diff options
author | Vincent Do <do.vincent@live.com> | 2016-05-17 11:35:04 -0400 |
---|---|---|
committer | Vincent Do <vincent.do@mongodb.com> | 2016-05-26 16:55:19 -0400 |
commit | cbb1f07f40d8487bfeb5dfce4ccfb5d461d9a2f6 (patch) | |
tree | 79b74ab43064c00a968e008719a5306f10fa6d52 /src/mongo/db | |
parent | 646cc051cae9a87d2b27c43a45a13dbf507faf60 (diff) | |
download | mongo-cbb1f07f40d8487bfeb5dfce4ccfb5d461d9a2f6.tar.gz |
SERVER-24160 Add auth and auth test for lockInfo command
Diffstat (limited to 'src/mongo/db')
-rw-r--r-- | src/mongo/db/auth/action_types.txt | 1 | ||||
-rw-r--r-- | src/mongo/db/auth/role_graph_builtin_roles.cpp | 1 | ||||
-rw-r--r-- | src/mongo/db/commands/lock_info.cpp | 10 |
3 files changed, 12 insertions, 0 deletions
diff --git a/src/mongo/db/auth/action_types.txt b/src/mongo/db/auth/action_types.txt index 3c560ccf9b8..c7da7062e16 100644 --- a/src/mongo/db/auth/action_types.txt +++ b/src/mongo/db/auth/action_types.txt @@ -70,6 +70,7 @@ "listIndexes", "listShards", "logRotate", +"lockInfo", "moveChunk", "netstat", "planCacheIndexFilter", # view/update index filters diff --git a/src/mongo/db/auth/role_graph_builtin_roles.cpp b/src/mongo/db/auth/role_graph_builtin_roles.cpp index 0c9160d912b..09fa1ee43f0 100644 --- a/src/mongo/db/auth/role_graph_builtin_roles.cpp +++ b/src/mongo/db/auth/role_graph_builtin_roles.cpp @@ -187,6 +187,7 @@ MONGO_INITIALIZER(AuthorizationBuiltinRoles)(InitializerContext* context) { << ActionType::hostInfo << ActionType::listDatabases << ActionType::listShards // clusterManager gets this also + << ActionType::lockInfo << ActionType::netstat << ActionType::replSetGetConfig // clusterManager gets this also << ActionType::replSetGetStatus // clusterManager gets this also diff --git a/src/mongo/db/commands/lock_info.cpp b/src/mongo/db/commands/lock_info.cpp index d689dd2acea..a025a34a7be 100644 --- a/src/mongo/db/commands/lock_info.cpp +++ b/src/mongo/db/commands/lock_info.cpp @@ -30,6 +30,8 @@ #include <map> +#include "mongo/db/auth/action_type.h" +#include "mongo/db/auth/authorization_session.h" #include "mongo/db/client.h" #include "mongo/db/commands.h" #include "mongo/db/concurrency/lock_manager_defs.h" @@ -67,6 +69,14 @@ public: help << "show all lock info on the server"; } + Status checkAuthForCommand(ClientBasic* client, + const std::string& dbname, + const BSONObj& cmdObj) final { + bool isAuthorized = AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( + ResourcePattern::forClusterResource(), ActionType::lockInfo); + return isAuthorized ? Status::OK() : Status(ErrorCodes::Unauthorized, "Unauthorized"); + } + CmdLockInfo() : Command("lockInfo", true) {} bool run(OperationContext* txn, |