diff options
author | Tess Avitabile <tess.avitabile@mongodb.com> | 2017-03-10 13:19:51 -0500 |
---|---|---|
committer | Tess Avitabile <tess.avitabile@mongodb.com> | 2017-03-17 10:09:58 -0400 |
commit | 9e7974e4b6e2b3fe5e7741dce6549624113af196 (patch) | |
tree | e5d9840faefc88ae5ba3fb81e2e481fe1bc5cd39 /src/mongo/db/auth/authorization_session.h | |
parent | 5df5125fd63295a9b71d79e68a84ba51e0c1c87f (diff) | |
download | mongo-9e7974e4b6e2b3fe5e7741dce6549624113af196.tar.gz |
SERVER-9609 Ensure users can only call getMore on cursors they created
Diffstat (limited to 'src/mongo/db/auth/authorization_session.h')
-rw-r--r-- | src/mongo/db/auth/authorization_session.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/mongo/db/auth/authorization_session.h b/src/mongo/db/auth/authorization_session.h index c2bb3fbfafd..454b8c751dc 100644 --- a/src/mongo/db/auth/authorization_session.h +++ b/src/mongo/db/auth/authorization_session.h @@ -271,6 +271,11 @@ public: // The existence of 'opClient' must be guaranteed through locks taken by the caller. bool isCoauthorizedWithClient(Client* opClient); + // Returns true if the session and 'userNameIter' share an authenticated user, or if both have + // no authenticated users. Impersonated users are not considered as 'authenticated' for the + // purpose of this check. + bool isCoauthorizedWith(UserNameIterator userNameIter); + // Tells whether impersonation is active or not. This state is set when // setImpersonatedUserData is called and cleared when clearImpersonatedUserData is // called. |