summaryrefslogtreecommitdiff
path: root/src/mongo/s/commands/strategy.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/mongo/s/commands/strategy.cpp')
-rw-r--r--src/mongo/s/commands/strategy.cpp32
1 files changed, 22 insertions, 10 deletions
diff --git a/src/mongo/s/commands/strategy.cpp b/src/mongo/s/commands/strategy.cpp
index 148b10f61c4..9b05cad2a4d 100644
--- a/src/mongo/s/commands/strategy.cpp
+++ b/src/mongo/s/commands/strategy.cpp
@@ -547,16 +547,28 @@ void Strategy::killCursors(OperationContext* opCtx, DbMessage* dbm) {
continue;
}
- Status authorizationStatus = authSession->checkAuthForKillCursors(*nss, cursorId);
- audit::logKillCursorsAuthzCheck(client,
- *nss,
- cursorId,
- authorizationStatus.isOK() ? ErrorCodes::OK
- : ErrorCodes::Unauthorized);
- if (!authorizationStatus.isOK()) {
- LOG(3) << "Not authorized to kill cursor. Namespace: '" << *nss
- << "', cursor id: " << cursorId << ".";
- continue;
+ {
+ // Block scope ccPin so that it releases our checked out cursor
+ // prior to the killCursor invocation below.
+ auto ccPin = manager->checkOutCursor(*nss, cursorId, opCtx);
+ if (!ccPin.isOK()) {
+ LOG(3) << "Unable to check out cursor for killCursor. Namespace: '" << *nss
+ << "', cursor id: " << cursorId << ".";
+ continue;
+ }
+ auto cursorOwners = ccPin.getValue().getAuthenticatedUsers();
+ auto authorizationStatus = authSession->checkAuthForKillCursors(*nss, cursorOwners);
+
+ audit::logKillCursorsAuthzCheck(client,
+ *nss,
+ cursorId,
+ authorizationStatus.isOK() ? ErrorCodes::OK
+ : ErrorCodes::Unauthorized);
+ if (!authorizationStatus.isOK()) {
+ LOG(3) << "Not authorized to kill cursor. Namespace: '" << *nss
+ << "', cursor id: " << cursorId << ".";
+ continue;
+ }
}
Status killCursorStatus = manager->killCursor(*nss, cursorId);
View Lorry Controller Status