LogicalSessionId makeLogicalSessionId(const LogicalSessionFromClient& fromClient,
OperationContext* opCtx,
std::initializer_list<Privilege> allowSpoof) {
LogicalSessionId lsid;
lsid.setId(fromClient.getId());
if (fromClient.getUid()) {
auto authSession = AuthorizationSession::get(opCtx->getClient());
uassert(ErrorCodes::Unauthorized,
"Unauthorized to set user digest in LogicalSessionId",
std::any_of(allowSpoof.begin(),
allowSpoof.end(),
[&](const auto& priv) {
return authSession->isAuthorizedForPrivilege(priv);
}) ||
authSession->isAuthorizedForPrivilege(Privilege(
ResourcePattern::forClusterResource(), ActionType::impersonate)) ||
getLogicalSessionUserDigestForLoggedInUser(opCtx) == fromClient.getUid());
lsid.setUid(*fromClient.getUid());
} else {
lsid.setUid(getLogicalSessionUserDigestForLoggedInUser(opCtx));
}
return lsid;
}
void handleLsid(const LogicalSessionId& lsid) {
// There are some lifetime issues with when the reaper starts up versus when the grid is
// available. Moving routing info fetching until after we have a transaction moves us past
// the problem.
//
// Also, we should only need the chunk case, but that'll wait until the sessions table is
// actually sharded.
if (!(_cm || _primary)) {
auto routingInfo =
uassertStatusOK(Grid::get(_opCtx)->catalogCache()->getCollectionRoutingInfo(
_opCtx, SessionsCollection::kSessionsNamespaceString));
_cm = routingInfo.cm();
_primary = routingInfo.db().primary();
}
ShardId shardId;
if (_cm) {
const auto chunk = _cm->findIntersectingChunkWithSimpleCollation(lsid.toBSON());
shardId = chunk.getShardId();
} else {
shardId = _primary->getId();
}
auto& lsids = _shards[shardId];
lsids.insert(lsid);
if (lsids.size() > write_ops::kMaxWriteBatchSize) {
_numReaped += removeSessionsRecords(_opCtx, _sessionsCollection, lsids);
_shards.erase(shardId);
}
}
LogicalSessionToClient makeLogicalSessionToClient(const LogicalSessionId& lsid) {
LogicalSessionIdToClient lsitc;
lsitc.setId(lsid.getId());
LogicalSessionToClient id;
id.setId(lsitc);
id.setTimeoutMinutes(localLogicalSessionTimeoutMinutes);
return id;
};
void handleLsid(const LogicalSessionId& lsid) {
invariant(_cm);
const auto chunk = _cm->findIntersectingChunkWithSimpleCollation(lsid.toBSON());
const auto shardId = chunk.getShardId();
auto& lsids = _shards[shardId];
lsids.insert(lsid);
if (lsids.size() >= write_ops::kMaxWriteBatchSize) {
_numReaped += removeSessionsRecords(_opCtx, _sessionsCollection, lsids);
_shards.erase(shardId);
}
}
LogicalSessionRecord makeLogicalSessionRecord(OperationContext* opCtx,
const LogicalSessionId& lsid,
Date_t lastUse) {
auto lsr = makeLogicalSessionRecord(lsid, lastUse);
auto client = opCtx->getClient();
ServiceContext* serviceContext = client->getServiceContext();
if (AuthorizationManager::get(serviceContext)->isAuthEnabled()) {
auto user = AuthorizationSession::get(client)->getSingleUser();
invariant(user);
if (user->getDigest() == lsid.getUid()) {
lsr.setUser(StringData(user->getName().toString()));
}
}
return lsr;
}
