diff options
author | Andreas Nilsson <andreas.nilsson@10gen.com> | 2015-09-16 14:40:55 -0400 |
---|---|---|
committer | Andreas Nilsson <andreas.nilsson@10gen.com> | 2015-09-16 14:45:49 -0400 |
commit | 5cb8c7d9810f15ba6926afe9d16d81eeb25724e5 (patch) | |
tree | ef9467d696c976ab59f067943662eecaba1d02fd | |
parent | 4ea8fda0b0b2ddbc33bf8782f2fa53c554e1c50e (diff) | |
download | mongo-5cb8c7d9810f15ba6926afe9d16d81eeb25724e5.tar.gz |
SERVER-20364 Let find privilege -> killCursor privilege
-rw-r--r-- | src/mongo/db/auth/authorization_session.cpp | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/src/mongo/db/auth/authorization_session.cpp b/src/mongo/db/auth/authorization_session.cpp index d49d270f06a..31eb04d3d7a 100644 --- a/src/mongo/db/auth/authorization_session.cpp +++ b/src/mongo/db/auth/authorization_session.cpp @@ -278,21 +278,25 @@ Status AuthorizationSession::checkAuthForKillCursors(const NamespaceString& ns, long long cursorID) { // See implementation comments in checkAuthForGetMore(). This method looks very similar. if (ns.isListCollectionsGetMore()) { - if (!isAuthorizedForActionsOnResource(ResourcePattern::forDatabaseName(ns.db()), - ActionType::killCursors)) { + if (!(isAuthorizedForActionsOnResource(ResourcePattern::forDatabaseName(ns.db()), + ActionType::killCursors) || + isAuthorizedForActionsOnResource(ResourcePattern::forDatabaseName(ns.db()), + ActionType::listCollections))) { return Status(ErrorCodes::Unauthorized, str::stream() << "not authorized to kill listCollections cursor on " << ns.ns()); } } else if (ns.isListIndexesGetMore()) { NamespaceString targetNS = ns.getTargetNSForListIndexesGetMore(); - if (!isAuthorizedForActionsOnNamespace(targetNS, ActionType::killCursors)) { + if (!(isAuthorizedForActionsOnNamespace(targetNS, ActionType::killCursors) || + isAuthorizedForActionsOnNamespace(targetNS, ActionType::listIndexes))) { return Status(ErrorCodes::Unauthorized, str::stream() << "not authorized to kill listIndexes cursor on " << ns.ns()); } } else { - if (!isAuthorizedForActionsOnNamespace(ns, ActionType::killCursors)) { + if (!(isAuthorizedForActionsOnNamespace(ns, ActionType::killCursors) || + isAuthorizedForActionsOnNamespace(ns, ActionType::find))) { return Status(ErrorCodes::Unauthorized, str::stream() << "not authorized to kill cursor on " << ns.ns()); } |