diff options
author | Spencer Jackson <spencer.jackson@mongodb.com> | 2017-07-17 11:50:42 -0400 |
---|---|---|
committer | Spencer Jackson <spencer.jackson@mongodb.com> | 2017-07-21 11:33:34 -0400 |
commit | 0dd496c83318994d8058b24adf3b75116cd40cd5 (patch) | |
tree | 0d86fdaca135cdb0679176501c2df53af7e1e0fa /src/mongo/db/auth/authz_manager_external_state_local.cpp | |
parent | a7164c0527ac1f231d12a889bf6d16b264af338e (diff) | |
download | mongo-0dd496c83318994d8058b24adf3b75116cd40cd5.tar.gz |
SERVER-29177: Add restriction support to createUser
Diffstat (limited to 'src/mongo/db/auth/authz_manager_external_state_local.cpp')
-rw-r--r-- | src/mongo/db/auth/authz_manager_external_state_local.cpp | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/mongo/db/auth/authz_manager_external_state_local.cpp b/src/mongo/db/auth/authz_manager_external_state_local.cpp index ac5793a5f09..ad4236b298b 100644 --- a/src/mongo/db/auth/authz_manager_external_state_local.cpp +++ b/src/mongo/db/auth/authz_manager_external_state_local.cpp @@ -37,6 +37,7 @@ #include "mongo/db/auth/authorization_manager.h" #include "mongo/db/auth/user_document_parser.h" #include "mongo/db/operation_context.h" +#include "mongo/db/server_options.h" #include "mongo/util/log.h" #include "mongo/util/mongoutils/str.h" @@ -252,6 +253,13 @@ Status AuthzManagerExternalStateLocal::_getUserDocument(OperationContext* opCtx, status = Status(ErrorCodes::UserNotFound, mongoutils::str::stream() << "Could not find user " << userName.getFullName()); + } else if ((*userDoc)["authenticationRestrictions"] && + serverGlobalParams.featureCompatibility.version.load() < + ServerGlobalParams::FeatureCompatibility::Version::k36) { + // Mongos isn't able to evaluate whether documents are valid under the current + // featureCompatibilityVersion. We must make the decision before it sees them. + status = Status(ErrorCodes::UnsupportedFormat, + "'authenticationRestrictions' requires 3.6 feature compatibility version"); } return status; } |