MB-44777: Remove support for legacy bucket users

trondn · trondn · commit 26685630b3ef · 2021-06-15T12:20:24.000Z
The old bucket password is gone and it is no longer possible to set a password for the bucket. The logic in for authentication in memcached does no longer need to try to look for users with the ';legacy' part in the username. Change-Id: Ib4444b479824692688de5568c7169d68479c5be5 Reviewed-on: http://review.couchbase.org/c/kv_engine/+/148654 Reviewed-by: Dave Rigby <daver@couchbase.com> Tested-by: Trond Norbye <trond.norbye@couchbase.com>
diff --git a/cbsasl/plain/plain.cc b/cbsasl/plain/plain.cc
@@ -19,30 +19,6 @@
 
 namespace cb::sasl::mechanism::plain {
 
-/**
- * ns_server creates a legacy bucket user as part of the upgrade
- * process which is used by the XDCR clients when they connect
- * to they system. These clients _always_ connect by using PLAIN
- * authentication so we should look up and try those users first.
- * If it exists and we have a matching password we're good to go,
- * otherwise we'll have to try the "normal" user.
- */
-bool ServerBackend::try_legacy_user(const std::string& password) {
-    const std::string lecacy_username{username + ";legacy"};
-    cb::sasl::pwdb::User user;
-    if (!find_user(lecacy_username, user)) {
-        return false;
-    }
-
-    if (cb::sasl::plain::check_password(&context, user, password) ==
-        Error::OK) {
-        username.assign(lecacy_username);
-        return true;
-    }
-
-    return false;
-}
-
 std::pair<Error, std::string_view> ServerBackend::start(
         std::string_view input) {
     if (input.empty()) {
@@ -81,10 +57,6 @@ std::pair<Error, std::string_view> ServerBackend::start(
     this->username.assign(username);
     const std::string userpw(password, pwlen);
 
-    if (try_legacy_user(userpw)) {
-        return std::make_pair<Error, std::string_view>(Error::OK, {});
-    }
-
     cb::sasl::pwdb::User user;
     if (!find_user(username, user)) {
         return std::pair<Error, std::string_view>{Error::NO_USER, {}};
diff --git a/cbsasl/plain/plain.h b/cbsasl/plain/plain.h
@@ -30,9 +30,6 @@ class ServerBackend : public server::MechanismBackend {
     std::string getName() const override {
         return "PLAIN";
     }
-
-protected:
-    bool try_legacy_user(const std::string& password);
 };
 
 class ClientBackend : public client::MechanismBackend {
diff --git a/daemon/protocol/mcbp/sasl_auth_command_context.cc b/daemon/protocol/mcbp/sasl_auth_command_context.cc
@@ -74,12 +74,7 @@ cb::engine_errc SaslAuthCommandContext::tryHandleSaslOk(
 
     /* associate the connection with the appropriate bucket */
     {
-        std::string username = connection.getUser().name;
-        auto idx = username.find(";legacy");
-        if (idx != username.npos) {
-            username.resize(idx);
-        }
-
+        const auto username = connection.getUser().name;
         if (mayAccessBucket(cookie, username)) {
             associate_bucket(cookie, username.c_str());
             // Auth succeeded but the connection may not be valid for the
diff --git a/tests/testapp/CMakeLists.txt b/tests/testapp/CMakeLists.txt
@@ -50,7 +50,6 @@ set(memcached_testapp_SOURCES
     testapp_interfaces.cc
     testapp_ioctl.cc
     testapp_ipv6.cc
-    testapp_legacy_users.cc
     testapp_lock.cc
     testapp_logging.cc
     testapp_maxconn.cc
diff --git a/tests/testapp/cbsaslpw.json b/tests/testapp/cbsaslpw.json
@@ -152,28 +152,6 @@
         "i": 10
       }
     }, {
-      "n":	"legacy;legacy",
-      "plain":	"yvB+y0qzqfNCXbkuzuiXf52okTZWNVJy8rQTnHqF+QdzLLLl"
-    }, {
-      "n":	"legacy",
-      "plain":	"LWO8xng2gjJ5QbRHCrL6Adg+87yzK8vseSKRGTLEKU3iUsh7",
-      "sha1":	{
-        "h":	"yfhDxQJW/qY9pnjbVZHQ/HUtFEM=",
-        "s":	"PwICG3Sauqikl6j6i2l1S1Rzw+0=",
-        "i":	10
-      },
-      "sha256":	{
-        "h":	"SG0NvatYEvxJSeap0GsA64h3JidPy3daJedOu2oyBGI=",
-        "s":	"amVllupY5Ft5zHRJ2gzqi+rGwQhbEjc3CKPd6M+1SDo=",
-        "i":	10
-      },
-      "sha512":	{
-        "h":	"3PCq8SshbcAanC7kbpnC6eQxYUFCAmV0rLNj0fIGx0rk/O4DjCqVMBfnC/CB7ADTV4qFrdh0RZnFBz/WVntjEQ==",
-        "s":	"7gnuoQjA4xIzAf5LB9mEy/PzdieJqgSyT6rIp09bn6jWFxUdLYw9MmmowOMsFnbLk+NSPcIJeURLWajkVrrqiQ==",
-        "i":	10
-      }
-    },
-    {
       "n": "default",
       "plain": "x7ZPbYpo05MCE6QzC+AIEPLL9XjKZpyLcLX+Xc7+eTEFV9P2"
     }
diff --git a/tests/testapp/rbac.json b/tests/testapp/rbac.json
@@ -113,21 +113,5 @@
       "all"
     ],
     "domain": "local"
-  },
-  "legacy;legacy": {
-    "buckets": {
-      "default": [
-        "all"
-      ]
-    },
-    "domain": "local"
-  },
-  "legacy": {
-    "buckets": {
-      "default": [
-        "all"
-      ]
-    },
-    "domain": "local"
   }
 }
diff --git a/tests/testapp/testapp_legacy_users.cc b/tests/testapp/testapp_legacy_users.cc

Original file line number	Diff line number	Diff line change
`@@ -30,9 +30,6 @@ class ServerBackend : public server::MechanismBackend {`
`30`	`30`	`std::string getName() const override {`
`31`	`31`	`return "PLAIN";`
`32`	`32`	`}`
`33`		`-`
`34`		`-protected:`
`35`		`- bool try_legacy_user(const std::string& password);`
`36`	`33`	`};`
`37`	`34`
`38`	`35`	`class ClientBackend : public client::MechanismBackend {`