From ec434bd7c18aa767e4e43ea141adf79693f3a243 Mon Sep 17 00:00:00 2001 From: dwight Date: Sat, 24 Jan 2009 16:05:12 -0500 Subject: [PATCH] make security work for repl pairs --- db/repl.cpp | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/db/repl.cpp b/db/repl.cpp index 28cdd7c0a4d..4e65bdebfc7 100644 --- a/db/repl.cpp +++ b/db/repl.cpp @@ -194,26 +194,39 @@ namespace mongo { class CmdIsMaster : public Command { public: + virtual bool requiresAuth() { return false; } virtual bool slaveOk() { return true; } CmdIsMaster() : Command("ismaster") { } virtual bool run(const char *ns, BSONObj& cmdObj, string& errmsg, BSONObjBuilder& result, bool /*fromRepl*/) { + /* currently request to arbiter is (somewhat arbitrarily) an ismaster request that is not + authenticated. + we allow unauthenticated ismaster but we aren't as verbose informationally if + one is not authenticated for admin db to be safe. + */ + AuthenticationInfo *ai = authInfo.get(); + bool authed = ai == 0 || ai->isAuthorized("admin"); + if ( allDead ) { result.append("ismaster", 0.0); - if ( replPair ) - result.append("remote", replPair->remote); - result.append("info", allDead); + if( authed ) { + if ( replPair ) + result.append("remote", replPair->remote); + result.append("info", allDead); + } } else if ( replPair ) { result.append("ismaster", replPair->state); - result.append("remote", replPair->remote); - if ( replPair->info.empty() ) - result.append("info", replPair->info); - } + if( authed ) { + result.append("remote", replPair->remote); + if ( !replPair->info.empty() ) + result.append("info", replPair->info); + } + } else { result.append("ismaster", 1); - result.append("msg", "not paired"); + result.append("msg", "not paired"); } return true;