summaryrefslogtreecommitdiff
path: root/src/mongo/db/commands/user_management_commands.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/mongo/db/commands/user_management_commands.cpp')
-rw-r--r--src/mongo/db/commands/user_management_commands.cpp109
1 files changed, 64 insertions, 45 deletions
diff --git a/src/mongo/db/commands/user_management_commands.cpp b/src/mongo/db/commands/user_management_commands.cpp
index 696339496eb..2bc8c1d1b51 100644
--- a/src/mongo/db/commands/user_management_commands.cpp
+++ b/src/mongo/db/commands/user_management_commands.cpp
@@ -95,7 +95,8 @@ BSONArray roleSetToBSONArray(const unordered_set<RoleName>& roles) {
for (unordered_set<RoleName>::const_iterator it = roles.begin(); it != roles.end(); ++it) {
const RoleName& role = *it;
rolesArrayBuilder.append(BSON(AuthorizationManager::ROLE_NAME_FIELD_NAME
- << role.getRole() << AuthorizationManager::ROLE_DB_FIELD_NAME
+ << role.getRole()
+ << AuthorizationManager::ROLE_DB_FIELD_NAME
<< role.getDB()));
}
return rolesArrayBuilder.arr();
@@ -106,7 +107,8 @@ BSONArray rolesVectorToBSONArray(const std::vector<RoleName>& roles) {
for (std::vector<RoleName>::const_iterator it = roles.begin(); it != roles.end(); ++it) {
const RoleName& role = *it;
rolesArrayBuilder.append(BSON(AuthorizationManager::ROLE_NAME_FIELD_NAME
- << role.getRole() << AuthorizationManager::ROLE_DB_FIELD_NAME
+ << role.getRole()
+ << AuthorizationManager::ROLE_DB_FIELD_NAME
<< role.getDB()));
}
return rolesArrayBuilder.arr();
@@ -172,9 +174,9 @@ Status checkOkayToGrantRolesToRole(OperationContext* txn,
}
if (role.getDB() != "admin" && roleToAdd.getDB() != role.getDB()) {
- return Status(ErrorCodes::InvalidRoleModification,
- str::stream()
- << "Roles on the \'" << role.getDB()
+ return Status(
+ ErrorCodes::InvalidRoleModification,
+ str::stream() << "Roles on the \'" << role.getDB()
<< "\' database cannot be granted roles from other databases");
}
@@ -195,11 +197,11 @@ Status checkOkayToGrantRolesToRole(OperationContext* txn,
}
if (sequenceContains(indirectRoles, role)) {
- return Status(ErrorCodes::InvalidRoleModification,
- mongoutils::str::stream()
- << "Granting " << roleToAdd.getFullName() << " to "
- << role.getFullName()
- << " would introduce a cycle in the role graph.");
+ return Status(
+ ErrorCodes::InvalidRoleModification,
+ mongoutils::str::stream() << "Granting " << roleToAdd.getFullName() << " to "
+ << role.getFullName()
+ << " would introduce a cycle in the role graph.");
}
}
return Status::OK();
@@ -421,13 +423,14 @@ Status insertRoleDocument(OperationContext* txn, const BSONObj& roleObj) {
* Updates the given role object with the given update modifier.
*/
Status updateRoleDocument(OperationContext* txn, const RoleName& role, const BSONObj& updateObj) {
- Status status = updateOneAuthzDocument(
- txn,
- AuthorizationManager::rolesCollectionNamespace,
- BSON(AuthorizationManager::ROLE_NAME_FIELD_NAME
- << role.getRole() << AuthorizationManager::ROLE_DB_FIELD_NAME << role.getDB()),
- updateObj,
- false);
+ Status status = updateOneAuthzDocument(txn,
+ AuthorizationManager::rolesCollectionNamespace,
+ BSON(AuthorizationManager::ROLE_NAME_FIELD_NAME
+ << role.getRole()
+ << AuthorizationManager::ROLE_DB_FIELD_NAME
+ << role.getDB()),
+ updateObj,
+ false);
if (status.isOK()) {
return status;
}
@@ -481,13 +484,14 @@ Status insertPrivilegeDocument(OperationContext* txn, const BSONObj& userObj) {
Status updatePrivilegeDocument(OperationContext* txn,
const UserName& user,
const BSONObj& updateObj) {
- Status status = updateOneAuthzDocument(
- txn,
- AuthorizationManager::usersCollectionNamespace,
- BSON(AuthorizationManager::USER_NAME_FIELD_NAME
- << user.getUser() << AuthorizationManager::USER_DB_FIELD_NAME << user.getDB()),
- updateObj,
- false);
+ Status status = updateOneAuthzDocument(txn,
+ AuthorizationManager::usersCollectionNamespace,
+ BSON(AuthorizationManager::USER_NAME_FIELD_NAME
+ << user.getUser()
+ << AuthorizationManager::USER_DB_FIELD_NAME
+ << user.getDB()),
+ updateObj,
+ false);
if (status.isOK()) {
return status;
}
@@ -554,7 +558,8 @@ Status requireAuthSchemaVersion26Final(OperationContext* txn, AuthorizationManag
str::stream()
<< "User and role management commands require auth data to have "
<< "at least schema version "
- << AuthorizationManager::schemaVersion26Final << " but found "
+ << AuthorizationManager::schemaVersion26Final
+ << " but found "
<< foundSchemaVersion);
}
return writeAuthSchemaVersionIfNeeded(txn, authzManager, foundSchemaVersion);
@@ -577,7 +582,8 @@ Status requireAuthSchemaVersion26UpgradeOrFinal(OperationContext* txn,
return Status(ErrorCodes::AuthSchemaIncompatible,
str::stream() << "The usersInfo and rolesInfo commands require auth data to "
<< "have at least schema version "
- << AuthorizationManager::schemaVersion26Upgrade << " but found "
+ << AuthorizationManager::schemaVersion26Upgrade
+ << " but found "
<< foundSchemaVersion);
}
return Status::OK();
@@ -1901,7 +1907,8 @@ public:
ss << "Drops a single role. Before deleting the role completely it must remove it "
"from any users or roles that reference it. If any errors occur in the middle "
"of that process it's possible to be left in a state where the role has been "
- "removed from some user/roles but otherwise still exists." << endl;
+ "removed from some user/roles but otherwise still exists."
+ << endl;
}
virtual Status checkAuthForCommand(ClientBasic* client,
@@ -1967,11 +1974,12 @@ public:
ErrorCodes::Error code = status.code() == ErrorCodes::UnknownError
? ErrorCodes::UserModificationFailed
: status.code();
- return appendCommandStatus(
- result,
- Status(code,
- str::stream() << "Failed to remove role " << roleName.getFullName()
- << " from all users: " << status.reason()));
+ return appendCommandStatus(result,
+ Status(code,
+ str::stream() << "Failed to remove role "
+ << roleName.getFullName()
+ << " from all users: "
+ << status.reason()));
}
// Remove this role from all other roles
@@ -2019,7 +2027,8 @@ public:
Status(status.code(),
str::stream() << "Removed role " << roleName.getFullName()
<< " from all users and roles but failed to actually delete"
- " the role itself: " << status.reason()));
+ " the role itself: "
+ << status.reason()));
}
dassert(nMatched == 0 || nMatched == 1);
@@ -2052,7 +2061,8 @@ public:
"it must remove them from any users or other roles that reference them. If any "
"errors occur in the middle of that process it's possible to be left in a state "
"where the roles have been removed from some user/roles but otherwise still "
- "exist." << endl;
+ "exist."
+ << endl;
}
virtual Status checkAuthForCommand(ClientBasic* client,
@@ -2100,9 +2110,10 @@ public:
: status.code();
return appendCommandStatus(result,
Status(code,
- str::stream()
- << "Failed to remove roles from \"" << dbname
- << "\" db from all users: " << status.reason()));
+ str::stream() << "Failed to remove roles from \""
+ << dbname
+ << "\" db from all users: "
+ << status.reason()));
}
// Remove these roles from all other roles
@@ -2125,9 +2136,10 @@ public:
: status.code();
return appendCommandStatus(result,
Status(code,
- str::stream()
- << "Failed to remove roles from \"" << dbname
- << "\" db from all roles: " << status.reason()));
+ str::stream() << "Failed to remove roles from \""
+ << dbname
+ << "\" db from all roles: "
+ << status.reason()));
}
audit::logDropAllRolesFromDatabase(ClientBasic::getCurrent(), dbname);
@@ -2143,7 +2155,8 @@ public:
str::stream() << "Removed roles from \"" << dbname
<< "\" db "
" from all users and roles but failed to actually delete"
- " those roles themselves: " << status.reason()));
+ " those roles themselves: "
+ << status.reason()));
}
result.append("n", nMatched);
@@ -2535,7 +2548,9 @@ public:
BSONObj query =
db.empty() ? BSONObj() : BSON(AuthorizationManager::USER_DB_FIELD_NAME << db);
BSONObj fields = BSON(AuthorizationManager::USER_NAME_FIELD_NAME
- << 1 << AuthorizationManager::USER_DB_FIELD_NAME << 1);
+ << 1
+ << AuthorizationManager::USER_DB_FIELD_NAME
+ << 1);
Status status =
queryAuthzDocument(txn,
@@ -2613,7 +2628,9 @@ public:
BSONObj query =
db.empty() ? BSONObj() : BSON(AuthorizationManager::ROLE_DB_FIELD_NAME << db);
BSONObj fields = BSON(AuthorizationManager::ROLE_NAME_FIELD_NAME
- << 1 << AuthorizationManager::ROLE_DB_FIELD_NAME << 1);
+ << 1
+ << AuthorizationManager::ROLE_DB_FIELD_NAME
+ << 1);
Status status =
queryAuthzDocument(txn,
@@ -2741,7 +2758,8 @@ void updateUserCredentials(OperationContext* txn,
mongoutils::str::stream()
<< "While preparing to upgrade user doc from "
"2.6/3.0 user data schema to the 3.0+ SCRAM only schema, found a user doc "
- "with missing or incorrectly formatted credentials: " << userDoc.toString(),
+ "with missing or incorrectly formatted credentials: "
+ << userDoc.toString(),
credentialsElement.type() == Object);
BSONObj credentialsObj = credentialsElement.Obj();
@@ -2758,7 +2776,8 @@ void updateUserCredentials(OperationContext* txn,
mongoutils::str::stream()
<< "While preparing to upgrade user doc from "
"2.6/3.0 user data schema to the 3.0+ SCRAM only schema, found a user doc "
- "missing MONGODB-CR credentials :" << userDoc.toString(),
+ "missing MONGODB-CR credentials :"
+ << userDoc.toString(),
!mongoCRElement.eoo());
std::string hashedPassword = mongoCRElement.String();
View Lorry Controller Status