diff options
author | Jason Rassi <rassi@10gen.com> | 2015-01-12 11:19:53 -0500 |
---|---|---|
committer | Jason Rassi <rassi@10gen.com> | 2015-01-12 11:25:49 -0500 |
commit | cc1283f11b689850a66b935b9242a058d6d4ff2e (patch) | |
tree | c8258817fd29b5ff596d7e2d53047d6abc25d0d4 /src/mongo/db/catalog/cursor_manager.cpp | |
parent | 8d60222b5fd085c7d264cbd8ab4bb0267d7822a5 (diff) | |
download | mongo-cc1283f11b689850a66b935b9242a058d6d4ff2e.tar.gz |
SERVER-16657 Auth check for ops on cursors owned by global cursor mgr
Diffstat (limited to 'src/mongo/db/catalog/cursor_manager.cpp')
-rw-r--r-- | src/mongo/db/catalog/cursor_manager.cpp | 60 |
1 files changed, 34 insertions, 26 deletions
diff --git a/src/mongo/db/catalog/cursor_manager.cpp b/src/mongo/db/catalog/cursor_manager.cpp index aea0310fe90..1e8d2480eee 100644 --- a/src/mongo/db/catalog/cursor_manager.cpp +++ b/src/mongo/db/catalog/cursor_manager.cpp @@ -179,28 +179,40 @@ namespace mongo { } bool GlobalCursorIdCache::eraseCursor(OperationContext* txn, CursorId id, bool checkAuth) { - string ns; - { - SimpleMutex::scoped_lock lk( _mutex ); - unsigned nsid = idFromCursorId( id ); - Map::const_iterator it = _idToNS.find( nsid ); - if ( it == _idToNS.end() ) { + // Figure out what the namespace of this cursor is. + std::string ns; + if (globalCursorManager->ownsCursorId(id)) { + ClientCursorPin pin(globalCursorManager.get(), id); + if (!pin.c()) { + // No such cursor. TODO: Consider writing to audit log here (even though we don't + // have a namespace). + return false; + } + ns = pin.c()->ns(); + } + else { + SimpleMutex::scoped_lock lk(_mutex); + unsigned nsid = idFromCursorId(id); + Map::const_iterator it = _idToNS.find(nsid); + if (it == _idToNS.end()) { + // No namespace corresponding to this cursor id prefix. TODO: Consider writing to + // audit log here (even though we don't have a namespace). return false; } ns = it->second; } + const NamespaceString nss(ns); + invariant(nss.isValid()); - const NamespaceString nss( ns ); - - if ( checkAuth ) { + // Check if we are authorized to erase this cursor. + if (checkAuth) { AuthorizationSession* as = txn->getClient()->getAuthorizationSession(); - bool isAuthorized = as->isAuthorizedForActionsOnNamespace( - nss, ActionType::killCursors); - if ( !isAuthorized ) { - audit::logKillCursorsAuthzCheck( txn->getClient(), - nss, - id, - ErrorCodes::Unauthorized ); + Status authorizationStatus = as->checkAuthForKillCursors(nss, id); + if (!authorizationStatus.isOK()) { + audit::logKillCursorsAuthzCheck(txn->getClient(), + nss, + id, + ErrorCodes::Unauthorized); return false; } } @@ -213,17 +225,13 @@ namespace mongo { // If not, then the cursor must be owned by a collection. Erase the cursor under the // collection lock (to prevent the collection from going away during the erase). AutoGetCollectionForRead ctx(txn, nss); - if (!ctx.getDb()) { - return false; - } - Collection* collection = ctx.getCollection(); - if ( !collection ) { - if ( checkAuth ) - audit::logKillCursorsAuthzCheck( txn->getClient(), - nss, - id, - ErrorCodes::CursorNotFound ); + if (!collection) { + if (checkAuth) + audit::logKillCursorsAuthzCheck(txn->getClient(), + nss, + id, + ErrorCodes::CursorNotFound); return false; } return collection->cursorManager()->eraseCursor(txn, id, checkAuth); |