summaryrefslogtreecommitdiff
path: root/src/mongo/db/commands/user_management_commands.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/mongo/db/commands/user_management_commands.cpp')
-rw-r--r--src/mongo/db/commands/user_management_commands.cpp330
1 files changed, 169 insertions, 161 deletions
diff --git a/src/mongo/db/commands/user_management_commands.cpp b/src/mongo/db/commands/user_management_commands.cpp
index 7d14e2f1416..b6a55727c80 100644
--- a/src/mongo/db/commands/user_management_commands.cpp
+++ b/src/mongo/db/commands/user_management_commands.cpp
@@ -135,13 +135,13 @@ Status privilegeVectorToBSONArray(const PrivilegeVector& privileges, BSONArray*
/**
* Used to get all current roles of the user identified by 'userName'.
*/
-Status getCurrentUserRoles(OperationContext* txn,
+Status getCurrentUserRoles(OperationContext* opCtx,
AuthorizationManager* authzManager,
const UserName& userName,
unordered_set<RoleName>* roles) {
User* user;
authzManager->invalidateUserByName(userName); // Need to make sure cache entry is up to date
- Status status = authzManager->acquireUser(txn, userName, &user);
+ Status status = authzManager->acquireUser(opCtx, userName, &user);
if (!status.isOK()) {
return status;
}
@@ -159,7 +159,7 @@ Status getCurrentUserRoles(OperationContext* txn,
* same database as the role it is being added to (or that the role being added to is from the
* "admin" database.
*/
-Status checkOkayToGrantRolesToRole(OperationContext* txn,
+Status checkOkayToGrantRolesToRole(OperationContext* opCtx,
const RoleName& role,
const std::vector<RoleName> rolesToAdd,
AuthorizationManager* authzManager) {
@@ -180,8 +180,8 @@ Status checkOkayToGrantRolesToRole(OperationContext* txn,
}
BSONObj roleToAddDoc;
- Status status =
- authzManager->getRoleDescription(txn, roleToAdd, PrivilegeFormat::kOmit, &roleToAddDoc);
+ Status status = authzManager->getRoleDescription(
+ opCtx, roleToAdd, PrivilegeFormat::kOmit, &roleToAddDoc);
if (status == ErrorCodes::RoleNotFound) {
return Status(ErrorCodes::RoleNotFound,
"Cannot grant nonexistent role " + roleToAdd.toString());
@@ -242,13 +242,13 @@ void appendBSONObjToBSONArrayBuilder(BSONArrayBuilder* array, const BSONObj& obj
* Should only be called on collections with authorization documents in them
* (ie admin.system.users and admin.system.roles).
*/
-Status queryAuthzDocument(OperationContext* txn,
+Status queryAuthzDocument(OperationContext* opCtx,
const NamespaceString& collectionName,
const BSONObj& query,
const BSONObj& projection,
const stdx::function<void(const BSONObj&)>& resultProcessor) {
try {
- DBDirectClient client(txn);
+ DBDirectClient client(opCtx);
client.query(resultProcessor, collectionName.ns(), query, &projection);
return Status::OK();
} catch (const DBException& e) {
@@ -263,11 +263,11 @@ Status queryAuthzDocument(OperationContext* txn,
* Should only be called on collections with authorization documents in them
* (ie admin.system.users and admin.system.roles).
*/
-Status insertAuthzDocument(OperationContext* txn,
+Status insertAuthzDocument(OperationContext* opCtx,
const NamespaceString& collectionName,
const BSONObj& document) {
try {
- DBDirectClient client(txn);
+ DBDirectClient client(opCtx);
BatchedInsertRequest req;
req.setNS(collectionName);
@@ -293,7 +293,7 @@ Status insertAuthzDocument(OperationContext* txn,
* Should only be called on collections with authorization documents in them
* (ie admin.system.users and admin.system.roles).
*/
-Status updateAuthzDocuments(OperationContext* txn,
+Status updateAuthzDocuments(OperationContext* opCtx,
const NamespaceString& collectionName,
const BSONObj& query,
const BSONObj& updatePattern,
@@ -301,7 +301,7 @@ Status updateAuthzDocuments(OperationContext* txn,
bool multi,
long long* nMatched) {
try {
- DBDirectClient client(txn);
+ DBDirectClient client(opCtx);
auto doc = stdx::make_unique<BatchedUpdateDocument>();
doc->setQuery(query);
@@ -342,14 +342,14 @@ Status updateAuthzDocuments(OperationContext* txn,
* Should only be called on collections with authorization documents in them
* (ie admin.system.users and admin.system.roles).
*/
-Status updateOneAuthzDocument(OperationContext* txn,
+Status updateOneAuthzDocument(OperationContext* opCtx,
const NamespaceString& collectionName,
const BSONObj& query,
const BSONObj& updatePattern,
bool upsert) {
long long nMatched;
Status status =
- updateAuthzDocuments(txn, collectionName, query, updatePattern, upsert, false, &nMatched);
+ updateAuthzDocuments(opCtx, collectionName, query, updatePattern, upsert, false, &nMatched);
if (!status.isOK()) {
return status;
}
@@ -366,12 +366,12 @@ Status updateOneAuthzDocument(OperationContext* txn,
* Should only be called on collections with authorization documents in them
* (ie admin.system.users and admin.system.roles).
*/
-Status removeAuthzDocuments(OperationContext* txn,
+Status removeAuthzDocuments(OperationContext* opCtx,
const NamespaceString& collectionName,
const BSONObj& query,
long long* numRemoved) {
try {
- DBDirectClient client(txn);
+ DBDirectClient client(opCtx);
auto doc = stdx::make_unique<BatchedDeleteDocument>();
doc->setQuery(query);
@@ -401,9 +401,9 @@ Status removeAuthzDocuments(OperationContext* txn,
/**
* Creates the given role object in the given database.
*/
-Status insertRoleDocument(OperationContext* txn, const BSONObj& roleObj) {
+Status insertRoleDocument(OperationContext* opCtx, const BSONObj& roleObj) {
Status status =
- insertAuthzDocument(txn, AuthorizationManager::rolesCollectionNamespace, roleObj);
+ insertAuthzDocument(opCtx, AuthorizationManager::rolesCollectionNamespace, roleObj);
if (status.isOK()) {
return status;
}
@@ -422,8 +422,8 @@ Status insertRoleDocument(OperationContext* txn, const BSONObj& roleObj) {
/**
* Updates the given role object with the given update modifier.
*/
-Status updateRoleDocument(OperationContext* txn, const RoleName& role, const BSONObj& updateObj) {
- Status status = updateOneAuthzDocument(txn,
+Status updateRoleDocument(OperationContext* opCtx, const RoleName& role, const BSONObj& updateObj) {
+ Status status = updateOneAuthzDocument(opCtx,
AuthorizationManager::rolesCollectionNamespace,
BSON(AuthorizationManager::ROLE_NAME_FIELD_NAME
<< role.getRole()
@@ -448,9 +448,9 @@ Status updateRoleDocument(OperationContext* txn, const RoleName& role, const BSO
* Removes roles matching the given query.
* Writes into *numRemoved the number of role documents that were modified.
*/
-Status removeRoleDocuments(OperationContext* txn, const BSONObj& query, long long* numRemoved) {
+Status removeRoleDocuments(OperationContext* opCtx, const BSONObj& query, long long* numRemoved) {
Status status = removeAuthzDocuments(
- txn, AuthorizationManager::rolesCollectionNamespace, query, numRemoved);
+ opCtx, AuthorizationManager::rolesCollectionNamespace, query, numRemoved);
if (status.code() == ErrorCodes::UnknownError) {
return Status(ErrorCodes::RoleModificationFailed, status.reason());
}
@@ -460,9 +460,9 @@ Status removeRoleDocuments(OperationContext* txn, const BSONObj& query, long lon
/**
* Creates the given user object in the given database.
*/
-Status insertPrivilegeDocument(OperationContext* txn, const BSONObj& userObj) {
+Status insertPrivilegeDocument(OperationContext* opCtx, const BSONObj& userObj) {
Status status =
- insertAuthzDocument(txn, AuthorizationManager::usersCollectionNamespace, userObj);
+ insertAuthzDocument(opCtx, AuthorizationManager::usersCollectionNamespace, userObj);
if (status.isOK()) {
return status;
}
@@ -481,10 +481,10 @@ Status insertPrivilegeDocument(OperationContext* txn, const BSONObj& userObj) {
/**
* Updates the given user object with the given update modifier.
*/
-Status updatePrivilegeDocument(OperationContext* txn,
+Status updatePrivilegeDocument(OperationContext* opCtx,
const UserName& user,
const BSONObj& updateObj) {
- Status status = updateOneAuthzDocument(txn,
+ Status status = updateOneAuthzDocument(opCtx,
AuthorizationManager::usersCollectionNamespace,
BSON(AuthorizationManager::USER_NAME_FIELD_NAME
<< user.getUser()
@@ -509,11 +509,11 @@ Status updatePrivilegeDocument(OperationContext* txn,
* Removes users for the given database matching the given query.
* Writes into *numRemoved the number of user documents that were modified.
*/
-Status removePrivilegeDocuments(OperationContext* txn,
+Status removePrivilegeDocuments(OperationContext* opCtx,
const BSONObj& query,
long long* numRemoved) {
Status status = removeAuthzDocuments(
- txn, AuthorizationManager::usersCollectionNamespace, query, numRemoved);
+ opCtx, AuthorizationManager::usersCollectionNamespace, query, numRemoved);
if (status.code() == ErrorCodes::UnknownError) {
return Status(ErrorCodes::UserModificationFailed, status.reason());
}
@@ -524,11 +524,11 @@ Status removePrivilegeDocuments(OperationContext* txn,
* Updates the auth schema version document to reflect the current state of the system.
* 'foundSchemaVersion' is the authSchemaVersion to update with.
*/
-Status writeAuthSchemaVersionIfNeeded(OperationContext* txn,
+Status writeAuthSchemaVersionIfNeeded(OperationContext* opCtx,
AuthorizationManager* authzManager,
int foundSchemaVersion) {
Status status = updateOneAuthzDocument(
- txn,
+ opCtx,
AuthorizationManager::versionCollectionNamespace,
AuthorizationManager::versionDocumentQuery,
BSON("$set" << BSON(AuthorizationManager::schemaVersionFieldName << foundSchemaVersion)),
@@ -546,9 +546,10 @@ Status writeAuthSchemaVersionIfNeeded(OperationContext* txn,
* for the MongoDB 2.6 and 3.0 MongoDB-CR/SCRAM mixed auth mode.
* Returns an error otherwise.
*/
-Status requireAuthSchemaVersion26Final(OperationContext* txn, AuthorizationManager* authzManager) {
+Status requireAuthSchemaVersion26Final(OperationContext* opCtx,
+ AuthorizationManager* authzManager) {
int foundSchemaVersion;
- Status status = authzManager->getAuthorizationVersion(txn, &foundSchemaVersion);
+ Status status = authzManager->getAuthorizationVersion(opCtx, &foundSchemaVersion);
if (!status.isOK()) {
return status;
}
@@ -562,7 +563,7 @@ Status requireAuthSchemaVersion26Final(OperationContext* txn, AuthorizationManag
<< " but found "
<< foundSchemaVersion);
}
- return writeAuthSchemaVersionIfNeeded(txn, authzManager, foundSchemaVersion);
+ return writeAuthSchemaVersionIfNeeded(opCtx, authzManager, foundSchemaVersion);
}
/**
@@ -570,10 +571,10 @@ Status requireAuthSchemaVersion26Final(OperationContext* txn, AuthorizationManag
* for MongoDB 2.6 during the upgrade process.
* Returns an error otherwise.
*/
-Status requireAuthSchemaVersion26UpgradeOrFinal(OperationContext* txn,
+Status requireAuthSchemaVersion26UpgradeOrFinal(OperationContext* opCtx,
AuthorizationManager* authzManager) {
int foundSchemaVersion;
- Status status = authzManager->getAuthorizationVersion(txn, &foundSchemaVersion);
+ Status status = authzManager->getAuthorizationVersion(opCtx, &foundSchemaVersion);
if (!status.isOK()) {
return status;
}
@@ -614,7 +615,7 @@ public:
return auth::checkAuthForCreateUserCommand(client, dbname, cmdObj);
}
- bool run(OperationContext* txn,
+ bool run(OperationContext* opCtx,
const string& dbname,
BSONObj& cmdObj,
int options,
@@ -670,10 +671,10 @@ public:
userObjBuilder.append(AuthorizationManager::USER_NAME_FIELD_NAME, args.userName.getUser());
userObjBuilder.append(AuthorizationManager::USER_DB_FIELD_NAME, args.userName.getDB());
- ServiceContext* serviceContext = txn->getClient()->getServiceContext();
+ ServiceContext* serviceContext = opCtx->getClient()->getServiceContext();
AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext);
int authzVersion;
- status = authzManager->getAuthorizationVersion(txn, &authzVersion);
+ status = authzManager->getAuthorizationVersion(opCtx, &authzVersion);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -708,7 +709,7 @@ public:
stdx::lock_guard<stdx::mutex> lk(getAuthzDataMutex(serviceContext));
- status = requireAuthSchemaVersion26Final(txn, authzManager);
+ status = requireAuthSchemaVersion26Final(opCtx, authzManager);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -717,7 +718,7 @@ public:
for (size_t i = 0; i < args.roles.size(); ++i) {
BSONObj ignored;
status = authzManager->getRoleDescription(
- txn, args.roles[i], PrivilegeFormat::kOmit, &ignored);
+ opCtx, args.roles[i], PrivilegeFormat::kOmit, &ignored);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -728,7 +729,7 @@ public:
args.hasHashedPassword,
args.hasCustomData ? &args.customData : NULL,
args.roles);
- status = insertPrivilegeDocument(txn, userObj);
+ status = insertPrivilegeDocument(opCtx, userObj);
return appendCommandStatus(result, status);
}
@@ -760,7 +761,7 @@ public:
return auth::checkAuthForUpdateUserCommand(client, dbname, cmdObj);
}
- bool run(OperationContext* txn,
+ bool run(OperationContext* opCtx,
const string& dbname,
BSONObj& cmdObj,
int options,
@@ -793,7 +794,7 @@ public:
AuthorizationManager* authzManager = getGlobalAuthorizationManager();
int authzVersion;
- Status status = authzManager->getAuthorizationVersion(txn, &authzVersion);
+ Status status = authzManager->getAuthorizationVersion(opCtx, &authzVersion);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -815,11 +816,11 @@ public:
updateSetBuilder.append("roles", rolesVectorToBSONArray(args.roles));
}
- ServiceContext* serviceContext = txn->getClient()->getServiceContext();
+ ServiceContext* serviceContext = opCtx->getClient()->getServiceContext();
stdx::lock_guard<stdx::mutex> lk(getAuthzDataMutex(serviceContext));
AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext);
- status = requireAuthSchemaVersion26Final(txn, authzManager);
+ status = requireAuthSchemaVersion26Final(opCtx, authzManager);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -830,7 +831,7 @@ public:
for (size_t i = 0; i < args.roles.size(); ++i) {
BSONObj ignored;
status = authzManager->getRoleDescription(
- txn, args.roles[i], PrivilegeFormat::kOmit, &ignored);
+ opCtx, args.roles[i], PrivilegeFormat::kOmit, &ignored);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -844,7 +845,7 @@ public:
args.hasRoles ? &args.roles : NULL);
status =
- updatePrivilegeDocument(txn, args.userName, BSON("$set" << updateSetBuilder.done()));
+ updatePrivilegeDocument(opCtx, args.userName, BSON("$set" << updateSetBuilder.done()));
// Must invalidate even on bad status - what if the write succeeded but the GLE failed?
authzManager->invalidateUserByName(args.userName);
return appendCommandStatus(result, status);
@@ -878,7 +879,7 @@ public:
return auth::checkAuthForDropUserCommand(client, dbname, cmdObj);
}
- bool run(OperationContext* txn,
+ bool run(OperationContext* opCtx,
const string& dbname,
BSONObj& cmdObj,
int options,
@@ -890,10 +891,10 @@ public:
return appendCommandStatus(result, status);
}
- ServiceContext* serviceContext = txn->getClient()->getServiceContext();
+ ServiceContext* serviceContext = opCtx->getClient()->getServiceContext();
stdx::lock_guard<stdx::mutex> lk(getAuthzDataMutex(serviceContext));
AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext);
- status = requireAuthSchemaVersion26Final(txn, authzManager);
+ status = requireAuthSchemaVersion26Final(opCtx, authzManager);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -901,7 +902,7 @@ public:
audit::logDropUser(Client::getCurrent(), userName);
long long nMatched;
- status = removePrivilegeDocuments(txn,
+ status = removePrivilegeDocuments(opCtx,
BSON(AuthorizationManager::USER_NAME_FIELD_NAME
<< userName.getUser()
<< AuthorizationManager::USER_DB_FIELD_NAME
@@ -947,7 +948,7 @@ public:
return auth::checkAuthForDropAllUsersFromDatabaseCommand(client, dbname);
}
- bool run(OperationContext* txn,
+ bool run(OperationContext* opCtx,
const string& dbname,
BSONObj& cmdObj,
int options,
@@ -957,11 +958,11 @@ public:
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
- ServiceContext* serviceContext = txn->getClient()->getServiceContext();
+ ServiceContext* serviceContext = opCtx->getClient()->getServiceContext();
stdx::lock_guard<stdx::mutex> lk(getAuthzDataMutex(serviceContext));
AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext);
- status = requireAuthSchemaVersion26Final(txn, authzManager);
+ status = requireAuthSchemaVersion26Final(opCtx, authzManager);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -970,7 +971,7 @@ public:
long long numRemoved;
status = removePrivilegeDocuments(
- txn, BSON(AuthorizationManager::USER_DB_FIELD_NAME << dbname), &numRemoved);
+ opCtx, BSON(AuthorizationManager::USER_DB_FIELD_NAME << dbname), &numRemoved);
// Must invalidate even on bad status - what if the write succeeded but the GLE failed?
authzManager->invalidateUsersFromDB(dbname);
if (!status.isOK()) {
@@ -1005,7 +1006,7 @@ public:
return auth::checkAuthForGrantRolesToUserCommand(client, dbname, cmdObj);
}
- bool run(OperationContext* txn,
+ bool run(OperationContext* opCtx,
const string& dbname,
BSONObj& cmdObj,
int options,
@@ -1019,18 +1020,18 @@ public:
return appendCommandStatus(result, status);
}
- ServiceContext* serviceContext = txn->getClient()->getServiceContext();
+ ServiceContext* serviceContext = opCtx->getClient()->getServiceContext();
stdx::lock_guard<stdx::mutex> lk(getAuthzDataMutex(serviceContext));
AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext);
- status = requireAuthSchemaVersion26Final(txn, authzManager);
+ status = requireAuthSchemaVersion26Final(opCtx, authzManager);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
UserName userName(userNameString, dbname);
unordered_set<RoleName> userRoles;
- status = getCurrentUserRoles(txn, authzManager, userName, &userRoles);
+ status = getCurrentUserRoles(opCtx, authzManager, userName, &userRoles);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -1039,7 +1040,7 @@ public:
RoleName& roleName = *it;
BSONObj roleDoc;
status =
- authzManager->getRoleDescription(txn, roleName, PrivilegeFormat::kOmit, &roleDoc);
+ authzManager->getRoleDescription(opCtx, roleName, PrivilegeFormat::kOmit, &roleDoc);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -1050,7 +1051,7 @@ public:
audit::logGrantRolesToUser(Client::getCurrent(), userName, roles);
BSONArray newRolesBSONArray = roleSetToBSONArray(userRoles);
status = updatePrivilegeDocument(
- txn, userName, BSON("$set" << BSON("roles" << newRolesBSONArray)));
+ opCtx, userName, BSON("$set" << BSON("roles" << newRolesBSONArray)));
// Must invalidate even on bad status - what if the write succeeded but the GLE failed?
authzManager->invalidateUserByName(userName);
return appendCommandStatus(result, status);
@@ -1080,7 +1081,7 @@ public:
return auth::checkAuthForRevokeRolesFromUserCommand(client, dbname, cmdObj);
}
- bool run(OperationContext* txn,
+ bool run(OperationContext* opCtx,
const string& dbname,
BSONObj& cmdObj,
int options,
@@ -1094,18 +1095,18 @@ public:
return appendCommandStatus(result, status);
}
- ServiceContext* serviceContext = txn->getClient()->getServiceContext();
+ ServiceContext* serviceContext = opCtx->getClient()->getServiceContext();
stdx::lock_guard<stdx::mutex> lk(getAuthzDataMutex(serviceContext));
AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext);
- status = requireAuthSchemaVersion26Final(txn, authzManager);
+ status = requireAuthSchemaVersion26Final(opCtx, authzManager);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
UserName userName(userNameString, dbname);
unordered_set<RoleName> userRoles;
- status = getCurrentUserRoles(txn, authzManager, userName, &userRoles);
+ status = getCurrentUserRoles(opCtx, authzManager, userName, &userRoles);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -1114,7 +1115,7 @@ public:
RoleName& roleName = *it;
BSONObj roleDoc;
status =
- authzManager->getRoleDescription(txn, roleName, PrivilegeFormat::kOmit, &roleDoc);
+ authzManager->getRoleDescription(opCtx, roleName, PrivilegeFormat::kOmit, &roleDoc);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -1125,7 +1126,7 @@ public:
audit::logRevokeRolesFromUser(Client::getCurrent(), userName, roles);
BSONArray newRolesBSONArray = roleSetToBSONArray(userRoles);
status = updatePrivilegeDocument(
- txn, userName, BSON("$set" << BSON("roles" << newRolesBSONArray)));
+ opCtx, userName, BSON("$set" << BSON("roles" << newRolesBSONArray)));
// Must invalidate even on bad status - what if the write succeeded but the GLE failed?
authzManager->invalidateUserByName(userName);
return appendCommandStatus(result, status);
@@ -1159,7 +1160,7 @@ public:
return auth::checkAuthForUsersInfoCommand(client, dbname, cmdObj);
}
- bool run(OperationContext* txn,
+ bool run(OperationContext* opCtx,
const string& dbname,
BSONObj& cmdObj,
int options,
@@ -1171,7 +1172,7 @@ public:
return appendCommandStatus(result, status);
}
- status = requireAuthSchemaVersion26UpgradeOrFinal(txn, getGlobalAuthorizationManager());
+ status = requireAuthSchemaVersion26UpgradeOrFinal(opCtx, getGlobalAuthorizationManager());
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -1190,7 +1191,7 @@ public:
for (size_t i = 0; i < args.userNames.size(); ++i) {
BSONObj userDetails;
status = getGlobalAuthorizationManager()->getUserDescription(
- txn, args.userNames[i], &userDetails);
+ opCtx, args.userNames[i], &userDetails);
if (status.code() == ErrorCodes::UserNotFound) {
continue;
}
@@ -1236,7 +1237,7 @@ public:
}
const stdx::function<void(const BSONObj&)> function = stdx::bind(
appendBSONObjToBSONArrayBuilder, &usersArrayBuilder, stdx::placeholders::_1);
- queryAuthzDocument(txn,
+ queryAuthzDocument(opCtx,
AuthorizationManager::usersCollectionNamespace,
queryBuilder.done(),
projection,
@@ -1270,7 +1271,7 @@ public:
return auth::checkAuthForCreateRoleCommand(client, dbname, cmdObj);
}
- bool run(OperationContext* txn,
+ bool run(OperationContext* opCtx,
const string& dbname,
BSONObj& cmdObj,
int options,
@@ -1334,17 +1335,17 @@ public:
roleObjBuilder.append("roles", rolesVectorToBSONArray(args.roles));
- ServiceContext* serviceContext = txn->getClient()->getServiceContext();
+ ServiceContext* serviceContext = opCtx->getClient()->getServiceContext();
stdx::lock_guard<stdx::mutex> lk(getAuthzDataMutex(serviceContext));
AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext);
- status = requireAuthSchemaVersion26Final(txn, authzManager);
+ status = requireAuthSchemaVersion26Final(opCtx, authzManager);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
// Role existence has to be checked after acquiring the update lock
- status = checkOkayToGrantRolesToRole(txn, args.roleName, args.roles, authzManager);
+ status = checkOkayToGrantRolesToRole(opCtx, args.roleName, args.roles, authzManager);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -1356,7 +1357,7 @@ public:
audit::logCreateRole(Client::getCurrent(), args.roleName, args.roles, args.privileges);
- status = insertRoleDocument(txn, roleObjBuilder.done());
+ status = insertRoleDocument(opCtx, roleObjBuilder.done());
return appendCommandStatus(result, status);
}
@@ -1384,7 +1385,7 @@ public:
return auth::checkAuthForUpdateRoleCommand(client, dbname, cmdObj);
}
- bool run(OperationContext* txn,
+ bool run(OperationContext* opCtx,
const string& dbname,
BSONObj& cmdObj,
int options,
@@ -1418,25 +1419,25 @@ public:
updateSetBuilder.append("roles", rolesVectorToBSONArray(args.roles));
}
- ServiceContext* serviceContext = txn->getClient()->getServiceContext();
+ ServiceContext* serviceContext = opCtx->getClient()->getServiceContext();
stdx::lock_guard<stdx::mutex> lk(getAuthzDataMutex(serviceContext));
AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext);
- status = requireAuthSchemaVersion26Final(txn, authzManager);
+ status = requireAuthSchemaVersion26Final(opCtx, authzManager);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
// Role existence has to be checked after acquiring the update lock
BSONObj ignored;
- status =
- authzManager->getRoleDescription(txn, args.roleName, PrivilegeFormat::kOmit, &ignored);
+ status = authzManager->getRoleDescription(
+ opCtx, args.roleName, PrivilegeFormat::kOmit, &ignored);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
if (args.hasRoles) {
- status = checkOkayToGrantRolesToRole(txn, args.roleName, args.roles, authzManager);
+ status = checkOkayToGrantRolesToRole(opCtx, args.roleName, args.roles, authzManager);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -1454,7 +1455,7 @@ public:
args.hasRoles ? &args.roles : NULL,
args.hasPrivileges ? &args.privileges : NULL);
- status = updateRoleDocument(txn, args.roleName, BSON("$set" << updateSetBuilder.done()));
+ status = updateRoleDocument(opCtx, args.roleName, BSON("$set" << updateSetBuilder.done()));
// Must invalidate even on bad status - what if the write succeeded but the GLE failed?
authzManager->invalidateUserCache();
return appendCommandStatus(result, status);
@@ -1483,7 +1484,7 @@ public:
return auth::checkAuthForGrantPrivilegesToRoleCommand(client, dbname, cmdObj);
}
- bool run(OperationContext* txn,
+ bool run(OperationContext* opCtx,
const string& dbname,
BSONObj& cmdObj,
int options,
@@ -1498,11 +1499,11 @@ public:
return appendCommandStatus(result, status);
}
- ServiceContext* serviceContext = txn->getClient()->getServiceContext();
+ ServiceContext* serviceContext = opCtx->getClient()->getServiceContext();
stdx::lock_guard<stdx::mutex> lk(getAuthzDataMutex(serviceContext));
AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext);
- status = requireAuthSchemaVersion26Final(txn, authzManager);
+ status = requireAuthSchemaVersion26Final(opCtx, authzManager);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -1522,7 +1523,7 @@ public:
BSONObj roleDoc;
status = authzManager->getRoleDescription(
- txn, roleName, PrivilegeFormat::kShowSeparate, &roleDoc);
+ opCtx, roleName, PrivilegeFormat::kShowSeparate, &roleDoc);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -1562,7 +1563,7 @@ public:
audit::logGrantPrivilegesToRole(Client::getCurrent(), roleName, privilegesToAdd);
- status = updateRoleDocument(txn, roleName, updateBSONBuilder.done());
+ status = updateRoleDocument(opCtx, roleName, updateBSONBuilder.done());
// Must invalidate even on bad status - what if the write succeeded but the GLE failed?
authzManager->invalidateUserCache();
return appendCommandStatus(result, status);
@@ -1592,7 +1593,7 @@ public:
return auth::checkAuthForRevokePrivilegesFromRoleCommand(client, dbname, cmdObj);
}
- bool run(OperationContext* txn,
+ bool run(OperationContext* opCtx,
const string& dbname,
BSONObj& cmdObj,
int options,
@@ -1606,11 +1607,11 @@ public:
return appendCommandStatus(result, status);
}
- ServiceContext* serviceContext = txn->getClient()->getServiceContext();
+ ServiceContext* serviceContext = opCtx->getClient()->getServiceContext();
stdx::lock_guard<stdx::mutex> lk(getAuthzDataMutex(serviceContext));
AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext);
- status = requireAuthSchemaVersion26Final(txn, authzManager);
+ status = requireAuthSchemaVersion26Final(opCtx, authzManager);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -1625,7 +1626,7 @@ public:
BSONObj roleDoc;
status = authzManager->getRoleDescription(
- txn, roleName, PrivilegeFormat::kShowSeparate, &roleDoc);
+ opCtx, roleName, PrivilegeFormat::kShowSeparate, &roleDoc);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -1673,7 +1674,7 @@ public:
BSONObjBuilder updateBSONBuilder;
updateObj.writeTo(&updateBSONBuilder);
- status = updateRoleDocument(txn, roleName, updateBSONBuilder.done());
+ status = updateRoleDocument(opCtx, roleName, updateBSONBuilder.done());
// Must invalidate even on bad status - what if the write succeeded but the GLE failed?
authzManager->invalidateUserCache();
return appendCommandStatus(result, status);
@@ -1703,7 +1704,7 @@ public:
return auth::checkAuthForGrantRolesToRoleCommand(client, dbname, cmdObj);
}
- bool run(OperationContext* txn,
+ bool run(OperationContext* opCtx,
const string& dbname,
BSONObj& cmdObj,
int options,
@@ -1726,24 +1727,25 @@ public:
<< " is a built-in role and cannot be modified."));
}
- ServiceContext* serviceContext = txn->getClient()->getServiceContext();
+ ServiceContext* serviceContext = opCtx->getClient()->getServiceContext();
stdx::lock_guard<stdx::mutex> lk(getAuthzDataMutex(serviceContext));
AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext);
- status = requireAuthSchemaVersion26Final(txn, authzManager);
+ status = requireAuthSchemaVersion26Final(opCtx, authzManager);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
// Role existence has to be checked after acquiring the update lock
BSONObj roleDoc;
- status = authzManager->getRoleDescription(txn, roleName, PrivilegeFormat::kOmit, &roleDoc);
+ status =
+ authzManager->getRoleDescription(opCtx, roleName, PrivilegeFormat::kOmit, &roleDoc);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
// Check for cycles
- status = checkOkayToGrantRolesToRole(txn, roleName, rolesToAdd, authzManager);
+ status = checkOkayToGrantRolesToRole(opCtx, roleName, rolesToAdd, authzManager);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -1764,7 +1766,7 @@ public:
audit::logGrantRolesToRole(Client::getCurrent(), roleName, rolesToAdd);
status = updateRoleDocument(
- txn, roleName, BSON("$set" << BSON("roles" << rolesVectorToBSONArray(directRoles))));
+ opCtx, roleName, BSON("$set" << BSON("roles" << rolesVectorToBSONArray(directRoles))));
// Must invalidate even on bad status - what if the write succeeded but the GLE failed?
authzManager->invalidateUserCache();
return appendCommandStatus(result, status);
@@ -1794,7 +1796,7 @@ public:
return auth::checkAuthForRevokeRolesFromRoleCommand(client, dbname, cmdObj);
}
- bool run(OperationContext* txn,
+ bool run(OperationContext* opCtx,
const string& dbname,
BSONObj& cmdObj,
int options,
@@ -1808,11 +1810,11 @@ public:
return appendCommandStatus(result, status);
}
- ServiceContext* serviceContext = txn->getClient()->getServiceContext();
+ ServiceContext* serviceContext = opCtx->getClient()->getServiceContext();
stdx::lock_guard<stdx::mutex> lk(getAuthzDataMutex(serviceContext));
AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext);
- status = requireAuthSchemaVersion26Final(txn, authzManager);
+ status = requireAuthSchemaVersion26Final(opCtx, authzManager);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -1827,7 +1829,8 @@ public:
}
BSONObj roleDoc;
- status = authzManager->getRoleDescription(txn, roleName, PrivilegeFormat::kOmit, &roleDoc);
+ status =
+ authzManager->getRoleDescription(opCtx, roleName, PrivilegeFormat::kOmit, &roleDoc);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -1850,7 +1853,7 @@ public:
audit::logRevokeRolesFromRole(Client::getCurrent(), roleName, rolesToRemove);
status = updateRoleDocument(
- txn, roleName, BSON("$set" << BSON("roles" << rolesVectorToBSONArray(roles))));
+ opCtx, roleName, BSON("$set" << BSON("roles" << rolesVectorToBSONArray(roles))));
// Must invalidate even on bad status - what if the write succeeded but the GLE failed?
authzManager->invalidateUserCache();
return appendCommandStatus(result, status);
@@ -1884,7 +1887,7 @@ public:
return auth::checkAuthForDropRoleCommand(client, dbname, cmdObj);
}
- bool run(OperationContext* txn,
+ bool run(OperationContext* opCtx,
const string& dbname,
BSONObj& cmdObj,
int options,
@@ -1896,11 +1899,11 @@ public:
return appendCommandStatus(result, status);
}
- ServiceContext* serviceContext = txn->getClient()->getServiceContext();
+ ServiceContext* serviceContext = opCtx->getClient()->getServiceContext();
stdx::lock_guard<stdx::mutex> lk(getAuthzDataMutex(serviceContext));
AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext);
- status = requireAuthSchemaVersion26Final(txn, authzManager);
+ status = requireAuthSchemaVersion26Final(opCtx, authzManager);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -1914,7 +1917,8 @@ public:
}
BSONObj roleDoc;
- status = authzManager->getRoleDescription(txn, roleName, PrivilegeFormat::kOmit, &roleDoc);
+ status =
+ authzManager->getRoleDescription(opCtx, roleName, PrivilegeFormat::kOmit, &roleDoc);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -1922,7 +1926,7 @@ public:
// Remove this role from all users
long long nMatched;
status = updateAuthzDocuments(
- txn,
+ opCtx,
AuthorizationManager::usersCollectionNamespace,
BSON("roles" << BSON("$elemMatch" << BSON(AuthorizationManager::ROLE_NAME_FIELD_NAME
<< roleName.getRole()
@@ -1951,7 +1955,7 @@ public:
// Remove this role from all other roles
status = updateAuthzDocuments(
- txn,
+ opCtx,
AuthorizationManager::rolesCollectionNamespace,
BSON("roles" << BSON("$elemMatch" << BSON(AuthorizationManager::ROLE_NAME_FIELD_NAME
<< roleName.getRole()
@@ -1980,7 +1984,7 @@ public:
audit::logDropRole(Client::getCurrent(), roleName);
// Finally, remove the actual role document
- status = removeRoleDocuments(txn,
+ status = removeRoleDocuments(opCtx,
BSON(AuthorizationManager::ROLE_NAME_FIELD_NAME
<< roleName.getRole()
<< AuthorizationManager::ROLE_DB_FIELD_NAME
@@ -2038,7 +2042,7 @@ public:
return auth::checkAuthForDropAllRolesFromDatabaseCommand(client, dbname);
}
- bool run(OperationContext* txn,
+ bool run(OperationContext* opCtx,
const string& dbname,
BSONObj& cmdObj,
int options,
@@ -2049,11 +2053,11 @@ public:
return appendCommandStatus(result, status);
}
- ServiceContext* serviceContext = txn->getClient()->getServiceContext();
+ ServiceContext* serviceContext = opCtx->getClient()->getServiceContext();
stdx::lock_guard<stdx::mutex> lk(getAuthzDataMutex(serviceContext));
AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext);
- status = requireAuthSchemaVersion26Final(txn, authzManager);
+ status = requireAuthSchemaVersion26Final(opCtx, authzManager);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -2061,7 +2065,7 @@ public:
// Remove these roles from all users
long long nMatched;
status = updateAuthzDocuments(
- txn,
+ opCtx,
AuthorizationManager::usersCollectionNamespace,
BSON("roles" << BSON(AuthorizationManager::ROLE_DB_FIELD_NAME << dbname)),
BSON("$pull" << BSON("roles"
@@ -2087,7 +2091,7 @@ public:
std::string sourceFieldName = str::stream() << "roles."
<< AuthorizationManager::ROLE_DB_FIELD_NAME;
status = updateAuthzDocuments(
- txn,
+ opCtx,
AuthorizationManager::rolesCollectionNamespace,
BSON(sourceFieldName << dbname),
BSON("$pull" << BSON("roles"
@@ -2112,7 +2116,7 @@ public:
audit::logDropAllRolesFromDatabase(Client::getCurrent(), dbname);
// Finally, remove the actual role documents
status = removeRoleDocuments(
- txn, BSON(AuthorizationManager::ROLE_DB_FIELD_NAME << dbname), &nMatched);
+ opCtx, BSON(AuthorizationManager::ROLE_DB_FIELD_NAME << dbname), &nMatched);
// Must invalidate even on bad status - what if the write succeeded but the GLE failed?
authzManager->invalidateUserCache();
if (!status.isOK()) {
@@ -2182,7 +2186,7 @@ public:
return auth::checkAuthForRolesInfoCommand(client, dbname, cmdObj);
}
- bool run(OperationContext* txn,
+ bool run(OperationContext* opCtx,
const string& dbname,
BSONObj& cmdObj,
int options,
@@ -2194,7 +2198,7 @@ public:
return appendCommandStatus(result, status);
}
- status = requireAuthSchemaVersion26UpgradeOrFinal(txn, getGlobalAuthorizationManager());
+ status = requireAuthSchemaVersion26UpgradeOrFinal(opCtx, getGlobalAuthorizationManager());
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -2202,7 +2206,7 @@ public:
if (args.allForDB) {
std::vector<BSONObj> rolesDocs;
status = getGlobalAuthorizationManager()->getRoleDescriptionsForDB(
- txn, dbname, args.privilegeFormat, args.showBuiltinRoles, &rolesDocs);
+ opCtx, dbname, args.privilegeFormat, args.showBuiltinRoles, &rolesDocs);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -2221,7 +2225,7 @@ public:
} else {
BSONObj roleDetails;
status = getGlobalAuthorizationManager()->getRolesDescription(
- txn, args.roleNames, args.privilegeFormat, &roleDetails);
+ opCtx, args.roleNames, args.privilegeFormat, &roleDetails);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -2264,7 +2268,7 @@ public:
return auth::checkAuthForInvalidateUserCacheCommand(client);
}
- bool run(OperationContext* txn,
+ bool run(OperationContext* opCtx,
const string& dbname,
BSONObj& cmdObj,
int options,
@@ -2303,7 +2307,7 @@ public:
return auth::checkAuthForGetUserCacheGenerationCommand(client);
}
- bool run(OperationContext* txn,
+ bool run(OperationContext* opCtx,
const string& dbname,
BSONObj& cmdObj,
int options,
@@ -2451,7 +2455,7 @@ public:
* admin.system.users collection.
* Also removes any users it encounters from the usersToDrop set.
*/
- static void addUser(OperationContext* txn,
+ static void addUser(OperationContext* opCtx,
AuthorizationManager* authzManager,
StringData db,
bool update,
@@ -2464,7 +2468,7 @@ public:
if (update && usersToDrop->count(userName)) {
auditCreateOrUpdateUser(userObj, false);
- Status status = updatePrivilegeDocument(txn, userName, userObj);
+ Status status = updatePrivilegeDocument(opCtx, userName, userObj);
if (!status.isOK()) {
// Match the behavior of mongorestore to continue on failure
warning() << "Could not update user " << userName
@@ -2472,7 +2476,7 @@ public:
}
} else {
auditCreateOrUpdateUser(userObj, true);
- Status status = insertPrivilegeDocument(txn, userObj);
+ Status status = insertPrivilegeDocument(opCtx, userObj);
if (!status.isOK()) {
// Match the behavior of mongorestore to continue on failure
warning() << "Could not insert user " << userName
@@ -2489,7 +2493,7 @@ public:
* admin.system.roles collection.
* Also removes any roles it encounters from the rolesToDrop set.
*/
- static void addRole(OperationContext* txn,
+ static void addRole(OperationContext* opCtx,
AuthorizationManager* authzManager,
StringData db,
bool update,
@@ -2502,7 +2506,7 @@ public:
if (update && rolesToDrop->count(roleName)) {
auditCreateOrUpdateRole(roleObj, false);
- Status status = updateRoleDocument(txn, roleName, roleObj);
+ Status status = updateRoleDocument(opCtx, roleName, roleObj);
if (!status.isOK()) {
// Match the behavior of mongorestore to continue on failure
warning() << "Could not update role " << roleName
@@ -2510,7 +2514,7 @@ public:
}
} else {
auditCreateOrUpdateRole(roleObj, true);
- Status status = insertRoleDocument(txn, roleObj);
+ Status status = insertRoleDocument(opCtx, roleObj);
if (!status.isOK()) {
// Match the behavior of mongorestore to continue on failure
warning() << "Could not insert role " << roleName
@@ -2524,7 +2528,7 @@ public:
* Moves all user objects from usersCollName into admin.system.users. If drop is true,
* removes any users that were in admin.system.users but not in usersCollName.
*/
- Status processUsers(OperationContext* txn,
+ Status processUsers(OperationContext* opCtx,
AuthorizationManager* authzManager,
StringData usersCollName,
StringData db,
@@ -2550,7 +2554,7 @@ public:
<< 1);
Status status =
- queryAuthzDocument(txn,
+ queryAuthzDocument(opCtx,
AuthorizationManager::usersCollectionNamespace,
query,
fields,
@@ -2563,12 +2567,12 @@ public:
}
Status status = queryAuthzDocument(
- txn,
+ opCtx,
NamespaceString(usersCollName),
db.empty() ? BSONObj() : BSON(AuthorizationManager::USER_DB_FIELD_NAME << db),
BSONObj(),
stdx::bind(&CmdMergeAuthzCollections::addUser,
- txn,
+ opCtx,
authzManager,
db,
drop,
@@ -2585,7 +2589,7 @@ public:
++it) {
const UserName& userName = *it;
audit::logDropUser(Client::getCurrent(), userName);
- status = removePrivilegeDocuments(txn,
+ status = removePrivilegeDocuments(opCtx,
BSON(AuthorizationManager::USER_NAME_FIELD_NAME
<< userName.getUser().toString()
<< AuthorizationManager::USER_DB_FIELD_NAME
@@ -2605,7 +2609,7 @@ public:
* Moves all user objects from usersCollName into admin.system.users. If drop is true,
* removes any users that were in admin.system.users but not in usersCollName.
*/
- Status processRoles(OperationContext* txn,
+ Status processRoles(OperationContext* opCtx,
AuthorizationManager* authzManager,
StringData rolesCollName,
StringData db,
@@ -2630,7 +2634,7 @@ public:
<< 1);
Status status =
- queryAuthzDocument(txn,
+ queryAuthzDocument(opCtx,
AuthorizationManager::rolesCollectionNamespace,
query,
fields,
@@ -2643,12 +2647,12 @@ public:
}
Status status = queryAuthzDocument(
- txn,
+ opCtx,
NamespaceString(rolesCollName),
db.empty() ? BSONObj() : BSON(AuthorizationManager::ROLE_DB_FIELD_NAME << db),
BSONObj(),
stdx::bind(&CmdMergeAuthzCollections::addRole,
- txn,
+ opCtx,
authzManager,
db,
drop,
@@ -2665,7 +2669,7 @@ public:
++it) {
const RoleName& roleName = *it;
audit::logDropRole(Client::getCurrent(), roleName);
- status = removeRoleDocuments(txn,
+ status = removeRoleDocuments(opCtx,
BSON(AuthorizationManager::ROLE_NAME_FIELD_NAME
<< roleName.getRole().toString()
<< AuthorizationManager::ROLE_DB_FIELD_NAME
@@ -2681,7 +2685,7 @@ public:
return Status::OK();
}
- bool run(OperationContext* txn,
+ bool run(OperationContext* opCtx,
const string& dbname,
BSONObj& cmdObj,
int options,
@@ -2701,24 +2705,26 @@ public:
"\"tempRolescollection\""));
}
- ServiceContext* serviceContext = txn->getClient()->getServiceContext();
+ ServiceContext* serviceContext = opCtx->getClient()->getServiceContext();
stdx::lock_guard<stdx::mutex> lk(getAuthzDataMutex(serviceContext));
AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext);
- status = requireAuthSchemaVersion26Final(txn, authzManager);
+ status = requireAuthSchemaVersion26Final(opCtx, authzManager);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
if (!args.usersCollName.empty()) {
- Status status = processUsers(txn, authzManager, args.usersCollName, args.db, args.drop);
+ Status status =
+ processUsers(opCtx, authzManager, args.usersCollName, args.db, args.drop);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
}
if (!args.rolesCollName.empty()) {
- Status status = processRoles(txn, authzManager, args.rolesCollName, args.db, args.drop);
+ Status status =
+ processRoles(opCtx, authzManager, args.rolesCollName, args.db, args.drop);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
@@ -2742,7 +2748,7 @@ Status logUpgradeFailed(const Status& status) {
*
* Throws a DBException on errors.
*/
-void updateUserCredentials(OperationContext* txn,
+void updateUserCredentials(OperationContext* opCtx,
const StringData& sourceDB,
const BSONObj& userDoc) {
// Skip users in $external, SERVER-18475
@@ -2789,7 +2795,7 @@ void updateUserCredentials(OperationContext* txn,
}
uassertStatusOK(updateOneAuthzDocument(
- txn, NamespaceString("admin", "system.users"), query, updateBuilder.obj(), true));
+ opCtx, NamespaceString("admin", "system.users"), query, updateBuilder.obj(), true));
}
/** Loop through all the user documents in the admin.system.users collection.
@@ -2798,20 +2804,20 @@ void updateUserCredentials(OperationContext* txn,
* 2. Remove the MONGODB-CR hash
* 3. Add SCRAM credentials to the user document credentials section
*/
-Status updateCredentials(OperationContext* txn) {
+Status updateCredentials(OperationContext* opCtx) {
// Loop through and update the user documents in admin.system.users.
- Status status =
- queryAuthzDocument(txn,
- NamespaceString("admin", "system.users"),
- BSONObj(),
- BSONObj(),
- stdx::bind(updateUserCredentials, txn, "admin", stdx::placeholders::_1));
+ Status status = queryAuthzDocument(
+ opCtx,
+ NamespaceString("admin", "system.users"),
+ BSONObj(),
+ BSONObj(),
+ stdx::bind(updateUserCredentials, opCtx, "admin", stdx::placeholders::_1));
if (!status.isOK())
return logUpgradeFailed(status);
// Update the schema version document.
status =
- updateOneAuthzDocument(txn,
+ updateOneAuthzDocument(opCtx,
AuthorizationManager::versionCollectionNamespace,
AuthorizationManager::versionDocumentQuery,
BSON("$set" << BSON(AuthorizationManager::schemaVersionFieldName
@@ -2836,11 +2842,11 @@ Status updateCredentials(OperationContext* txn) {
* On failure, returns a status other than Status::OK(). In this case, is is typically safe
* to try again.
*/
-Status upgradeAuthSchemaStep(OperationContext* txn,
+Status upgradeAuthSchemaStep(OperationContext* opCtx,
AuthorizationManager* authzManager,
bool* isDone) {
int authzVersion;
- Status status = authzManager->getAuthorizationVersion(txn, &authzVersion);
+ Status status = authzManager->getAuthorizationVersion(opCtx, &authzVersion);
if (!status.isOK()) {
return status;
}
@@ -2848,7 +2854,7 @@ Status upgradeAuthSchemaStep(OperationContext* txn,
switch (authzVersion) {
case AuthorizationManager::schemaVersion26Final:
case AuthorizationManager::schemaVersion28SCRAM: {
- Status status = updateCredentials(txn);
+ Status status = updateCredentials(opCtx);
if (status.isOK())
*isDone = true;
return status;
@@ -2874,7 +2880,9 @@ Status upgradeAuthSchemaStep(OperationContext* txn,
* progress performing the upgrade, and the specific code and message in the returned status
* may provide additional information.
*/
-Status upgradeAuthSchema(OperationContext* txn, AuthorizationManager* authzManager, int maxSteps) {
+Status upgradeAuthSchema(OperationContext* opCtx,
+ AuthorizationManager* authzManager,
+ int maxSteps) {
if (maxSteps < 1) {
return Status(ErrorCodes::BadValue,
"Minimum value for maxSteps parameter to upgradeAuthSchema is 1");
@@ -2882,7 +2890,7 @@ Status upgradeAuthSchema(OperationContext* txn, AuthorizationManager* authzManag
authzManager->invalidateUserCache();
for (int i = 0; i < maxSteps; ++i) {
bool isDone;
- Status status = upgradeAuthSchemaStep(txn, authzManager, &isDone);
+ Status status = upgradeAuthSchemaStep(opCtx, authzManager, &isDone);
authzManager->invalidateUserCache();
if (!status.isOK() || isDone) {
return status;
@@ -2919,7 +2927,7 @@ public:
return auth::checkAuthForAuthSchemaUpgradeCommand(client);
}
- virtual bool run(OperationContext* txn,
+ virtual bool run(OperationContext* opCtx,
const string& dbname,
BSONObj& cmdObj,
int options,
@@ -2931,12 +2939,12 @@ public:
return appendCommandStatus(result, status);
}
- ServiceContext* serviceContext = txn->getClient()->getServiceContext();
+ ServiceContext* serviceContext = opCtx->getClient()->getServiceContext();
AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext);
stdx::lock_guard<stdx::mutex> lk(getAuthzDataMutex(serviceContext));
- status = upgradeAuthSchema(txn, authzManager, parsedArgs.maxSteps);
+ status = upgradeAuthSchema(opCtx, authzManager, parsedArgs.maxSteps);
if (status.isOK())
result.append("done", true);
return appendCommandStatus(result, status);
View Lorry Controller Status