diff options
Diffstat (limited to 'src/mongo/db/logical_session_id_helpers.cpp')
-rw-r--r-- | src/mongo/db/logical_session_id_helpers.cpp | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/src/mongo/db/logical_session_id_helpers.cpp b/src/mongo/db/logical_session_id_helpers.cpp index 6e47690a111..e3de10a12b7 100644 --- a/src/mongo/db/logical_session_id_helpers.cpp +++ b/src/mongo/db/logical_session_id_helpers.cpp @@ -32,26 +32,26 @@ #include "mongo/db/auth/authorization_session.h" #include "mongo/db/auth/user.h" +#include "mongo/db/auth/user_name.h" +#include "mongo/db/logical_session_cache.h" #include "mongo/db/operation_context.h" namespace mongo { -namespace { - /** * This is a safe hash that will not collide with a username because all full usernames include an * '@' character. */ const auto kNoAuthDigest = SHA256Block::computeHash(reinterpret_cast<const uint8_t*>(""), 0); -SHA256Block lookupUserDigest(OperationContext* opCtx) { +SHA256Block getLogicalSessionUserDigestForLoggedInUser(const OperationContext* opCtx) { auto client = opCtx->getClient(); ServiceContext* serviceContext = client->getServiceContext(); if (AuthorizationManager::get(serviceContext)->isAuthEnabled()) { UserName userName; - auto user = AuthorizationSession::get(client)->getSingleUser(); + const auto user = AuthorizationSession::get(client)->getSingleUser(); invariant(user); return user->getDigest(); @@ -60,7 +60,14 @@ SHA256Block lookupUserDigest(OperationContext* opCtx) { } } -} // namespace +SHA256Block getLogicalSessionUserDigestFor(StringData user, StringData db) { + if (user.empty() && db.empty()) { + return kNoAuthDigest; + } + const UserName un(user, db); + const auto& fn = un.getFullName(); + return SHA256Block::computeHash({ConstDataRange(fn.c_str(), fn.size())}); +} LogicalSessionId makeLogicalSessionId(const LogicalSessionFromClient& fromClient, OperationContext* opCtx, @@ -81,11 +88,11 @@ LogicalSessionId makeLogicalSessionId(const LogicalSessionFromClient& fromClient }) || authSession->isAuthorizedForPrivilege(Privilege( ResourcePattern::forClusterResource(), ActionType::impersonate)) || - lookupUserDigest(opCtx) == fromClient.getUid()); + getLogicalSessionUserDigestForLoggedInUser(opCtx) == fromClient.getUid()); lsid.setUid(*fromClient.getUid()); } else { - lsid.setUid(lookupUserDigest(opCtx)); + lsid.setUid(getLogicalSessionUserDigestForLoggedInUser(opCtx)); } return lsid; @@ -95,7 +102,7 @@ LogicalSessionId makeLogicalSessionId(OperationContext* opCtx) { LogicalSessionId id{}; id.setId(UUID::gen()); - id.setUid(lookupUserDigest(opCtx)); + id.setUid(getLogicalSessionUserDigestForLoggedInUser(opCtx)); return id; } |