diff options
author | Tess Avitabile <tess.avitabile@mongodb.com> | 2017-03-10 13:19:51 -0500 |
---|---|---|
committer | Tess Avitabile <tess.avitabile@mongodb.com> | 2017-03-17 10:09:58 -0400 |
commit | 9e7974e4b6e2b3fe5e7741dce6549624113af196 (patch) | |
tree | e5d9840faefc88ae5ba3fb81e2e481fe1bc5cd39 /src/mongo/s/query/store_possible_cursor.cpp | |
parent | 5df5125fd63295a9b71d79e68a84ba51e0c1c87f (diff) | |
download | mongo-9e7974e4b6e2b3fe5e7741dce6549624113af196.tar.gz |
SERVER-9609 Ensure users can only call getMore on cursors they created
Diffstat (limited to 'src/mongo/s/query/store_possible_cursor.cpp')
-rw-r--r-- | src/mongo/s/query/store_possible_cursor.cpp | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/mongo/s/query/store_possible_cursor.cpp b/src/mongo/s/query/store_possible_cursor.cpp index 8647871b6a7..4f53b2441bc 100644 --- a/src/mongo/s/query/store_possible_cursor.cpp +++ b/src/mongo/s/query/store_possible_cursor.cpp @@ -32,6 +32,7 @@ #include "mongo/base/status_with.h" #include "mongo/bson/bsonobj.h" +#include "mongo/db/auth/authorization_session.h" #include "mongo/db/query/cursor_response.h" #include "mongo/s/query/cluster_client_cursor_impl.h" #include "mongo/s/query/cluster_client_cursor_params.h" @@ -58,7 +59,9 @@ StatusWith<BSONObj> storePossibleCursor(OperationContext* opCtx, return cmdResult; } - ClusterClientCursorParams params(incomingCursorResponse.getValue().getNSS()); + ClusterClientCursorParams params( + incomingCursorResponse.getValue().getNSS(), + AuthorizationSession::get(opCtx->getClient())->getAuthenticatedUserNames()); params.remotes.emplace_back(server, incomingCursorResponse.getValue().getCursorId()); |