From cbbdb02faead044e07b5a7d957298cdc07cc9258 Mon Sep 17 00:00:00 2001 From: Tess Avitabile Date: Tue, 21 Mar 2017 11:14:18 -0400 Subject: Revert "SERVER-9609 Ensure users can only call getMore on cursors they created" This reverts commit 9e7974e4b6e2b3fe5e7741dce6549624113af196. --- src/mongo/s/query/async_results_merger_test.cpp | 4 ++-- src/mongo/s/query/cluster_client_cursor.h | 6 ------ src/mongo/s/query/cluster_client_cursor_impl.cpp | 5 ----- src/mongo/s/query/cluster_client_cursor_impl.h | 2 -- .../s/query/cluster_client_cursor_impl_test.cpp | 8 +++---- src/mongo/s/query/cluster_client_cursor_mock.cpp | 8 ------- src/mongo/s/query/cluster_client_cursor_mock.h | 2 -- src/mongo/s/query/cluster_client_cursor_params.h | 25 ++++++++-------------- src/mongo/s/query/cluster_cursor_manager.cpp | 5 ----- src/mongo/s/query/cluster_cursor_manager.h | 6 ------ src/mongo/s/query/cluster_find.cpp | 16 +------------- src/mongo/s/query/store_possible_cursor.cpp | 5 +---- 12 files changed, 17 insertions(+), 75 deletions(-) (limited to 'src/mongo/s/query') diff --git a/src/mongo/s/query/async_results_merger_test.cpp b/src/mongo/s/query/async_results_merger_test.cpp index 0dc06aaa5bd..f61cf89f969 100644 --- a/src/mongo/s/query/async_results_merger_test.cpp +++ b/src/mongo/s/query/async_results_merger_test.cpp @@ -120,7 +120,7 @@ protected: const auto qr = unittest::assertGet(QueryRequest::makeFromFindCommand(_nss, findCmd, isExplain)); - _params = stdx::make_unique(_nss, UserNameIterator(), readPref); + _params = stdx::make_unique(_nss, readPref); _params->sort = qr->getSort(); _params->limit = qr->getLimit(); _params->batchSize = getMoreBatchSize ? getMoreBatchSize : qr->getBatchSize(); @@ -142,7 +142,7 @@ protected: */ void makeCursorFromExistingCursors( const std::vector>& remotes) { - _params = stdx::make_unique(_nss, UserNameIterator()); + _params = stdx::make_unique(_nss); for (const auto& hostIdPair : remotes) { _params->remotes.emplace_back(hostIdPair.first, hostIdPair.second); diff --git a/src/mongo/s/query/cluster_client_cursor.h b/src/mongo/s/query/cluster_client_cursor.h index 45d5d76a147..bd34689e62f 100644 --- a/src/mongo/s/query/cluster_client_cursor.h +++ b/src/mongo/s/query/cluster_client_cursor.h @@ -30,7 +30,6 @@ #include -#include "mongo/db/auth/user_name.h" #include "mongo/db/jsobj.h" #include "mongo/s/query/cluster_query_result.h" #include "mongo/util/time_support.h" @@ -80,11 +79,6 @@ public: */ virtual bool isTailable() const = 0; - /** - * Returns the set of authenticated users when this cursor was created. - */ - virtual UserNameIterator getAuthenticatedUsers() const = 0; - /** * Returns the view definition associated with this cursor, if any. */ diff --git a/src/mongo/s/query/cluster_client_cursor_impl.cpp b/src/mongo/s/query/cluster_client_cursor_impl.cpp index dec40936d7c..24ffc0b220a 100644 --- a/src/mongo/s/query/cluster_client_cursor_impl.cpp +++ b/src/mongo/s/query/cluster_client_cursor_impl.cpp @@ -99,11 +99,6 @@ bool ClusterClientCursorImpl::isTailable() const { return _params.isTailable; } -UserNameIterator ClusterClientCursorImpl::getAuthenticatedUsers() const { - return makeUserNameIterator(_params.authenticatedUsers.begin(), - _params.authenticatedUsers.end()); -} - boost::optional ClusterClientCursorImpl::viewDefinition() const { return _params.viewDefinition; } diff --git a/src/mongo/s/query/cluster_client_cursor_impl.h b/src/mongo/s/query/cluster_client_cursor_impl.h index 27b31dba14c..de4e09d0950 100644 --- a/src/mongo/s/query/cluster_client_cursor_impl.h +++ b/src/mongo/s/query/cluster_client_cursor_impl.h @@ -101,8 +101,6 @@ public: bool isTailable() const final; - UserNameIterator getAuthenticatedUsers() const final; - boost::optional viewDefinition() const final; long long getNumReturnedSoFar() const final; diff --git a/src/mongo/s/query/cluster_client_cursor_impl_test.cpp b/src/mongo/s/query/cluster_client_cursor_impl_test.cpp index 188b8dbf112..f8356b9622f 100644 --- a/src/mongo/s/query/cluster_client_cursor_impl_test.cpp +++ b/src/mongo/s/query/cluster_client_cursor_impl_test.cpp @@ -51,7 +51,7 @@ TEST(ClusterClientCursorImpl, NumReturnedSoFar) { } ClusterClientCursorImpl cursor(std::move(mockStage), - ClusterClientCursorParams(NamespaceString("unused"), {})); + ClusterClientCursorParams(NamespaceString("unused"))); ASSERT_EQ(cursor.getNumReturnedSoFar(), 0); @@ -74,7 +74,7 @@ TEST(ClusterClientCursorImpl, QueueResult) { mockStage->queueResult(BSON("a" << 4)); ClusterClientCursorImpl cursor(std::move(mockStage), - ClusterClientCursorParams(NamespaceString("unused"), {})); + ClusterClientCursorParams(NamespaceString("unused"))); auto firstResult = cursor.next(nullptr); ASSERT_OK(firstResult.getStatus()); @@ -113,7 +113,7 @@ TEST(ClusterClientCursorImpl, RemotesExhausted) { mockStage->markRemotesExhausted(); ClusterClientCursorImpl cursor(std::move(mockStage), - ClusterClientCursorParams(NamespaceString("unused"), {})); + ClusterClientCursorParams(NamespaceString("unused"))); ASSERT_TRUE(cursor.remotesExhausted()); auto firstResult = cursor.next(nullptr); @@ -142,7 +142,7 @@ TEST(ClusterClientCursorImpl, ForwardsAwaitDataTimeout) { ASSERT_NOT_OK(mockStage->getAwaitDataTimeout().getStatus()); ClusterClientCursorImpl cursor(std::move(mockStage), - ClusterClientCursorParams(NamespaceString("unused"), {})); + ClusterClientCursorParams(NamespaceString("unused"))); ASSERT_OK(cursor.setAwaitDataTimeout(Milliseconds(789))); auto awaitDataTimeout = mockStagePtr->getAwaitDataTimeout(); diff --git a/src/mongo/s/query/cluster_client_cursor_mock.cpp b/src/mongo/s/query/cluster_client_cursor_mock.cpp index 8b4d64f4d41..28a4f2643f3 100644 --- a/src/mongo/s/query/cluster_client_cursor_mock.cpp +++ b/src/mongo/s/query/cluster_client_cursor_mock.cpp @@ -77,14 +77,6 @@ bool ClusterClientCursorMock::isTailable() const { return false; } -namespace { -const std::vector emptyAuthenticatedUsers{}; -} // namespace - -UserNameIterator ClusterClientCursorMock::getAuthenticatedUsers() const { - return makeUserNameIterator(emptyAuthenticatedUsers.begin(), emptyAuthenticatedUsers.end()); -} - boost::optional ClusterClientCursorMock::viewDefinition() const { return boost::none; } diff --git a/src/mongo/s/query/cluster_client_cursor_mock.h b/src/mongo/s/query/cluster_client_cursor_mock.h index 23d857d59d6..baea6660535 100644 --- a/src/mongo/s/query/cluster_client_cursor_mock.h +++ b/src/mongo/s/query/cluster_client_cursor_mock.h @@ -49,8 +49,6 @@ public: bool isTailable() const final; - UserNameIterator getAuthenticatedUsers() const final; - boost::optional viewDefinition() const final; long long getNumReturnedSoFar() const final; diff --git a/src/mongo/s/query/cluster_client_cursor_params.h b/src/mongo/s/query/cluster_client_cursor_params.h index 03db1e37194..bf7037f98e5 100644 --- a/src/mongo/s/query/cluster_client_cursor_params.h +++ b/src/mongo/s/query/cluster_client_cursor_params.h @@ -34,7 +34,6 @@ #include "mongo/bson/bsonobj.h" #include "mongo/client/read_preference.h" -#include "mongo/db/auth/user_name.h" #include "mongo/db/cursor_id.h" #include "mongo/db/namespace_string.h" #include "mongo/s/client/shard.h" @@ -92,27 +91,21 @@ struct ClusterClientCursorParams { }; /** - * Read preference must be provided if initial shard host targeting is necessary (i.e., we don't + * Constructor used for cases where initial shard host targeting is necessary (i.e., we don't * know yet the remote cursor id). */ - ClusterClientCursorParams(NamespaceString nss, - UserNameIterator authenticatedUsersIter, - boost::optional readPref = boost::none) - : nsString(std::move(nss)) { - while (authenticatedUsersIter.more()) { - authenticatedUsers.emplace_back(authenticatedUsersIter.next()); - } - if (readPref) { - readPreference = std::move(readPref.get()); - } - } + ClusterClientCursorParams(NamespaceString nss, ReadPreferenceSetting readPref) + : nsString(std::move(nss)), readPreference(std::move(readPref)) {} + + /** + * Constructor used for cases, where the remote cursor ids are already known and no resolution + * or retargeting needs to happen. + */ + ClusterClientCursorParams(NamespaceString nss) : nsString(std::move(nss)) {} // Namespace against which to query. NamespaceString nsString; - // The set of authenticated users when this cursor was created. - std::vector authenticatedUsers; - // Per-remote node data. std::vector remotes; diff --git a/src/mongo/s/query/cluster_cursor_manager.cpp b/src/mongo/s/query/cluster_cursor_manager.cpp index abb5513cdd8..85d396490c6 100644 --- a/src/mongo/s/query/cluster_cursor_manager.cpp +++ b/src/mongo/s/query/cluster_cursor_manager.cpp @@ -120,11 +120,6 @@ bool ClusterCursorManager::PinnedCursor::isTailable() const { return _cursor->isTailable(); } -UserNameIterator ClusterCursorManager::PinnedCursor::getAuthenticatedUsers() const { - invariant(_cursor); - return _cursor->getAuthenticatedUsers(); -} - void ClusterCursorManager::PinnedCursor::returnCursor(CursorState cursorState) { invariant(_cursor); // Note that unpinning a cursor transfers ownership of the underlying ClusterClientCursor object diff --git a/src/mongo/s/query/cluster_cursor_manager.h b/src/mongo/s/query/cluster_cursor_manager.h index d71c6966ee7..ad320452b3b 100644 --- a/src/mongo/s/query/cluster_cursor_manager.h +++ b/src/mongo/s/query/cluster_cursor_manager.h @@ -162,12 +162,6 @@ public: */ bool isTailable() const; - /** - * Returns the set of authenticated users when this cursor was created. Cannot be called - * after returnCursor() is called. A cursor must be owned. - */ - UserNameIterator getAuthenticatedUsers() const; - /** * Transfers ownership of the underlying cursor back to the manager. A cursor must be * owned, and a cursor will no longer be owned after this method completes. diff --git a/src/mongo/s/query/cluster_find.cpp b/src/mongo/s/query/cluster_find.cpp index a6dcf1de83e..3d4c384c506 100644 --- a/src/mongo/s/query/cluster_find.cpp +++ b/src/mongo/s/query/cluster_find.cpp @@ -39,7 +39,6 @@ #include "mongo/bson/util/bson_extract.h" #include "mongo/client/connpool.h" #include "mongo/client/read_preference.h" -#include "mongo/db/auth/authorization_session.h" #include "mongo/db/commands.h" #include "mongo/db/query/canonical_query.h" #include "mongo/db/query/find_common.h" @@ -180,10 +179,7 @@ StatusWith runQueryWithoutRetrying(OperationContext* opCtx, } } - ClusterClientCursorParams params( - query.nss(), - AuthorizationSession::get(opCtx->getClient())->getAuthenticatedUserNames(), - readPref); + ClusterClientCursorParams params(query.nss(), readPref); params.limit = query.getQueryRequest().getLimit(); params.batchSize = query.getQueryRequest().getEffectiveBatchSize(); params.skip = query.getQueryRequest().getSkip(); @@ -385,16 +381,6 @@ StatusWith ClusterFind::runGetMore(OperationContext* opCtx, while (MONGO_FAIL_POINT(keepCursorPinnedDuringGetMore)) { } - // A user can only call getMore on their own cursor. If there were multiple users authenticated - // when the cursor was created, then at least one of them must be authenticated in order to run - // getMore on the cursor. - if (!AuthorizationSession::get(opCtx->getClient()) - ->isCoauthorizedWith(pinnedCursor.getValue().getAuthenticatedUsers())) { - return {ErrorCodes::Unauthorized, - str::stream() << "cursor id " << request.cursorid - << " was not created by the authenticated user"}; - } - if (request.awaitDataTimeout) { auto status = pinnedCursor.getValue().setAwaitDataTimeout(*request.awaitDataTimeout); if (!status.isOK()) { diff --git a/src/mongo/s/query/store_possible_cursor.cpp b/src/mongo/s/query/store_possible_cursor.cpp index 4f53b2441bc..8647871b6a7 100644 --- a/src/mongo/s/query/store_possible_cursor.cpp +++ b/src/mongo/s/query/store_possible_cursor.cpp @@ -32,7 +32,6 @@ #include "mongo/base/status_with.h" #include "mongo/bson/bsonobj.h" -#include "mongo/db/auth/authorization_session.h" #include "mongo/db/query/cursor_response.h" #include "mongo/s/query/cluster_client_cursor_impl.h" #include "mongo/s/query/cluster_client_cursor_params.h" @@ -59,9 +58,7 @@ StatusWith storePossibleCursor(OperationContext* opCtx, return cmdResult; } - ClusterClientCursorParams params( - incomingCursorResponse.getValue().getNSS(), - AuthorizationSession::get(opCtx->getClient())->getAuthenticatedUserNames()); + ClusterClientCursorParams params(incomingCursorResponse.getValue().getNSS()); params.remotes.emplace_back(server, incomingCursorResponse.getValue().getCursorId()); -- cgit v1.2.1