diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/mongo/client/embedded/service_entry_point_embedded.cpp | 18 | ||||
| -rw-r--r-- | src/mongo/db/auth/sasl_commands.cpp | 4 | ||||
| -rw-r--r-- | src/mongo/db/commands.cpp | 11 | ||||
| -rw-r--r-- | src/mongo/db/commands.h | 10 | ||||
| -rw-r--r-- | src/mongo/db/commands/cpuprofile.cpp | 12 | ||||
| -rw-r--r-- | src/mongo/db/commands/shutdown.h | 2 | ||||
| -rw-r--r-- | src/mongo/db/commands/user_management_commands.cpp | 4 | ||||
| -rw-r--r-- | src/mongo/db/commands/write_commands/write_commands.cpp | 6 | ||||
| -rw-r--r-- | src/mongo/db/service_entry_point_mongod.cpp | 17 | ||||
| -rw-r--r-- | src/mongo/s/commands/cluster_user_management_commands.cpp | 4 |
10 files changed, 45 insertions, 43 deletions
diff --git a/src/mongo/client/embedded/service_entry_point_embedded.cpp b/src/mongo/client/embedded/service_entry_point_embedded.cpp index 835bc30d889..5349c338ee0 100644 --- a/src/mongo/client/embedded/service_entry_point_embedded.cpp +++ b/src/mongo/client/embedded/service_entry_point_embedded.cpp @@ -30,8 +30,10 @@ #include "mongo/platform/basic.h" -#include "mongo/base/checked_cast.h" #include "mongo/client/embedded/service_entry_point_embedded.h" + +#include "mongo/base/checked_cast.h" +#include "mongo/bson/mutable/document.h" #include "mongo/db/audit.h" #include "mongo/db/auth/authorization_session.h" #include "mongo/db/auth/impersonation_session.h" @@ -106,6 +108,14 @@ const StringMap<int> cmdWhitelist = {{"delete", 1}, {"refreshLogicalSessionCacheNow", 1}, {"update", 1}}; +BSONObj getRedactedCopyForLogging(const Command* command, const BSONObj& cmdObj) { + mutablebson::Document cmdToLog(cmdObj, mutablebson::Document::kInPlaceDisabled); + command->redactForLogging(&cmdToLog); + BSONObjBuilder bob; + cmdToLog.writeTo(&bob); + return bob.obj(); +} + void generateLegacyQueryErrorResponse(const AssertionException* exception, const QueryMessage& queryMessage, CurOp* curop, @@ -694,14 +704,14 @@ void execCommandDatabase(OperationContext* opCtx, if (operationTime != LogicalTime::kUninitialized) { LOG(1) << "assertion while executing command '" << request.getCommandName() << "' " << "on database '" << request.getDatabase() << "' " - << "with arguments '" << command->getRedactedCopyForLogging(request.body) + << "with arguments '" << getRedactedCopyForLogging(command, request.body) << "' and operationTime '" << operationTime.toString() << "': " << e.toString(); generateErrorResponse(opCtx, replyBuilder, e, metadataBob.obj(), operationTime); } else { LOG(1) << "assertion while executing command '" << request.getCommandName() << "' " << "on database '" << request.getDatabase() << "' " - << "with arguments '" << command->getRedactedCopyForLogging(request.body) + << "with arguments '" << getRedactedCopyForLogging(command, request.body) << "': " << e.toString(); generateErrorResponse(opCtx, replyBuilder, e, metadataBob.obj()); @@ -767,7 +777,7 @@ DbResponse runCommands(OperationContext* opCtx, const Message& message) { } LOG(2) << "run command " << request.getDatabase() << ".$cmd" << ' ' - << c->getRedactedCopyForLogging(request.body); + << getRedactedCopyForLogging(c, request.body); { // Try to set this as early as possible, as soon as we have figured out the command. diff --git a/src/mongo/db/auth/sasl_commands.cpp b/src/mongo/db/auth/sasl_commands.cpp index 8a67b45879d..14466871bed 100644 --- a/src/mongo/db/auth/sasl_commands.cpp +++ b/src/mongo/db/auth/sasl_commands.cpp @@ -70,7 +70,7 @@ public: const BSONObj&, std::vector<Privilege>*) {} - void redactForLogging(mutablebson::Document* cmdObj) override; + void redactForLogging(mutablebson::Document* cmdObj) const override; virtual bool run(OperationContext* opCtx, const std::string& db, @@ -258,7 +258,7 @@ std::string CmdSaslStart::help() const { return "First step in a SASL authentication conversation."; } -void CmdSaslStart::redactForLogging(mutablebson::Document* cmdObj) { +void CmdSaslStart::redactForLogging(mutablebson::Document* cmdObj) const { mutablebson::Element element = mutablebson::findFirstChildNamed(cmdObj->root(), "payload"); if (element.ok()) { element.setValueString("xxx").transitional_ignore(); diff --git a/src/mongo/db/commands.cpp b/src/mongo/db/commands.cpp index 24292e6a3c8..bcd9c3e1d4d 100644 --- a/src/mongo/db/commands.cpp +++ b/src/mongo/db/commands.cpp @@ -371,17 +371,6 @@ Status BasicCommand::checkAuthForCommand(Client* client, return Status(ErrorCodes::Unauthorized, "unauthorized"); } -void Command::redactForLogging(mutablebson::Document* cmdObj) {} - -BSONObj Command::getRedactedCopyForLogging(const BSONObj& cmdObj) { - namespace mmb = mutablebson; - mmb::Document cmdToLog(cmdObj, mmb::Document::kInPlaceDisabled); - redactForLogging(&cmdToLog); - BSONObjBuilder bob; - cmdToLog.writeTo(&bob); - return bob.obj(); -} - static Status _checkAuthorizationImpl(Command* c, OperationContext* opCtx, const OpMsgRequest& request) { diff --git a/src/mongo/db/commands.h b/src/mongo/db/commands.h index 58cadbfb3ef..7986cc6fe08 100644 --- a/src/mongo/db/commands.h +++ b/src/mongo/db/commands.h @@ -259,7 +259,7 @@ public: * * When localHostOnlyIfNoAuth() is true, adminOnly() must also be true. */ - virtual bool localHostOnlyIfNoAuth() { + virtual bool localHostOnlyIfNoAuth() const { return false; } @@ -315,13 +315,7 @@ public: * * The default implementation does nothing. */ - virtual void redactForLogging(mutablebson::Document* cmdObj); - - /** - * Returns a copy of "cmdObj" in a form suitable for writing to logs. - * Uses redactForLogging() to transform "cmdObj". - */ - virtual BSONObj getRedactedCopyForLogging(const BSONObj& cmdObj); + virtual void redactForLogging(mutablebson::Document* cmdObj) const {} /** * Return true if a replica set secondary should go into "recovering" diff --git a/src/mongo/db/commands/cpuprofile.cpp b/src/mongo/db/commands/cpuprofile.cpp index 396e396856d..ffe9704fa8c 100644 --- a/src/mongo/db/commands/cpuprofile.cpp +++ b/src/mongo/db/commands/cpuprofile.cpp @@ -74,15 +74,15 @@ public: AllowedOnSecondary secondaryAllowed() const override { return AllowedOnSecondary::kAlways; } - virtual bool adminOnly() const { + bool adminOnly() const override { return true; } - virtual bool localHostOnlyIfNoAuth() { + bool localHostOnlyIfNoAuth() const override { return true; } - virtual void addRequiredPrivileges(const std::string& dbname, - const BSONObj& cmdObj, - std::vector<Privilege>* out) { + void addRequiredPrivileges(const std::string& dbname, + const BSONObj& cmdObj, + std::vector<Privilege>* out) override { ActionSet actions; actions.addAction(ActionType::cpuProfiler); out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); @@ -91,7 +91,7 @@ public: // This is an abuse of the global dbmutex. We only really need to // ensure that only one cpuprofiler command runs at once; it would // be fine for it to run concurrently with other operations. - virtual bool supportsWriteConcern(const BSONObj& cmd) const override { + bool supportsWriteConcern(const BSONObj& cmd) const override { return false; } }; diff --git a/src/mongo/db/commands/shutdown.h b/src/mongo/db/commands/shutdown.h index e89aa301261..b000d6c27c2 100644 --- a/src/mongo/db/commands/shutdown.h +++ b/src/mongo/db/commands/shutdown.h @@ -45,7 +45,7 @@ public: virtual bool adminOnly() const { return true; } - virtual bool localHostOnlyIfNoAuth() { + bool localHostOnlyIfNoAuth() const override { return true; } AllowedOnSecondary secondaryAllowed() const override { diff --git a/src/mongo/db/commands/user_management_commands.cpp b/src/mongo/db/commands/user_management_commands.cpp index 7aafdce777b..75c19615770 100644 --- a/src/mongo/db/commands/user_management_commands.cpp +++ b/src/mongo/db/commands/user_management_commands.cpp @@ -748,7 +748,7 @@ public: return CommandHelpers::appendCommandStatus(result, status); } - virtual void redactForLogging(mutablebson::Document* cmdObj) { + void redactForLogging(mutablebson::Document* cmdObj) const override { auth::redactPasswordData(cmdObj->root()); } @@ -882,7 +882,7 @@ public: return CommandHelpers::appendCommandStatus(result, status); } - virtual void redactForLogging(mutablebson::Document* cmdObj) { + void redactForLogging(mutablebson::Document* cmdObj) const override { auth::redactPasswordData(cmdObj->root()); } diff --git a/src/mongo/db/commands/write_commands/write_commands.cpp b/src/mongo/db/commands/write_commands/write_commands.cpp index ac0a73dee89..030c759102c 100644 --- a/src/mongo/db/commands/write_commands/write_commands.cpp +++ b/src/mongo/db/commands/write_commands/write_commands.cpp @@ -242,7 +242,7 @@ class CmdInsert final : public WriteCommand { public: CmdInsert() : WriteCommand("insert") {} - void redactForLogging(mutablebson::Document* cmdObj) final { + void redactForLogging(mutablebson::Document* cmdObj) const final { redactTooLongLog(cmdObj, "documents"); } @@ -273,7 +273,7 @@ class CmdUpdate final : public WriteCommand { public: CmdUpdate() : WriteCommand("update") {} - void redactForLogging(mutablebson::Document* cmdObj) final { + void redactForLogging(mutablebson::Document* cmdObj) const final { redactTooLongLog(cmdObj, "updates"); } @@ -340,7 +340,7 @@ class CmdDelete final : public WriteCommand { public: CmdDelete() : WriteCommand("delete") {} - void redactForLogging(mutablebson::Document* cmdObj) final { + void redactForLogging(mutablebson::Document* cmdObj) const final { redactTooLongLog(cmdObj, "deletes"); } diff --git a/src/mongo/db/service_entry_point_mongod.cpp b/src/mongo/db/service_entry_point_mongod.cpp index f7bdeb1475d..af24ca0aa2c 100644 --- a/src/mongo/db/service_entry_point_mongod.cpp +++ b/src/mongo/db/service_entry_point_mongod.cpp @@ -33,6 +33,7 @@ #include "mongo/db/service_entry_point_mongod.h" #include "mongo/base/checked_cast.h" +#include "mongo/bson/mutable/document.h" #include "mongo/db/audit.h" #include "mongo/db/auth/authorization_session.h" #include "mongo/db/auth/impersonation_session.h" @@ -108,6 +109,14 @@ const StringMap<int> cmdWhitelist = {{"delete", 1}, {"refreshLogicalSessionCacheNow", 1}, {"update", 1}}; +BSONObj getRedactedCopyForLogging(const Command* command, const BSONObj& cmdObj) { + mutablebson::Document cmdToLog(cmdObj, mutablebson::Document::kInPlaceDisabled); + command->redactForLogging(&cmdToLog); + BSONObjBuilder bob; + cmdToLog.writeTo(&bob); + return bob.obj(); +} + void generateLegacyQueryErrorResponse(const AssertionException* exception, const QueryMessage& queryMessage, CurOp* curop, @@ -422,7 +431,7 @@ bool runCommandImpl(OperationContext* opCtx, serverGlobalParams.clusterRole == ClusterRole::ConfigServer ? 0 : 2; LOG(debugLevel) << "Command on database " << db << " timed out waiting for read concern to be satisfied. Command: " - << redact(command->getRedactedCopyForLogging(request.body)); + << redact(getRedactedCopyForLogging(command, request.body)); } uassertStatusOK(rcStatus); @@ -714,14 +723,14 @@ void execCommandDatabase(OperationContext* opCtx, if (operationTime != LogicalTime::kUninitialized) { LOG(1) << "assertion while executing command '" << request.getCommandName() << "' " << "on database '" << request.getDatabase() << "' " - << "with arguments '" << command->getRedactedCopyForLogging(request.body) + << "with arguments '" << getRedactedCopyForLogging(command, request.body) << "' and operationTime '" << operationTime.toString() << "': " << e.toString(); _generateErrorResponse(opCtx, replyBuilder, e, metadataBob.obj(), operationTime); } else { LOG(1) << "assertion while executing command '" << request.getCommandName() << "' " << "on database '" << request.getDatabase() << "' " - << "with arguments '" << command->getRedactedCopyForLogging(request.body) + << "with arguments '" << getRedactedCopyForLogging(command, request.body) << "': " << e.toString(); _generateErrorResponse(opCtx, replyBuilder, e, metadataBob.obj()); @@ -787,7 +796,7 @@ DbResponse runCommands(OperationContext* opCtx, const Message& message) { } LOG(2) << "run command " << request.getDatabase() << ".$cmd" << ' ' - << c->getRedactedCopyForLogging(request.body); + << getRedactedCopyForLogging(c, request.body); { // Try to set this as early as possible, as soon as we have figured out the command. diff --git a/src/mongo/s/commands/cluster_user_management_commands.cpp b/src/mongo/s/commands/cluster_user_management_commands.cpp index f908b1e98e1..1bbe5984ca8 100644 --- a/src/mongo/s/commands/cluster_user_management_commands.cpp +++ b/src/mongo/s/commands/cluster_user_management_commands.cpp @@ -97,7 +97,7 @@ public: &result); } - virtual void redactForLogging(mutablebson::Document* cmdObj) { + void redactForLogging(mutablebson::Document* cmdObj) const override { auth::redactPasswordData(cmdObj->root()); } @@ -148,7 +148,7 @@ public: return ok; } - virtual void redactForLogging(mutablebson::Document* cmdObj) { + void redactForLogging(mutablebson::Document* cmdObj) const override { auth::redactPasswordData(cmdObj->root()); } |