diff options
author | Tess Avitabile <tess.avitabile@mongodb.com> | 2017-03-21 11:22:11 -0400 |
---|---|---|
committer | Tess Avitabile <tess.avitabile@mongodb.com> | 2017-03-22 13:09:21 -0400 |
commit | d66405f651b0a49a06aacb286e3d1740a0b020af (patch) | |
tree | 86f20f45d29d63b53137772c13ea8e917193b18e /src/mongo/s/query/store_possible_cursor.cpp | |
parent | 70151a3b5cc65bd1b16831c523a6f5b477b82c3d (diff) | |
download | mongo-d66405f651b0a49a06aacb286e3d1740a0b020af.tar.gz |
SERVER-9609 Ensure users can only call getMore on cursors they created
Diffstat (limited to 'src/mongo/s/query/store_possible_cursor.cpp')
-rw-r--r-- | src/mongo/s/query/store_possible_cursor.cpp | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/mongo/s/query/store_possible_cursor.cpp b/src/mongo/s/query/store_possible_cursor.cpp index 8647871b6a7..4f53b2441bc 100644 --- a/src/mongo/s/query/store_possible_cursor.cpp +++ b/src/mongo/s/query/store_possible_cursor.cpp @@ -32,6 +32,7 @@ #include "mongo/base/status_with.h" #include "mongo/bson/bsonobj.h" +#include "mongo/db/auth/authorization_session.h" #include "mongo/db/query/cursor_response.h" #include "mongo/s/query/cluster_client_cursor_impl.h" #include "mongo/s/query/cluster_client_cursor_params.h" @@ -58,7 +59,9 @@ StatusWith<BSONObj> storePossibleCursor(OperationContext* opCtx, return cmdResult; } - ClusterClientCursorParams params(incomingCursorResponse.getValue().getNSS()); + ClusterClientCursorParams params( + incomingCursorResponse.getValue().getNSS(), + AuthorizationSession::get(opCtx->getClient())->getAuthenticatedUserNames()); params.remotes.emplace_back(server, incomingCursorResponse.getValue().getCursorId()); |