Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-54524

Extend Authorization Session to record all access checks and privilege checks.

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Fixed
    • Icon: Major - P3 Major - P3
    • 4.9.0
    • None
    • None
    • None
    • Fully Compatible
    • Security 2021-03-22

    Description

      • Add method to method to verify contract. Call verification method after commands finish running in server_entry_point_common.cpp.
      • Can not just do it after priv check since listDatabases (and likely others) check during run(). Ensure sync and async commands are hooked.
      • Add AuthorizationContract as a member variable that is reset on AuthorizationSession::startRequest
      • Instrument each public member with call to record privilege or access check
      • Add private member functions that store access_check/priv after check of testingProctor - split function so it can be inlined for perf with fast and slow paths

      Auth C++ Unit Tests in authorization_session_test.cpp

      • Positive: Make a correct set of calls on Authorization_Session and verify it passes against a contract
      • Negative: Make a incorrect set of calls on Authorization_Session and verify it fails against a contract

      Attachments

        Activity

          People

            mark.benvenuto@mongodb.com Mark Benvenuto
            mark.benvenuto@mongodb.com Mark Benvenuto
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: