[SERVER-16657] Implement authorization check for getMore/killCursors on cursors owned by global cursor manager Created: 24/Dec/14  Updated: 02/Aug/18  Resolved: 12/Jan/15

Status: Closed
Project: Core Server
Component/s: Storage
Affects Version/s: None
Fix Version/s: 2.8.0-rc5

Type: Task Priority: Blocker - P1
Reporter: J Rassi Assignee: Gregory McKeon (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Participants:

 Description   

src/mongo/db/instance.cpp-                const NamespaceString nsString( ns );
src/mongo/db/instance.cpp-                uassert( 16258, str::stream() << "Invalid ns [" << ns << "]", nsString.isValid() );
src/mongo/db/instance.cpp-
src/mongo/db/instance.cpp-                Status status = Status::OK();
src/mongo/db/instance.cpp-                if (CursorManager::getGlobalCursorManager()->ownsCursorId(cursorid)) {
src/mongo/db/instance.cpp:                    // TODO Implement auth check for global cursors.  SERVER-16657.
src/mongo/db/instance.cpp-                }
src/mongo/db/instance.cpp-                else {
src/mongo/db/instance.cpp-                    status = txn->getClient()->getAuthorizationSession()->checkAuthForGetMore(
src/mongo/db/instance.cpp-                            nsString, cursorid);
src/mongo/db/instance.cpp-                }
--
src/mongo/db/query/find.cpp-        }
src/mongo/db/query/find.cpp-        else {
src/mongo/db/query/find.cpp-            // Check for spoofing of the ns such that it does not match the one originally
src/mongo/db/query/find.cpp-            // there for the cursor.
src/mongo/db/query/find.cpp-            if (globalCursorManager->ownsCursorId(cursorid)) {
src/mongo/db/query/find.cpp:                // TODO Implement auth check for global cursors.  SERVER-16657.
src/mongo/db/query/find.cpp-            }
src/mongo/db/query/find.cpp-            else {
src/mongo/db/query/find.cpp-                uassert(17011, "auth error", str::equals(ns, cc->ns().c_str()));
src/mongo/db/query/find.cpp-            }
src/mongo/db/query/find.cpp-            *isCursorAuthorized = true;



 Comments   
Comment by Githook User [ 12/Jan/15 ]

Author:

{u'username': u'jrassi', u'name': u'Jason Rassi', u'email': u'rassi@10gen.com'}

Message: SERVER-16657 Auth check for ops on cursors owned by global cursor mgr
Branch: master
https://github.com/mongodb/mongo/commit/cc1283f11b689850a66b935b9242a058d6d4ff2e

Comment by Githook User [ 12/Jan/15 ]

Author:

{u'username': u'jrassi', u'name': u'Jason Rassi', u'email': u'rassi@10gen.com'}

Message: SERVER-16657 Libraryize namespace_string
Branch: master
https://github.com/mongodb/mongo/commit/8d60222b5fd085c7d264cbd8ab4bb0267d7822a5

Comment by Githook User [ 12/Jan/15 ]

Author:

{u'username': u'jrassi', u'name': u'Jason Rassi', u'email': u'rassi@10gen.com'}

Message: SERVER-16657 ClientCursor namespace set explicitly on construction
Branch: master
https://github.com/mongodb/mongo/commit/aacb51ba4e1c96de41fc928e58a6341db82076c4

Comment by Githook User [ 12/Jan/15 ]

Author:

{u'username': u'jrassi', u'name': u'Jason Rassi', u'email': u'rassi@10gen.com'}

Message: SERVER-16657 Remove CursorManager::ns()
Branch: master
https://github.com/mongodb/mongo/commit/4d73df94d51bc86a6a5b30dc3106cd7df6a3b7be

Generated at Thu Feb 08 03:41:49 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.