diff options
author | Mark Benvenuto <mark.benvenuto@mongodb.com> | 2021-03-21 22:46:19 -0400 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-03-22 03:34:46 +0000 |
commit | 95f8791e5fcbe1945a7ecb3284079c1d8371f212 (patch) | |
tree | 49a97309b2daed75ca6f615e0351ba2a4d9bc3f9 /src/mongo/db | |
parent | 68dbfa5edbb55fec190e508607cf2276367f4f93 (diff) | |
download | mongo-95f8791e5fcbe1945a7ecb3284079c1d8371f212.tar.gz |
SERVER-54525 Access_check for none commands
Diffstat (limited to 'src/mongo/db')
-rw-r--r-- | src/mongo/db/auth/sasl_commands.cpp | 4 | ||||
-rw-r--r-- | src/mongo/db/auth/sasl_commands.idl | 4 | ||||
-rw-r--r-- | src/mongo/db/commands/SConscript | 1 | ||||
-rw-r--r-- | src/mongo/db/commands/authentication_commands.cpp | 2 | ||||
-rw-r--r-- | src/mongo/db/commands/authentication_commands.idl | 2 | ||||
-rw-r--r-- | src/mongo/db/commands/generic.cpp | 1 | ||||
-rw-r--r-- | src/mongo/db/commands/generic.idl | 2 | ||||
-rw-r--r-- | src/mongo/db/commands/txn_cmds.cpp | 4 | ||||
-rw-r--r-- | src/mongo/db/commands/txn_cmds.idl | 4 | ||||
-rw-r--r-- | src/mongo/db/repl/SConscript | 1 | ||||
-rw-r--r-- | src/mongo/db/repl/hello.idl | 2 |
11 files changed, 16 insertions, 11 deletions
diff --git a/src/mongo/db/auth/sasl_commands.cpp b/src/mongo/db/auth/sasl_commands.cpp index 519f512ae90..55cbaf7f907 100644 --- a/src/mongo/db/auth/sasl_commands.cpp +++ b/src/mongo/db/auth/sasl_commands.cpp @@ -80,8 +80,6 @@ public: return NamespaceString(request().getDbName()); } - void doCheckAuthorization(OperationContext*) const final {} - Reply typedRun(OperationContext* opCtx); }; @@ -116,8 +114,6 @@ public: return NamespaceString(request().getDbName()); } - void doCheckAuthorization(OperationContext*) const final {} - Reply typedRun(OperationContext* opCtx); }; diff --git a/src/mongo/db/auth/sasl_commands.idl b/src/mongo/db/auth/sasl_commands.idl index 638696c38a4..4c2bd66e02a 100644 --- a/src/mongo/db/auth/sasl_commands.idl +++ b/src/mongo/db/auth/sasl_commands.idl @@ -61,6 +61,8 @@ commands: saslStart: description: "Begin a SASL based authentication session" api_version: "1" + access_check: + none: true command_name: saslStart namespace: ignored cpp_name: SaslStartCommand @@ -86,6 +88,8 @@ commands: saslContinue: description: "Continue a SASL based authentication session" api_version: "1" + access_check: + none: true command_name: saslContinue namespace: ignored cpp_name: SaslContinueCommand diff --git a/src/mongo/db/commands/SConscript b/src/mongo/db/commands/SConscript index 5e17f7f139c..c001db73420 100644 --- a/src/mongo/db/commands/SConscript +++ b/src/mongo/db/commands/SConscript @@ -607,6 +607,7 @@ env.Library( ], LIBDEPS=[ '$BUILD_DIR/mongo/base', + '$BUILD_DIR/mongo/db/auth/authprivilege', '$BUILD_DIR/mongo/idl/idl_parser', ] ) diff --git a/src/mongo/db/commands/authentication_commands.cpp b/src/mongo/db/commands/authentication_commands.cpp index 00c455021b1..4e953d09a82 100644 --- a/src/mongo/db/commands/authentication_commands.cpp +++ b/src/mongo/db/commands/authentication_commands.cpp @@ -377,8 +377,6 @@ public: return NamespaceString(request().getDbName()); } - void doCheckAuthorization(OperationContext*) const final {} - Reply typedRun(OperationContext* opCtx) final { return AuthenticationSession::doStep( opCtx, AuthenticationSession::StepType::kAuthenticate, [&](auto session) { diff --git a/src/mongo/db/commands/authentication_commands.idl b/src/mongo/db/commands/authentication_commands.idl index ce3b6a5cc9d..59a1bfb5f41 100644 --- a/src/mongo/db/commands/authentication_commands.idl +++ b/src/mongo/db/commands/authentication_commands.idl @@ -48,6 +48,8 @@ commands: authenticate: description: "Begin a X509 based authentication session" api_version: "1" + access_check: + none: true namespace: ignored command_name: authenticate cpp_name: AuthenticateCommand diff --git a/src/mongo/db/commands/generic.cpp b/src/mongo/db/commands/generic.cpp index 52ed0d5c556..1a6e03f1f94 100644 --- a/src/mongo/db/commands/generic.cpp +++ b/src/mongo/db/commands/generic.cpp @@ -79,7 +79,6 @@ public: NamespaceString ns() const override { return NamespaceString(request().getDbName()); } - void doCheckAuthorization(OperationContext* opCtx) const override {} virtual Reply typedRun(OperationContext* opCtx) override { // IMPORTANT: Don't put anything in here that might lock db - including authentication return Reply{}; diff --git a/src/mongo/db/commands/generic.idl b/src/mongo/db/commands/generic.idl index b4c54b7568d..736d3059893 100644 --- a/src/mongo/db/commands/generic.idl +++ b/src/mongo/db/commands/generic.idl @@ -74,5 +74,7 @@ commands: command_name: ping strict: true api_version: 1 + access_check: + none: true namespace: ignored reply_type: OkReply diff --git a/src/mongo/db/commands/txn_cmds.cpp b/src/mongo/db/commands/txn_cmds.cpp index 6ac83c5166b..9287537a5e2 100644 --- a/src/mongo/db/commands/txn_cmds.cpp +++ b/src/mongo/db/commands/txn_cmds.cpp @@ -88,8 +88,6 @@ public: return NamespaceString(request().getDbName()); } - void doCheckAuthorization(OperationContext* opCtx) const final {} - Reply typedRun(OperationContext* opCtx) final { auto txnParticipant = TransactionParticipant::get(opCtx); uassert(ErrorCodes::CommandFailed, @@ -202,8 +200,6 @@ public: return NamespaceString(request().getDbName()); } - void doCheckAuthorization(OperationContext* opCtx) const final {} - Reply typedRun(OperationContext* opCtx) final { auto txnParticipant = TransactionParticipant::get(opCtx); uassert(ErrorCodes::CommandFailed, diff --git a/src/mongo/db/commands/txn_cmds.idl b/src/mongo/db/commands/txn_cmds.idl index aefe28142d0..61e7a5adb93 100644 --- a/src/mongo/db/commands/txn_cmds.idl +++ b/src/mongo/db/commands/txn_cmds.idl @@ -85,6 +85,8 @@ commands: cpp_name: CommitTransaction strict: true api_version: "1" + access_check: + none: true fields: commitTimestamp: description: "Timestamp at which to commit the transaction. Required for prepared @@ -105,6 +107,8 @@ commands: cpp_name: AbortTransaction strict: true api_version: "1" + access_check: + none: true fields: recoveryToken: description: "A mongos that doesn't know about this transaction can attempt to make diff --git a/src/mongo/db/repl/SConscript b/src/mongo/db/repl/SConscript index c2bf8e36c53..9060306c408 100644 --- a/src/mongo/db/repl/SConscript +++ b/src/mongo/db/repl/SConscript @@ -1220,6 +1220,7 @@ env.Library( ], LIBDEPS_PRIVATE=[ '$BUILD_DIR/mongo/db/auth/auth', + '$BUILD_DIR/mongo/db/auth/authprivilege', '$BUILD_DIR/mongo/idl/idl_parser', '$BUILD_DIR/mongo/rpc/metadata', 'optime', diff --git a/src/mongo/db/repl/hello.idl b/src/mongo/db/repl/hello.idl index 51d594cdd0c..05f478694fa 100644 --- a/src/mongo/db/repl/hello.idl +++ b/src/mongo/db/repl/hello.idl @@ -202,6 +202,8 @@ commands: namespace: ignored cpp_name: HelloCommand api_version: "1" + access_check: + none: true reply_type: HelloCommandReply strict: true fields: |