diff options
author | Amalia Hawkins <amalia.hawkins@10gen.com> | 2014-04-21 18:43:25 -0400 |
---|---|---|
committer | Amalia Hawkins <amalia.hawkins@10gen.com> | 2014-05-22 20:29:39 -0400 |
commit | 1b4b52a9d413e145478a303b63ab760894938c80 (patch) | |
tree | 3286cdd06d688d4345a80215f84b4674a398b753 /src/mongo/db/auth/authz_session_external_state_server_common.cpp | |
parent | 7a85cae38fba537980d6c9fc573ef077fd2df74e (diff) | |
download | mongo-1b4b52a9d413e145478a303b63ab760894938c80.tar.gz |
SERVER-12621 narrow the localhost exception when auth is enabled
Diffstat (limited to 'src/mongo/db/auth/authz_session_external_state_server_common.cpp')
-rw-r--r-- | src/mongo/db/auth/authz_session_external_state_server_common.cpp | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/src/mongo/db/auth/authz_session_external_state_server_common.cpp b/src/mongo/db/auth/authz_session_external_state_server_common.cpp index 80f24004533..b5c6f6a4bc3 100644 --- a/src/mongo/db/auth/authz_session_external_state_server_common.cpp +++ b/src/mongo/db/auth/authz_session_external_state_server_common.cpp @@ -41,7 +41,7 @@ namespace { } // namespace // NOTE: we default _allowLocalhost to true under the assumption that _checkShouldAllowLocalhost - // will always be called before any calls to shouldIgnoreAuthChecks. If this is not the case, + // will always be called before any calls to shouldAllowLocalhost. If this is not the case, // it could cause a security hole. AuthzSessionExternalStateServerCommon::AuthzSessionExternalStateServerCommon( AuthorizationManager* authzManager) : @@ -70,10 +70,13 @@ namespace { } } - bool AuthzSessionExternalStateServerCommon::shouldIgnoreAuthChecks() const { + bool AuthzSessionExternalStateServerCommon::shouldAllowLocalhost() const { ClientBasic* client = ClientBasic::getCurrent(); - return !_authzManager->isAuthEnabled() || - (_allowLocalhost && client->getIsLocalHostConnection()); + return _allowLocalhost && client->getIsLocalHostConnection(); + } + + bool AuthzSessionExternalStateServerCommon::shouldIgnoreAuthChecks() const { + return !_authzManager->isAuthEnabled(); } } // namespace mongo |