diff options
author | Billy Donahue <billy.donahue@mongodb.com> | 2018-05-25 14:19:21 -0400 |
---|---|---|
committer | Billy Donahue <billy.donahue@mongodb.com> | 2018-06-06 11:25:55 -0400 |
commit | 0074ca3ac8171243232d4e037f5150ba48d11bc5 (patch) | |
tree | 910d12176610d7f461e3084643197b55affd7fcb /src/mongo/db/commands.cpp | |
parent | 937039a3c901191475b316dad821eeedc71e50f5 (diff) | |
download | mongo-0074ca3ac8171243232d4e037f5150ba48d11bc5.tar.gz |
SERVER-35135 Redact command payload when auditing edge case events
Add missing #include for mongo/bson/util/builder.h
Diffstat (limited to 'src/mongo/db/commands.cpp')
-rw-r--r-- | src/mongo/db/commands.cpp | 60 |
1 files changed, 26 insertions, 34 deletions
diff --git a/src/mongo/db/commands.cpp b/src/mongo/db/commands.cpp index 177b896edd6..87f02341918 100644 --- a/src/mongo/db/commands.cpp +++ b/src/mongo/db/commands.cpp @@ -100,32 +100,6 @@ bool checkAuthorizationImplPreParse(OperationContext* opCtx, return false; } -void auditLogAuthEventImpl(OperationContext* opCtx, - const Command* command, - const NamespaceString& nss, - const OpMsgRequest& request, - ErrorCodes::Error err) { - class Hook final : public audit::CommandInterface { - public: - explicit Hook(const Command* command, const NamespaceString* nss) - : _command(command), _nss(nss) {} - - void redactForLogging(mutablebson::Document* cmdObj) const override { - _command->redactForLogging(cmdObj); - } - - NamespaceString ns() const override { - return *_nss; - } - - private: - const Command* _command; - const NamespaceString* _nss; - }; - - audit::logCommandAuthzCheck(opCtx->getClient(), request, Hook(command, &nss), err); -} - } // namespace @@ -157,14 +131,32 @@ void CommandHelpers::auditLogAuthEvent(OperationContext* opCtx, const CommandInvocation* invocation, const OpMsgRequest& request, ErrorCodes::Error err) { - auditLogAuthEventImpl(opCtx, invocation->definition(), invocation->ns(), request, err); -} + class Hook final : public audit::CommandInterface { + public: + explicit Hook(const CommandInvocation* invocation, const NamespaceString* nss) + : _invocation(invocation), _nss(nss) {} -void CommandHelpers::auditLogAuthEvent(OperationContext* opCtx, - const Command* command, - const OpMsgRequest& request, - ErrorCodes::Error err) { - auditLogAuthEventImpl(opCtx, command, NamespaceString(request.getDatabase()), request, err); + void redactForLogging(mutablebson::Document* cmdObj) const override { + if (_invocation) { + _invocation->definition()->redactForLogging(cmdObj); + } + } + + NamespaceString ns() const override { + return *_nss; + } + + bool redactArgs() const override { + return !_invocation; + } + + private: + const CommandInvocation* _invocation; + const NamespaceString* _nss; + }; + + NamespaceString nss = invocation ? invocation->ns() : NamespaceString(request.getDatabase()); + audit::logCommandAuthzCheck(opCtx->getClient(), request, Hook(invocation, &nss), err); } void CommandHelpers::uassertNoDocumentSequences(StringData commandName, @@ -380,7 +372,7 @@ bool CommandHelpers::uassertShouldAttemptParse(OperationContext* opCtx, try { return checkAuthorizationImplPreParse(opCtx, command, request); } catch (const ExceptionFor<ErrorCodes::Unauthorized>& e) { - CommandHelpers::auditLogAuthEvent(opCtx, command, request, e.code()); + CommandHelpers::auditLogAuthEvent(opCtx, nullptr, request, e.code()); throw; } } |