SERVER-51328 with auth

author: Pierlauro Sciarelli <pierlauro.sciarelli@mongodb.com> 2020-10-15 08:41:33 +0000
committer: Evergreen Agent <no-reply@evergreen.mongodb.com> 2020-10-15 14:53:22 +0000
commit: 9e8d7e4367e2228c8b56e6050d07c5964913ebc9 (patch)
tree: 88324106b2e30d3ed26becde451aa220d5a8f05a
parent: 74bcbc442aa3aa6bb188a8c7aa2d12f272a0b8ce (diff)
download: mongo-9e8d7e4367e2228c8b56e6050d07c5964913ebc9.tar.gz
2 files changed, 15 insertions, 1 deletions
diff --git a/src/mongo/db/s/vector_clock_persist_command.cpp b/src/mongo/db/s/vector_clock_persist_command.cpp
index 9e491b367fc..9df463430c4 100644
--- a/src/mongo/db/s/vector_clock_persist_command.cpp
+++ b/src/mongo/db/s/vector_clock_persist_command.cpp
@@ -31,6 +31,8 @@
 
 #include "mongo/platform/basic.h"
 
+#include "mongo/db/auth/action_type.h"
+#include "mongo/db/auth/authorization_session.h"
 #include "mongo/db/commands.h"
 #include "mongo/db/s/sharding_state.h"
 #include "mongo/db/vector_clock_mutable.h"
@@ -45,6 +47,18 @@ class VectorClockPersistCommand : public BasicCommand {
 public:
     VectorClockPersistCommand() : BasicCommand("_vectorClockPersist") {}
 
+    Status checkAuthForCommand(Client* client,
+                               const std::string& dbname,
+                               const BSONObj& cmdObj) const override {
+        uassert(ErrorCodes::Unauthorized,
+                "Unauthorized",
+                AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
+                    ResourcePattern::forDatabaseName(
+                        NamespaceString::kVectorClockNamespace.db().toString()),
+                    ActionType::internal));
+        return Status::OK();
+    }
+
     AllowedOnSecondary secondaryAllowed(ServiceContext*) const override {
         return AllowedOnSecondary::kNever;
     }
diff --git a/src/mongo/db/vector_clock_mongod.cpp b/src/mongo/db/vector_clock_mongod.cpp
index 7d66266aa42..90c7261bbb7 100644
--- a/src/mongo/db/vector_clock_mongod.cpp
+++ b/src/mongo/db/vector_clock_mongod.cpp
@@ -367,7 +367,7 @@ Future<void> VectorClockMongoD::_doWhileQueueNotEmptyOrError(ServiceContext* ser
                     auto cmdResponse = uassertStatusOK(selfShard->runCommandWithFixedRetryAttempts(
                         opCtx,
                         ReadPreferenceSetting{ReadPreference::PrimaryOnly},
-                        NamespaceString::kVectorClockNamespace.toString(),
+                        NamespaceString::kVectorClockNamespace.db().toString(),
                         BSON("_vectorClockPersist" << 1),
                         Seconds{30},
                         Shard::RetryPolicy::kIdempotent));
author	Pierlauro Sciarelli <pierlauro.sciarelli@mongodb.com>	2020-10-15 08:41:33 +0000
committer	Evergreen Agent <no-reply@evergreen.mongodb.com>	2020-10-15 14:53:22 +0000
commit	9e8d7e4367e2228c8b56e6050d07c5964913ebc9 (patch)
tree	88324106b2e30d3ed26becde451aa220d5a8f05a
parent	74bcbc442aa3aa6bb188a8c7aa2d12f272a0b8ce (diff)
download	mongo-9e8d7e4367e2228c8b56e6050d07c5964913ebc9.tar.gz