bool ClientCursor::eraseIfAuthorized(CursorId id) { std::string ns; { recursive_scoped_lock lock(ccmutex); ClientCursor* cursor = find_inlock(id); if (!cursor) { return false; } ns = cursor->ns(); } // Can't be in a lock when checking authorization if (!cc().getAuthorizationManager()->checkAuthorization(ns, ActionType::killCursors)) { return false; } // It is safe to lookup the cursor again after temporarily releasing the mutex because // of 2 invariants: that the cursor ID won't be re-used in a short period of time, and that // the namespace associated with a cursor cannot change. recursive_scoped_lock lock(ccmutex); ClientCursor* cursor = find_inlock(id); if (!cursor) { // Cursor was deleted in another thread since we found it earlier in this function. return false; } if (cursor->ns() != ns) { warning() << "Cursor namespace changed. Previous ns: " << ns << ", current ns: " << cursor->ns() << endl; return false; } return _erase_inlock(cursor); }
bool ClientCursor::erase(CursorId id) { recursive_scoped_lock lock(ccmutex); ClientCursor* cursor = find_inlock(id); if (!cursor) { return false; } _erase_inlock(cursor); return true; }
bool ClientCursor::eraseIfAuthorized(CursorId id) { recursive_scoped_lock lock(ccmutex); ClientCursor* cursor = find_inlock(id); if (!cursor) { return false; } if (!cc().getAuthorizationManager()->checkAuthorization(cursor->ns(), ActionType::find) || !cc().getAuthenticationInfo()->isAuthorizedReads(nsToDatabase(cursor->ns()))) { return false; } return _erase_inlock(cursor); }
bool ClientCursor::eraseIfAuthorized(CursorId id) { NamespaceString ns; { recursive_scoped_lock lock(ccmutex); ClientCursor* cursor = find_inlock(id); if (!cursor) { audit::logKillCursorsAuthzCheck( &cc(), NamespaceString(), id, ErrorCodes::CursorNotFound); return false; } ns = NamespaceString(cursor->ns()); } // Can't be in a lock when checking authorization const bool isAuthorized = cc().getAuthorizationSession()->isAuthorizedForActionsOnNamespace( ns, ActionType::killCursors); audit::logKillCursorsAuthzCheck( &cc(), ns, id, isAuthorized ? ErrorCodes::OK : ErrorCodes::Unauthorized); if (!isAuthorized) { return false; } // It is safe to lookup the cursor again after temporarily releasing the mutex because // of 2 invariants: that the cursor ID won't be re-used in a short period of time, and that // the namespace associated with a cursor cannot change. recursive_scoped_lock lock(ccmutex); ClientCursor* cursor = find_inlock(id); if (!cursor) { // Cursor was deleted in another thread since we found it earlier in this function. return false; } if (ns != cursor->ns()) { warning() << "Cursor namespace changed. Previous ns: " << ns << ", current ns: " << cursor->ns() << endl; return false; } _erase_inlock(cursor); return true; }