diff options
| author | Jason Rassi <rassi@10gen.com> | 2015-04-25 12:57:35 -0400 |
|---|---|---|
| committer | Jason Rassi <rassi@10gen.com> | 2015-04-28 17:02:18 -0400 |
| commit | 7a2b2614d8a786de848ada2c42e74276d887df13 (patch) | |
| tree | 81717d11c1f1a2001ed2a9ad8bf93e0733539547 | |
| parent | e5ee7906615bae2824a838bd23f226b6cbdb9ff2 (diff) | |
| download | mongo-7a2b2614d8a786de848ada2c42e74276d887df13.tar.gz | |
SERVER-18111 Check userAllowedWriteNS() in findAndModify cmd parsing
(cherry picked from commit 4ea827d383156d36e666d05eb6dad8bbc2a75801)
| -rw-r--r-- | jstests/core/system_profile.js | 9 | ||||
| -rw-r--r-- | src/mongo/db/commands/find_and_modify.cpp | 9 |
2 files changed, 18 insertions, 0 deletions
diff --git a/jstests/core/system_profile.js b/jstests/core/system_profile.js index b65d8a45d28..02390f9bfcb 100644 --- a/jstests/core/system_profile.js +++ b/jstests/core/system_profile.js @@ -23,6 +23,15 @@ assert.writeError(testDB.system.profile.update({}, {a: 1})); assert.writeError(testDB.system.profile.update({}, {a: 1}, {upsert: true})); assert.writeError(testDB.system.profile.remove({})); +// Using findAndModify to write to "system.profile" should fail. +assert.commandWorked(testDB.dropDatabase()); +assert.commandWorked(testDB.createCollection("system.profile")); +assert.commandFailed( + testDB.system.profile.runCommand("findAndModify", {query: {}, update: {a: 1}})); +assert.commandFailed( + testDB.system.profile.runCommand("findAndModify", {query: {}, update: {a: 1}, upsert: true})); +assert.commandFailed(testDB.system.profile.runCommand("findAndModify", {query: {}, remove: true})); + // Using mapReduce to write to "system.profile" should fail. assert.commandWorked(testDB.dropDatabase()); assert.writeOK(testDB.foo.insert({val: 1})); diff --git a/src/mongo/db/commands/find_and_modify.cpp b/src/mongo/db/commands/find_and_modify.cpp index ba0817bc9e5..a287ce1a301 100644 --- a/src/mongo/db/commands/find_and_modify.cpp +++ b/src/mongo/db/commands/find_and_modify.cpp @@ -39,6 +39,7 @@ #include "mongo/db/pagefault.h" #include "mongo/db/projection.h" #include "mongo/db/ops/delete.h" +#include "mongo/db/ops/insert.h" #include "mongo/db/ops/update.h" #include "mongo/db/ops/update_lifecycle_impl.h" #include "mongo/db/queryutil.h" @@ -71,6 +72,10 @@ namespace mongo { verify( cmdObj["sort"].eoo() ); string ns = dbname + '.' + cmdObj.firstElement().valuestr(); + Status allowedWriteStatus = userAllowedWriteNS(ns); + if (!allowedWriteStatus.isOK()) { + return appendCommandStatus(result, allowedWriteStatus); + } BSONObj query = cmdObj.getObjectField("query"); BSONObj fields = cmdObj.getObjectField("fields"); @@ -299,6 +304,10 @@ namespace mongo { return runNoDirectClient( dbname , cmdObj , x, errmsg , result, y ); string ns = dbname + '.' + cmdObj.firstElement().valuestr(); + Status allowedWriteStatus = userAllowedWriteNS(ns); + if (!allowedWriteStatus.isOK()) { + return appendCommandStatus(result, allowedWriteStatus); + } BSONObj origQuery = cmdObj.getObjectField("query"); // defaults to {} Query q (origQuery); |