bool ClientCursor::eraseIfAuthorized(CursorId id) {
std::string ns;
{
recursive_scoped_lock lock(ccmutex);
ClientCursor* cursor = find_inlock(id);
if (!cursor) {
return false;
}
ns = cursor->ns();
}
// Can't be in a lock when checking authorization
if (!cc().getAuthorizationManager()->checkAuthorization(ns, ActionType::killCursors)) {
return false;
}
// It is safe to lookup the cursor again after temporarily releasing the mutex because
// of 2 invariants: that the cursor ID won't be re-used in a short period of time, and that
// the namespace associated with a cursor cannot change.
recursive_scoped_lock lock(ccmutex);
ClientCursor* cursor = find_inlock(id);
if (!cursor) {
// Cursor was deleted in another thread since we found it earlier in this function.
return false;
}
if (cursor->ns() != ns) {
warning() << "Cursor namespace changed. Previous ns: " << ns << ", current ns: "
<< cursor->ns() << endl;
return false;
}
return _erase_inlock(cursor);
}
bool ClientCursor::erase(CursorId id) {
recursive_scoped_lock lock(ccmutex);
ClientCursor* cursor = find_inlock(id);
if (!cursor) { return false; }
_erase_inlock(cursor);
return true;
}
bool ClientCursor::eraseIfAuthorized(CursorId id) {
recursive_scoped_lock lock(ccmutex);
ClientCursor* cursor = find_inlock(id);
if (!cursor) {
return false;
}
if (!cc().getAuthorizationManager()->checkAuthorization(cursor->ns(),
ActionType::find)
|| !cc().getAuthenticationInfo()->isAuthorizedReads(nsToDatabase(cursor->ns()))) {
return false;
}
return _erase_inlock(cursor);
}
bool ClientCursor::eraseIfAuthorized(CursorId id) {
NamespaceString ns;
{
recursive_scoped_lock lock(ccmutex);
ClientCursor* cursor = find_inlock(id);
if (!cursor) {
audit::logKillCursorsAuthzCheck(
&cc(),
NamespaceString(),
id,
ErrorCodes::CursorNotFound);
return false;
}
ns = NamespaceString(cursor->ns());
}
// Can't be in a lock when checking authorization
const bool isAuthorized = cc().getAuthorizationSession()->isAuthorizedForActionsOnNamespace(
ns, ActionType::killCursors);
audit::logKillCursorsAuthzCheck(
&cc(),
ns,
id,
isAuthorized ? ErrorCodes::OK : ErrorCodes::Unauthorized);
if (!isAuthorized) {
return false;
}
// It is safe to lookup the cursor again after temporarily releasing the mutex because
// of 2 invariants: that the cursor ID won't be re-used in a short period of time, and that
// the namespace associated with a cursor cannot change.
recursive_scoped_lock lock(ccmutex);
ClientCursor* cursor = find_inlock(id);
if (!cursor) {
// Cursor was deleted in another thread since we found it earlier in this function.
return false;
}
if (ns != cursor->ns()) {
warning() << "Cursor namespace changed. Previous ns: " << ns << ", current ns: "
<< cursor->ns() << endl;
return false;
}
_erase_inlock(cursor);
return true;
}
