summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--jstests/auth/auth1.js3
-rw-r--r--jstests/auth/basic_role_auth.js2
-rw-r--r--jstests/auth/implicit_privileges.js9
-rw-r--r--jstests/auth/mr_auth.js2
-rw-r--r--jstests/auth1.js13
-rw-r--r--jstests/connection_status.js2
-rw-r--r--jstests/profile3.js2
-rw-r--r--jstests/profile4.js2
-rw-r--r--jstests/sharding/authmr.js2
-rw-r--r--jstests/sharding/authwhere.js2
-rw-r--r--jstests/tool/dumpauth.js2
-rw-r--r--jstests/tool/stat1.js3
-rw-r--r--src/mongo/db/auth/authorization_session.cpp6
-rw-r--r--src/mongo/shell/db.js44
14 files changed, 66 insertions, 28 deletions
diff --git a/jstests/auth/auth1.js b/jstests/auth/auth1.js
index ad5a579feb8..b5ff80d7bbe 100644
--- a/jstests/auth/auth1.js
+++ b/jstests/auth/auth1.js
@@ -16,8 +16,7 @@ mro = new Mongo(m.host);
dbRO = mro.getDB( "test" );
tRO = dbRO[ baseName ];
-users = db.getCollection( "system.users" );
-users.remove( {} );
+db.removeAllUsers();
db.addUser( "eliot" , "eliot" );
db.addUser( "guest" , "guest", true );
diff --git a/jstests/auth/basic_role_auth.js b/jstests/auth/basic_role_auth.js
index ff57511a54e..59f4e0a3d93 100644
--- a/jstests/auth/basic_role_auth.js
+++ b/jstests/auth/basic_role_auth.js
@@ -192,7 +192,7 @@ var testOps = function(db, allowedActions) {
checkErr(allowedActions.hasOwnProperty('user_w'), function() {
db.addUser('a', 'a');
- db.system.users.remove({ user: 'a' });
+ db.removeUser('a');
}, db);
// Test for kill cursor
diff --git a/jstests/auth/implicit_privileges.js b/jstests/auth/implicit_privileges.js
index 7b72d7931be..a02f4b1954b 100644
--- a/jstests/auth/implicit_privileges.js
+++ b/jstests/auth/implicit_privileges.js
@@ -42,14 +42,15 @@ var admin = conn.getDB("admin");
var test = conn.getDB("test");
var test2 = conn.getDB("test2");
-assertInsertSucceeds(admin.system.users,
- { user: 'root',
- pwd: hex_md5('root:mongo:a'),
+assert.commandWorked(admin.runCommand(
+ { createUser: 1,
+ user: 'root',
+ pwd: 'a',
roles: ["clusterAdmin",
"readWriteAnyDatabase",
"dbAdminAnyDatabase",
"userAdminAnyDatabase"]
- });
+ }));
var andyAddUserCommandTestDb = {
createUser: 1,
diff --git a/jstests/auth/mr_auth.js b/jstests/auth/mr_auth.js
index 386853441e7..c4384c9bdad 100644
--- a/jstests/auth/mr_auth.js
+++ b/jstests/auth/mr_auth.js
@@ -20,7 +20,7 @@ var t = d[ baseName ];
for( var i = 0; i < 1000; i++) t.insert( {_id:i, x:i%10, y:i%100} );
assert.eq( 1000, t.count(), "inserts failed" );
-d.system.users.remove( {} );
+d.removeAllUsers();
d.addUser( "write" , "write" );
d.addUser( "read" , "read", true );
d.getSisterDB( "admin" ).addUser( "admin", "admin" );
diff --git a/jstests/auth1.js b/jstests/auth1.js
index 66907ca9a1a..5bb7bc5e908 100644
--- a/jstests/auth1.js
+++ b/jstests/auth1.js
@@ -1,5 +1,4 @@
-users = db.getCollection( "system.users" );
-users.remove( {} );
+db.removeAllUsers();
pass = "a" + Math.random();
//print( "password [" + pass + "]" );
@@ -21,15 +20,13 @@ assert( ! db.auth( "eliot" , pass2 ) , "didn't remove user" );
var a = db.getMongo().getDB( "admin" );
-users = a.getCollection( "system.users" );
-users.remove( {} );
+a.removeAllUsers();
pass = "c" + Math.random();
a.addUser( "super", pass, false, 1 );
assert( a.auth( "super" , pass ) , "auth failed" );
assert( !a.auth( "super" , pass + "a" ) , "auth should have failed" );
-users = db.getCollection( "system.users" );
-users.remove( {} );
+db.removeAllUsers();
pass = "a" + Math.random();
db.addUser( "eliot" , pass, false, 1 );
@@ -53,5 +50,5 @@ assert( before > 0 , "C3" )
assert.eq( before , after , "C4" )
// Clean up after ourselves so other tests using authentication don't get messed up.
-db.system.users.remove({})
-db.getSiblingDB('admin').system.users.remove({})
+db.removeAllUsers()
+db.getSiblingDB('admin').removeAllUsers();
diff --git a/jstests/connection_status.js b/jstests/connection_status.js
index c3da02e1c4b..6b4449be2f8 100644
--- a/jstests/connection_status.js
+++ b/jstests/connection_status.js
@@ -2,7 +2,7 @@
var dbName = 'connection_status';
var myDB = db.getSiblingDB(dbName);
-myDB.system.users.remove({});
+myDB.removeAllUsers();
function test(userName) {
myDB.addUser(userName, "weak password");
diff --git a/jstests/profile3.js b/jstests/profile3.js
index 2399c2e2c70..5a350cdf089 100644
--- a/jstests/profile3.js
+++ b/jstests/profile3.js
@@ -3,7 +3,7 @@
var stddb = db;
var db = db.getSisterDB("profile3");
-db.system.users.remove({});
+db.removeAllUsers();
t = db.profile3;
t.drop();
diff --git a/jstests/profile4.js b/jstests/profile4.js
index a302e34fee7..639d6eb7e9e 100644
--- a/jstests/profile4.js
+++ b/jstests/profile4.js
@@ -4,7 +4,7 @@
var stddb = db;
var db = db.getSisterDB("profile4");
-db.system.users.remove({});
+db.removeAllUsers();
t = db.profile4;
t.drop();
diff --git a/jstests/sharding/authmr.js b/jstests/sharding/authmr.js
index 5099d2933a4..02b01e31b7b 100644
--- a/jstests/sharding/authmr.js
+++ b/jstests/sharding/authmr.js
@@ -49,7 +49,7 @@ var cluster = new ShardingTest("authwhere", 1, 0, 1,
adminDB.addUser(adminUser)
assert(adminDB.auth(adminUser.user, adminUser.pwd));
- assertRemove(adminDB.system.users, { user: test1User.user, userSource: null });
+ adminDB.removeUser(test1User.user);
adminDB.addUser(test1User);
assertInsert(test1DB.foo, { a: 1 });
diff --git a/jstests/sharding/authwhere.js b/jstests/sharding/authwhere.js
index d0b83c079b6..651c04d731a 100644
--- a/jstests/sharding/authwhere.js
+++ b/jstests/sharding/authwhere.js
@@ -49,7 +49,7 @@ var cluster = new ShardingTest("authwhere", 1, 0, 1,
adminDB.addUser(adminUser)
assert(adminDB.auth(adminUser.user, adminUser.pwd));
- assertRemove(adminDB.system.users, { user: test1Reader.user, userSource: null });
+ adminDB.removeUser(test1Reader.user);
adminDB.addUser(test1Reader);
assertInsert(test1DB.foo, { a: 1 });
diff --git a/jstests/tool/dumpauth.js b/jstests/tool/dumpauth.js
index d1a2e02d117..fbc4bac8a82 100644
--- a/jstests/tool/dumpauth.js
+++ b/jstests/tool/dumpauth.js
@@ -13,8 +13,6 @@ for(var i = 0; i < 100; i++) {
t["testcol"].save({ "x": i });
}
-users = db.getCollection( "system.users" );
-
db.addUser( "testuser" , "testuser" );
assert( db.auth( "testuser" , "testuser" ) , "auth failed" );
diff --git a/jstests/tool/stat1.js b/jstests/tool/stat1.js
index 83cedc35894..23fba448d45 100644
--- a/jstests/tool/stat1.js
+++ b/jstests/tool/stat1.js
@@ -9,8 +9,7 @@ db = m.getDB( "admin" );
t = db[ baseName ];
t.drop();
-users = db.getCollection( "system.users" );
-users.remove( {} );
+db.removeAllUsers();
db.addUser( "eliot" , "eliot" );
diff --git a/src/mongo/db/auth/authorization_session.cpp b/src/mongo/db/auth/authorization_session.cpp
index a19678b68c6..e9c7ea516c6 100644
--- a/src/mongo/db/auth/authorization_session.cpp
+++ b/src/mongo/db/auth/authorization_session.cpp
@@ -269,9 +269,9 @@ namespace {
if (ns.coll() == "system.users") {
if (newActions.contains(ActionType::insert) ||
- newActions.contains(ActionType::update)) {
- // End users can't insert or update system.users directly, only the system can.
- // TODO(spencer): check for remove also once there's a command to remove users.
+ newActions.contains(ActionType::update) ||
+ newActions.contains(ActionType::remove)) {
+ // End users can't modify system.users directly, only the system can.
newActions.addAction(ActionType::userAdminV1);
} else {
newActions.addAction(ActionType::userAdmin);
diff --git a/src/mongo/shell/db.js b/src/mongo/shell/db.js
index 5627499d97e..43b55d5cc18 100644
--- a/src/mongo/shell/db.js
+++ b/src/mongo/shell/db.js
@@ -264,7 +264,51 @@ DB.prototype.logout = function(){
};
DB.prototype.removeUser = function( username ){
+ var res = this.runCommand({removeUsers:1, user: username});
+
+ if (res.ok) {
+ return true;
+ }
+
+ if (res.errmsg.startsWith("No users found on database")) {
+ return false;
+ }
+
+ if (res.errmsg == "no such cmd: removeUsers") {
+ return this._removeUserV1(username);
+ }
+
+ throw "Couldn't remove user: " + res.errmsg;
+}
+
+DB.prototype._removeUserV1 = function(username) {
this.getCollection( "system.users" ).remove( { user : username } );
+
+ var le = db.getLastErrorObj();
+
+ if (le.err) {
+ throw "Couldn't remove user: " + le.err;
+ }
+
+ if (le.n == 1) {
+ return true;
+ } else {
+ return false;
+ }
+}
+
+DB.prototype.removeAllUsers = function() {
+ var res = this.runCommand({removeUsers:1});
+
+ if (res.ok) {
+ return true;
+ }
+
+ if (res.errmsg.startsWith("No users found on database")) {
+ return false;
+ }
+
+ throw "Couldn't remove users: " + res.errmsg;
}
DB.prototype.__pwHash = function( nonce, username, pass ) {
View Lorry Controller Status