diff options
author | Tess Avitabile <tess.avitabile@mongodb.com> | 2017-03-10 13:19:51 -0500 |
---|---|---|
committer | Tess Avitabile <tess.avitabile@mongodb.com> | 2017-03-17 10:09:58 -0400 |
commit | 9e7974e4b6e2b3fe5e7741dce6549624113af196 (patch) | |
tree | e5d9840faefc88ae5ba3fb81e2e481fe1bc5cd39 /src/mongo/db/query | |
parent | 5df5125fd63295a9b71d79e68a84ba51e0c1c87f (diff) | |
download | mongo-9e7974e4b6e2b3fe5e7741dce6549624113af196.tar.gz |
SERVER-9609 Ensure users can only call getMore on cursors they created
Diffstat (limited to 'src/mongo/db/query')
-rw-r--r-- | src/mongo/db/query/find.cpp | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/mongo/db/query/find.cpp b/src/mongo/db/query/find.cpp index 62a08389e3f..903153d0824 100644 --- a/src/mongo/db/query/find.cpp +++ b/src/mongo/db/query/find.cpp @@ -33,6 +33,7 @@ #include "mongo/db/query/find.h" #include "mongo/client/dbclientinterface.h" +#include "mongo/db/auth/authorization_session.h" #include "mongo/db/catalog/collection.h" #include "mongo/db/catalog/database_holder.h" #include "mongo/db/client.h" @@ -324,6 +325,16 @@ Message getMore(OperationContext* opCtx, << " belongs to namespace " << cc->nss().ns(), nss == cc->nss()); + + // A user can only call getMore on their own cursor. If there were multiple users + // authenticated when the cursor was created, then at least one of them must be + // authenticated in order to run getMore on the cursor. + uassert(ErrorCodes::Unauthorized, + str::stream() << "cursor id " << cursorid + << " was not created by the authenticated user", + AuthorizationSession::get(opCtx->getClient()) + ->isCoauthorizedWith(cc->getAuthenticatedUsers())); + *isCursorAuthorized = true; if (cc->isReadCommitted()) @@ -653,6 +664,7 @@ std::string runQuery(OperationContext* opCtx, ClientCursorPin pinnedCursor = collection->getCursorManager()->registerCursor( {std::move(exec), nss, + AuthorizationSession::get(opCtx->getClient())->getAuthenticatedUserNames(), opCtx->recoveryUnit()->isReadingFromMajorityCommittedSnapshot(), upconvertQueryEntry(q.query, qr.nss(), q.ntoreturn, q.ntoskip)}); ccId = pinnedCursor.getCursor()->cursorid(); |