SERVER-9609 Ensure users can only call getMore on cursors they created

author: Tess Avitabile <tess.avitabile@mongodb.com> 2017-03-21 11:22:11 -0400
committer: Tess Avitabile <tess.avitabile@mongodb.com> 2017-03-22 13:09:21 -0400
commit: d66405f651b0a49a06aacb286e3d1740a0b020af (patch)
tree: 86f20f45d29d63b53137772c13ea8e917193b18e /src/mongo/db/clientcursor.h
parent: 70151a3b5cc65bd1b16831c523a6f5b477b82c3d (diff)
download: mongo-d66405f651b0a49a06aacb286e3d1740a0b020af.tar.gz
1 files changed, 15 insertions, 1 deletions
diff --git a/src/mongo/db/clientcursor.h b/src/mongo/db/clientcursor.h
index 91e7a0d325c..384cede1fd6 100644
--- a/src/mongo/db/clientcursor.h
+++ b/src/mongo/db/clientcursor.h
@@ -29,6 +29,7 @@
 #pragma once
 
 #include "mongo/client/dbclientinterface.h"
+#include "mongo/db/auth/user_name.h"
 #include "mongo/db/cursor_id.h"
 #include "mongo/db/jsobj.h"
 #include "mongo/db/query/plan_executor.h"
@@ -52,6 +53,7 @@ class RecoveryUnit;
 struct ClientCursorParams {
     ClientCursorParams(std::unique_ptr<PlanExecutor> planExecutor,
                        NamespaceString nss,
+                       UserNameIterator authenticatedUsersIter,
                        bool isReadCommitted,
                        BSONObj originatingCommandObj)
         : exec(std::move(planExecutor)),
@@ -60,10 +62,15 @@ struct ClientCursorParams {
           queryOptions(exec->getCanonicalQuery()
                            ? exec->getCanonicalQuery()->getQueryRequest().getOptions()
                            : 0),
-          originatingCommandObj(originatingCommandObj.getOwned()) {}
+          originatingCommandObj(originatingCommandObj.getOwned()) {
+        while (authenticatedUsersIter.more()) {
+            authenticatedUsers.emplace_back(authenticatedUsersIter.next());
+        }
+    }
 
     std::unique_ptr<PlanExecutor> exec;
     const NamespaceString nss;
+    std::vector<UserName> authenticatedUsers;
     bool isReadCommitted = false;
     int queryOptions = 0;
     BSONObj originatingCommandObj;
@@ -97,6 +104,10 @@ public:
         return _nss;
     }
 
+    UserNameIterator getAuthenticatedUsers() const {
+        return makeUserNameIterator(_authenticatedUsers.begin(), _authenticatedUsers.end());
+    }
+
     bool isReadCommitted() const {
         return _isReadCommitted;
     }
@@ -253,6 +264,9 @@ private:
     // The namespace we're operating on.
     const NamespaceString _nss;
 
+    // The set of authenticated users when this cursor was created.
+    std::vector<UserName> _authenticatedUsers;
+
     const bool _isReadCommitted = false;
 
     // A pointer to the CursorManager which owns this cursor. This must be filled out when the
author	Tess Avitabile <tess.avitabile@mongodb.com>	2017-03-21 11:22:11 -0400
committer	Tess Avitabile <tess.avitabile@mongodb.com>	2017-03-22 13:09:21 -0400
commit	d66405f651b0a49a06aacb286e3d1740a0b020af (patch)
tree	86f20f45d29d63b53137772c13ea8e917193b18e /src/mongo/db/clientcursor.h
parent	70151a3b5cc65bd1b16831c523a6f5b477b82c3d (diff)
download	mongo-d66405f651b0a49a06aacb286e3d1740a0b020af.tar.gz