diff options
author | Jonathan Reams <jbreams@mongodb.com> | 2018-08-16 16:02:16 -0400 |
---|---|---|
committer | Jonathan Reams <jbreams@mongodb.com> | 2018-09-14 11:12:45 -0400 |
commit | 2ea069aa505c750cad6a7ba6ae6d4ac897f396d1 (patch) | |
tree | b8093da62175046189de9fbb876b5ef8b79181b1 /src/mongo/db/auth/impersonation_session.cpp | |
parent | 7087350d1d5c943520e9972ac1f8b85252c0eceb (diff) | |
download | mongo-2ea069aa505c750cad6a7ba6ae6d4ac897f396d1.tar.gz |
SERVER-5261 Include authentication information in currentOp output
Diffstat (limited to 'src/mongo/db/auth/impersonation_session.cpp')
-rw-r--r-- | src/mongo/db/auth/impersonation_session.cpp | 20 |
1 files changed, 8 insertions, 12 deletions
diff --git a/src/mongo/db/auth/impersonation_session.cpp b/src/mongo/db/auth/impersonation_session.cpp index 8b9a5f09fc7..666522cd043 100644 --- a/src/mongo/db/auth/impersonation_session.cpp +++ b/src/mongo/db/auth/impersonation_session.cpp @@ -39,7 +39,7 @@ #include "mongo/db/auth/resource_pattern.h" #include "mongo/db/client.h" #include "mongo/db/operation_context.h" -#include "mongo/rpc/metadata/audit_metadata.h" +#include "mongo/rpc/metadata/impersonated_user_metadata.h" #include "mongo/util/assert_util.h" #include "mongo/util/destructor_guard.h" @@ -47,28 +47,24 @@ namespace mongo { ImpersonationSessionGuard::ImpersonationSessionGuard(OperationContext* opCtx) : _opCtx(opCtx) { auto authSession = AuthorizationSession::get(_opCtx->getClient()); - - const auto& impersonatedUsersAndRoles = - rpc::AuditMetadata::get(opCtx).getImpersonatedUsersAndRoles(); - - if (impersonatedUsersAndRoles != boost::none) { + const auto impersonatedUsersAndRoles = rpc::getImpersonatedUserMetadata(opCtx); + if (impersonatedUsersAndRoles) { uassert(ErrorCodes::Unauthorized, "Unauthorized use of impersonation metadata.", authSession->isAuthorizedForPrivilege( Privilege(ResourcePattern::forClusterResource(), ActionType::impersonate))); - fassert(ErrorCodes::InternalError, !authSession->isImpersonating()); - - authSession->setImpersonatedUserData(std::get<0>(*impersonatedUsersAndRoles), - std::get<1>(*impersonatedUsersAndRoles)); + authSession->setImpersonatedUserData(impersonatedUsersAndRoles->getUsers(), + impersonatedUsersAndRoles->getRoles()); _active = true; + return; } } ImpersonationSessionGuard::~ImpersonationSessionGuard() { - DESTRUCTOR_GUARD(if (_active) { + if (_active) { AuthorizationSession::get(_opCtx->getClient())->clearImpersonatedUserData(); - }) + } } } // namespace mongo |