diff options
Diffstat (limited to 'src/mongo/db/auth/impersonation_session.cpp')
-rw-r--r-- | src/mongo/db/auth/impersonation_session.cpp | 43 |
1 files changed, 18 insertions, 25 deletions
diff --git a/src/mongo/db/auth/impersonation_session.cpp b/src/mongo/db/auth/impersonation_session.cpp index eb8bf54a6f9..228d5567807 100644 --- a/src/mongo/db/auth/impersonation_session.cpp +++ b/src/mongo/db/auth/impersonation_session.cpp @@ -44,36 +44,29 @@ namespace mongo { - ImpersonationSessionGuard::ImpersonationSessionGuard(OperationContext* txn) - : _txn(txn) { +ImpersonationSessionGuard::ImpersonationSessionGuard(OperationContext* txn) : _txn(txn) { + auto authSession = AuthorizationSession::get(_txn->getClient()); - auto authSession = AuthorizationSession::get(_txn->getClient()); + const auto& impersonatedUsersAndRoles = + rpc::AuditMetadata::get(txn).getImpersonatedUsersAndRoles(); - const auto& impersonatedUsersAndRoles = - rpc::AuditMetadata::get(txn).getImpersonatedUsersAndRoles(); + if (impersonatedUsersAndRoles != boost::none) { + uassert(ErrorCodes::Unauthorized, + "Unauthorized use of impersonation metadata.", + authSession->isAuthorizedForPrivilege( + Privilege(ResourcePattern::forClusterResource(), ActionType::impersonate))); - if (impersonatedUsersAndRoles != boost::none) { + fassert(ErrorCodes::InternalError, !authSession->isImpersonating()); - uassert(ErrorCodes::Unauthorized, - "Unauthorized use of impersonation metadata.", - authSession->isAuthorizedForPrivilege( - Privilege(ResourcePattern::forClusterResource(), - ActionType::impersonate))); - - fassert(ErrorCodes::InternalError, !authSession->isImpersonating()); - - authSession->setImpersonatedUserData(std::get<0>(*impersonatedUsersAndRoles), - std::get<1>(*impersonatedUsersAndRoles)); - _active = true; - } + authSession->setImpersonatedUserData(std::get<0>(*impersonatedUsersAndRoles), + std::get<1>(*impersonatedUsersAndRoles)); + _active = true; } +} - ImpersonationSessionGuard::~ImpersonationSessionGuard() { - DESTRUCTOR_GUARD( - if (_active) { - AuthorizationSession::get(_txn->getClient())->clearImpersonatedUserData(); - } - ) - } +ImpersonationSessionGuard::~ImpersonationSessionGuard() { + DESTRUCTOR_GUARD( + if (_active) { AuthorizationSession::get(_txn->getClient())->clearImpersonatedUserData(); }) +} } // namespace mongo |