diff options
author | Isabella Siu <isabella.siu@10gen.com> | 2019-01-11 11:16:24 -0500 |
---|---|---|
committer | Isabella Siu <isabella.siu@10gen.com> | 2019-02-08 14:34:32 -0500 |
commit | 8e5e745e98d33633e7d24a2629f22cdba79d9851 (patch) | |
tree | 9e02d92dadcf67140fe8707d792e55cf12b5443e /src/mongo/s/commands/commands_public.cpp | |
parent | 7a7baa2539ec169335086e45c7d0b85ba7cdb877 (diff) | |
download | mongo-8e5e745e98d33633e7d24a2629f22cdba79d9851.tar.gz |
SERVER-37836 re-evaluate authorization for originating command in getMore
Diffstat (limited to 'src/mongo/s/commands/commands_public.cpp')
-rw-r--r-- | src/mongo/s/commands/commands_public.cpp | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/src/mongo/s/commands/commands_public.cpp b/src/mongo/s/commands/commands_public.cpp index eb0a9f75704..d6f939f78b2 100644 --- a/src/mongo/s/commands/commands_public.cpp +++ b/src/mongo/s/commands/commands_public.cpp @@ -57,7 +57,8 @@ bool cursorCommandPassthrough(OperationContext* opCtx, const CachedDatabaseInfo& dbInfo, const BSONObj& cmdObj, const NamespaceString& nss, - BSONObjBuilder* out) { + BSONObjBuilder* out, + const PrivilegeVector& privileges) { auto response = executeCommandAgainstDatabasePrimary( opCtx, dbName, @@ -74,7 +75,8 @@ bool cursorCommandPassthrough(OperationContext* opCtx, cmdResponse.data, nss, Grid::get(opCtx)->getExecutorPool()->getArbitraryExecutor(), - Grid::get(opCtx)->getCursorManager())); + Grid::get(opCtx)->getCursorManager(), + privileges)); CommandHelpers::filterCommandReplyForPassthrough(transformedResponse, out); return true; @@ -338,7 +340,7 @@ public: const BSONObj& cmdObj) const final { AuthorizationSession* authzSession = AuthorizationSession::get(client); - if (authzSession->isAuthorizedToListCollections(dbname, cmdObj)) { + if (authzSession->checkAuthorizedToListCollections(dbname, cmdObj).isOK()) { return Status::OK(); } @@ -447,9 +449,15 @@ public: } return cursorCommandPassthrough( - opCtx, dbName, dbInfoStatus.getValue(), newCmd, nss, &result); + opCtx, + dbName, + dbInfoStatus.getValue(), + newCmd, + nss, + &result, + uassertStatusOK(AuthorizationSession::get(opCtx->getClient()) + ->checkAuthorizedToListCollections(dbName, cmdObj))); } - } cmdListCollections; class CmdListIndexes : public BasicCommand { @@ -498,7 +506,14 @@ public: const auto routingInfo = uassertStatusOK(Grid::get(opCtx)->catalogCache()->getCollectionRoutingInfo(opCtx, nss)); - return cursorCommandPassthrough(opCtx, nss.db(), routingInfo.db(), cmdObj, nss, &result); + return cursorCommandPassthrough( + opCtx, + nss.db(), + routingInfo.db(), + cmdObj, + nss, + &result, + {Privilege(ResourcePattern::forExactNamespace(nss), ActionType::listIndexes)}); } } cmdListIndexes; |