.
- * The AuthorizationManager retains ownership of the returned User object.
- * On non-OK Status return values, acquiredUser will not be modified.
- */
- Status acquireUserForInitialAuth(OperationContext* opCtx,
- const UserName& userName,
- User** acquiredUser);
- /**
- * Returns the User object for the given userName in the out parameter "acquiredUser".
- *
- * This method must be called with a user id (the unset optional, boost::none, will be
- * understood as a distinct id for a pre-3.6 user). The acquired user must match
- * both the given name and given id, or this method will return an error. This method
- * should be used when the caller is refresing a user document they already have.
- *
- * If no user object for this user name exists yet in the cache, read the user's privilege
- * document from disk, build up a User object, sets the refcount to 1, and give that out.
- *
- * The returned user may be invalid by the time the caller gets access to it.
- * The AuthorizationManager retains ownership of the returned User object.
- * On non-OK Status return values, acquiredUser will not be modified.
+ * Returns the User object for the given userName in the out parameter "acquiredUser".
+ * If the user cache already has a user object for this user, it increments the refcount
+ * on that object and gives out a pointer to it. If no user object for this user name
+ * exists yet in the cache, reads the user's privilege document from disk, builds up
+ * a User object, sets the refcount to 1, and gives that out. The returned user may
+ * be invalid by the time the caller gets access to it.
+ * The AuthorizationManager retains ownership of the returned User object.
+ * On non-OK Status return values, acquiredUser will not be modified.
*/
- Status acquireUserToRefreshSessionCache(OperationContext* opCtx,
- const UserName& userName,
- boost::optional<OID> id,
- User** acquiredUser);
+ Status acquireUser(OperationContext* opCtx, const UserName& userName, User** acquiredUser);
/**
* Decrements the refcount of the given User object. If the refcount has gone to zero,
@@ -425,8 +397,8 @@ private:
/**
* Cached value of the authorization schema version.
*
- * May be set by acquireUserForInitialAuth(), acquireUserToRefreshSessionCache(),
- * and getAuthorizationVersion(). Invalidated by invalidateUserCache().
+ * May be set by acquireUser() and getAuthorizationVersion(). Invalidated by
+ * invalidateUserCache().
*
* Reads and writes guarded by CacheGuard.
*/
diff --git a/src/mongo/db/auth/authorization_manager_test.cpp b/src/mongo/db/auth/authorization_manager_test.cpp
index 1af1bec1f30..7eb3c980e3b 100644
--- a/src/mongo/db/auth/authorization_manager_test.cpp
+++ b/src/mongo/db/auth/authorization_manager_test.cpp
@@ -218,7 +218,7 @@ TEST_F(AuthorizationManagerTest, testAcquireV2User) {
BSONObj()));
User* v2read;
- ASSERT_OK(authzManager->acquireUserForInitialAuth(&opCtx, UserName("v2read", "test"), &v2read));
+ ASSERT_OK(authzManager->acquireUser(&opCtx, UserName("v2read", "test"), &v2read));
ASSERT_EQUALS(UserName("v2read", "test"), v2read->getName());
ASSERT(v2read->isValid());
ASSERT_EQUALS(1U, v2read->getRefCount());
@@ -232,8 +232,7 @@ TEST_F(AuthorizationManagerTest, testAcquireV2User) {
authzManager->releaseUser(v2read);
User* v2cluster;
- ASSERT_OK(authzManager->acquireUserForInitialAuth(
- &opCtx, UserName("v2cluster", "admin"), &v2cluster));
+ ASSERT_OK(authzManager->acquireUser(&opCtx, UserName("v2cluster", "admin"), &v2cluster));
ASSERT_EQUALS(UserName("v2cluster", "admin"), v2cluster->getName());
ASSERT(v2cluster->isValid());
ASSERT_EQUALS(1U, v2cluster->getRefCount());
@@ -258,8 +257,8 @@ TEST_F(AuthorizationManagerTest, testLocalX509Authorization) {
ServiceContext::UniqueOperationContext opCtx = client->makeOperationContext();
User* x509User;
- ASSERT_OK(authzManager->acquireUserForInitialAuth(
- opCtx.get(), UserName("CN=mongodb.com", "$external"), &x509User));
+ ASSERT_OK(
+ authzManager->acquireUser(opCtx.get(), UserName("CN=mongodb.com", "$external"), &x509User));
ASSERT(x509User->isValid());
stdx::unordered_set<RoleName> expectedRoles{RoleName("read", "test"),
@@ -292,8 +291,8 @@ TEST_F(AuthorizationManagerTest, testLocalX509AuthorizationInvalidUser) {
ServiceContext::UniqueOperationContext opCtx = client->makeOperationContext();
User* x509User;
- ASSERT_NOT_OK(authzManager->acquireUserForInitialAuth(
- opCtx.get(), UserName("CN=10gen.com", "$external"), &x509User));
+ ASSERT_NOT_OK(
+ authzManager->acquireUser(opCtx.get(), UserName("CN=10gen.com", "$external"), &x509User));
}
TEST_F(AuthorizationManagerTest, testLocalX509AuthenticationNoAuthorization) {
@@ -305,8 +304,8 @@ TEST_F(AuthorizationManagerTest, testLocalX509AuthenticationNoAuthorization) {
ServiceContext::UniqueOperationContext opCtx = client->makeOperationContext();
User* x509User;
- ASSERT_NOT_OK(authzManager->acquireUserForInitialAuth(
- opCtx.get(), UserName("CN=mongodb.com", "$external"), &x509User));
+ ASSERT_NOT_OK(
+ authzManager->acquireUser(opCtx.get(), UserName("CN=mongodb.com", "$external"), &x509User));
}
/**
@@ -404,7 +403,7 @@ TEST_F(AuthorizationManagerTest, testAcquireV2UserWithUnrecognizedActions) {
BSONObj()));
User* myUser;
- ASSERT_OK(authzManager->acquireUserForInitialAuth(&opCtx, UserName("myUser", "test"), &myUser));
+ ASSERT_OK(authzManager->acquireUser(&opCtx, UserName("myUser", "test"), &myUser));
ASSERT_EQUALS(UserName("myUser", "test"), myUser->getName());
ASSERT(myUser->isValid());
ASSERT_EQUALS(1U, myUser->getRefCount());
diff --git a/src/mongo/db/auth/authorization_session.cpp b/src/mongo/db/auth/authorization_session.cpp
index a29e1c2ff5e..4c72c4677e3 100644
--- a/src/mongo/db/auth/authorization_session.cpp
+++ b/src/mongo/db/auth/authorization_session.cpp
@@ -140,7 +140,7 @@ Status AuthorizationSession::addAndAuthorizeUser(OperationContext* opCtx,
const UserName& userName) {
User* user;
AuthorizationManager* authzManager = AuthorizationManager::get(opCtx->getServiceContext());
- Status status = authzManager->acquireUserForInitialAuth(opCtx, userName, &user);
+ Status status = authzManager->acquireUser(opCtx, userName, &user);
if (!status.isOK()) {
return status;
}
@@ -797,9 +797,7 @@ void AuthorizationSession::_refreshUserInfoAsNeeded(OperationContext* opCtx) {
UserName name = user->getName();
User* updatedUser;
- Status status =
- authMan.acquireUserToRefreshSessionCache(opCtx, name, user->getID(), &updatedUser);
-
+ Status status = authMan.acquireUser(opCtx, name, &updatedUser);
switch (status.code()) {
case ErrorCodes::OK: {
diff --git a/src/mongo/db/auth/authorization_session.h b/src/mongo/db/auth/authorization_session.h
index eccb2dcbbc3..7da7d21c9a1 100644
--- a/src/mongo/db/auth/authorization_session.h
+++ b/src/mongo/db/auth/authorization_session.h
@@ -305,12 +305,9 @@ protected:
private:
// If any users authenticated on this session are marked as invalid this updates them with
// up-to-date information. May require a read lock on the "admin" db to read the user data.
- //
- // When refreshing a user document, we will use the current user's id to confirm that our
- // user is of the same generation as the refreshed user document. If the generations don't
- // match we will remove the outdated user document from the cache.
void _refreshUserInfoAsNeeded(OperationContext* opCtx);
+
// Checks if this connection is authorized for the given Privilege, ignoring whether or not
// we should even be doing authorization checks in general. Note: this may acquire a read
// lock on the admin database (to update out-of-date user privilege information).
diff --git a/src/mongo/db/auth/sasl_plain_server_conversation.cpp b/src/mongo/db/auth/sasl_plain_server_conversation.cpp
index 67ad4d52272..03b58dc1819 100644
--- a/src/mongo/db/auth/sasl_plain_server_conversation.cpp
+++ b/src/mongo/db/auth/sasl_plain_server_conversation.cpp
@@ -91,12 +91,11 @@ StatusWith<bool> SaslPLAINServerConversation::step(StringData inputData, std::st
User* userObj;
// The authentication database is also the source database for the user.
- Status status = _saslAuthSession->getAuthorizationSession()
- ->getAuthorizationManager()
- .acquireUserForInitialAuth(
- _saslAuthSession->getOpCtxt(),
- UserName(_user, _saslAuthSession->getAuthenticationDatabase()),
- &userObj);
+ Status status =
+ _saslAuthSession->getAuthorizationSession()->getAuthorizationManager().acquireUser(
+ _saslAuthSession->getOpCtxt(),
+ UserName(_user, _saslAuthSession->getAuthenticationDatabase()),
+ &userObj);
if (!status.isOK()) {
return StatusWith<bool>(status);
diff --git a/src/mongo/db/auth/sasl_scramsha1_server_conversation.cpp b/src/mongo/db/auth/sasl_scramsha1_server_conversation.cpp
index 5ade83dc708..98469c1137d 100644
--- a/src/mongo/db/auth/sasl_scramsha1_server_conversation.cpp
+++ b/src/mongo/db/auth/sasl_scramsha1_server_conversation.cpp
@@ -168,9 +168,9 @@ StatusWith<bool> SaslSCRAMSHA1ServerConversation::_firstStep(std::vector<string>
// The authentication database is also the source database for the user.
User* userObj;
- Status status = _saslAuthSession->getAuthorizationSession()
- ->getAuthorizationManager()
- .acquireUserForInitialAuth(_saslAuthSession->getOpCtxt(), user, &userObj);
+ Status status =
+ _saslAuthSession->getAuthorizationSession()->getAuthorizationManager().acquireUser(
+ _saslAuthSession->getOpCtxt(), user, &userObj);
if (!status.isOK()) {
return StatusWith<bool>(status);
diff --git a/src/mongo/db/auth/user.cpp b/src/mongo/db/auth/user.cpp
index 36039d2ef14..698e78297fd 100644
--- a/src/mongo/db/auth/user.cpp
+++ b/src/mongo/db/auth/user.cpp
@@ -43,20 +43,15 @@ namespace mongo {
namespace {
-SHA256Block computeDigest(const UserName& name, const boost::optional<OID>& id) {
+SHA256Block computeDigest(const UserName& name) {
const auto& fn = name.getFullName();
-
- if (id) {
- return SHA256Block::computeHash({id->toCDR(), ConstDataRange(fn.c_str(), fn.size())});
- } else {
- return SHA256Block::computeHash({ConstDataRange(fn.c_str(), fn.size())});
- }
+ return SHA256Block::computeHash({ConstDataRange(fn.c_str(), fn.size())});
};
} // namespace
User::User(const UserName& name)
- : _name(name), _id(), _digest(computeDigest(_name, _id)), _refCount(0), _isValid(1) {}
+ : _name(name), _digest(computeDigest(_name)), _refCount(0), _isValid(1) {}
User::~User() {
dassert(_refCount == 0);
@@ -66,10 +61,6 @@ const UserName& User::getName() const {
return _name;
}
-const boost::optional<OID>& User::getID() const {
- return _id;
-}
-
const SHA256Block& User::getDigest() const {
return _digest;
}
@@ -106,11 +97,6 @@ const ActionSet User::getActionsForResource(const ResourcePattern& resource) con
return it->second.getActions();
}
-void User::setID(boost::optional<OID> id) {
- _id = std::move(id);
- _digest = computeDigest(_name, _id);
-}
-
void User::setCredentials(const CredentialData& credentials) {
_credentials = credentials;
}
diff --git a/src/mongo/db/auth/user.h b/src/mongo/db/auth/user.h
index 7807043652d..8deead28046 100644
--- a/src/mongo/db/auth/user.h
+++ b/src/mongo/db/auth/user.h
@@ -31,8 +31,6 @@
#include <vector>
#include "mongo/base/disallow_copying.h"
-#include "mongo/bson/oid.h"
-#include "mongo/crypto/sha256_block.h"
#include "mongo/db/auth/privilege.h"
#include "mongo/db/auth/resource_pattern.h"
#include "mongo/db/auth/restriction_set.h"
@@ -89,11 +87,6 @@ public:
const UserName& getName() const;
/**
- * Returns the user's id.
- */
- const boost::optional<OID>& getID() const;
-
- /**
* Returns a digest of the user's identity
*/
const SHA256Block& getDigest() const;
@@ -146,11 +139,6 @@ public:
// Mutators below. Mutation functions should *only* be called by the AuthorizationManager
/**
- * Set the id for this user.
- */
- void setID(boost::optional<OID> id);
-
- /**
* Sets this user's authentication credentials.
*/
void setCredentials(const CredentialData& credentials);
@@ -232,12 +220,6 @@ public:
private:
UserName _name;
- // An id for this user. We use this to identify different "generations" of the same username
- // (ie a user "Lily" is dropped and then added). This field is optional to facilitate the
- // upgrade path from 3.4 to 3.6. When comparing User documents' generations, we consider
- // an unset _id field to be a distinct value that will fail to compare to any other id value.
- boost::optional<OID> _id;
-
// Digest of the full username
SHA256Block _digest;
diff --git a/src/mongo/db/auth/user_document_parser.cpp b/src/mongo/db/auth/user_document_parser.cpp
index 1b778ed4e17..aca408636a3 100644
--- a/src/mongo/db/auth/user_document_parser.cpp
+++ b/src/mongo/db/auth/user_document_parser.cpp
@@ -228,7 +228,6 @@ Status _checkV2RolesArray(const BSONElement& rolesElement) {
Status V2UserDocumentParser::checkValidUserDocument(const BSONObj& doc) const {
BSONElement userElement = doc[AuthorizationManager::USER_NAME_FIELD_NAME];
- BSONElement userIDElement = doc[AuthorizationManager::USER_ID_FIELD_NAME];
BSONElement userDBElement = doc[AuthorizationManager::USER_DB_FIELD_NAME];
BSONElement credentialsElement = doc[CREDENTIALS_FIELD_NAME];
BSONElement rolesElement = doc[ROLES_FIELD_NAME];
@@ -239,11 +238,6 @@ Status V2UserDocumentParser::checkValidUserDocument(const BSONObj& doc) const {
if (userElement.valueStringData().empty())
return _badValue("User document needs 'user' field to be non-empty", 0);
- // If we have an id field, make sure it is an OID
- if (!userIDElement.eoo() && (userIDElement.type() != BSONType::jstOID)) {
- return _badValue("User document 'userId' field must be an OID", 0);
- }
-
// Validate the "db" element
if (userDBElement.type() != String || userDBElement.valueStringData().empty()) {
return _badValue("User document needs 'db' field to be a non-empty string", 0);
@@ -317,15 +311,6 @@ std::string V2UserDocumentParser::extractUserNameFromUserDocument(const BSONObj&
return doc[AuthorizationManager::USER_NAME_FIELD_NAME].str();
}
-boost::optional<OID> V2UserDocumentParser::extractUserIDFromUserDocument(const BSONObj& doc) const {
- BSONElement e = doc[AuthorizationManager::USER_ID_FIELD_NAME];
- if (e.type() == BSONType::EOO) {
- return boost::optional<OID>();
- }
-
- return e.OID();
-}
-
Status V2UserDocumentParser::initializeUserCredentialsFromUserDocument(
User* user, const BSONObj& privDoc) const {
User::CredentialData credentials;
diff --git a/src/mongo/db/auth/user_document_parser.h b/src/mongo/db/auth/user_document_parser.h
index 2deb27d05e2..2e8aadc2a25 100644
--- a/src/mongo/db/auth/user_document_parser.h
+++ b/src/mongo/db/auth/user_document_parser.h
@@ -68,8 +68,6 @@ public:
std::string extractUserNameFromUserDocument(const BSONObj& doc) const;
- boost::optional<OID> extractUserIDFromUserDocument(const BSONObj& doc) const;
-
Status initializeUserCredentialsFromUserDocument(User* user, const BSONObj& privDoc) const;
Status initializeUserRolesFromUserDocument(const BSONObj& doc, User* user) const;
diff --git a/src/mongo/db/auth/user_document_parser_test.cpp b/src/mongo/db/auth/user_document_parser_test.cpp
index ae27f0d0c6c..0ce0d378ea9 100644
--- a/src/mongo/db/auth/user_document_parser_test.cpp
+++ b/src/mongo/db/auth/user_document_parser_test.cpp
@@ -32,7 +32,6 @@
#include "mongo/platform/basic.h"
#include "mongo/base/status.h"
-#include "mongo/bson/oid.h"
#include "mongo/db/auth/action_set.h"
#include "mongo/db/auth/action_type.h"
#include "mongo/db/auth/authorization_manager.h"
@@ -260,32 +259,6 @@ TEST_F(V2UserDocumentParsing, V2DocumentValidation) {
<< "roles"
<< emptyArray)));
- // Id field should be OID
- ASSERT_OK(v2parser.checkValidUserDocument(BSON("user"
- << "spencer"
- << "userId"
- << OID::gen()
- << "db"
- << "test"
- << "credentials"
- << BSON("MONGODB-CR"
- << "a")
- << "roles"
- << emptyArray)));
-
- // Non-OID id fields are rejected
- ASSERT_NOT_OK(v2parser.checkValidUserDocument(BSON("user"
- << "spencer"
- << "userId"
- << "notAnOID"
- << "db"
- << "test"
- << "credentials"
- << BSON("MONGODB-CR"
- << "a")
- << "roles"
- << emptyArray)));
-
// Need source field
ASSERT_NOT_OK(v2parser.checkValidUserDocument(BSON("user"
<< "spencer"
@@ -459,25 +432,6 @@ TEST_F(V2UserDocumentParsing, V2DocumentValidation) {
<< "dbA")))));
}
-TEST_F(V2UserDocumentParsing, V2UserIDExtraction) {
- OID oid = OID::gen();
-
- // No id is present
- ASSERT(!v2parser.extractUserIDFromUserDocument(BSON("user"
- << "sam"
- << "db"
- << "test")));
- // Valid OID is present
- auto res = v2parser.extractUserIDFromUserDocument(BSON("user"
- << "sam"
- << "userId"
- << oid
- << "db"
- << "test"));
- ASSERT(res);
- ASSERT(res == oid);
-}
-
TEST_F(V2UserDocumentParsing, V2CredentialExtraction) {
// Old "pwd" field not valid
ASSERT_NOT_OK(v2parser.initializeUserCredentialsFromUserDocument(user.get(),
diff --git a/src/mongo/db/commands/authentication_commands.cpp b/src/mongo/db/commands/authentication_commands.cpp
index 4c088f97493..c5229b8daa3 100644
--- a/src/mongo/db/commands/authentication_commands.cpp
+++ b/src/mongo/db/commands/authentication_commands.cpp
@@ -263,8 +263,7 @@ Status CmdAuthenticate::_authenticateCR(OperationContext* opCtx,
}
User* userObj;
- Status status =
- getGlobalAuthorizationManager()->acquireUserForInitialAuth(opCtx, user, &userObj);
+ Status status = getGlobalAuthorizationManager()->acquireUser(opCtx, user, &userObj);
if (!status.isOK()) {
// Failure to find the privilege document indicates no-such-user, a fact that we do not
// wish to reveal to the client. So, we return AuthenticationFailed rather than passing
diff --git a/src/mongo/db/commands/user_management_commands.cpp b/src/mongo/db/commands/user_management_commands.cpp
index 65a9ffd3164..8e4842b87f5 100644
--- a/src/mongo/db/commands/user_management_commands.cpp
+++ b/src/mongo/db/commands/user_management_commands.cpp
@@ -39,7 +39,6 @@
#include "mongo/bson/mutable/algorithm.h"
#include "mongo/bson/mutable/document.h"
#include "mongo/bson/mutable/element.h"
-#include "mongo/bson/oid.h"
#include "mongo/bson/util/bson_extract.h"
#include "mongo/client/dbclientinterface.h"
#include "mongo/config.h"
@@ -140,7 +139,7 @@ Status getCurrentUserRoles(OperationContext* opCtx,
unordered_set<RoleName>* roles) {
User* user;
authzManager->invalidateUserByName(userName); // Need to make sure cache entry is up to date
- Status status = authzManager->acquireUserForInitialAuth(opCtx, userName, &user);
+ Status status = authzManager->acquireUser(opCtx, userName, &user);
if (!status.isOK()) {
return status;
}
@@ -673,7 +672,6 @@ public:
userObjBuilder.append(
"_id", str::stream() << args.userName.getDB() << "." << args.userName.getUser());
userObjBuilder.append(AuthorizationManager::USER_NAME_FIELD_NAME, args.userName.getUser());
- userObjBuilder.append(AuthorizationManager::USER_ID_FIELD_NAME, OID::gen());
userObjBuilder.append(AuthorizationManager::USER_DB_FIELD_NAME, args.userName.getDB());
ServiceContext* serviceContext = opCtx->getClient()->getServiceContext();
@@ -1231,9 +1229,7 @@ public:
// to be stripped out
BSONObjBuilder strippedUser(usersArrayBuilder.subobjStart());
for (const BSONElement& e : userDetails) {
- if (!args.showCredentials &&
- (e.fieldNameStringData() == "credentials" ||
- e.fieldNameStringData() == AuthorizationManager::USER_ID_FIELD_NAME)) {
+ if (!args.showCredentials && e.fieldNameStringData() == "credentials") {
continue;
}
@@ -1270,7 +1266,6 @@ public:
BSONObjBuilder projection;
projection.append("authenticationRestrictions", 0);
if (!args.showCredentials) {
- projection.append(AuthorizationManager::USER_ID_FIELD_NAME, 0);
projection.append("credentials", 0);
}
const stdx::function<void(const BSONObj&)> function = stdx::bind(
diff --git a/src/mongo/db/logical_session_id.idl b/src/mongo/db/logical_session_id.idl
index c540c3c2174..24b58226f51 100644
--- a/src/mongo/db/logical_session_id.idl
+++ b/src/mongo/db/logical_session_id.idl
@@ -64,16 +64,6 @@ structs:
id: LogicalSessionIdToClient
timeoutMinutes: int
- UserNameWithId:
- description: "A struct representing the combination of a UserName and an id"
- strict: true
- fields:
- name:
- type: string
- id:
- type: objectid
- optional: true
-
LogicalSessionRecord:
description: "A struct representing a LogicalSessionRecord"
strict: true
@@ -83,7 +73,7 @@ structs:
cpp_name: id
lastUse: date
user:
- type: UserNameWithId
+ type: string
optional: true
LogicalSessionFromClient:
diff --git a/src/mongo/db/logical_session_id_helpers.cpp b/src/mongo/db/logical_session_id_helpers.cpp
index ae68e5037bf..fe8d2a1bb54 100644
--- a/src/mongo/db/logical_session_id_helpers.cpp
+++ b/src/mongo/db/logical_session_id_helpers.cpp
@@ -105,11 +105,7 @@ LogicalSessionRecord makeLogicalSessionRecord(OperationContext* opCtx, Date_t la
invariant(user);
id.setUid(user->getDigest());
-
- UserNameWithId userDoc{};
- userDoc.setName(StringData(user->getName().toString()));
- userDoc.setId(user->getID());
- lsr.setUser(userDoc);
+ lsr.setUser(StringData(user->getName().toString()));
} else {
id.setUid(kNoAuthDigest);
}
@@ -143,10 +139,7 @@ LogicalSessionRecord makeLogicalSessionRecord(OperationContext* opCtx,
invariant(user);
if (user->getDigest() == lsid.getUid()) {
- UserNameWithId userDoc{};
- userDoc.setName(StringData(user->getName().toString()));
- userDoc.setId(user->getID());
- lsr.setUser(userDoc);
+ lsr.setUser(StringData(user->getName().toString()));
}
}
diff --git a/src/mongo/db/sessions_collection.cpp b/src/mongo/db/sessions_collection.cpp
index 867ad0a1a82..04f73281234 100644
--- a/src/mongo/db/sessions_collection.cpp
+++ b/src/mongo/db/sessions_collection.cpp
@@ -63,7 +63,7 @@ BSONObj updateQuery(const LogicalSessionRecord& record, Date_t refreshTime) {
if (record.getUser()) {
BSONObjBuilder setBuilder(updateBuilder.subobjStart("$setOnInsert"));
- setBuilder.append(LogicalSessionRecord::kUserFieldName, record.getUser()->toBSON());
+ setBuilder.append(LogicalSessionRecord::kUserFieldName, BSON("name" << *record.getUser()));
}
return updateBuilder.obj();
View Lorry Controller Status