diff options
32 files changed, 203 insertions, 207 deletions
diff --git a/src/mongo/client/dbclient.cpp b/src/mongo/client/dbclient.cpp index 7758ebab7ae..a48109cd39d 100644 --- a/src/mongo/client/dbclient.cpp +++ b/src/mongo/client/dbclient.cpp @@ -548,11 +548,11 @@ namespace mongo { if (mechanism == StringData("MONGODB-CR", StringData::LiteralTag())) { std::string userSource; uassertStatusOK(bsonExtractStringField(params, - saslCommandPrincipalSourceFieldName, + saslCommandUserSourceFieldName, &userSource)); std::string user; uassertStatusOK(bsonExtractStringField(params, - saslCommandPrincipalFieldName, + saslCommandUserFieldName, &user)); std::string password; uassertStatusOK(bsonExtractStringField(params, @@ -588,8 +588,8 @@ namespace mongo { bool digestPassword) { try { _auth(BSON(saslCommandMechanismFieldName << "MONGODB-CR" << - saslCommandPrincipalSourceFieldName << dbname << - saslCommandPrincipalFieldName << username << + saslCommandUserSourceFieldName << dbname << + saslCommandUserFieldName << username << saslCommandPasswordFieldName << password_text << saslCommandDigestPasswordFieldName << digestPassword)); return true; @@ -793,7 +793,7 @@ namespace mongo { /* note we remember the auth info before we attempt to auth -- if the connection is broken, we will then have it for the next autoreconnect attempt. */ - authCache[params[saslCommandPrincipalSourceFieldName].str()] = params.getOwned(); + authCache[params[saslCommandUserSourceFieldName].str()] = params.getOwned(); } DBClientBase::_auth(params); @@ -918,8 +918,8 @@ namespace mongo { if (ex.getCode() != ErrorCodes::AuthenticationFailed) throw; LOG(_logLevel) << "reconnect: auth failed db:" << - i->second[saslCommandPrincipalSourceFieldName] << - " user:" << i->second[saslCommandPrincipalFieldName] << ' ' << + i->second[saslCommandUserSourceFieldName] << + " user:" << i->second[saslCommandUserFieldName] << ' ' << ex.what() << std::endl; } } diff --git a/src/mongo/client/dbclient_rs.cpp b/src/mongo/client/dbclient_rs.cpp index ddc20496df4..5af26f04cba 100644 --- a/src/mongo/client/dbclient_rs.cpp +++ b/src/mongo/client/dbclient_rs.cpp @@ -1418,8 +1418,8 @@ namespace mongo { } catch (const UserException&) { warning() << "cached auth failed for set: " << _setName << - " db: " << i->second[saslCommandPrincipalSourceFieldName].str() << - " user: " << i->second[saslCommandPrincipalFieldName].str() << endl; + " db: " << i->second[saslCommandUserSourceFieldName].str() << + " user: " << i->second[saslCommandUserFieldName].str() << endl; } } } @@ -1469,7 +1469,7 @@ namespace mongo { } // now that it does, we should save so that for a new node we can auth - _auths[params[saslCommandPrincipalSourceFieldName].str()] = params.getOwned(); + _auths[params[saslCommandUserSourceFieldName].str()] = params.getOwned(); } void DBClientReplicaSet::logout(const string &dbname, BSONObj& info) { diff --git a/src/mongo/client/dbclientinterface.h b/src/mongo/client/dbclientinterface.h index 581b543957e..e393be44ca8 100644 --- a/src/mongo/client/dbclientinterface.h +++ b/src/mongo/client/dbclientinterface.h @@ -615,9 +615,9 @@ namespace mongo { * are required depends on the mechanism, which is mandatory. * * "mechanism": The string name of the sasl mechanism to use. Mandatory. - * "user": The string name of the principal to authenticate. Mandatory. + * "user": The string name of the user to authenticate. Mandatory. * "userSource": The database target of the auth command, which identifies the location - * of the credential information for the principal. May be "$external" if + * of the credential information for the user. May be "$external" if * credential information is stored outside of the mongo cluster. Mandatory. * "pwd": The password data. * "digestPassword": Boolean, set to true if the "pwd" is undigested (default). diff --git a/src/mongo/client/sasl_client_authenticate.cpp b/src/mongo/client/sasl_client_authenticate.cpp index 24cd5000fd7..040cc50b5ef 100644 --- a/src/mongo/client/sasl_client_authenticate.cpp +++ b/src/mongo/client/sasl_client_authenticate.cpp @@ -40,8 +40,8 @@ namespace mongo { const char* const saslCommandMechanismListFieldName = "supportedMechanisms"; const char* const saslCommandPasswordFieldName = "pwd"; const char* const saslCommandPayloadFieldName = "payload"; - const char* const saslCommandPrincipalFieldName = "user"; - const char* const saslCommandPrincipalSourceFieldName = "userSource"; + const char* const saslCommandUserFieldName = "user"; + const char* const saslCommandUserSourceFieldName = "userSource"; const char* const saslCommandServiceHostnameFieldName = "serviceHostname"; const char* const saslCommandServiceNameFieldName = "serviceName"; const char* const saslCommandDigestPasswordFieldName = "digestPassword"; diff --git a/src/mongo/client/sasl_client_authenticate.h b/src/mongo/client/sasl_client_authenticate.h index c95cdc42660..621b0eaf3ef 100644 --- a/src/mongo/client/sasl_client_authenticate.h +++ b/src/mongo/client/sasl_client_authenticate.h @@ -40,9 +40,9 @@ namespace mongo { * "autoAuthorize": Truthy values tell the server to automatically acquire privileges on * all resources after successful authentication, which is the default. Falsey values * instruct the server to await separate privilege-acquisition commands. - * "user": The string name of the principal to authenticate. + * "user": The string name of the user to authenticate. * "userSource": The database target of the auth command, which identifies the location - * of the credential information for the principal. May be "$external" if credential + * of the credential information for the user. May be "$external" if credential * information is stored outside of the mongo cluster. * "pwd": The password. * "serviceName": The GSSAPI service name to use. Defaults to "mongodb". @@ -77,7 +77,7 @@ namespace mongo { extern const char* const saslContinueCommandName; /// Name of the saslStart parameter indicating that the server should automatically grant the - /// connection all privileges associated with the principal after successful authentication. + /// connection all privileges associated with the user after successful authentication. extern const char* const saslCommandAutoAuthorizeFieldName; /// Name of the field contain the status code in responses from the server. @@ -107,13 +107,13 @@ namespace mongo { /// Field containing sasl payloads passed to and from the server. extern const char* const saslCommandPayloadFieldName; - /// Field containing the string identifier of the principal to authenticate in + /// Field containing the string identifier of the user to authenticate in /// saslClientAuthenticate(). - extern const char* const saslCommandPrincipalFieldName; + extern const char* const saslCommandUserFieldName; /// Field containing the string identifier of the database containing credential information, /// or "$external" if the credential information is stored outside of the mongo cluster. - extern const char* const saslCommandPrincipalSourceFieldName; + extern const char* const saslCommandUserSourceFieldName; /// Field overriding the FQDN of the hostname hosting the mongodb srevice in /// saslClientAuthenticate(). diff --git a/src/mongo/client/sasl_client_authenticate_impl.cpp b/src/mongo/client/sasl_client_authenticate_impl.cpp index be54e0b3303..918a4b44de4 100644 --- a/src/mongo/client/sasl_client_authenticate_impl.cpp +++ b/src/mongo/client/sasl_client_authenticate_impl.cpp @@ -79,7 +79,7 @@ namespace { if (digestPassword) { std::string user; status = bsonExtractStringField(saslParameters, - saslCommandPrincipalFieldName, + saslCommandUserFieldName, &user); if (!status.isOK()) return status; @@ -131,7 +131,7 @@ namespace { session->setParameter(SaslClientSession::parameterServiceHostname, value); status = bsonExtractStringField(saslParameters, - saslCommandPrincipalFieldName, + saslCommandUserFieldName, &value); if (!status.isOK()) return status; @@ -168,7 +168,7 @@ namespace { std::string targetDatabase; try { Status status = bsonExtractStringFieldWithDefault(saslParameters, - saslCommandPrincipalSourceFieldName, + saslCommandUserSourceFieldName, saslDefaultDBName, &targetDatabase); if (!status.isOK()) diff --git a/src/mongo/db/auth/SConscript b/src/mongo/db/auth/SConscript index 06f4349b60d..aa0979a7b7a 100644 --- a/src/mongo/db/auth/SConscript +++ b/src/mongo/db/auth/SConscript @@ -16,11 +16,11 @@ env.StaticLibrary('authcore', ['action_set.cpp', 'role_name.cpp', 'authorization_session.cpp', 'principal.cpp', - 'principal_name.cpp', 'principal_set.cpp', 'privilege.cpp', 'privilege_set.cpp', - 'user.cpp'], + 'user.cpp', + 'user_name.cpp'], LIBDEPS=['$BUILD_DIR/mongo/base/base', '$BUILD_DIR/mongo/bson', '$BUILD_DIR/mongo/stringutils']) diff --git a/src/mongo/db/auth/action_set.h b/src/mongo/db/auth/action_set.h index 7a25687b625..09cb1128341 100644 --- a/src/mongo/db/auth/action_set.h +++ b/src/mongo/db/auth/action_set.h @@ -24,7 +24,7 @@ namespace mongo { /* * An ActionSet is a bitmask of ActionTypes that represents a set of actions. - * These are the actions that a Privilege can grant a principal to perform on a resource. + * These are the actions that a Privilege can grant a user to perform on a resource. */ class ActionSet { public: diff --git a/src/mongo/db/auth/auth_session_external_state.cpp b/src/mongo/db/auth/auth_session_external_state.cpp index 999118d411a..2f63a31504b 100644 --- a/src/mongo/db/auth/auth_session_external_state.cpp +++ b/src/mongo/db/auth/auth_session_external_state.cpp @@ -27,7 +27,7 @@ namespace mongo { AuthSessionExternalState::~AuthSessionExternalState() {} Status AuthSessionExternalState::getPrivilegeDocument(const std::string& dbname, - const PrincipalName& principalName, + const UserName& userName, BSONObj* result) { if (dbname == StringData("$external", StringData::LiteralTag()) || @@ -43,7 +43,7 @@ namespace mongo { } if (dbname == StringData("local", StringData::LiteralTag()) && - principalName.getUser() == internalSecurity.user) { + userName.getUser() == internalSecurity.user) { if (internalSecurity.pwd.empty()) { return Status(ErrorCodes::UserNotFound, @@ -61,20 +61,20 @@ namespace mongo { BSONObj userBSONObj; BSONObjBuilder queryBuilder; - queryBuilder.append(AuthorizationManager::USER_NAME_FIELD_NAME, principalName.getUser()); - if (principalName.getDB() == dbname) { + queryBuilder.append(AuthorizationManager::USER_NAME_FIELD_NAME, userName.getUser()); + if (userName.getDB() == dbname) { queryBuilder.appendNull(AuthorizationManager::USER_SOURCE_FIELD_NAME); } else { queryBuilder.append(AuthorizationManager::USER_SOURCE_FIELD_NAME, - principalName.getDB()); + userName.getDB()); } bool found = _findUser(usersNamespace, queryBuilder.obj(), &userBSONObj); if (!found) { return Status(ErrorCodes::UserNotFound, mongoutils::str::stream() << "auth: couldn't find user " << - principalName.toString() << ", " << usersNamespace, + userName.toString() << ", " << usersNamespace, 0); } diff --git a/src/mongo/db/auth/auth_session_external_state.h b/src/mongo/db/auth/auth_session_external_state.h index 1fd219b15f7..2a5330ed8d6 100644 --- a/src/mongo/db/auth/auth_session_external_state.h +++ b/src/mongo/db/auth/auth_session_external_state.h @@ -21,7 +21,7 @@ #include "mongo/base/disallow_copying.h" #include "mongo/base/status.h" #include "mongo/client/dbclientinterface.h" -#include "mongo/db/auth/principal_name.h" +#include "mongo/db/auth/user_name.h" namespace mongo { @@ -52,12 +52,12 @@ namespace mongo { // necessary to determine if localhost connections should be given full access. virtual void startRequest() = 0; - // Gets the privilege information document for "principalName" on "dbname". + // Gets the privilege information document for "userName" on "dbname". // // On success, returns Status::OK() and stores a shared-ownership copy of the document into // "result". Status getPrivilegeDocument(const std::string& dbname, - const PrincipalName& principalName, + const UserName& userName, BSONObj* result); // Authorization event hooks diff --git a/src/mongo/db/auth/authorization_session.cpp b/src/mongo/db/auth/authorization_session.cpp index efa9318adf9..a551017be32 100644 --- a/src/mongo/db/auth/authorization_session.cpp +++ b/src/mongo/db/auth/authorization_session.cpp @@ -384,20 +384,20 @@ namespace { } void AuthorizationSession::_acquirePrivilegesForPrincipalFromDatabase( - const std::string& dbname, const PrincipalName& principal) { + const std::string& dbname, const UserName& user) { BSONObj privilegeDocument; - Status status = getPrivilegeDocument(dbname, principal, &privilegeDocument); + Status status = getPrivilegeDocument(dbname, user, &privilegeDocument); if (status.isOK()) { - status = acquirePrivilegesFromPrivilegeDocument(dbname, principal, privilegeDocument); + status = acquirePrivilegesFromPrivilegeDocument(dbname, user, privilegeDocument); } if (!status.isOK() && status != ErrorCodes::UserNotFound) { - log() << "Privilege acquisition failed for " << principal << " in database " << + log() << "Privilege acquisition failed for " << user << " in database " << dbname << ": " << status.reason() << " (" << status.codeString() << ")" << endl; } } - Principal* AuthorizationSession::lookupPrincipal(const PrincipalName& name) { + Principal* AuthorizationSession::lookupPrincipal(const UserName& name) { return _authenticatedPrincipals.lookup(name); } @@ -405,7 +405,7 @@ namespace { Principal* principal = _authenticatedPrincipals.lookupByDBName(dbname); if (!principal) return; - _acquiredPrivileges.revokePrivilegesFromPrincipal(principal->getName()); + _acquiredPrivileges.revokePrivilegesFromUser(principal->getName()); _authenticatedPrincipals.removeByDBName(dbname); _externalState->onLogoutDatabase(dbname); } @@ -415,22 +415,22 @@ namespace { } Status AuthorizationSession::acquirePrivilege(const Privilege& privilege, - const PrincipalName& authorizingPrincipal) { - if (!_authenticatedPrincipals.lookup(authorizingPrincipal)) { + const UserName& authorizingUser) { + if (!_authenticatedPrincipals.lookup(authorizingUser)) { return Status(ErrorCodes::UserNotFound, mongoutils::str::stream() - << "No authenticated principle found with name: " - << authorizingPrincipal.getUser() + << "No authenticated user found with name: " + << authorizingUser.getUser() << " from database " - << authorizingPrincipal.getDB(), + << authorizingUser.getDB(), 0); } - _acquiredPrivileges.grantPrivilege(privilege, authorizingPrincipal); + _acquiredPrivileges.grantPrivilege(privilege, authorizingUser); return Status::OK(); } - void AuthorizationSession::grantInternalAuthorization(const std::string& principalName) { - Principal* principal = new Principal(PrincipalName(principalName, "local")); + void AuthorizationSession::grantInternalAuthorization(const std::string& userName) { + Principal* principal = new Principal(UserName(userName, "local")); ActionSet actions; actions.addAllActions(); @@ -464,35 +464,34 @@ namespace { } Status AuthorizationSession::acquirePrivilegesFromPrivilegeDocument( - const std::string& dbname, const PrincipalName& principal, const BSONObj& privilegeDocument) { - if (!_authenticatedPrincipals.lookup(principal)) { + const std::string& dbname, const UserName& user, const BSONObj& privilegeDocument) { + if (!_authenticatedPrincipals.lookup(user)) { return Status(ErrorCodes::UserNotFound, mongoutils::str::stream() << "No authenticated principle found with name: " - << principal.getUser() + << user.getUser() << " from database " - << principal.getDB(), + << user.getDB(), 0); } - if (principal.getUser() == internalSecurity.user) { + if (user.getUser() == internalSecurity.user) { // Grant full access to internal user ActionSet allActions; allActions.addAllActions(); - return acquirePrivilege(Privilege(PrivilegeSet::WILDCARD_RESOURCE, allActions), - principal); + return acquirePrivilege(Privilege(PrivilegeSet::WILDCARD_RESOURCE, allActions), user); } - return buildPrivilegeSet(dbname, principal, privilegeDocument, &_acquiredPrivileges); + return buildPrivilegeSet(dbname, user, privilegeDocument, &_acquiredPrivileges); } Status AuthorizationSession::buildPrivilegeSet(const std::string& dbname, - const PrincipalName& principal, + const UserName& user, const BSONObj& privilegeDocument, PrivilegeSet* result) { if (!privilegeDocument.hasField(ROLES_FIELD_NAME)) { // Old-style (v2.2 and prior) privilege document if (AuthorizationManager::getSupportOldStylePrivilegeDocuments()) { return _buildPrivilegeSetFromOldStylePrivilegeDocument(dbname, - principal, + user, privilegeDocument, result); } @@ -502,13 +501,13 @@ namespace { } else { return _buildPrivilegeSetFromExtendedPrivilegeDocument( - dbname, principal, privilegeDocument, result); + dbname, user, privilegeDocument, result); } } Status AuthorizationSession::_buildPrivilegeSetFromOldStylePrivilegeDocument( const std::string& dbname, - const PrincipalName& principal, + const UserName& user, const BSONObj& privilegeDocument, PrivilegeSet* result) { if (!(privilegeDocument.hasField(AuthorizationManager::USER_NAME_FIELD_NAME) && @@ -521,12 +520,12 @@ namespace { 0); } std::string userName = privilegeDocument[AuthorizationManager::USER_NAME_FIELD_NAME].str(); - if (userName != principal.getUser()) { + if (userName != user.getUser()) { return Status(ErrorCodes::BadValue, mongoutils::str::stream() << "Principal name from privilege document \"" << userName << "\" doesn't match name of provided Principal \"" - << principal.getUser() + << user.getUser() << "\"", 0); } @@ -535,7 +534,7 @@ namespace { ActionSet actions = getActionsForOldStyleUser(dbname, readOnly); std::string resourceName = (dbname == ADMIN_DBNAME || dbname == LOCAL_DBNAME) ? PrivilegeSet::WILDCARD_RESOURCE : dbname; - result->grantPrivilege(Privilege(resourceName, actions), principal); + result->grantPrivilege(Privilege(resourceName, actions), user); return Status::OK(); } @@ -619,7 +618,7 @@ namespace { Status AuthorizationSession::_buildPrivilegeSetFromExtendedPrivilegeDocument( const std::string& dbname, - const PrincipalName& principal, + const UserName& user, const BSONObj& privilegeDocument, PrivilegeSet* result) { @@ -666,7 +665,7 @@ namespace { "called \"otherDBRoles\""); } - result->grantPrivileges(acquiredPrivileges, principal); + result->grantPrivileges(acquiredPrivileges, user); return Status::OK(); } diff --git a/src/mongo/db/auth/authorization_session.h b/src/mongo/db/auth/authorization_session.h index 67535810c4c..e47de747245 100644 --- a/src/mongo/db/auth/authorization_session.h +++ b/src/mongo/db/auth/authorization_session.h @@ -25,10 +25,10 @@ #include "mongo/db/auth/action_type.h" #include "mongo/db/auth/auth_session_external_state.h" #include "mongo/db/auth/principal.h" -#include "mongo/db/auth/principal_name.h" #include "mongo/db/auth/principal_set.h" #include "mongo/db/auth/privilege.h" #include "mongo/db/auth/privilege_set.h" +#include "mongo/db/auth/user_name.h" namespace mongo { @@ -64,7 +64,7 @@ namespace mongo { // Returns the authenticated principal with the given name. Returns NULL // if no such user is found. // Ownership of the returned Principal remains with _authenticatedPrincipals - Principal* lookupPrincipal(const PrincipalName& name); + Principal* lookupPrincipal(const UserName& name); // Gets an iterator over the names of all authenticated principals stored in this manager. PrincipalSet::NameIterator getAuthenticatedPrincipalNames(); @@ -75,11 +75,11 @@ namespace mongo { // Grant this connection the given privilege. Status acquirePrivilege(const Privilege& privilege, - const PrincipalName& authorizingPrincipal); + const UserName& authorizingUser); // Adds a new principal with the given principal name and authorizes it with full access. // Used to grant internal threads full access. - void grantInternalAuthorization(const std::string& principalName); + void grantInternalAuthorization(const std::string& userName); // Checks if this connection has been authenticated as an internal user. bool hasInternalAuthorization(); @@ -97,13 +97,13 @@ namespace mongo { // Parses the privilege documents and acquires all privileges that the privilege document // grants Status acquirePrivilegesFromPrivilegeDocument(const std::string& dbname, - const PrincipalName& principal, + const UserName& user, const BSONObj& privilegeDocument); // Returns the privilege document with the given user name in the given database. Currently // this information comes from the system.users collection in that database. Status getPrivilegeDocument(const std::string& dbname, - const PrincipalName& userName, + const UserName& userName, BSONObj* result) { return _externalState->getPrivilegeDocument(dbname, userName, result); } @@ -141,7 +141,7 @@ namespace mongo { // Parses the privilege document and returns a PrivilegeSet of all the Privileges that // the privilege document grants. static Status buildPrivilegeSet(const std::string& dbname, - const PrincipalName& principal, + const UserName& user, const BSONObj& privilegeDocument, PrivilegeSet* result); @@ -153,7 +153,7 @@ namespace mongo { // Finds the set of privileges attributed to "principal" in database "dbname", // and adds them to the set of acquired privileges. void _acquirePrivilegesForPrincipalFromDatabase(const std::string& dbname, - const PrincipalName& principal); + const UserName& user); // Checks to see if the given privilege is allowed, performing implicit privilege // acquisition if enabled and necessary to resolve the privilege. @@ -163,7 +163,7 @@ namespace mongo { // Privileges that the privilege document grants. static Status _buildPrivilegeSetFromOldStylePrivilegeDocument( const std::string& dbname, - const PrincipalName& principal, + const UserName& user, const BSONObj& privilegeDocument, PrivilegeSet* result); @@ -174,7 +174,7 @@ namespace mongo { // to come from database "dbname". static Status _buildPrivilegeSetFromExtendedPrivilegeDocument( const std::string& dbname, - const PrincipalName& principal, + const UserName& user, const BSONObj& privilegeDocument, PrivilegeSet* result); diff --git a/src/mongo/db/auth/authorization_session_test.cpp b/src/mongo/db/auth/authorization_session_test.cpp index 0e8c20726b6..1c09b332165 100644 --- a/src/mongo/db/auth/authorization_session_test.cpp +++ b/src/mongo/db/auth/authorization_session_test.cpp @@ -33,7 +33,7 @@ namespace mongo { namespace { TEST(AuthorizationSessionTest, AcquirePrivilegeAndCheckAuthorization) { - Principal* principal = new Principal(PrincipalName("Spencer", "test")); + Principal* principal = new Principal(UserName("Spencer", "test")); ActionSet actions; actions.addAction(ActionType::insert); Privilege writePrivilege("test", actions); @@ -64,7 +64,7 @@ namespace { } TEST(AuthorizationSessionTest, GetPrivilegesFromPrivilegeDocumentCompatible) { - PrincipalName principal ("Spencer", "test"); + UserName user("Spencer", "test"); BSONObj invalid; BSONObj readWrite = BSON("user" << "Spencer" << "pwd" << "passwordHash"); BSONObj readOnly = BSON("user" << "Spencer" << "pwd" << "passwordHash" << @@ -73,19 +73,19 @@ namespace { PrivilegeSet privilegeSet; ASSERT_EQUALS(ErrorCodes::UnsupportedFormat, AuthorizationSession::buildPrivilegeSet("test", - principal, + user, invalid, &privilegeSet).code()); ASSERT_OK(AuthorizationSession::buildPrivilegeSet("test", - principal, + user, readOnly, &privilegeSet)); ASSERT(!privilegeSet.hasPrivilege(Privilege("test", ActionType::insert))); ASSERT(privilegeSet.hasPrivilege(Privilege("test", ActionType::find))); ASSERT_OK(AuthorizationSession::buildPrivilegeSet("test", - principal, + user, readWrite, &privilegeSet)); ASSERT(privilegeSet.hasPrivilege(Privilege("test", ActionType::find))); @@ -98,7 +98,7 @@ namespace { ASSERT(!privilegeSet.hasPrivilege(Privilege("*", ActionType::find))); ASSERT_OK(AuthorizationSession::buildPrivilegeSet("admin", - principal, + user, readOnly, &privilegeSet)); // Should grant privileges on *. @@ -108,7 +108,7 @@ namespace { ASSERT(!privilegeSet.hasPrivilege(Privilege("*", ActionType::insert))); ASSERT_OK(AuthorizationSession::buildPrivilegeSet("admin", - principal, + user, readWrite, &privilegeSet)); ASSERT(privilegeSet.hasPrivilege(Privilege("*", ActionType::insert))); @@ -118,7 +118,7 @@ namespace { public: PrivilegeDocumentParsing() : user("spencer", "test") {} - PrincipalName user; + UserName user; PrivilegeSet privilegeSet; }; @@ -369,10 +369,10 @@ namespace { "readOnly" << false << "roles" << BSON_ARRAY("write" << "userAdmin")); - PrincipalName principal("spencer", "anydb"); + UserName user("spencer", "anydb"); PrivilegeSet result; ASSERT_NOT_OK(AuthorizationSession::buildPrivilegeSet( - "anydb", principal, oldAndNewMixed, &result)); + "anydb", user, oldAndNewMixed, &result)); } TEST(AuthorizationSessionTest, DocumentValidationCompatibility) { @@ -517,13 +517,13 @@ namespace { } *result = mapFindWithDefault(_privilegeDocs, std::make_pair(nsstring.db, - PrincipalName(user, userSource)), + UserName(user, userSource)), BSON("invalid" << 1)); return !(*result)["invalid"].trueValue(); } void addPrivilegeDocument(const string& dbname, - const PrincipalName& user, + const UserName& user, const BSONObj& doc) { ASSERT(_privilegeDocs.insert(std::make_pair(std::make_pair(dbname, user), @@ -531,7 +531,7 @@ namespace { } private: - std::map<std::pair<std::string, PrincipalName>, BSONObj > _privilegeDocs; + std::map<std::pair<std::string, UserName>, BSONObj > _privilegeDocs; }; class ImplicitPriviligesTest : public ::mongo::unittest::Test { @@ -546,15 +546,15 @@ namespace { }; TEST_F(ImplicitPriviligesTest, ImplicitAcquireFromSomeDatabases) { - state->addPrivilegeDocument("test", PrincipalName("andy", "test"), + state->addPrivilegeDocument("test", UserName("andy", "test"), BSON("user" << "andy" << "pwd" << "a" << "roles" << BSON_ARRAY("readWrite"))); - state->addPrivilegeDocument("test2", PrincipalName("andy", "test"), + state->addPrivilegeDocument("test2", UserName("andy", "test"), BSON("user" << "andy" << "userSource" << "test" << "roles" << BSON_ARRAY("read"))); - state->addPrivilegeDocument("admin", PrincipalName("andy", "test"), + state->addPrivilegeDocument("admin", UserName("andy", "test"), BSON("user" << "andy" << "userSource" << "test" << "roles" << BSON_ARRAY("clusterAdmin") << @@ -574,7 +574,7 @@ namespace { ASSERT(!authman->checkAuthorization("admin.foo", ActionType::collMod)); ASSERT(!authman->checkAuthorization("$SERVER", ActionType::shutdown)); - Principal* principal = new Principal(PrincipalName("andy", "test")); + Principal* principal = new Principal(UserName("andy", "test")); principal->setImplicitPrivilegeAcquisition(true); authman->addAuthorizedPrincipal(principal); diff --git a/src/mongo/db/auth/principal.cpp b/src/mongo/db/auth/principal.cpp index ad1b763cd28..de032641082 100644 --- a/src/mongo/db/auth/principal.cpp +++ b/src/mongo/db/auth/principal.cpp @@ -22,7 +22,7 @@ namespace mongo { - Principal::Principal(const PrincipalName& name) : + Principal::Principal(const UserName& name) : _name(name), _expirationTime(boost::posix_time::pos_infin), _enableImplicitPrivileges(false) { diff --git a/src/mongo/db/auth/principal.h b/src/mongo/db/auth/principal.h index e58eadfd95c..f8f05fa16c3 100644 --- a/src/mongo/db/auth/principal.h +++ b/src/mongo/db/auth/principal.h @@ -20,7 +20,7 @@ #include "mongo/base/disallow_copying.h" #include "mongo/base/string_data.h" -#include "mongo/db/auth/principal_name.h" +#include "mongo/db/auth/user_name.h" #include "mongo/util/string_map.h" namespace mongo { @@ -40,12 +40,12 @@ namespace mongo { MONGO_DISALLOW_COPYING(Principal); public: - Principal(const PrincipalName& name, + Principal(const UserName& name, const boost::posix_time::ptime& expirationTime); - explicit Principal(const PrincipalName& name); + explicit Principal(const UserName& name); ~Principal(); - const PrincipalName& getName() const { return _name; } + const UserName& getName() const { return _name; } // Returns the expiration time of this principal information. // No expiration is represented as boost::posix_time::pos_infin @@ -61,7 +61,7 @@ namespace mongo { void markDatabaseAsProbed(const StringData& dbname); private: - PrincipalName _name; + UserName _name; boost::posix_time::ptime _expirationTime; bool _enableImplicitPrivileges; StringMap<bool> _probedDatabases; diff --git a/src/mongo/db/auth/principal_set.cpp b/src/mongo/db/auth/principal_set.cpp index 44dd5ee6b35..48e9be09d79 100644 --- a/src/mongo/db/auth/principal_set.cpp +++ b/src/mongo/db/auth/principal_set.cpp @@ -60,7 +60,7 @@ namespace mongo { } } - Principal* PrincipalSet::lookup(const PrincipalName& name) const { + Principal* PrincipalSet::lookup(const UserName& name) const { Principal* principal = lookupByDBName(name.getDB()); if (principal && principal->getName() == name) { return principal; diff --git a/src/mongo/db/auth/principal_set.h b/src/mongo/db/auth/principal_set.h index b7b99e05a47..90a1c6d8e56 100644 --- a/src/mongo/db/auth/principal_set.h +++ b/src/mongo/db/auth/principal_set.h @@ -21,7 +21,7 @@ #include "mongo/base/disallow_copying.h" #include "mongo/base/string_data.h" #include "mongo/db/auth/principal.h" -#include "mongo/db/auth/principal_name.h" +#include "mongo/db/auth/user_name.h" namespace mongo { @@ -53,16 +53,16 @@ namespace mongo { NameIterator() {} bool more() { return _curr != _end; } - const PrincipalName& next() { - const PrincipalName& ret = get(); + const UserName& next() { + const UserName& ret = get(); ++_curr; return ret; } - const PrincipalName& get() const { return (*_curr)->getName(); } + const UserName& get() const { return (*_curr)->getName(); } - const PrincipalName& operator*() const { return get(); } - const PrincipalName* operator->() const { return &get(); } + const UserName& operator*() const { return get(); } + const UserName* operator->() const { return &get(); } private: std::vector<Principal*>::const_iterator _curr; @@ -84,7 +84,7 @@ namespace mongo { // Ownership of the returned Principal remains with the PrincipalSet. The pointer // returned is only guaranteed to remain valid until the next non-const method is called // on the PrincipalSet. - Principal* lookup(const PrincipalName& name) const; + Principal* lookup(const UserName& name) const; // Gets the principal whose authentication credentials came from dbname, or NULL if none // exist. There should be at most one such principal. diff --git a/src/mongo/db/auth/principal_set_test.cpp b/src/mongo/db/auth/principal_set_test.cpp index 9ca24cc06a1..7ed30d2930a 100644 --- a/src/mongo/db/auth/principal_set_test.cpp +++ b/src/mongo/db/auth/principal_set_test.cpp @@ -19,15 +19,15 @@ #include "mongo/db/auth/principal_set.h" #include "mongo/db/auth/principal.h" -#include "mongo/db/auth/principal_name.h" +#include "mongo/db/auth/user_name.h" #include "mongo/unittest/unittest.h" #define ASSERT_NULL(EXPR) ASSERT_FALSE((EXPR)) namespace mongo { - static inline std::ostream& operator<<(std::ostream& os, const PrincipalName& pname) { - return os << pname.toString(); + static inline std::ostream& operator<<(std::ostream& os, const UserName& uname) { + return os << uname.toString(); } namespace { @@ -35,47 +35,47 @@ namespace { TEST(PrincipalSetTest, BasicTest) { PrincipalSet set; - Principal* p1 = new Principal(PrincipalName("Bob", "test")); - Principal* p2 = new Principal(PrincipalName("George", "test")); - Principal* p3 = new Principal(PrincipalName("Bob", "test2")); + Principal* p1 = new Principal(UserName("Bob", "test")); + Principal* p2 = new Principal(UserName("George", "test")); + Principal* p3 = new Principal(UserName("Bob", "test2")); - ASSERT_NULL(set.lookup(PrincipalName("Bob", "test"))); - ASSERT_NULL(set.lookup(PrincipalName("George", "test"))); - ASSERT_NULL(set.lookup(PrincipalName("Bob", "test2"))); + ASSERT_NULL(set.lookup(UserName("Bob", "test"))); + ASSERT_NULL(set.lookup(UserName("George", "test"))); + ASSERT_NULL(set.lookup(UserName("Bob", "test2"))); ASSERT_NULL(set.lookupByDBName("test")); ASSERT_NULL(set.lookupByDBName("test2")); set.add(p1); - ASSERT_EQUALS(p1, set.lookup(PrincipalName("Bob", "test"))); + ASSERT_EQUALS(p1, set.lookup(UserName("Bob", "test"))); ASSERT_EQUALS(p1, set.lookupByDBName("test")); - ASSERT_NULL(set.lookup(PrincipalName("George", "test"))); - ASSERT_NULL(set.lookup(PrincipalName("Bob", "test2"))); + ASSERT_NULL(set.lookup(UserName("George", "test"))); + ASSERT_NULL(set.lookup(UserName("Bob", "test2"))); ASSERT_NULL(set.lookupByDBName("test2")); // This should not replace the existing user "Bob" because they are different databases set.add(p3); - ASSERT_EQUALS(p1, set.lookup(PrincipalName("Bob", "test"))); + ASSERT_EQUALS(p1, set.lookup(UserName("Bob", "test"))); ASSERT_EQUALS(p1, set.lookupByDBName("test")); - ASSERT_NULL(set.lookup(PrincipalName("George", "test"))); - ASSERT_EQUALS(p3, set.lookup(PrincipalName("Bob", "test2"))); + ASSERT_NULL(set.lookup(UserName("George", "test"))); + ASSERT_EQUALS(p3, set.lookup(UserName("Bob", "test2"))); ASSERT_EQUALS(p3, set.lookupByDBName("test2")); set.add(p2); // This should replace Bob since they're on the same database - ASSERT_NULL(set.lookup(PrincipalName("Bob", "test"))); - ASSERT_EQUALS(p2, set.lookup(PrincipalName("George", "test"))); + ASSERT_NULL(set.lookup(UserName("Bob", "test"))); + ASSERT_EQUALS(p2, set.lookup(UserName("George", "test"))); ASSERT_EQUALS(p2, set.lookupByDBName("test")); - ASSERT_EQUALS(p3, set.lookup(PrincipalName("Bob", "test2"))); + ASSERT_EQUALS(p3, set.lookup(UserName("Bob", "test2"))); ASSERT_EQUALS(p3, set.lookupByDBName("test2")); set.removeByDBName("test"); - ASSERT_NULL(set.lookup(PrincipalName("Bob", "test"))); - ASSERT_NULL(set.lookup(PrincipalName("George", "test"))); + ASSERT_NULL(set.lookup(UserName("Bob", "test"))); + ASSERT_NULL(set.lookup(UserName("George", "test"))); ASSERT_NULL(set.lookupByDBName("test")); - ASSERT_EQUALS(p3, set.lookup(PrincipalName("Bob", "test2"))); + ASSERT_EQUALS(p3, set.lookup(UserName("Bob", "test2"))); ASSERT_EQUALS(p3, set.lookupByDBName("test2")); } @@ -84,12 +84,12 @@ namespace { PrincipalSet::NameIterator iter = pset.getNames(); ASSERT(!iter.more()); - pset.add(new Principal(PrincipalName("bob", "test"))); + pset.add(new Principal(UserName("bob", "test"))); iter = pset.getNames(); ASSERT(iter.more()); - ASSERT_EQUALS(*iter, PrincipalName("bob", "test")); - ASSERT_EQUALS(iter.next(), PrincipalName("bob", "test")); + ASSERT_EQUALS(*iter, UserName("bob", "test")); + ASSERT_EQUALS(iter.next(), UserName("bob", "test")); ASSERT(!iter.more()); } diff --git a/src/mongo/db/auth/privilege_set.cpp b/src/mongo/db/auth/privilege_set.cpp index c641b65caea..a04e422f96f 100644 --- a/src/mongo/db/auth/privilege_set.cpp +++ b/src/mongo/db/auth/privilege_set.cpp @@ -34,40 +34,40 @@ namespace mongo { PrivilegeSet::~PrivilegeSet() {} void PrivilegeSet::grantPrivilege(const Privilege& privilege, - const PrincipalName& authorizingPrincipal) { - grantPrivileges(std::vector<Privilege>(1, privilege), authorizingPrincipal); + const UserName& authorizingUser) { + grantPrivileges(std::vector<Privilege>(1, privilege), authorizingUser); } void PrivilegeSet::grantPrivileges(const std::vector<Privilege>& privileges, - const PrincipalName& authorizingPrincipal) { - StringMap<ActionSet>& byResourceForPrincipal = _byPrincipal[authorizingPrincipal]; + const UserName& authorizingUser) { + StringMap<ActionSet>& byResourceForUser = _byUser[authorizingUser]; for (std::vector<Privilege>::const_iterator iter = privileges.begin(), end = privileges.end(); iter != end; ++iter) { - byResourceForPrincipal[iter->getResource()].addAllActionsFromSet(iter->getActions()); + byResourceForUser[iter->getResource()].addAllActionsFromSet(iter->getActions()); ResourcePrivilegeCacheEntry* entry = _lookupOrInsertEntry(iter->getResource()); entry->actions.addAllActionsFromSet(iter->getActions()); } } - void PrivilegeSet::revokePrivilegesFromPrincipal(const PrincipalName& principal) { - PrincipalPrivilegeMap::iterator principalEntry = _byPrincipal.find(principal); - if (principalEntry == _byPrincipal.end()) + void PrivilegeSet::revokePrivilegesFromUser(const UserName& user) { + UserPrivilegeMap::iterator userEntry = _byUser.find(user); + if (userEntry == _byUser.end()) return; - // For every resource that "principal" authorizes, mark its entry in the _byResource table + // For every resource that "user" authorizes, mark its entry in the _byResource table // as dirty, so that it will be rebuilt on next consultation. - for (StringMap<ActionSet>::const_iterator resourceEntry = principalEntry->second.begin(), - end = principalEntry->second.end(); + for (StringMap<ActionSet>::const_iterator resourceEntry = userEntry->second.begin(), + end = userEntry->second.end(); resourceEntry != end; ++resourceEntry) { _lookupOrInsertEntry(resourceEntry->first)->dirty = true; } - // Remove the princiapl from the _byPrincipal table. - _byPrincipal.erase(principalEntry); + // Remove the user from the _byUser table. + _byUser.erase(userEntry); } bool PrivilegeSet::hasPrivilege(const Privilege& desiredPrivilege) { @@ -108,8 +108,8 @@ namespace mongo { const ActionSet emptyActionSet; entry->actions.removeAllActions(); - for (PrincipalPrivilegeMap::const_iterator iter = _byPrincipal.begin(), - end = _byPrincipal.end(); + for (UserPrivilegeMap::const_iterator iter = _byUser.begin(), + end = _byUser.end(); iter != end; ++iter) { entry->actions.addAllActionsFromSet( diff --git a/src/mongo/db/auth/privilege_set.h b/src/mongo/db/auth/privilege_set.h index b9b14c6b2d3..2b34129c144 100644 --- a/src/mongo/db/auth/privilege_set.h +++ b/src/mongo/db/auth/privilege_set.h @@ -21,16 +21,16 @@ #include "mongo/db/auth/action_set.h" #include "mongo/db/auth/action_type.h" #include "mongo/db/auth/privilege.h" -#include "mongo/db/auth/principal_name.h" +#include "mongo/db/auth/user_name.h" #include "mongo/util/string_map.h" namespace mongo { /** - * A collection of privileges describing which authenticated principals bestow the client the + * A collection of privileges describing which authenticated users bestow the client the * ability to perform various actions on specific resources. Since every privilege comes from - * an authenticated principal, removing that principal removes all privileges granted by that - * principal. + * an authenticated user, removing that user removes all privileges granted by that + * user. * * Resources are arranged hierarchically, with a wildcard resource, * PrivilegeSet::WILDCARD_RESOURCE, matching any resource. In the current implementation, the @@ -50,26 +50,26 @@ namespace mongo { ~PrivilegeSet(); /** - * Adds the specified privilege to the set, associating it with the named principal. + * Adds the specified privilege to the set, associating it with the named user. * * The privilege should be on a specific resource, or on the WILDCARD_RESOURCE. */ - void grantPrivilege(const Privilege& privilege, const PrincipalName& authorizingPrincipal); + void grantPrivilege(const Privilege& privilege, const UserName& authorizingUser); /** - * Adds the specified privileges to the set, associating them with the named principal. + * Adds the specified privileges to the set, associating them with the named user. */ void grantPrivileges(const std::vector<Privilege>& privileges, - const PrincipalName& authorizingPrincipal); + const UserName& authorizingUser); /** - * Removes from the set all privileges associated with the given principal. + * Removes from the set all privileges associated with the given user. * - * If multiple princpals enable the same privilege, the set will continue to - * contain those privileges until all authorizing principals have had their + * If multiple users enable the same privilege, the set will continue to + * contain those privileges until all authorizing users have had their * privileges revoked from the set. */ - void revokePrivilegesFromPrincipal(const PrincipalName& principal); + void revokePrivilegesFromUser(const UserName& user); /** * Returns true if the set authorizes "desiredPrivilege". @@ -94,7 +94,7 @@ namespace mongo { * Information about privileges held on a resource. * * Instances are stored in the _byResource map, and accelerate the fast path of - * hasPrivilege(). Privilege revocations via revokePrivilegesFromPrincipal() can make these + * hasPrivilege(). Privilege revocations via revokePrivilegesFromUser() can make these * entries invalid, at which point they are marked "dirty". Dirty entries are rebuilt via * _rebuildEntry(), below, during execution of hasPrivilege(). */ @@ -106,7 +106,7 @@ namespace mongo { ActionSet actions; // False if this data is consistent with the full privilege information, stored in the - // _byPrincipal map. + // _byUser map. bool dirty; }; @@ -116,10 +116,10 @@ namespace mongo { typedef StringMap<ResourcePrivilegeCacheEntry> ResourcePrivilegeCache; /** - * Type of map from principal identity to information about the principal's privileges. The + * Type of map from user identity to information about the user's privileges. The * values in the map are themselves maps from resource names to associated actions. */ - typedef std::map<PrincipalName, StringMap<ActionSet> > PrincipalPrivilegeMap; + typedef std::map<UserName, StringMap<ActionSet> > UserPrivilegeMap; void _rebuildEntry(const StringData& resource, ResourcePrivilegeCacheEntry* summary); @@ -132,8 +132,8 @@ namespace mongo { // Cache of privilege information, by resource. ResourcePrivilegeCache _byResource; - // Directory of privilege information, by principal. - PrincipalPrivilegeMap _byPrincipal; + // Directory of privilege information, by user. + UserPrivilegeMap _byUser; }; } // namespace mongo diff --git a/src/mongo/db/auth/privilege_set_test.cpp b/src/mongo/db/auth/privilege_set_test.cpp index 36af7b82205..235fb7f6b7d 100644 --- a/src/mongo/db/auth/privilege_set_test.cpp +++ b/src/mongo/db/auth/privilege_set_test.cpp @@ -26,14 +26,14 @@ namespace mongo { namespace { - // Convenience methods for outputing PrincipalName and construction ActionSets that make tests + // Convenience methods for outputting UserName and construction ActionSets that make tests // concise, but that we're reluctant to put into the types themselves. - std::ostream& operator<<(std::ostream& os, const PrincipalName& pname) { - return os << pname.toString(); + std::ostream& operator<<(std::ostream& os, const UserName& uname) { + return os << uname.toString(); } - std::ostream& operator<<(std::ostream&os, const std::vector<PrincipalName>& ps) { + std::ostream& operator<<(std::ostream&os, const std::vector<UserName>& ps) { os << "[ "; for (size_t i = 0; i < ps.size(); ++i) os << ps[i] << ' '; @@ -64,8 +64,8 @@ namespace { TEST(PrivilegeSetTest, PrivilegeSet) { PrivilegeSet capSet; - PrincipalName user1("user1", "test"); - PrincipalName user2("user2", "test2"); + UserName user1("user1", "test"); + UserName user2("user2", "test2"); // Initially, the capability set contains no privileges at all. ASSERT_FALSE(capSet.hasPrivilege(Privilege("foo", ActionType::find))); @@ -92,14 +92,14 @@ namespace { ASSERT_TRUE(capSet.hasPrivilege(Privilege("foo", ActionType::find|ActionType::remove))); // Revoke user2's privileges. - capSet.revokePrivilegesFromPrincipal(user2); + capSet.revokePrivilegesFromUser(user2); ASSERT_FALSE(capSet.hasPrivilege(Privilege("foo", ActionType::userAdmin))); ASSERT_FALSE(capSet.hasPrivilege(Privilege("foo", ActionType::find|ActionType::remove))); ASSERT_TRUE(capSet.hasPrivilege(Privilege("foo", ActionType::update))); // Revoke user2's privileges again; should be a no-op. - capSet.revokePrivilegesFromPrincipal(user2); + capSet.revokePrivilegesFromUser(user2); ASSERT_FALSE(capSet.hasPrivilege(Privilege("foo", ActionType::userAdmin))); ASSERT_FALSE(capSet.hasPrivilege(Privilege("foo", ActionType::find|ActionType::remove))); @@ -129,7 +129,7 @@ namespace { ActionType::find|ActionType::update|ActionType::remove))); // Revoke user1's privileges. - capSet.revokePrivilegesFromPrincipal(user1); + capSet.revokePrivilegesFromUser(user1); ASSERT_TRUE(capSet.hasPrivilege(Privilege("foo", ActionType::update))); ASSERT_FALSE(capSet.hasPrivilege(Privilege("foo", ActionType::find))); @@ -137,7 +137,7 @@ namespace { ASSERT_FALSE(capSet.hasPrivilege(Privilege("bar", ActionType::update))); // Revoke user2's privileges. - capSet.revokePrivilegesFromPrincipal(user2); + capSet.revokePrivilegesFromUser(user2); ASSERT_FALSE(capSet.hasPrivilege(Privilege("foo", ActionType::update))); ASSERT_FALSE(capSet.hasPrivilege(Privilege("bar", ActionType::find))); @@ -148,7 +148,7 @@ namespace { PrivilegeSet privSet; - PrincipalName user("user", "db"); + UserName user("user", "db"); Privilege wildcardFind("*", ActionType::find); Privilege wildcardUpdate("*", ActionType::update); Privilege wildcardFindAndUpdate("*", ActionType::find|ActionType::update); @@ -192,7 +192,7 @@ namespace { ASSERT_FALSE(privSet.hasPrivilege(barFindAndUpdate)); // Revoke the granted privileges, and assert that hasPrivilege returns false. - privSet.revokePrivilegesFromPrincipal(user); + privSet.revokePrivilegesFromUser(user); ASSERT_FALSE(privSet.hasPrivilege(wildcardFind)); ASSERT_FALSE(privSet.hasPrivilege(wildcardUpdate)); diff --git a/src/mongo/db/auth/user.cpp b/src/mongo/db/auth/user.cpp index b4c87738b9f..896bb63a8aa 100644 --- a/src/mongo/db/auth/user.cpp +++ b/src/mongo/db/auth/user.cpp @@ -18,9 +18,9 @@ #include <vector> -#include "mongo/db/auth/principal_name.h" #include "mongo/db/auth/privilege.h" #include "mongo/db/auth/role_name.h" +#include "mongo/db/auth/user_name.h" #include "mongo/platform/atomic_word.h" namespace mongo { diff --git a/src/mongo/db/auth/user.h b/src/mongo/db/auth/user.h index 4754b721ec2..77bacf92af5 100644 --- a/src/mongo/db/auth/user.h +++ b/src/mongo/db/auth/user.h @@ -18,17 +18,15 @@ #include <vector> #include "mongo/base/disallow_copying.h" -#include "mongo/db/auth/principal_name.h" #include "mongo/db/auth/privilege.h" #include "mongo/db/auth/role_name.h" +#include "mongo/db/auth/user_name.h" #include "mongo/platform/atomic_word.h" #include "mongo/platform/unordered_map.h" #include "mongo/platform/unordered_set.h" namespace mongo { - typedef PrincipalName UserName; // TODO: remove this and rename PrincipalName->UserName everywhere - /** * Represents a MongoDB user. Stores information about the user necessary for access control * checks and authentications, such as what privileges this user has, as well as what roles diff --git a/src/mongo/db/auth/principal_name.cpp b/src/mongo/db/auth/user_name.cpp index 7c2b6d93cb2..59e7984e1a8 100644 --- a/src/mongo/db/auth/principal_name.cpp +++ b/src/mongo/db/auth/user_name.cpp @@ -13,7 +13,7 @@ * limitations under the License. */ -#include "mongo/db/auth/principal_name.h" +#include "mongo/db/auth/user_name.h" #include <algorithm> #include <string> @@ -23,7 +23,7 @@ namespace mongo { - PrincipalName::PrincipalName(const StringData& user, const StringData& dbname) { + UserName::UserName(const StringData& user, const StringData& dbname) { _fullName.resize(user.size() + dbname.size() + 1); std::string::iterator iter = std::copy(user.rawData(), user.rawData() + user.size(), diff --git a/src/mongo/db/auth/principal_name.h b/src/mongo/db/auth/user_name.h index 2e9ebce8931..7f1ef44b301 100644 --- a/src/mongo/db/auth/principal_name.h +++ b/src/mongo/db/auth/user_name.h @@ -27,24 +27,23 @@ namespace mongo { * * Consists of a "user name" part, and a "database name" part. */ - class PrincipalName { + class UserName { public: - PrincipalName() : _splitPoint(0) {} - PrincipalName(const StringData& user, const StringData& dbname); + UserName() : _splitPoint(0) {} + UserName(const StringData& user, const StringData& dbname); + /** - * Gets the user-name part of a principal name. + * Gets the user part of a UserName. */ StringData getUser() const { return StringData(_fullName).substr(0, _splitPoint); } /** - * Gets the database name part of a principal name. + * Gets the database name part of a UserName. */ StringData getDB() const { return StringData(_fullName).substr(_splitPoint + 1); } /** - * Gets the full name of a principal as a string, formatted as "user@db". - * - * Allowed for keys in non-persistent data structures, such as std::map. + * Gets the full unique name of a user as a string, formatted as "user@db". */ const std::string& getFullName() const { return _fullName; } @@ -58,24 +57,24 @@ namespace mongo { size_t _splitPoint; // The index of the "@" separating the user and db name parts. }; - static inline bool operator==(const PrincipalName& lhs, const PrincipalName& rhs) { + static inline bool operator==(const UserName& lhs, const UserName& rhs) { return lhs.getFullName() == rhs.getFullName(); } - static inline bool operator!=(const PrincipalName& lhs, const PrincipalName& rhs) { + static inline bool operator!=(const UserName& lhs, const UserName& rhs) { return lhs.getFullName() != rhs.getFullName(); } - static inline bool operator<(const PrincipalName& lhs, const PrincipalName& rhs) { + static inline bool operator<(const UserName& lhs, const UserName& rhs) { return lhs.getFullName() < rhs.getFullName(); } } // namespace mongo -// Define hash function for PrincipalNames so they can be keys in std::unordered_map +// Define hash function for UserNames so they can be keys in std::unordered_map MONGO_HASH_NAMESPACE_START - template <> struct hash<mongo::PrincipalName> { - size_t operator()(const mongo::PrincipalName& pname) const { + template <> struct hash<mongo::UserName> { + size_t operator()(const mongo::UserName& pname) const { return hash<std::string>()(pname.getFullName()); } }; diff --git a/src/mongo/db/commands/authentication_commands.cpp b/src/mongo/db/commands/authentication_commands.cpp index 2a18cc2d651..1acf316f394 100644 --- a/src/mongo/db/commands/authentication_commands.cpp +++ b/src/mongo/db/commands/authentication_commands.cpp @@ -153,7 +153,7 @@ namespace mongo { BSONObj userObj; string pwd; Status status = ClientBasic::getCurrent()->getAuthorizationSession()->getPrivilegeDocument( - dbname, PrincipalName(user, dbname), &userObj); + dbname, UserName(user, dbname), &userObj); if (!status.isOK()) { log() << status.reason() << std::endl; errmsg = "auth fails"; @@ -184,7 +184,7 @@ namespace mongo { AuthorizationSession* authorizationSession = ClientBasic::getCurrent()->getAuthorizationSession(); - Principal* principal = new Principal(PrincipalName(user, dbname)); + Principal* principal = new Principal(UserName(user, dbname)); principal->setImplicitPrivilegeAcquisition(true); authorizationSession->addAuthorizedPrincipal(principal); diff --git a/src/mongo/db/dbwebserver.cpp b/src/mongo/db/dbwebserver.cpp index 8f22c55e6e6..a3a77d01211 100644 --- a/src/mongo/db/dbwebserver.cpp +++ b/src/mongo/db/dbwebserver.cpp @@ -78,7 +78,7 @@ namespace mongo { } void _authorizePrincipal(const std::string& principalName, bool readOnly) { - Principal* principal = new Principal(PrincipalName(principalName, "local")); + Principal* principal = new Principal(UserName(principalName, "local")); ActionSet actions = AuthorizationSession::getActionsForOldStyleUser( "admin", readOnly); diff --git a/src/mongo/db/introspect.cpp b/src/mongo/db/introspect.cpp index a7671bc4497..78eccac7406 100644 --- a/src/mongo/db/introspect.cpp +++ b/src/mongo/db/introspect.cpp @@ -41,7 +41,7 @@ namespace { AuthorizationSession* authSession) { PrincipalSet::NameIterator nameIter = authSession->getAuthenticatedPrincipalNames(); - PrincipalName bestUser; + UserName bestUser; if (nameIter.more()) bestUser = *nameIter; diff --git a/src/mongo/scripting/sm_db.cpp b/src/mongo/scripting/sm_db.cpp index f9505b77d60..927a88a77f3 100644 --- a/src/mongo/scripting/sm_db.cpp +++ b/src/mongo/scripting/sm_db.cpp @@ -347,8 +347,8 @@ namespace spidermonkey { break; case 3: params = BSON(saslCommandMechanismFieldName << "MONGODB-CR" << - saslCommandPrincipalSourceFieldName << c.toString(argv[0]) << - saslCommandPrincipalFieldName << c.toString(argv[1]) << + saslCommandUserSourceFieldName << c.toString(argv[0]) << + saslCommandUserFieldName << c.toString(argv[1]) << saslCommandPasswordFieldName << c.toString(argv[2])); break; default: diff --git a/src/mongo/scripting/v8_db.cpp b/src/mongo/scripting/v8_db.cpp index f6201c7ca94..c2057b0e086 100644 --- a/src/mongo/scripting/v8_db.cpp +++ b/src/mongo/scripting/v8_db.cpp @@ -311,8 +311,8 @@ namespace mongo { break; case 3: params = BSON(saslCommandMechanismFieldName << "MONGODB-CR" << - saslCommandPrincipalSourceFieldName << toSTLString(args[0]) << - saslCommandPrincipalFieldName << toSTLString(args[1]) << + saslCommandUserSourceFieldName << toSTLString(args[0]) << + saslCommandUserFieldName << toSTLString(args[1]) << saslCommandPasswordFieldName << toSTLString(args[2])); break; default: diff --git a/src/mongo/shell/dbshell.cpp b/src/mongo/shell/dbshell.cpp index 47712ed67ab..cfaeef04433 100644 --- a/src/mongo/shell/dbshell.cpp +++ b/src/mongo/shell/dbshell.cpp @@ -886,7 +886,7 @@ int _main( int argc, char* argv[], char **envp ) { "\");" << endl; } authStringStream << "authDb._authOrThrow({ " << - saslCommandPrincipalFieldName << ": username, " << + saslCommandUserFieldName << ": username, " << saslCommandPasswordFieldName << ": password });" << endl; } authStringStream << "}())"; diff --git a/src/mongo/tools/tool.cpp b/src/mongo/tools/tool.cpp index c15f40d5e11..518f7dd1c62 100644 --- a/src/mongo/tools/tool.cpp +++ b/src/mongo/tools/tool.cpp @@ -441,8 +441,8 @@ namespace mongo { return; } - _conn->auth( BSON( saslCommandPrincipalSourceFieldName << getAuthenticationDatabase() << - saslCommandPrincipalFieldName << _username << + _conn->auth( BSON( saslCommandUserSourceFieldName << getAuthenticationDatabase() << + saslCommandUserFieldName << _username << saslCommandPasswordFieldName << _password << saslCommandMechanismFieldName << _authenticationMechanism ) ); } |