diff options
-rw-r--r-- | jstests/auth/auth1.js | 3 | ||||
-rw-r--r-- | jstests/auth/basic_role_auth.js | 2 | ||||
-rw-r--r-- | jstests/auth/implicit_privileges.js | 9 | ||||
-rw-r--r-- | jstests/auth/mr_auth.js | 2 | ||||
-rw-r--r-- | jstests/auth1.js | 13 | ||||
-rw-r--r-- | jstests/connection_status.js | 2 | ||||
-rw-r--r-- | jstests/profile3.js | 2 | ||||
-rw-r--r-- | jstests/profile4.js | 2 | ||||
-rw-r--r-- | jstests/sharding/authmr.js | 2 | ||||
-rw-r--r-- | jstests/sharding/authwhere.js | 2 | ||||
-rw-r--r-- | jstests/tool/dumpauth.js | 2 | ||||
-rw-r--r-- | jstests/tool/stat1.js | 3 | ||||
-rw-r--r-- | src/mongo/db/auth/authorization_session.cpp | 6 | ||||
-rw-r--r-- | src/mongo/shell/db.js | 44 |
14 files changed, 66 insertions, 28 deletions
diff --git a/jstests/auth/auth1.js b/jstests/auth/auth1.js index ad5a579feb8..b5ff80d7bbe 100644 --- a/jstests/auth/auth1.js +++ b/jstests/auth/auth1.js @@ -16,8 +16,7 @@ mro = new Mongo(m.host); dbRO = mro.getDB( "test" ); tRO = dbRO[ baseName ]; -users = db.getCollection( "system.users" ); -users.remove( {} ); +db.removeAllUsers(); db.addUser( "eliot" , "eliot" ); db.addUser( "guest" , "guest", true ); diff --git a/jstests/auth/basic_role_auth.js b/jstests/auth/basic_role_auth.js index ff57511a54e..59f4e0a3d93 100644 --- a/jstests/auth/basic_role_auth.js +++ b/jstests/auth/basic_role_auth.js @@ -192,7 +192,7 @@ var testOps = function(db, allowedActions) { checkErr(allowedActions.hasOwnProperty('user_w'), function() { db.addUser('a', 'a'); - db.system.users.remove({ user: 'a' }); + db.removeUser('a'); }, db); // Test for kill cursor diff --git a/jstests/auth/implicit_privileges.js b/jstests/auth/implicit_privileges.js index 7b72d7931be..a02f4b1954b 100644 --- a/jstests/auth/implicit_privileges.js +++ b/jstests/auth/implicit_privileges.js @@ -42,14 +42,15 @@ var admin = conn.getDB("admin"); var test = conn.getDB("test"); var test2 = conn.getDB("test2"); -assertInsertSucceeds(admin.system.users, - { user: 'root', - pwd: hex_md5('root:mongo:a'), +assert.commandWorked(admin.runCommand( + { createUser: 1, + user: 'root', + pwd: 'a', roles: ["clusterAdmin", "readWriteAnyDatabase", "dbAdminAnyDatabase", "userAdminAnyDatabase"] - }); + })); var andyAddUserCommandTestDb = { createUser: 1, diff --git a/jstests/auth/mr_auth.js b/jstests/auth/mr_auth.js index 386853441e7..c4384c9bdad 100644 --- a/jstests/auth/mr_auth.js +++ b/jstests/auth/mr_auth.js @@ -20,7 +20,7 @@ var t = d[ baseName ]; for( var i = 0; i < 1000; i++) t.insert( {_id:i, x:i%10, y:i%100} ); assert.eq( 1000, t.count(), "inserts failed" ); -d.system.users.remove( {} ); +d.removeAllUsers(); d.addUser( "write" , "write" ); d.addUser( "read" , "read", true ); d.getSisterDB( "admin" ).addUser( "admin", "admin" ); diff --git a/jstests/auth1.js b/jstests/auth1.js index 66907ca9a1a..5bb7bc5e908 100644 --- a/jstests/auth1.js +++ b/jstests/auth1.js @@ -1,5 +1,4 @@ -users = db.getCollection( "system.users" ); -users.remove( {} ); +db.removeAllUsers(); pass = "a" + Math.random(); //print( "password [" + pass + "]" ); @@ -21,15 +20,13 @@ assert( ! db.auth( "eliot" , pass2 ) , "didn't remove user" ); var a = db.getMongo().getDB( "admin" ); -users = a.getCollection( "system.users" ); -users.remove( {} ); +a.removeAllUsers(); pass = "c" + Math.random(); a.addUser( "super", pass, false, 1 ); assert( a.auth( "super" , pass ) , "auth failed" ); assert( !a.auth( "super" , pass + "a" ) , "auth should have failed" ); -users = db.getCollection( "system.users" ); -users.remove( {} ); +db.removeAllUsers(); pass = "a" + Math.random(); db.addUser( "eliot" , pass, false, 1 ); @@ -53,5 +50,5 @@ assert( before > 0 , "C3" ) assert.eq( before , after , "C4" ) // Clean up after ourselves so other tests using authentication don't get messed up. -db.system.users.remove({}) -db.getSiblingDB('admin').system.users.remove({}) +db.removeAllUsers() +db.getSiblingDB('admin').removeAllUsers(); diff --git a/jstests/connection_status.js b/jstests/connection_status.js index c3da02e1c4b..6b4449be2f8 100644 --- a/jstests/connection_status.js +++ b/jstests/connection_status.js @@ -2,7 +2,7 @@ var dbName = 'connection_status'; var myDB = db.getSiblingDB(dbName); -myDB.system.users.remove({}); +myDB.removeAllUsers(); function test(userName) { myDB.addUser(userName, "weak password"); diff --git a/jstests/profile3.js b/jstests/profile3.js index 2399c2e2c70..5a350cdf089 100644 --- a/jstests/profile3.js +++ b/jstests/profile3.js @@ -3,7 +3,7 @@ var stddb = db; var db = db.getSisterDB("profile3"); -db.system.users.remove({}); +db.removeAllUsers(); t = db.profile3; t.drop(); diff --git a/jstests/profile4.js b/jstests/profile4.js index a302e34fee7..639d6eb7e9e 100644 --- a/jstests/profile4.js +++ b/jstests/profile4.js @@ -4,7 +4,7 @@ var stddb = db; var db = db.getSisterDB("profile4"); -db.system.users.remove({}); +db.removeAllUsers(); t = db.profile4; t.drop(); diff --git a/jstests/sharding/authmr.js b/jstests/sharding/authmr.js index 5099d2933a4..02b01e31b7b 100644 --- a/jstests/sharding/authmr.js +++ b/jstests/sharding/authmr.js @@ -49,7 +49,7 @@ var cluster = new ShardingTest("authwhere", 1, 0, 1, adminDB.addUser(adminUser) assert(adminDB.auth(adminUser.user, adminUser.pwd)); - assertRemove(adminDB.system.users, { user: test1User.user, userSource: null }); + adminDB.removeUser(test1User.user); adminDB.addUser(test1User); assertInsert(test1DB.foo, { a: 1 }); diff --git a/jstests/sharding/authwhere.js b/jstests/sharding/authwhere.js index d0b83c079b6..651c04d731a 100644 --- a/jstests/sharding/authwhere.js +++ b/jstests/sharding/authwhere.js @@ -49,7 +49,7 @@ var cluster = new ShardingTest("authwhere", 1, 0, 1, adminDB.addUser(adminUser) assert(adminDB.auth(adminUser.user, adminUser.pwd)); - assertRemove(adminDB.system.users, { user: test1Reader.user, userSource: null }); + adminDB.removeUser(test1Reader.user); adminDB.addUser(test1Reader); assertInsert(test1DB.foo, { a: 1 }); diff --git a/jstests/tool/dumpauth.js b/jstests/tool/dumpauth.js index d1a2e02d117..fbc4bac8a82 100644 --- a/jstests/tool/dumpauth.js +++ b/jstests/tool/dumpauth.js @@ -13,8 +13,6 @@ for(var i = 0; i < 100; i++) { t["testcol"].save({ "x": i }); } -users = db.getCollection( "system.users" ); - db.addUser( "testuser" , "testuser" ); assert( db.auth( "testuser" , "testuser" ) , "auth failed" ); diff --git a/jstests/tool/stat1.js b/jstests/tool/stat1.js index 83cedc35894..23fba448d45 100644 --- a/jstests/tool/stat1.js +++ b/jstests/tool/stat1.js @@ -9,8 +9,7 @@ db = m.getDB( "admin" ); t = db[ baseName ]; t.drop(); -users = db.getCollection( "system.users" ); -users.remove( {} ); +db.removeAllUsers(); db.addUser( "eliot" , "eliot" ); diff --git a/src/mongo/db/auth/authorization_session.cpp b/src/mongo/db/auth/authorization_session.cpp index a19678b68c6..e9c7ea516c6 100644 --- a/src/mongo/db/auth/authorization_session.cpp +++ b/src/mongo/db/auth/authorization_session.cpp @@ -269,9 +269,9 @@ namespace { if (ns.coll() == "system.users") { if (newActions.contains(ActionType::insert) || - newActions.contains(ActionType::update)) { - // End users can't insert or update system.users directly, only the system can. - // TODO(spencer): check for remove also once there's a command to remove users. + newActions.contains(ActionType::update) || + newActions.contains(ActionType::remove)) { + // End users can't modify system.users directly, only the system can. newActions.addAction(ActionType::userAdminV1); } else { newActions.addAction(ActionType::userAdmin); diff --git a/src/mongo/shell/db.js b/src/mongo/shell/db.js index 5627499d97e..43b55d5cc18 100644 --- a/src/mongo/shell/db.js +++ b/src/mongo/shell/db.js @@ -264,7 +264,51 @@ DB.prototype.logout = function(){ }; DB.prototype.removeUser = function( username ){ + var res = this.runCommand({removeUsers:1, user: username}); + + if (res.ok) { + return true; + } + + if (res.errmsg.startsWith("No users found on database")) { + return false; + } + + if (res.errmsg == "no such cmd: removeUsers") { + return this._removeUserV1(username); + } + + throw "Couldn't remove user: " + res.errmsg; +} + +DB.prototype._removeUserV1 = function(username) { this.getCollection( "system.users" ).remove( { user : username } ); + + var le = db.getLastErrorObj(); + + if (le.err) { + throw "Couldn't remove user: " + le.err; + } + + if (le.n == 1) { + return true; + } else { + return false; + } +} + +DB.prototype.removeAllUsers = function() { + var res = this.runCommand({removeUsers:1}); + + if (res.ok) { + return true; + } + + if (res.errmsg.startsWith("No users found on database")) { + return false; + } + + throw "Couldn't remove users: " + res.errmsg; } DB.prototype.__pwHash = function( nonce, username, pass ) { |