SERVER-9609 Ensure users can only call getMore on cursors they created

author: Tess Avitabile <tess.avitabile@mongodb.com> 2017-03-10 13:19:51 -0500
committer: Tess Avitabile <tess.avitabile@mongodb.com> 2017-03-17 10:09:58 -0400
commit: 9e7974e4b6e2b3fe5e7741dce6549624113af196 (patch)
tree: e5d9840faefc88ae5ba3fb81e2e481fe1bc5cd39 /src/mongo/db/auth/authorization_session.h
parent: 5df5125fd63295a9b71d79e68a84ba51e0c1c87f (diff)
download: mongo-9e7974e4b6e2b3fe5e7741dce6549624113af196.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/src/mongo/db/auth/authorization_session.h b/src/mongo/db/auth/authorization_session.h
index c2bb3fbfafd..454b8c751dc 100644
--- a/src/mongo/db/auth/authorization_session.h
+++ b/src/mongo/db/auth/authorization_session.h
@@ -271,6 +271,11 @@ public:
     // The existence of 'opClient' must be guaranteed through locks taken by the caller.
     bool isCoauthorizedWithClient(Client* opClient);
 
+    // Returns true if the session and 'userNameIter' share an authenticated user, or if both have
+    // no authenticated users. Impersonated users are not considered as 'authenticated' for the
+    // purpose of this check.
+    bool isCoauthorizedWith(UserNameIterator userNameIter);
+
     // Tells whether impersonation is active or not.  This state is set when
     // setImpersonatedUserData is called and cleared when clearImpersonatedUserData is
     // called.
author	Tess Avitabile <tess.avitabile@mongodb.com>	2017-03-10 13:19:51 -0500
committer	Tess Avitabile <tess.avitabile@mongodb.com>	2017-03-17 10:09:58 -0400
commit	9e7974e4b6e2b3fe5e7741dce6549624113af196 (patch)
tree	e5d9840faefc88ae5ba3fb81e2e481fe1bc5cd39 /src/mongo/db/auth/authorization_session.h
parent	5df5125fd63295a9b71d79e68a84ba51e0c1c87f (diff)
download	mongo-9e7974e4b6e2b3fe5e7741dce6549624113af196.tar.gz