SERVER-30298 Add UserDigest LogicalSessionID

Inclusion of a sha256 digest of the full username to the logical session
id (in addition to the current guid) is necessary to fully disambiguate
logical sessions in degraded clusters (when the authoritative record for
a session is unreachable).

Semantics for the uid are as follows:

session creation via startSession()
* Sessions can only be created with one, and only one, user authenticated
* The composite key is created from a guid created on the spot, as well
  as the digest of the currently auth'd username
* Only the session guid is returned to the user
  * This prevents outside users from attempting to send back a value
    we'd have to check.  It's preferable to decorate the guid with the
    user digest per command, rather than having to check a value the user
    might send.

session use for a command
* Sessions are passed via the lsid top level field in any command
* Sessions are only meaningful for commands which requireAuth.  For
  sessions which don't require auth, we strip session information from the
  command at parse time
* Session ids are passed as an object, which can optionally include the
  username digest
  * It is illegal to pass the username digest unless the currently
    auth'd user has the impersonate privilege (the __system user does).
    This enables sessions on shard servers via mongos

1 files changed, 4 insertions, 21 deletions

diff --git a/src/mongo/db/logical_session_cache.h b/src/mongo/db/logical_session_cache.h
index da3d521b02e..5d901c191ce 100644
--- a/src/mongo/db/logical_session_cache.h
+++ b/src/mongo/db/logical_session_cache.h
@@ -30,10 +30,8 @@
 
 #include "mongo/base/status_with.h"
 #include "mongo/db/logical_session_id.h"
-#include "mongo/db/logical_session_record.h"
 #include "mongo/db/service_liason.h"
 #include "mongo/db/sessions_collection.h"
-#include "mongo/db/signed_logical_session_id.h"
 #include "mongo/db/time_proof_service.h"
 #include "mongo/platform/atomic_word.h"
 #include "mongo/stdx/thread.h"
@@ -120,7 +118,7 @@ public:
      *
      * This method does not issue networking calls.
      */
-    Status promote(SignedLogicalSessionId lsid);
+    Status promote(LogicalSessionId lsid);
 
     /**
      * If the cache contains a record for this LogicalSessionId, promotes it.
@@ -129,7 +127,7 @@ public:
      *
      * This method may issue networking calls.
      */
-    Status fetchAndPromote(SignedLogicalSessionId lsid);
+    Status fetchAndPromote(LogicalSessionId lsid);
 
     /**
      * Inserts a new authoritative session record into the cache. This method will
@@ -137,22 +135,7 @@ public:
      * should only be used when starting new sessions and should not be used to
      * insert records for existing sessions.
      */
-    Status startSession(SignedLogicalSessionId lsid);
-
-    /**
-     * Generates and sets a signature for the fields in this LogicalSessionId.
-     *
-     * If this method is not able to acquire a key to perform the signature
-     * this call will return an error.
-     */
-    StatusWith<SignedLogicalSessionId> signLsid(OperationContext* opCtx,
-                                                const LogicalSessionId& id,
-                                                boost::optional<OID> userId);
-
-    /**
-     * Validates that this LogicalSessionId was signed with the correct key.
-     */
-    Status validateLsid(OperationContext* opCtx, const SignedLogicalSessionId& lsid);
+    Status startSession(LogicalSessionId lsid);
 
     /**
      * Removes all local records in this cache. Does not remove the corresponding
@@ -184,7 +167,7 @@ private:
     std::unique_ptr<SessionsCollection> _sessionsColl;
 
     stdx::mutex _cacheMutex;
-    LRUCache<LogicalSessionId, LogicalSessionRecord, LogicalSessionId::Hash> _cache;
+    LRUCache<LogicalSessionId, LogicalSessionRecord, LogicalSessionIdHash> _cache;
 };
 
 }  // namespace mongo