LogicalSessionId makeLogicalSessionId(const LogicalSessionFromClient& fromClient, OperationContext* opCtx, std::initializer_list<Privilege> allowSpoof) { LogicalSessionId lsid; lsid.setId(fromClient.getId()); if (fromClient.getUid()) { auto authSession = AuthorizationSession::get(opCtx->getClient()); uassert(ErrorCodes::Unauthorized, "Unauthorized to set user digest in LogicalSessionId", std::any_of(allowSpoof.begin(), allowSpoof.end(), [&](const auto& priv) { return authSession->isAuthorizedForPrivilege(priv); }) || authSession->isAuthorizedForPrivilege(Privilege( ResourcePattern::forClusterResource(), ActionType::impersonate)) || getLogicalSessionUserDigestForLoggedInUser(opCtx) == fromClient.getUid()); lsid.setUid(*fromClient.getUid()); } else { lsid.setUid(getLogicalSessionUserDigestForLoggedInUser(opCtx)); } return lsid; }
void handleLsid(const LogicalSessionId& lsid) { // There are some lifetime issues with when the reaper starts up versus when the grid is // available. Moving routing info fetching until after we have a transaction moves us past // the problem. // // Also, we should only need the chunk case, but that'll wait until the sessions table is // actually sharded. if (!(_cm || _primary)) { auto routingInfo = uassertStatusOK(Grid::get(_opCtx)->catalogCache()->getCollectionRoutingInfo( _opCtx, SessionsCollection::kSessionsNamespaceString)); _cm = routingInfo.cm(); _primary = routingInfo.db().primary(); } ShardId shardId; if (_cm) { const auto chunk = _cm->findIntersectingChunkWithSimpleCollation(lsid.toBSON()); shardId = chunk.getShardId(); } else { shardId = _primary->getId(); } auto& lsids = _shards[shardId]; lsids.insert(lsid); if (lsids.size() > write_ops::kMaxWriteBatchSize) { _numReaped += removeSessionsRecords(_opCtx, _sessionsCollection, lsids); _shards.erase(shardId); } }
LogicalSessionToClient makeLogicalSessionToClient(const LogicalSessionId& lsid) { LogicalSessionIdToClient lsitc; lsitc.setId(lsid.getId()); LogicalSessionToClient id; id.setId(lsitc); id.setTimeoutMinutes(localLogicalSessionTimeoutMinutes); return id; };
void handleLsid(const LogicalSessionId& lsid) { invariant(_cm); const auto chunk = _cm->findIntersectingChunkWithSimpleCollation(lsid.toBSON()); const auto shardId = chunk.getShardId(); auto& lsids = _shards[shardId]; lsids.insert(lsid); if (lsids.size() >= write_ops::kMaxWriteBatchSize) { _numReaped += removeSessionsRecords(_opCtx, _sessionsCollection, lsids); _shards.erase(shardId); } }
LogicalSessionRecord makeLogicalSessionRecord(OperationContext* opCtx, const LogicalSessionId& lsid, Date_t lastUse) { auto lsr = makeLogicalSessionRecord(lsid, lastUse); auto client = opCtx->getClient(); ServiceContext* serviceContext = client->getServiceContext(); if (AuthorizationManager::get(serviceContext)->isAuthEnabled()) { auto user = AuthorizationSession::get(client)->getSingleUser(); invariant(user); if (user->getDigest() == lsid.getUid()) { lsr.setUser(StringData(user->getName().toString())); } } return lsr; }