diff options
| author | Randolph Tan <randolph@10gen.com> | 2019-01-28 17:00:20 -0500 |
|---|---|---|
| committer | Randolph Tan <randolph@10gen.com> | 2019-01-31 14:57:49 -0500 |
| commit | 8d23154ed3e086213c5bd59b3e2fcba96a3cca41 (patch) | |
| tree | 1a484f25516da69248d48283890f1a9c7c731263 /src | |
| parent | c15a40aa4eaee67e060ac63256998232deb97c38 (diff) | |
| download | mongo-8d23154ed3e086213c5bd59b3e2fcba96a3cca41.tar.gz | |
SERVER-39232 Allow commands that do not require auth to refresh sessions
Diffstat (limited to 'src')
| -rw-r--r-- | src/mongo/db/initialize_operation_session_info.cpp | 14 | ||||
| -rw-r--r-- | src/mongo/db/logical_session_id_test.cpp | 17 |
2 files changed, 26 insertions, 5 deletions
diff --git a/src/mongo/db/initialize_operation_session_info.cpp b/src/mongo/db/initialize_operation_session_info.cpp index e513126f173..b48027bc130 100644 --- a/src/mongo/db/initialize_operation_session_info.cpp +++ b/src/mongo/db/initialize_operation_session_info.cpp @@ -60,16 +60,20 @@ OperationSessionInfoFromClient initializeOperationSessionInfo(OperationContext* !osi.getAutocommit()); uassert( 50889, "It is illegal to provide a txnNumber for this command", !osi.getTxnNumber()); - return {}; } - { + if (auto authSession = AuthorizationSession::get(opCtx->getClient())) { // If we're using the localhost bypass, and the client hasn't authenticated, // logical sessions are disabled. A client may authenticate as the __sytem user, // or as an externally authorized user. - AuthorizationSession* authSession = AuthorizationSession::get(opCtx->getClient()); - if (authSession && authSession->isUsingLocalhostBypass() && - !authSession->isAuthenticated()) { + if (authSession->isUsingLocalhostBypass() && !authSession->isAuthenticated()) { + return {}; + } + + // Do not initialize lsid when auth is enabled and no user is logged in since + // there is no sensible uid that can be assigned to it. + if (AuthorizationManager::get(opCtx->getServiceContext())->isAuthEnabled() && + !authSession->isAuthenticated() && !requiresAuth) { return {}; } } diff --git a/src/mongo/db/logical_session_id_test.cpp b/src/mongo/db/logical_session_id_test.cpp index 1bf9e9b4658..3d90d189d5b 100644 --- a/src/mongo/db/logical_session_id_test.cpp +++ b/src/mongo/db/logical_session_id_test.cpp @@ -383,5 +383,22 @@ TEST_F(LogicalSessionIdTest, ConstructorFromClientWithTooLongName) { ASSERT_THROWS(makeLogicalSessionId(req, _opCtx.get()), AssertionException); } +TEST_F(LogicalSessionIdTest, MultipleUsersPerSessionIsNotAllowed) { + addSimpleUser(UserName("simple", "test")); + addSimpleUser(UserName("simple", "test2")); + + LogicalSessionFromClient lsid; + lsid.setId(UUID::gen()); + + ASSERT_THROWS_CODE(initializeOperationSessionInfo( + _opCtx.get(), + BSON("TestCmd" << 1 << "lsid" << lsid.toBSON() << "txnNumber" << 100LL), + true, + true, + true), + AssertionException, + ErrorCodes::Unauthorized); +} + } // namespace } // namespace mongo |