diff options
author | Sara Golemon <sara.golemon@mongodb.com> | 2021-11-17 19:43:59 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-11-25 00:14:43 +0000 |
commit | 259bacb03f2b4ad9159d81401ad32ae1b840e27c (patch) | |
tree | e919450c4e58e4b1af6666f9daaa334847091130 /src/mongo/db/commands/user_management_commands_common.cpp | |
parent | 0899fae6173d8b04e6b4030928516d866895ff93 (diff) | |
download | mongo-259bacb03f2b4ad9159d81401ad32ae1b840e27c.tar.gz |
SERVER-61614 Add TenantID to AuthName
Diffstat (limited to 'src/mongo/db/commands/user_management_commands_common.cpp')
-rw-r--r-- | src/mongo/db/commands/user_management_commands_common.cpp | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/mongo/db/commands/user_management_commands_common.cpp b/src/mongo/db/commands/user_management_commands_common.cpp index cc384eaf3da..bc89b9efed2 100644 --- a/src/mongo/db/commands/user_management_commands_common.cpp +++ b/src/mongo/db/commands/user_management_commands_common.cpp @@ -45,6 +45,7 @@ #include "mongo/db/auth/user_management_commands_parser.h" #include "mongo/db/commands/user_management_commands_gen.h" #include "mongo/db/jsobj.h" +#include "mongo/db/multitenancy.h" #include "mongo/util/sequence_util.h" #include "mongo/util/str.h" @@ -345,7 +346,17 @@ void checkAuthForTypedCommand(OperationContext* opCtx, const UsersInfoCommand& r ActionType::viewUser)); } else { invariant(arg.isExact()); + auto activeTenant = getActiveTenant(opCtx); for (const auto& userName : arg.getElements(dbname)) { + if (userName.getTenant() != boost::none) { + // Only connection based cluster administrators may specify tenant in query. + uassert(ErrorCodes::Unauthorized, + "May not specify tenant in usersInfo query", + !activeTenant && + as->isAuthorizedForActionsOnResource( + ResourcePattern::forClusterResource(), ActionType::internal)); + } + if (as->lookupUser(userName)) { // Can always view users you are logged in as. continue; |