diff options
24 files changed, 86 insertions, 64 deletions
diff --git a/src/mongo/client/dbclient.cpp b/src/mongo/client/dbclient.cpp index 67c480dc2f5..1bc89113208 100644 --- a/src/mongo/client/dbclient.cpp +++ b/src/mongo/client/dbclient.cpp @@ -38,6 +38,8 @@ namespace mongo { AtomicInt64 DBClientBase::ConnectionIdSequence; + const char* const saslCommandUserSourceFieldName = "userSource"; + void ConnectionString::_fillServers( string s ) { // @@ -527,15 +529,27 @@ namespace mongo { void DBClientWithCommands::_auth(const BSONObj& params) { std::string mechanism; + uassertStatusOK(bsonExtractStringField(params, saslCommandMechanismFieldName, &mechanism)); + uassert(17232, "You cannot specify both 'db' and 'userSource'. Please use only 'db'.", + !(params.hasField(saslCommandUserDBFieldName) + && params.hasField(saslCommandUserSourceFieldName))); + if (mechanism == StringData("MONGODB-CR", StringData::LiteralTag())) { - std::string userSource; - uassertStatusOK(bsonExtractStringField(params, - saslCommandUserSourceFieldName, - &userSource)); + std::string db; + if (params.hasField(saslCommandUserSourceFieldName)) { + uassertStatusOK(bsonExtractStringField(params, + saslCommandUserSourceFieldName, + &db)); + } + else { + uassertStatusOK(bsonExtractStringField(params, + saslCommandUserDBFieldName, + &db)); + } std::string user; uassertStatusOK(bsonExtractStringField(params, saslCommandUserFieldName, @@ -552,14 +566,21 @@ namespace mongo { BSONObj result; uassert(result["code"].Int(), result.toString(), - _authMongoCR(userSource, user, password, &result, digestPassword)); + _authMongoCR(db, user, password, &result, digestPassword)); } #ifdef MONGO_SSL else if (mechanism == StringData("MONGODB-X509", StringData::LiteralTag())){ - std::string userSource; - uassertStatusOK(bsonExtractStringField(params, - saslCommandUserSourceFieldName, - &userSource)); + std::string db; + if (params.hasField(saslCommandUserSourceFieldName)) { + uassertStatusOK(bsonExtractStringField(params, + saslCommandUserSourceFieldName, + &db)); + } + else { + uassertStatusOK(bsonExtractStringField(params, + saslCommandUserDBFieldName, + &db)); + } std::string user; uassertStatusOK(bsonExtractStringField(params, saslCommandUserFieldName, @@ -579,7 +600,7 @@ namespace mongo { BSONObj result; uassert(result["code"].Int(), result.toString(), - _authX509(userSource, user, &result)); + _authX509(db, user, &result)); } #endif else if (saslClientAuthenticate != NULL) { @@ -602,7 +623,7 @@ namespace mongo { bool digestPassword) { try { _auth(BSON(saslCommandMechanismFieldName << "MONGODB-CR" << - saslCommandUserSourceFieldName << dbname << + saslCommandUserDBFieldName << dbname << saslCommandUserFieldName << username << saslCommandPasswordFieldName << password_text << saslCommandDigestPasswordFieldName << digestPassword)); @@ -819,7 +840,7 @@ namespace mongo { /* note we remember the auth info before we attempt to auth -- if the connection is broken, we will then have it for the next autoreconnect attempt. */ - authCache[params[saslCommandUserSourceFieldName].str()] = params.getOwned(); + authCache[params[saslCommandUserDBFieldName].str()] = params.getOwned(); } DBClientBase::_auth(params); @@ -944,7 +965,7 @@ namespace mongo { if (ex.getCode() != ErrorCodes::AuthenticationFailed) throw; LOG(_logLevel) << "reconnect: auth failed " << - i->second[saslCommandUserSourceFieldName] << + i->second[saslCommandUserDBFieldName] << i->second[saslCommandUserFieldName] << ' ' << ex.what() << std::endl; } diff --git a/src/mongo/client/dbclient_rs.cpp b/src/mongo/client/dbclient_rs.cpp index 7e3f9bd794f..52e9b4c8af6 100644 --- a/src/mongo/client/dbclient_rs.cpp +++ b/src/mongo/client/dbclient_rs.cpp @@ -1530,7 +1530,7 @@ namespace mongo { } catch (const UserException&) { warning() << "cached auth failed for set: " << _setName << - " db: " << i->second[saslCommandUserSourceFieldName].str() << + " db: " << i->second[saslCommandUserDBFieldName].str() << " user: " << i->second[saslCommandUserFieldName].str() << endl; } } @@ -1583,7 +1583,7 @@ namespace mongo { } // now that it does, we should save so that for a new node we can auth - _auths[params[saslCommandUserSourceFieldName].str()] = params.getOwned(); + _auths[params[saslCommandUserDBFieldName].str()] = params.getOwned(); } void DBClientReplicaSet::logout(const string &dbname, BSONObj& info) { diff --git a/src/mongo/client/dbclientinterface.h b/src/mongo/client/dbclientinterface.h index aac031d0362..49226fb03c5 100644 --- a/src/mongo/client/dbclientinterface.h +++ b/src/mongo/client/dbclientinterface.h @@ -619,7 +619,7 @@ namespace mongo { * * "mechanism": The string name of the sasl mechanism to use. Mandatory. * "user": The string name of the user to authenticate. Mandatory. - * "userSource": The database target of the auth command, which identifies the location + * "db": The database target of the auth command, which identifies the location * of the credential information for the user. May be "$external" if * credential information is stored outside of the mongo cluster. Mandatory. * "pwd": The password data. diff --git a/src/mongo/client/examples/authTest.cpp b/src/mongo/client/examples/authTest.cpp index 194590d027c..98ac677b096 100644 --- a/src/mongo/client/examples/authTest.cpp +++ b/src/mongo/client/examples/authTest.cpp @@ -59,13 +59,13 @@ int main( int argc, const char **argv ) { errmsg.clear(); conn->auth(BSON("user" << "eliot" << - "userSource" << "test" << + "db" << "test" << "pwd" << "bar" << "mechanism" << "MONGODB-CR")); try { conn->auth(BSON("user" << "eliot" << - "userSource" << "test" << + "db" << "test" << "pwd" << "bars" << // incorrect password "mechanism" << "MONGODB-CR")); // Shouldn't get here. diff --git a/src/mongo/client/sasl_client_authenticate.cpp b/src/mongo/client/sasl_client_authenticate.cpp index 040cc50b5ef..250e40f746d 100644 --- a/src/mongo/client/sasl_client_authenticate.cpp +++ b/src/mongo/client/sasl_client_authenticate.cpp @@ -40,8 +40,8 @@ namespace mongo { const char* const saslCommandMechanismListFieldName = "supportedMechanisms"; const char* const saslCommandPasswordFieldName = "pwd"; const char* const saslCommandPayloadFieldName = "payload"; + const char* const saslCommandUserDBFieldName = "db"; const char* const saslCommandUserFieldName = "user"; - const char* const saslCommandUserSourceFieldName = "userSource"; const char* const saslCommandServiceHostnameFieldName = "serviceHostname"; const char* const saslCommandServiceNameFieldName = "serviceName"; const char* const saslCommandDigestPasswordFieldName = "digestPassword"; diff --git a/src/mongo/client/sasl_client_authenticate.h b/src/mongo/client/sasl_client_authenticate.h index 621b0eaf3ef..71f2a319480 100644 --- a/src/mongo/client/sasl_client_authenticate.h +++ b/src/mongo/client/sasl_client_authenticate.h @@ -41,7 +41,7 @@ namespace mongo { * all resources after successful authentication, which is the default. Falsey values * instruct the server to await separate privilege-acquisition commands. * "user": The string name of the user to authenticate. - * "userSource": The database target of the auth command, which identifies the location + * "db": The database target of the auth command, which identifies the location * of the credential information for the user. May be "$external" if credential * information is stored outside of the mongo cluster. * "pwd": The password. @@ -113,7 +113,7 @@ namespace mongo { /// Field containing the string identifier of the database containing credential information, /// or "$external" if the credential information is stored outside of the mongo cluster. - extern const char* const saslCommandUserSourceFieldName; + extern const char* const saslCommandUserDBFieldName; /// Field overriding the FQDN of the hostname hosting the mongodb srevice in /// saslClientAuthenticate(). diff --git a/src/mongo/client/sasl_client_authenticate_impl.cpp b/src/mongo/client/sasl_client_authenticate_impl.cpp index 83e0c5ebdd0..df87d39a25f 100644 --- a/src/mongo/client/sasl_client_authenticate_impl.cpp +++ b/src/mongo/client/sasl_client_authenticate_impl.cpp @@ -170,7 +170,7 @@ namespace { std::string targetDatabase; try { Status status = bsonExtractStringFieldWithDefault(saslParameters, - saslCommandUserSourceFieldName, + saslCommandUserDBFieldName, saslDefaultDBName, &targetDatabase); if (!status.isOK()) diff --git a/src/mongo/db/auth/auth_index_d.cpp b/src/mongo/db/auth/auth_index_d.cpp index 2e2490f746f..eb1e8bdbfe4 100644 --- a/src/mongo/db/auth/auth_index_d.cpp +++ b/src/mongo/db/auth/auth_index_d.cpp @@ -55,13 +55,13 @@ namespace { v1SystemUsersKeyPattern = BSON(AuthorizationManager::V1_USER_NAME_FIELD_NAME << 1 << AuthorizationManager::V1_USER_SOURCE_FIELD_NAME << 1); v2SystemUsersKeyPattern = BSON(AuthorizationManager::USER_NAME_FIELD_NAME << 1 << - AuthorizationManager::USER_SOURCE_FIELD_NAME << 1); + AuthorizationManager::USER_DB_FIELD_NAME << 1); v2SystemRolesKeyPattern = BSON(AuthorizationManager::ROLE_NAME_FIELD_NAME << 1 << AuthorizationManager::ROLE_SOURCE_FIELD_NAME << 1); v2SystemUsersIndexName = std::string( str::stream() << AuthorizationManager::USER_NAME_FIELD_NAME << "_1_" << - AuthorizationManager::USER_SOURCE_FIELD_NAME << "_1"); + AuthorizationManager::USER_DB_FIELD_NAME << "_1"); v2SystemRolesIndexName = std::string( str::stream() << AuthorizationManager::ROLE_NAME_FIELD_NAME << "_1_" << diff --git a/src/mongo/db/auth/authorization_manager.cpp b/src/mongo/db/auth/authorization_manager.cpp index 032425a4135..e570489cd9e 100644 --- a/src/mongo/db/auth/authorization_manager.cpp +++ b/src/mongo/db/auth/authorization_manager.cpp @@ -76,7 +76,7 @@ namespace mongo { } const std::string AuthorizationManager::USER_NAME_FIELD_NAME = "user"; - const std::string AuthorizationManager::USER_SOURCE_FIELD_NAME = "db"; + const std::string AuthorizationManager::USER_DB_FIELD_NAME = "db"; const std::string AuthorizationManager::ROLE_NAME_FIELD_NAME = "role"; const std::string AuthorizationManager::ROLE_SOURCE_FIELD_NAME = "db"; const std::string AuthorizationManager::PASSWORD_FIELD_NAME = "pwd"; @@ -863,7 +863,7 @@ namespace mongo { const UserName& name = user.getName(); builder.append(AuthorizationManager::USER_NAME_FIELD_NAME, name.getUser()); - builder.append(AuthorizationManager::USER_SOURCE_FIELD_NAME, name.getDB()); + builder.append(AuthorizationManager::USER_DB_FIELD_NAME, name.getDB()); const User::CredentialData& credentials = user.getCredentials(); if (!credentials.isExternal) { @@ -878,7 +878,7 @@ namespace mongo { const RoleName& role = roles.next(); BSONObjBuilder roleBuilder(rolesArray.subobjStart()); roleBuilder.append(AuthorizationManager::USER_NAME_FIELD_NAME, role.getRole()); - roleBuilder.append(AuthorizationManager::USER_SOURCE_FIELD_NAME, role.getDB()); + roleBuilder.append(AuthorizationManager::USER_DB_FIELD_NAME, role.getDB()); roleBuilder.doneFast(); } rolesArray.doneFast(); @@ -971,7 +971,7 @@ namespace mongo { return status; status = _externalState->createIndex( newusersCollectionNamespace, - BSON(USER_NAME_FIELD_NAME << 1 << USER_SOURCE_FIELD_NAME << 1), + BSON(USER_NAME_FIELD_NAME << 1 << USER_DB_FIELD_NAME << 1), true, // unique writeConcern ); diff --git a/src/mongo/db/auth/authorization_manager.h b/src/mongo/db/auth/authorization_manager.h index 6cc0ae093a4..c1621d8390e 100644 --- a/src/mongo/db/auth/authorization_manager.h +++ b/src/mongo/db/auth/authorization_manager.h @@ -75,7 +75,7 @@ namespace mongo { ~AuthorizationManager(); static const std::string USER_NAME_FIELD_NAME; - static const std::string USER_SOURCE_FIELD_NAME; + static const std::string USER_DB_FIELD_NAME; static const std::string ROLE_NAME_FIELD_NAME; static const std::string ROLE_SOURCE_FIELD_NAME; static const std::string PASSWORD_FIELD_NAME; diff --git a/src/mongo/db/auth/authz_manager_external_state.cpp b/src/mongo/db/auth/authz_manager_external_state.cpp index 10ab4a32360..abc118b2212 100644 --- a/src/mongo/db/auth/authz_manager_external_state.cpp +++ b/src/mongo/db/auth/authz_manager_external_state.cpp @@ -102,7 +102,7 @@ namespace mongo { } if (status.code() == ErrorCodes::DuplicateKey) { std::string name = userObj[AuthorizationManager::USER_NAME_FIELD_NAME].String(); - std::string source = userObj[AuthorizationManager::USER_SOURCE_FIELD_NAME].String(); + std::string source = userObj[AuthorizationManager::USER_DB_FIELD_NAME].String(); return Status(ErrorCodes::DuplicateKey, mongoutils::str::stream() << "User \"" << name << "@" << source << "\" already exists"); @@ -118,7 +118,7 @@ namespace mongo { Status status = updateOne( NamespaceString("admin.system.users"), BSON(AuthorizationManager::USER_NAME_FIELD_NAME << user.getUser() << - AuthorizationManager::USER_SOURCE_FIELD_NAME << user.getDB()), + AuthorizationManager::USER_DB_FIELD_NAME << user.getDB()), updateObj, false, writeConcern); diff --git a/src/mongo/db/auth/authz_manager_external_state_d.cpp b/src/mongo/db/auth/authz_manager_external_state_d.cpp index 99c61c95fb4..a11b52eb6b3 100644 --- a/src/mongo/db/auth/authz_manager_external_state_d.cpp +++ b/src/mongo/db/auth/authz_manager_external_state_d.cpp @@ -146,7 +146,7 @@ namespace { Status status = _findUser( "admin.system.users", BSON(AuthorizationManager::USER_NAME_FIELD_NAME << userName.getUser() << - AuthorizationManager::USER_SOURCE_FIELD_NAME << userName.getDB()), + AuthorizationManager::USER_DB_FIELD_NAME << userName.getDB()), &userDoc); if (!status.isOK()) return status; diff --git a/src/mongo/db/auth/authz_manager_external_state_mock.cpp b/src/mongo/db/auth/authz_manager_external_state_mock.cpp index 8002baa577e..d0e6ee99bd3 100644 --- a/src/mongo/db/auth/authz_manager_external_state_mock.cpp +++ b/src/mongo/db/auth/authz_manager_external_state_mock.cpp @@ -99,7 +99,7 @@ namespace { Status status = _findUser( "admin.system.users", BSON(AuthorizationManager::USER_NAME_FIELD_NAME << userName.getUser() << - AuthorizationManager::USER_SOURCE_FIELD_NAME << userName.getDB()), + AuthorizationManager::USER_DB_FIELD_NAME << userName.getDB()), &privDoc); if (!status.isOK()) return status; diff --git a/src/mongo/db/auth/authz_manager_external_state_s.cpp b/src/mongo/db/auth/authz_manager_external_state_s.cpp index 6a21fc9ef93..2af8e2d74b4 100644 --- a/src/mongo/db/auth/authz_manager_external_state_s.cpp +++ b/src/mongo/db/auth/authz_manager_external_state_s.cpp @@ -120,7 +120,7 @@ namespace { BSON("usersInfo" << BSON_ARRAY(BSON(AuthorizationManager::USER_NAME_FIELD_NAME << userName.getUser() << - AuthorizationManager::USER_SOURCE_FIELD_NAME << + AuthorizationManager::USER_DB_FIELD_NAME << userName.getDB())) << "showPrivileges" << true << "showCredentials" << true), diff --git a/src/mongo/db/auth/security_key.cpp b/src/mongo/db/auth/security_key.cpp index 7227c025511..3ebf9a59044 100644 --- a/src/mongo/db/auth/security_key.cpp +++ b/src/mongo/db/auth/security_key.cpp @@ -145,7 +145,7 @@ namespace mongo { serverGlobalParams.clusterAuthMode == "sendKeyFile") { setInternalUserAuthParams( BSON(saslCommandMechanismFieldName << "MONGODB-CR" << - saslCommandUserSourceFieldName << + saslCommandUserDBFieldName << internalSecurity.user->getName().getDB() << saslCommandUserFieldName << internalSecurity.user->getName().getUser() << saslCommandPasswordFieldName << credentials.password << diff --git a/src/mongo/db/auth/user_document_parser.cpp b/src/mongo/db/auth/user_document_parser.cpp index ce3b66543af..088d226eec6 100644 --- a/src/mongo/db/auth/user_document_parser.cpp +++ b/src/mongo/db/auth/user_document_parser.cpp @@ -226,7 +226,7 @@ namespace { Status V2UserDocumentParser::checkValidUserDocument(const BSONObj& doc) const { BSONElement userElement = doc[AuthorizationManager::USER_NAME_FIELD_NAME]; - BSONElement userSourceElement = doc[AuthorizationManager::USER_SOURCE_FIELD_NAME]; + BSONElement userDBElement = doc[AuthorizationManager::USER_DB_FIELD_NAME]; BSONElement credentialsElement = doc[CREDENTIALS_FIELD_NAME]; BSONElement rolesElement = doc[ROLES_FIELD_NAME]; @@ -236,14 +236,14 @@ namespace { if (makeStringDataFromBSONElement(userElement).empty()) return _badValue("User document needs 'user' field to be non-empty", 0); - // Validate the "userSource" element - if (userSourceElement.type() != String || - makeStringDataFromBSONElement(userSourceElement).empty()) { + // Validate the "db" element + if (userDBElement.type() != String || + makeStringDataFromBSONElement(userDBElement).empty()) { return _badValue("User document needs 'db' field to be a non-empty string", 0); } - StringData userSourceStr = makeStringDataFromBSONElement(userSourceElement); - if (!NamespaceString::validDBName(userSourceStr) && userSourceStr != "$external") { - return _badValue(mongoutils::str::stream() << "'" << userSourceStr << + StringData userDBStr = makeStringDataFromBSONElement(userDBElement); + if (!NamespaceString::validDBName(userDBStr) && userDBStr != "$external") { + return _badValue(mongoutils::str::stream() << "'" << userDBStr << "' is not a valid value for the db field.", 0); } @@ -262,7 +262,7 @@ namespace { return _badValue("User document needs 'credentials' field to be a non-empty object", 0); } - if (userSourceStr == "$external") { + if (userDBStr == "$external") { BSONElement externalElement = credentialsObj[MONGODB_EXTERNAL_CREDENTIAL_FIELD_NAME]; if (externalElement.eoo() || externalElement.type() != Bool || !externalElement.Bool()) { @@ -298,14 +298,14 @@ namespace { Status V2UserDocumentParser::initializeUserCredentialsFromUserDocument( User* user, const BSONObj& privDoc) const { User::CredentialData credentials; - std::string userSource = privDoc[AuthorizationManager::USER_SOURCE_FIELD_NAME].String(); + std::string userDB = privDoc[AuthorizationManager::USER_DB_FIELD_NAME].String(); BSONElement credentialsElement = privDoc[CREDENTIALS_FIELD_NAME]; if (!credentialsElement.eoo()) { if (credentialsElement.type() != Object) { return Status(ErrorCodes::UnsupportedFormat, "'credentials' field in user documents must be an object"); } - if (userSource == "$external") { + if (userDB == "$external") { BSONElement externalCredentialElement = credentialsElement.Obj()[MONGODB_EXTERNAL_CREDENTIAL_FIELD_NAME]; if (!externalCredentialElement.eoo()) { diff --git a/src/mongo/db/auth/user_management_commands_parser.cpp b/src/mongo/db/auth/user_management_commands_parser.cpp index cc2615ad13b..6e406055f06 100644 --- a/src/mongo/db/auth/user_management_commands_parser.cpp +++ b/src/mongo/db/auth/user_management_commands_parser.cpp @@ -143,7 +143,7 @@ namespace auth { return _parseNamesFromBSONArray(usersArray, dbname, AuthorizationManager::USER_NAME_FIELD_NAME, - AuthorizationManager::USER_SOURCE_FIELD_NAME, + AuthorizationManager::USER_DB_FIELD_NAME, parsedUserNames); } @@ -371,7 +371,7 @@ namespace auth { status = _parseNameFromBSONElement(cmdObj["usersInfo"], dbname, AuthorizationManager::USER_NAME_FIELD_NAME, - AuthorizationManager::USER_SOURCE_FIELD_NAME, + AuthorizationManager::USER_DB_FIELD_NAME, &name); if (!status.isOK()) { return status; diff --git a/src/mongo/db/commands/user_management_commands.cpp b/src/mongo/db/commands/user_management_commands.cpp index f88123449d5..2a6f78c918b 100644 --- a/src/mongo/db/commands/user_management_commands.cpp +++ b/src/mongo/db/commands/user_management_commands.cpp @@ -358,7 +358,7 @@ namespace mongo { args.userName.getUser()); userObjBuilder.append(AuthorizationManager::USER_NAME_FIELD_NAME, args.userName.getUser()); - userObjBuilder.append(AuthorizationManager::USER_SOURCE_FIELD_NAME, + userObjBuilder.append(AuthorizationManager::USER_DB_FIELD_NAME, args.userName.getDB()); if (args.hasHashedPassword) { userObjBuilder.append("credentials", BSON("MONGODB-CR" << args.hashedPassword)); @@ -663,7 +663,7 @@ namespace mongo { status = authzManager->removePrivilegeDocuments( BSON(AuthorizationManager::USER_NAME_FIELD_NAME << userName.getUser() << - AuthorizationManager::USER_SOURCE_FIELD_NAME << userName.getDB()), + AuthorizationManager::USER_DB_FIELD_NAME << userName.getDB()), writeConcern, &numUpdated); // Must invalidate even on bad status - what if the write succeeded but the GLE failed? @@ -754,7 +754,7 @@ namespace mongo { audit::logDropAllUsersFromDatabase(ClientBasic::getCurrent(), dbname); status = authzManager->removePrivilegeDocuments( - BSON(AuthorizationManager::USER_SOURCE_FIELD_NAME << dbname), + BSON(AuthorizationManager::USER_DB_FIELD_NAME << dbname), writeConcern, &numRemoved); // Must invalidate even on bad status - what if the write succeeded but the GLE failed? @@ -1114,13 +1114,13 @@ namespace mongo { // If you don't need privileges, you can just do a regular query on system.users BSONObjBuilder queryBuilder; if (args.allForDB) { - queryBuilder.append(AuthorizationManager::USER_SOURCE_FIELD_NAME, dbname); + queryBuilder.append(AuthorizationManager::USER_DB_FIELD_NAME, dbname); } else { BSONArrayBuilder usersMatchArray; for (size_t i = 0; i < args.userNames.size(); ++i) { usersMatchArray.append(BSON(AuthorizationManager::USER_NAME_FIELD_NAME << args.userNames[i].getUser() << - AuthorizationManager::USER_SOURCE_FIELD_NAME << + AuthorizationManager::USER_DB_FIELD_NAME << args.userNames[i].getDB())); } queryBuilder.append("$or", usersMatchArray.arr()); diff --git a/src/mongo/db/initialize_server_global_state.cpp b/src/mongo/db/initialize_server_global_state.cpp index d9324cd3ae5..3e40a4da25c 100644 --- a/src/mongo/db/initialize_server_global_state.cpp +++ b/src/mongo/db/initialize_server_global_state.cpp @@ -337,7 +337,7 @@ namespace mongo { if (serverGlobalParams.clusterAuthMode == "x509" || serverGlobalParams.clusterAuthMode == "sendX509") { setInternalUserAuthParams(BSON(saslCommandMechanismFieldName << "MONGODB-X509" << - saslCommandUserSourceFieldName << "$external" << + saslCommandUserDBFieldName << "$external" << saslCommandUserFieldName << getSSLManager()->getClientSubjectName())); } diff --git a/src/mongo/db/introspect.cpp b/src/mongo/db/introspect.cpp index 4642e9655d1..09d1ca58a80 100644 --- a/src/mongo/db/introspect.cpp +++ b/src/mongo/db/introspect.cpp @@ -64,7 +64,7 @@ namespace { for ( ; nameIter.more(); nameIter.next()) { BSONObjBuilder nextUser(allUsers.subobjStart()); nextUser.append(AuthorizationManager::USER_NAME_FIELD_NAME, nameIter->getUser()); - nextUser.append(AuthorizationManager::USER_SOURCE_FIELD_NAME, nameIter->getDB()); + nextUser.append(AuthorizationManager::USER_DB_FIELD_NAME, nameIter->getDB()); nextUser.doneFast(); if (nameIter->getDB() == opdb) { diff --git a/src/mongo/scripting/v8_db.cpp b/src/mongo/scripting/v8_db.cpp index 2926dc68ebd..e43eeaf07ba 100644 --- a/src/mongo/scripting/v8_db.cpp +++ b/src/mongo/scripting/v8_db.cpp @@ -342,7 +342,7 @@ namespace mongo { break; case 3: params = BSON(saslCommandMechanismFieldName << "MONGODB-CR" << - saslCommandUserSourceFieldName << toSTLString(args[0]) << + saslCommandUserDBFieldName << toSTLString(args[0]) << saslCommandUserFieldName << toSTLString(args[1]) << saslCommandPasswordFieldName << toSTLString(args[2])); break; diff --git a/src/mongo/shell/db.js b/src/mongo/shell/db.js index bf921b4c052..e5c6e574529 100644 --- a/src/mongo/shell/db.js +++ b/src/mongo/shell/db.js @@ -1191,12 +1191,11 @@ DB.prototype._authOrThrow = function () { if (params.mechanism === undefined) params.mechanism = this._defaultAuthenticationMechanism; - if (params.userSource !== undefined) { - throw Error("Do not override userSource field on db.auth(). " + - "Use getMongo().auth(), instead."); + if (params.db !== undefined) { + throw Error("Do not override db field on db.auth(). Use getMongo().auth(), instead."); } - params.userSource = this.getName(); + params.db = this.getName(); var good = this.getMongo().auth(params); if (good) { // auth enabled, and should try to use isMaster and replSetGetStatus to build prompt diff --git a/src/mongo/tools/stat.cpp b/src/mongo/tools/stat.cpp index ac06925102c..d425cb50163 100644 --- a/src/mongo/tools/stat.cpp +++ b/src/mongo/tools/stat.cpp @@ -22,6 +22,7 @@ #include "mongo/base/init.h" #include "mongo/client/dbclientcursor.h" +#include "mongo/client/sasl_client_authenticate.h" #include "mongo/db/jsobjmanipulator.h" #include "mongo/db/json.h" #include "mongo/s/type_shard.h" @@ -294,10 +295,11 @@ namespace mongo { state->thr.reset( new boost::thread( boost::bind( serverThread, state, (int)ceil(_statUtil.getSeconds()) ) ) ); - state->authParams = BSON( "user" << toolGlobalParams.username << - "pwd" << toolGlobalParams.password << - "userSource" << getAuthenticationDatabase() << - "mechanism" << toolGlobalParams.authenticationMechanism ); + state->authParams = BSON(saslCommandUserFieldName << toolGlobalParams.username + << saslCommandPasswordFieldName << toolGlobalParams.password + << saslCommandUserDBFieldName << getAuthenticationDatabase() + << saslCommandMechanismFieldName + << toolGlobalParams.authenticationMechanism); return true; } diff --git a/src/mongo/tools/tool.cpp b/src/mongo/tools/tool.cpp index 155ea30494d..7691a4ecf6b 100644 --- a/src/mongo/tools/tool.cpp +++ b/src/mongo/tools/tool.cpp @@ -232,7 +232,7 @@ namespace mongo { return; } - _conn->auth(BSON(saslCommandUserSourceFieldName << getAuthenticationDatabase() << + _conn->auth(BSON(saslCommandUserDBFieldName << getAuthenticationDatabase() << saslCommandUserFieldName << toolGlobalParams.username << saslCommandPasswordFieldName << toolGlobalParams.password << saslCommandMechanismFieldName << |