diff options
author | James Wahlin <james@mongodb.com> | 2018-02-12 11:35:10 -0500 |
---|---|---|
committer | James Wahlin <james@mongodb.com> | 2018-02-13 08:35:28 -0500 |
commit | 01d40849047890796d097beff99258aae47ce552 (patch) | |
tree | caca2b1843f0ded9b33111a0f6069c2f1d4b26c1 /src | |
parent | 4c7f0f3464aa64f3941288effb4fdbffe525eace (diff) | |
download | mongo-01d40849047890796d097beff99258aae47ce552.tar.gz |
SERVER-33221 Add find & getMore commands to session checkout whitelist
Diffstat (limited to 'src')
-rw-r--r-- | src/mongo/db/service_entry_point_mongod.cpp | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/src/mongo/db/service_entry_point_mongod.cpp b/src/mongo/db/service_entry_point_mongod.cpp index eefbaec84be..69235c1e0c5 100644 --- a/src/mongo/db/service_entry_point_mongod.cpp +++ b/src/mongo/db/service_entry_point_mongod.cpp @@ -107,7 +107,9 @@ const StringMap<int> cmdWhitelist = {{"delete", 1}, {"findAndModify", 1}, {"insert", 1}, {"refreshLogicalSessionCacheNow", 1}, - {"update", 1}}; + {"update", 1}, + {"find", 1}, + {"getMore", 1}}; BSONObj getRedactedCopyForLogging(const Command* command, const BSONObj& cmdObj) { mutablebson::Document cmdToLog(cmdObj, mutablebson::Document::kInPlaceDisabled); @@ -579,8 +581,12 @@ void execCommandDatabase(OperationContext* opCtx, // servers may result in a deadlock when a server tries to check out a session it is already // using to service an earlier operation in the command's chain. To avoid this, only check // out sessions for commands that require them (i.e. write commands). - OperationContextSession sessionTxnState( - opCtx, cmdWhitelist.find(command->getName()) != cmdWhitelist.cend()); + // Session checkout is also prevented for commands run within DBDirectClient. If checkout is + // required, it is expected to be handled by the outermost command. + const bool shouldCheckoutSession = + cmdWhitelist.find(command->getName()) != cmdWhitelist.cend() && + !opCtx->getClient()->isInDirectClient(); + OperationContextSession sessionTxnState(opCtx, shouldCheckoutSession); ImpersonationSessionGuard guard(opCtx); uassertStatusOK(Command::checkAuthorization(command, opCtx, request)); |