diff options
| author | Erwin Pe <erwin.pe@mongodb.com> | 2021-10-28 18:16:25 +0000 |
|---|---|---|
| committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-10-28 18:58:08 +0000 |
| commit | 2fa18e5051b2c3487a9bc5fb8a38a96cdf52dbc0 (patch) | |
| tree | 2b3e0f05fe081e6286a3a132ce1df977576ba893 /src | |
| parent | 5df159a364ec3a94d1e1ae01c70e3ca33cb10b4f (diff) | |
| download | mongo-2fa18e5051b2c3487a9bc5fb8a38a96cdf52dbc0.tar.gz | |
SERVER-59604 Audit log authcheck record has incorrect command for unauthenticated user
Diffstat (limited to 'src')
| -rw-r--r-- | src/mongo/db/commands.cpp | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/src/mongo/db/commands.cpp b/src/mongo/db/commands.cpp index 4aad2fce1b1..851c0f98bef 100644 --- a/src/mongo/db/commands.cpp +++ b/src/mongo/db/commands.cpp @@ -223,8 +223,16 @@ void CommandHelpers::auditLogAuthEvent(OperationContext* opCtx, ErrorCodes::Error err) { class Hook final : public audit::CommandInterface { public: - explicit Hook(const CommandInvocation* invocation, const NamespaceString* nss) - : _invocation(invocation), _nss(nss) {} + Hook(const CommandInvocation* invocation, const OpMsgRequest& request) + : _invocation(invocation) { + if (_invocation) { + _nss = _invocation->ns(); + _name = _invocation->definition()->getName(); + } else { + _nss = NamespaceString(request.getDatabase()); + _name = request.getCommandName().toString(); + } + } void snipForLogging(mutablebson::Document* cmdObj) const override { if (_invocation) { @@ -240,14 +248,11 @@ void CommandHelpers::auditLogAuthEvent(OperationContext* opCtx, } StringData getName() const override { - if (!_invocation) { - return "Error"_sd; - } - return _invocation->definition()->getName(); + return _name; } NamespaceString ns() const override { - return *_nss; + return _nss; } bool redactArgs() const override { @@ -256,11 +261,10 @@ void CommandHelpers::auditLogAuthEvent(OperationContext* opCtx, private: const CommandInvocation* _invocation; - const NamespaceString* _nss; + NamespaceString _nss; + std::string _name; }; - NamespaceString nss = invocation ? invocation->ns() : NamespaceString(request.getDatabase()); - // Always audit errors other than Unauthorized. // // When we get Unauthorized (usually), @@ -268,7 +272,7 @@ void CommandHelpers::auditLogAuthEvent(OperationContext* opCtx, // or if we don't know our Command definition. if ((err != ErrorCodes::Unauthorized) || !invocation || invocation->definition()->auditAuthorizationFailure()) { - audit::logCommandAuthzCheck(opCtx->getClient(), request, Hook(invocation, &nss), err); + audit::logCommandAuthzCheck(opCtx->getClient(), request, Hook(invocation, request), err); } } |