diff options
Diffstat (limited to 'src/mongo/db')
28 files changed, 1563 insertions, 31 deletions
diff --git a/src/mongo/db/SConscript b/src/mongo/db/SConscript index 0d42768d960..e0b2a253e61 100644 --- a/src/mongo/db/SConscript +++ b/src/mongo/db/SConscript @@ -1081,6 +1081,34 @@ env.Library( ) env.Library( + target='kill_sessions', + source=[ + 'kill_sessions.cpp', + 'kill_sessions_common.cpp', + 'session_killer.cpp', + env.Idlc('kill_sessions.idl')[0], + ], + LIBDEPS=[ + '$BUILD_DIR/mongo/base', + ], + LIBDEPS_PRIVATE=[ + '$BUILD_DIR/mongo/db/auth/authcore', + '$BUILD_DIR/mongo/idl/idl_parser', + ], +) + +env.Library( + target='kill_sessions_local', + source=[ + 'kill_sessions_local.cpp', + ], + LIBDEPS=[ + 'clientcursor', + 'kill_sessions', + ], +) + +env.Library( target='signed_logical_time', source=[ 'signed_logical_time.cpp', diff --git a/src/mongo/db/auth/action_types.txt b/src/mongo/db/auth/action_types.txt index dd9e6a9c8cc..d3b2745d319 100644 --- a/src/mongo/db/auth/action_types.txt +++ b/src/mongo/db/auth/action_types.txt @@ -64,6 +64,7 @@ "insert", "internal", # Special action type that represents internal actions "invalidateUserCache", +"killAnySession", "killCursors", "killop", "listCollections", diff --git a/src/mongo/db/auth/authorization_session.cpp b/src/mongo/db/auth/authorization_session.cpp index 4c72c4677e3..201acb11b00 100644 --- a/src/mongo/db/auth/authorization_session.cpp +++ b/src/mongo/db/auth/authorization_session.cpp @@ -117,6 +117,23 @@ using UserHolder = std::unique_ptr<User, UserReleaser>; } // namespace +AuthorizationSession::ScopedImpersonate::ScopedImpersonate(AuthorizationSession* authSession, + std::vector<UserName>* users, + std::vector<RoleName>* roles) + : _authSession(*authSession), _users(*users), _roles(*roles) { + swap(); +} + +AuthorizationSession::ScopedImpersonate::~ScopedImpersonate() { + swap(); +} + +void AuthorizationSession::ScopedImpersonate::swap() { + using std::swap; + swap(_authSession._impersonatedUserNames, _users); + swap(_authSession._impersonatedRoleNames, _roles); +} + AuthorizationSession::AuthorizationSession(std::unique_ptr<AuthzSessionExternalState> externalState) : _externalState(std::move(externalState)), _impersonationFlag(false) {} diff --git a/src/mongo/db/auth/authorization_session.h b/src/mongo/db/auth/authorization_session.h index 7da7d21c9a1..edb838c1959 100644 --- a/src/mongo/db/auth/authorization_session.h +++ b/src/mongo/db/auth/authorization_session.h @@ -70,6 +70,27 @@ class AuthorizationSession { public: /** + * Provides a way to swap out impersonate data for the duration of the ScopedImpersonate's + * lifetime. + */ + class ScopedImpersonate { + public: + ScopedImpersonate(AuthorizationSession* authSession, + std::vector<UserName>* users, + std::vector<RoleName>* roles); + ~ScopedImpersonate(); + + private: + void swap(); + + AuthorizationSession& _authSession; + std::vector<UserName>& _users; + std::vector<RoleName>& _roles; + }; + + friend class ScopedImpersonate; + + /** * Gets the AuthorizationSession associated with the given "client", or nullptr. * * The "client" object continues to own the returned AuthorizationSession. diff --git a/src/mongo/db/auth/role_graph_builtin_roles.cpp b/src/mongo/db/auth/role_graph_builtin_roles.cpp index a9ee381c277..36cc6b4c15a 100644 --- a/src/mongo/db/auth/role_graph_builtin_roles.cpp +++ b/src/mongo/db/auth/role_graph_builtin_roles.cpp @@ -216,6 +216,7 @@ MONGO_INITIALIZER(AuthorizationBuiltinRoles)(InitializerContext* context) { << ActionType::flushRouterConfig // clusterManager gets this also << ActionType::fsync << ActionType::invalidateUserCache // userAdminAnyDatabase gets this also + << ActionType::killAnySession << ActionType::killop << ActionType::replSetResizeOplog << ActionType::resync; // clusterManager gets this also diff --git a/src/mongo/db/commands.cpp b/src/mongo/db/commands.cpp index 5f5982d76f4..c8f99250182 100644 --- a/src/mongo/db/commands.cpp +++ b/src/mongo/db/commands.cpp @@ -189,7 +189,7 @@ BSONObj Command::runCommandDirectly(OperationContext* opCtx, const OpMsgRequest& BSONObjBuilder out; try { - bool ok = command->enhancedRun(opCtx, request, out); + bool ok = command->publicRun(opCtx, request, out); appendCommandStatus(out, ok); } catch (const StaleConfigException& ex) { // These exceptions are intended to be handled at a higher level and cannot losslessly @@ -321,6 +321,20 @@ Status Command::checkAuthorization(Command* c, return status; } +bool Command::publicRun(OperationContext* opCtx, + const OpMsgRequest& request, + BSONObjBuilder& result) { + try { + return enhancedRun(opCtx, request, result); + } catch (const DBException& e) { + if (e.code() == ErrorCodes::Unauthorized) { + audit::logCommandAuthzCheck( + opCtx->getClient(), request, this, ErrorCodes::Unauthorized); + } + throw; + } +} + bool Command::isHelpRequest(const BSONElement& helpElem) { return !helpElem.eoo() && helpElem.trueValue(); } diff --git a/src/mongo/db/commands.h b/src/mongo/db/commands.h index dfcda118277..79641088af1 100644 --- a/src/mongo/db/commands.h +++ b/src/mongo/db/commands.h @@ -92,18 +92,6 @@ public: virtual std::size_t reserveBytesForReply() const = 0; /** - * Runs the command. - * - * The default implementation verifies that request has no document sections then forwards to - * BasicCommand::run(). - * - * For now commands should only implement if they need access to OP_MSG-specific functionality. - */ - virtual bool enhancedRun(OperationContext* opCtx, - const OpMsgRequest& request, - BSONObjBuilder& result) = 0; - - /** * supportsWriteConcern returns true if this command should be parsed for a writeConcern * field and wait for that write concern to be satisfied after the command runs. * @@ -349,6 +337,13 @@ public: _commandsFailed.increment(); } + /** + * Runs the command. + * + * Forwards to enhancedRun, but additionally runs audit checks if run throws unauthorized. + */ + bool publicRun(OperationContext* opCtx, const OpMsgRequest& request, BSONObjBuilder& result); + static const CommandMap& allCommands() { return *_commands; } @@ -514,6 +509,18 @@ private: static CommandMap* _commands; static CommandMap* _commandsByBestName; + /** + * Runs the command. + * + * The default implementation verifies that request has no document sections then forwards to + * BasicCommand::run(). + * + * For now commands should only implement if they need access to OP_MSG-specific functionality. + */ + virtual bool enhancedRun(OperationContext* opCtx, + const OpMsgRequest& request, + BSONObjBuilder& result) = 0; + // Counters for how many times this command has been executed and failed Counter64 _commandsExecuted; Counter64 _commandsFailed; diff --git a/src/mongo/db/commands/SConscript b/src/mongo/db/commands/SConscript index 3ba7f61d588..9ea7617f4d7 100644 --- a/src/mongo/db/commands/SConscript +++ b/src/mongo/db/commands/SConscript @@ -63,6 +63,9 @@ env.Library( "generic.cpp", "hashcmd.cpp", "isself.cpp", + "kill_all_sessions_by_pattern_command.cpp", + "kill_all_sessions_command.cpp", + "kill_sessions_command.cpp", "mr_common.cpp", "parameters.cpp", "refresh_logical_session_cache_now.cpp", @@ -85,6 +88,7 @@ env.Library( '$BUILD_DIR/mongo/db/exec/working_set', '$BUILD_DIR/mongo/db/index/key_generator', '$BUILD_DIR/mongo/db/index_names', + '$BUILD_DIR/mongo/db/kill_sessions', '$BUILD_DIR/mongo/db/lasterror', '$BUILD_DIR/mongo/db/log_process_details', '$BUILD_DIR/mongo/db/logical_session_cache', diff --git a/src/mongo/db/commands/kill_all_sessions_by_pattern_command.cpp b/src/mongo/db/commands/kill_all_sessions_by_pattern_command.cpp new file mode 100644 index 00000000000..48387e69e88 --- /dev/null +++ b/src/mongo/db/commands/kill_all_sessions_by_pattern_command.cpp @@ -0,0 +1,119 @@ +/** + * Copyright (C) 2017 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. + */ + +#define MONGO_LOG_DEFAULT_COMPONENT ::mongo::logger::LogComponent::kCommand + +#include "mongo/platform/basic.h" + +#include "mongo/base/init.h" +#include "mongo/db/auth/action_set.h" +#include "mongo/db/auth/action_type.h" +#include "mongo/db/auth/authorization_manager.h" +#include "mongo/db/auth/authorization_session.h" +#include "mongo/db/auth/privilege.h" +#include "mongo/db/client.h" +#include "mongo/db/commands.h" +#include "mongo/db/jsobj.h" +#include "mongo/db/kill_sessions.h" +#include "mongo/db/kill_sessions_common.h" +#include "mongo/db/kill_sessions_local.h" +#include "mongo/db/logical_session_cache.h" +#include "mongo/db/logical_session_id.h" +#include "mongo/db/logical_session_id_helpers.h" +#include "mongo/db/operation_context.h" +#include "mongo/db/stats/top.h" +#include "mongo/util/log.h" + +namespace mongo { + +class KillAllSessionsByPatternCommand final : public BasicCommand { + MONGO_DISALLOW_COPYING(KillAllSessionsByPatternCommand); + +public: + KillAllSessionsByPatternCommand() : BasicCommand("killAllSessionsByPattern") {} + + bool slaveOk() const override { + return true; + } + bool adminOnly() const override { + return false; + } + bool supportsWriteConcern(const BSONObj& cmd) const override { + return false; + } + void help(std::stringstream& help) const override { + help << "kill logical sessions by pattern"; + } + Status checkAuthForOperation(OperationContext* opCtx, + const std::string& dbname, + const BSONObj& cmdObj) override { + AuthorizationSession* authSession = AuthorizationSession::get(opCtx->getClient()); + if (!authSession->isAuthorizedForPrivilege( + Privilege{ResourcePattern::forClusterResource(), ActionType::killAnySession})) { + return Status(ErrorCodes::Unauthorized, "Unauthorized"); + } + return Status::OK(); + } + + virtual bool run(OperationContext* opCtx, + const std::string& db, + const BSONObj& cmdObj, + BSONObjBuilder& result) override { + IDLParserErrorContext ctx("KillAllSessionsByPatternCmd"); + auto ksc = KillAllSessionsByPatternCmd::parse(ctx, cmdObj); + + // The empty command kills all + if (ksc.getKillAllSessionsByPattern().empty()) { + ksc.setKillAllSessionsByPattern({makeKillAllSessionsByPattern(opCtx)}); + } else { + // If a pattern is passed, you may only pass impersonate data if you have the + // impersonate privilege. + auto authSession = AuthorizationSession::get(opCtx->getClient()); + + if (!authSession->isAuthorizedForPrivilege( + Privilege(ResourcePattern::forClusterResource(), ActionType::impersonate))) { + + for (const auto& pattern : ksc.getKillAllSessionsByPattern()) { + if (pattern.getUsers() || pattern.getRoles()) { + return appendCommandStatus( + result, + Status(ErrorCodes::Unauthorized, + "Not authorized to impersonate in killAllSessionsByPattern")); + } + } + } + } + + KillAllSessionsByPatternSet patterns{ksc.getKillAllSessionsByPattern().begin(), + ksc.getKillAllSessionsByPattern().end()}; + + return appendCommandStatus(result, killSessionsCmdHelper(opCtx, result, patterns)); + } +} killAllSessionsByPatternCommand; + +} // namespace mongo diff --git a/src/mongo/db/commands/kill_all_sessions_command.cpp b/src/mongo/db/commands/kill_all_sessions_command.cpp new file mode 100644 index 00000000000..ba200c4e443 --- /dev/null +++ b/src/mongo/db/commands/kill_all_sessions_command.cpp @@ -0,0 +1,107 @@ +/** + * Copyright (C) 2017 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. + */ + +#define MONGO_LOG_DEFAULT_COMPONENT ::mongo::logger::LogComponent::kCommand + +#include "mongo/platform/basic.h" + +#include "mongo/base/init.h" +#include "mongo/db/auth/action_set.h" +#include "mongo/db/auth/action_type.h" +#include "mongo/db/auth/authorization_manager.h" +#include "mongo/db/auth/authorization_session.h" +#include "mongo/db/auth/privilege.h" +#include "mongo/db/client.h" +#include "mongo/db/commands.h" +#include "mongo/db/jsobj.h" +#include "mongo/db/kill_sessions.h" +#include "mongo/db/kill_sessions_common.h" +#include "mongo/db/kill_sessions_local.h" +#include "mongo/db/logical_session_cache.h" +#include "mongo/db/logical_session_id.h" +#include "mongo/db/logical_session_id_helpers.h" +#include "mongo/db/operation_context.h" +#include "mongo/db/stats/top.h" +#include "mongo/util/log.h" + +namespace mongo { + +class KillAllSessionsCommand final : public BasicCommand { + MONGO_DISALLOW_COPYING(KillAllSessionsCommand); + +public: + KillAllSessionsCommand() : BasicCommand("killAllSessions") {} + + bool slaveOk() const override { + return true; + } + bool adminOnly() const override { + return false; + } + bool supportsWriteConcern(const BSONObj& cmd) const override { + return false; + } + void help(std::stringstream& help) const override { + help << "kill all logical sessions, for a user, and their operations"; + } + Status checkAuthForOperation(OperationContext* opCtx, + const std::string& dbname, + const BSONObj& cmdObj) override { + AuthorizationSession* authSession = AuthorizationSession::get(opCtx->getClient()); + if (!authSession->isAuthorizedForPrivilege( + Privilege{ResourcePattern::forClusterResource(), ActionType::killAnySession})) { + return Status(ErrorCodes::Unauthorized, "Unauthorized"); + } + return Status::OK(); + } + + virtual bool run(OperationContext* opCtx, + const std::string& db, + const BSONObj& cmdObj, + BSONObjBuilder& result) override { + IDLParserErrorContext ctx("KillAllSessionsCmd"); + auto ksc = KillAllSessionsCmd::parse(ctx, cmdObj); + + KillAllSessionsByPatternSet patterns; + + // The empty command kills all + if (ksc.getKillAllSessions().empty()) { + patterns.emplace(makeKillAllSessionsByPattern(opCtx)); + } else { + patterns.reserve(ksc.getKillAllSessions().size()); + + for (const auto& user : ksc.getKillAllSessions()) { + patterns.emplace(makeKillAllSessionsByPattern(opCtx, user)); + } + } + + return appendCommandStatus(result, killSessionsCmdHelper(opCtx, result, patterns)); + } +} killAllSessionsCommand; + +} // namespace mongo diff --git a/src/mongo/db/commands/kill_sessions_command.cpp b/src/mongo/db/commands/kill_sessions_command.cpp new file mode 100644 index 00000000000..6460863d599 --- /dev/null +++ b/src/mongo/db/commands/kill_sessions_command.cpp @@ -0,0 +1,134 @@ +/** + * Copyright (C) 2017 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. + */ + +#define MONGO_LOG_DEFAULT_COMPONENT ::mongo::logger::LogComponent::kCommand + +#include "mongo/platform/basic.h" + +#include "mongo/base/init.h" +#include "mongo/db/auth/action_set.h" +#include "mongo/db/auth/action_type.h" +#include "mongo/db/auth/authorization_manager.h" +#include "mongo/db/auth/authorization_session.h" +#include "mongo/db/auth/privilege.h" +#include "mongo/db/client.h" +#include "mongo/db/commands.h" +#include "mongo/db/jsobj.h" +#include "mongo/db/kill_sessions.h" +#include "mongo/db/kill_sessions_common.h" +#include "mongo/db/kill_sessions_local.h" +#include "mongo/db/logical_session_cache.h" +#include "mongo/db/logical_session_id.h" +#include "mongo/db/logical_session_id_helpers.h" +#include "mongo/db/operation_context.h" +#include "mongo/db/stats/top.h" +#include "mongo/util/log.h" + +namespace mongo { + +namespace { + +KillAllSessionsByPatternSet patternsForLoggedInUser(OperationContext* opCtx) { + auto client = opCtx->getClient(); + ServiceContext* serviceContext = client->getServiceContext(); + + KillAllSessionsByPatternSet patterns; + + if (AuthorizationManager::get(serviceContext)->isAuthEnabled()) { + auto authzSession = AuthorizationSession::get(client); + for (auto iter = authzSession->getAuthenticatedUserNames(); iter.more(); iter.next()) { + User* user = authzSession->lookupUser(*iter); + invariant(user); + + auto pattern = makeKillAllSessionsByPattern(opCtx); + pattern.setUid(user->getDigest()); + patterns.emplace(std::move(pattern)); + } + } else { + patterns.emplace(makeKillAllSessionsByPattern(opCtx)); + } + + return patterns; +} + +} // namespace + +class KillSessionsCommand final : public BasicCommand { + MONGO_DISALLOW_COPYING(KillSessionsCommand); + +public: + KillSessionsCommand() : BasicCommand("killSessions") {} + + bool slaveOk() const override { + return true; + } + bool adminOnly() const override { + return false; + } + bool supportsWriteConcern(const BSONObj& cmd) const override { + return false; + } + void help(std::stringstream& help) const override { + help << "kill a logical session and its operations"; + } + + // Any user can kill their own sessions + Status checkAuthForOperation(OperationContext* opCtx, + const std::string& dbname, + const BSONObj& cmdObj) override { + return Status::OK(); + } + + virtual bool run(OperationContext* opCtx, + const std::string& db, + const BSONObj& cmdObj, + BSONObjBuilder& result) override { + IDLParserErrorContext ctx("KillSessionsCmd"); + auto ksc = KillSessionsCmdFromClient::parse(ctx, cmdObj); + + KillAllSessionsByPatternSet patterns; + + if (ksc.getKillSessions().empty()) { + patterns = patternsForLoggedInUser(opCtx); + } else { + auto lsids = makeLogicalSessionIds( + ksc.getKillSessions(), + opCtx, + {Privilege{ResourcePattern::forClusterResource(), ActionType::killAnySession}}); + + patterns.reserve(lsids.size()); + for (const auto& lsid : lsids) { + patterns.emplace(makeKillAllSessionsByPattern(opCtx, lsid)); + } + } + + return appendCommandStatus(result, killSessionsCmdHelper(opCtx, result, patterns)); + } +} killSessionsCommand; + +} // namespace mongo diff --git a/src/mongo/db/cursor_manager.cpp b/src/mongo/db/cursor_manager.cpp index 2406f7422bc..d2013c14f0f 100644 --- a/src/mongo/db/cursor_manager.cpp +++ b/src/mongo/db/cursor_manager.cpp @@ -40,6 +40,7 @@ #include "mongo/db/catalog/database_holder.h" #include "mongo/db/client.h" #include "mongo/db/db_raii.h" +#include "mongo/db/kill_sessions_common.h" #include "mongo/db/namespace_string.h" #include "mongo/db/operation_context.h" #include "mongo/db/query/plan_executor.h" @@ -103,7 +104,8 @@ public: std::size_t timeoutCursors(OperationContext* opCtx, Date_t now); - void appendActiveSessions(OperationContext* opCtx, LogicalSessionIdSet* lsids); + template <typename Visitor> + void visitAllCursorManagers(OperationContext* opCtx, Visitor* visitor); int64_t nextSeed(); @@ -271,10 +273,9 @@ std::size_t GlobalCursorIdCache::timeoutCursors(OperationContext* opCtx, Date_t } } // namespace -void GlobalCursorIdCache::appendActiveSessions(OperationContext* opCtx, - LogicalSessionIdSet* lsids) { - // Get active session ids from the global cursor manager - globalCursorManager->appendActiveSessions(lsids); +template <typename Visitor> +void GlobalCursorIdCache::visitAllCursorManagers(OperationContext* opCtx, Visitor* visitor) { + (*visitor)(*globalCursorManager); // Compute the set of collection names that we have to get sessions for vector<NamespaceString> namespaces; @@ -298,7 +299,7 @@ void GlobalCursorIdCache::appendActiveSessions(OperationContext* opCtx, continue; } - collection->getCursorManager()->appendActiveSessions(lsids); + (*visitor)(*(collection->getCursorManager())); } } @@ -309,7 +310,19 @@ CursorManager* CursorManager::getGlobalCursorManager() { } void CursorManager::appendAllActiveSessions(OperationContext* opCtx, LogicalSessionIdSet* lsids) { - globalCursorIdCache->appendActiveSessions(opCtx, lsids); + auto visitor = [&](CursorManager& mgr) { mgr.appendActiveSessions(lsids); }; + globalCursorIdCache->visitAllCursorManagers(opCtx, &visitor); +} + +Status CursorManager::killCursorsWithMatchingSessions(OperationContext* opCtx, + const SessionKiller::Matcher& matcher) { + auto eraser = [&](CursorManager& mgr, CursorId id) { + uassertStatusOK(mgr.eraseCursor(opCtx, id, true)); + }; + + auto visitor = makeKillSessionsCursorManagerVisitor(opCtx, matcher, std::move(eraser)); + globalCursorIdCache->visitAllCursorManagers(opCtx, &visitor); + return visitor.getStatus(); } std::size_t CursorManager::timeoutCursorsGlobal(OperationContext* opCtx, Date_t now) { diff --git a/src/mongo/db/cursor_manager.h b/src/mongo/db/cursor_manager.h index 5a2aed6edc0..c2fdc12e93c 100644 --- a/src/mongo/db/cursor_manager.h +++ b/src/mongo/db/cursor_manager.h @@ -32,8 +32,10 @@ #include "mongo/db/clientcursor.h" #include "mongo/db/cursor_id.h" #include "mongo/db/invalidation_type.h" +#include "mongo/db/kill_sessions.h" #include "mongo/db/namespace_string.h" #include "mongo/db/record_id.h" +#include "mongo/db/session_killer.h" #include "mongo/platform/unordered_map.h" #include "mongo/platform/unordered_set.h" #include "mongo/stdx/unordered_set.h" @@ -85,6 +87,12 @@ public: */ static void appendAllActiveSessions(OperationContext* opCtx, LogicalSessionIdSet* lsids); + /** + * Kills cursors with matching logical sessions. + */ + static Status killCursorsWithMatchingSessions(OperationContext* opCtx, + const SessionKiller::Matcher& matcher); + CursorManager(NamespaceString nss); /** diff --git a/src/mongo/db/db.cpp b/src/mongo/db/db.cpp index ef48122ce6f..9defa4f328f 100644 --- a/src/mongo/db/db.cpp +++ b/src/mongo/db/db.cpp @@ -75,6 +75,8 @@ #include "mongo/db/introspect.h" #include "mongo/db/json.h" #include "mongo/db/keys_collection_manager.h" +#include "mongo/db/kill_sessions.h" +#include "mongo/db/kill_sessions_local.h" #include "mongo/db/log_process_details.h" #include "mongo/db/logical_clock.h" #include "mongo/db/logical_session_cache.h" @@ -109,6 +111,7 @@ #include "mongo/db/service_context_d.h" #include "mongo/db/service_entry_point_mongod.h" #include "mongo/db/session_catalog.h" +#include "mongo/db/session_killer.h" #include "mongo/db/startup_warnings_mongod.h" #include "mongo/db/stats/counters.h" #include "mongo/db/storage/encryption_hooks.h" @@ -762,6 +765,9 @@ ExitCode _initAndListen(int listenPort) { runner->startup().transitional_ignore(); globalServiceContext->setPeriodicRunner(std::move(runner)); + SessionKiller::set(globalServiceContext, + std::make_shared<SessionKiller>(globalServiceContext, killSessionsLocal)); + // Set up the logical session cache LogicalSessionCacheServer kind = LogicalSessionCacheServer::kStandalone; if (shardingInitialized) { diff --git a/src/mongo/db/kill_sessions.cpp b/src/mongo/db/kill_sessions.cpp new file mode 100644 index 00000000000..f16202c343e --- /dev/null +++ b/src/mongo/db/kill_sessions.cpp @@ -0,0 +1,131 @@ +/** + * Copyright (C) 2017 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. + */ + +#include "mongo/platform/basic.h" + +#include "mongo/db/kill_sessions.h" + +#include "mongo/db/auth/authorization_session.h" +#include "mongo/db/client.h" +#include "mongo/db/operation_context.h" +#include "mongo/db/service_context.h" + +namespace mongo { + +namespace { + +std::vector<KillAllSessionsUser> getKillAllSessionsImpersonateUsers(OperationContext* opCtx) { + AuthorizationSession* authSession = AuthorizationSession::get(opCtx->getClient()); + + std::vector<KillAllSessionsUser> out; + + for (auto iter = authSession->getAuthenticatedUserNames(); iter.more(); iter.next()) { + out.emplace_back(); + out.back().setUser(iter->getUser()); + out.back().setDb(iter->getDB()); + } + + return out; +} + +std::vector<KillAllSessionsRole> getKillAllSessionsImpersonateRoles(OperationContext* opCtx) { + AuthorizationSession* authSession = AuthorizationSession::get(opCtx->getClient()); + + std::vector<KillAllSessionsRole> out; + + for (auto iter = authSession->getAuthenticatedRoleNames(); iter.more(); iter.next()) { + out.emplace_back(); + out.back().setRole(iter->getRole()); + out.back().setDb(iter->getDB()); + } + + return out; +} + +} // namespace + +std::tuple<std::vector<UserName>, std::vector<RoleName>> getKillAllSessionsByPatternImpersonateData( + const KillAllSessionsByPattern& pattern) { + std::tuple<std::vector<UserName>, std::vector<RoleName>> out; + + auto& users = std::get<0>(out); + auto& roles = std::get<1>(out); + + if (pattern.getUsers()) { + users.reserve(pattern.getUsers()->size()); + + for (auto&& user : pattern.getUsers().get()) { + users.emplace_back(user.getUser(), user.getDb()); + } + } + + if (pattern.getRoles()) { + roles.reserve(pattern.getUsers()->size()); + + for (auto&& user : pattern.getUsers().get()) { + roles.emplace_back(user.getUser(), user.getDb()); + } + } + + return out; +} + +KillAllSessionsByPattern makeKillAllSessionsByPattern(OperationContext* opCtx) { + KillAllSessionsByPattern kasbp; + + kasbp.setUsers(getKillAllSessionsImpersonateUsers(opCtx)); + kasbp.setRoles(getKillAllSessionsImpersonateRoles(opCtx)); + + return kasbp; +} + +KillAllSessionsByPattern makeKillAllSessionsByPattern(OperationContext* opCtx, + const KillAllSessionsUser& kasu) { + KillAllSessionsByPattern kasbp = makeKillAllSessionsByPattern(opCtx); + + auto authMgr = AuthorizationManager::get(opCtx->getServiceContext()); + + User* user; + UserName un(kasu.getUser(), kasu.getDb()); + + uassertStatusOK(authMgr->acquireUser(opCtx, un, &user)); + kasbp.setUid(user->getDigest()); + authMgr->releaseUser(user); + + return kasbp; +} + +KillAllSessionsByPattern makeKillAllSessionsByPattern(OperationContext* opCtx, + const LogicalSessionId& lsid) { + KillAllSessionsByPattern kasbp = makeKillAllSessionsByPattern(opCtx); + kasbp.setLsid(lsid); + + return kasbp; +} + +} // namespace mongo diff --git a/src/mongo/db/kill_sessions.h b/src/mongo/db/kill_sessions.h new file mode 100644 index 00000000000..547c2d038a3 --- /dev/null +++ b/src/mongo/db/kill_sessions.h @@ -0,0 +1,102 @@ +/** + * Copyright (C) 2017 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. + */ + +#pragma once + +#include <tuple> + +#include "mongo/db/auth/role_name.h" +#include "mongo/db/auth/user_name.h" +#include "mongo/db/kill_sessions_gen.h" +#include "mongo/db/logical_session_id.h" + +namespace mongo { + +class OperationContext; +class ServiceContext; + +struct KillAllSessionsByPatternHash { + std::size_t operator()(const KillAllSessionsByPattern& pattern) const { + if (pattern.getLsid()) { + return lsidHasher(*pattern.getLsid()); + } else if (pattern.getUid()) { + return uidHasher(*pattern.getUid()); + } + + // fall through for killAll + return 0; + } + + LogicalSessionIdHash lsidHasher; + SHA256Block::Hash uidHasher; +}; + +/** + * Patterns are specifically equal if they differ only by impersonate data. + */ +inline bool operator==(const KillAllSessionsByPattern& lhs, const KillAllSessionsByPattern& rhs) { + auto makeEqualityLens = [](const auto& pattern) { + return std::tie(pattern.getLsid(), pattern.getUid()); + }; + + return makeEqualityLens(lhs) == makeEqualityLens(rhs); +} + +inline bool operator!=(const KillAllSessionsByPattern& lhs, const KillAllSessionsByPattern& rhs) { + return !(lhs == rhs); +} + +using KillAllSessionsByPatternSet = + stdx::unordered_set<KillAllSessionsByPattern, KillAllSessionsByPatternHash>; + +std::tuple<std::vector<UserName>, std::vector<RoleName>> getKillAllSessionsByPatternImpersonateData( + const KillAllSessionsByPattern& pattern); + +/** + * Note: All three of the below makeKillAllSessionsByPattern helpers take opCtx to inline the + * required impersonate data + */ + +/** + * Constructs a kill sessions pattern which kills all sessions + */ +KillAllSessionsByPattern makeKillAllSessionsByPattern(OperationContext* opCtx); + +/** + * Constructs a kill sessions pattern for a particular user + */ +KillAllSessionsByPattern makeKillAllSessionsByPattern(OperationContext* opCtx, + const KillAllSessionsUser& user); + +/** + * Constructs a kill sessions pattern for a particular logical session + */ +KillAllSessionsByPattern makeKillAllSessionsByPattern(OperationContext* opCtx, + const LogicalSessionId& lsid); + +} // namespace mongo diff --git a/src/mongo/db/kill_sessions.idl b/src/mongo/db/kill_sessions.idl new file mode 100644 index 00000000000..becc2c8ef9a --- /dev/null +++ b/src/mongo/db/kill_sessions.idl @@ -0,0 +1,81 @@ +# Copyright (C) 2017 MongoDB Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License, version 3, +# as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +global: + cpp_namespace: "mongo" + +imports: + - "mongo/crypto/sha256_block.idl" + - "mongo/db/logical_session_id.idl" + - "mongo/idl/basic_types.idl" + +structs: + + KillSessionsCmdFromClient: + description: "A struct representing a killSessions command from a client" + strict: false + fields: + killSessions: array<LogicalSessionFromClient> + + KillAllSessionsUser: + description: "A struct representing a killAllSessions User" + strict: true + fields: + user: string + db: string + + KillAllSessionsRole: + description: "A struct representing a killAllSessions Role" + strict: true + fields: + role: string + db: string + + KillAllSessionsCmd: + description: "A struct representing a killAllSessions command" + strict: false + fields: + killAllSessions: array<KillAllSessionsUser> + + KillAllSessionsByPattern: + description: "A struct representing a killAllSessionsByPatternCmd kill pattern" + strict: true + fields: + lsid: + type: LogicalSessionId + optional: true + uid: + type: sha256Block + optional: true + users: + description: "logged in users for impersonate" + type: array<KillAllSessionsUser> + optional: true + roles: + description: "logged in roles for impersonate" + type: array<KillAllSessionsRole> + optional: true + + KillAllSessionsByPatternCmd: + description: "A struct representing a killAllSessionsByPattern command" + strict: false + fields: + killAllSessionsByPattern: array<KillAllSessionsByPattern> + + KillSessionsCmdToServer: + description: "A struct representing a killSessions command to a server" + strict: true + fields: + killSessions: array<LogicalSessionId> diff --git a/src/mongo/db/kill_sessions_common.cpp b/src/mongo/db/kill_sessions_common.cpp new file mode 100644 index 00000000000..084e5eeec44 --- /dev/null +++ b/src/mongo/db/kill_sessions_common.cpp @@ -0,0 +1,91 @@ +/** + * Copyright (C) 2017 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. + */ + +#define MONGO_LOG_DEFAULT_COMPONENT ::mongo::logger::LogComponent::kCommand + +#include "mongo/platform/basic.h" + +#include "mongo/db/kill_sessions_common.h" + +#include "mongo/db/client.h" +#include "mongo/db/operation_context.h" +#include "mongo/db/service_context.h" +#include "mongo/db/session_killer.h" +#include "mongo/util/log.h" + +namespace mongo { + +SessionKiller::Result killSessionsLocalKillOps(OperationContext* opCtx, + const SessionKiller::Matcher& matcher) { + for (ServiceContext::LockedClientsCursor cursor(opCtx->getClient()->getServiceContext()); + Client* client = cursor.next();) { + invariant(client); + stdx::unique_lock<Client> lk(*client); + + OperationContext* opCtxToKill = client->getOperationContext(); + if (opCtxToKill) { + const auto& lsid = opCtxToKill->getLogicalSessionId(); + + if (lsid) { + if (const KillAllSessionsByPattern* pattern = matcher.match(*lsid)) { + ScopedKillAllSessionsByPatternImpersonator impersonator(opCtx, *pattern); + + log() << "killing op: " << opCtxToKill->getOpID() + << " as part of killing session: " << lsid->toBSON(); + + opCtx->getServiceContext()->killOperation(opCtxToKill); + } + } + } + } + + return {std::vector<HostAndPort>{}}; +} + +Status killSessionsCmdHelper(OperationContext* opCtx, + BSONObjBuilder& result, + const KillAllSessionsByPatternSet& patterns) { + auto killResult = SessionKiller::get(opCtx)->kill(opCtx, patterns); + + if (!killResult->isOK()) { + return killResult->getStatus(); + } + + if (!killResult->getValue().empty()) { + BSONArrayBuilder bab(result.subarrayStart("failedHosts")); + for (const auto& host : killResult->getValue()) { + bab.append(host.toString()); + } + + return Status(ErrorCodes::HostUnreachable, "Failed to kill on some hosts"); + } + + return Status::OK(); +} + +} // namespace mongo diff --git a/src/mongo/db/kill_sessions_common.h b/src/mongo/db/kill_sessions_common.h new file mode 100644 index 00000000000..4b6556db7a8 --- /dev/null +++ b/src/mongo/db/kill_sessions_common.h @@ -0,0 +1,141 @@ +/** + * Copyright (C) 2017 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. + */ + +#pragma once + +#include "mongo/db/kill_sessions.h" + +#include <vector> + +#include "mongo/base/status.h" +#include "mongo/db/auth/authorization_session.h" +#include "mongo/db/operation_context.h" +#include "mongo/db/session_killer.h" +#include "mongo/stdx/unordered_set.h" +#include "mongo/util/stringutils.h" + +namespace mongo { + +/** + * Local killing involves looping over all local operations, checking to see if they have matching + * logical session ids, and killing if they do. + */ +SessionKiller::Result killSessionsLocalKillOps(OperationContext* opCtx, + const SessionKiller::Matcher& matcher); + +/** + * Helper for executing a pattern set from a kill sessions style command. + */ +Status killSessionsCmdHelper(OperationContext* opCtx, + BSONObjBuilder& result, + const KillAllSessionsByPatternSet& patterns); + +class ScopedKillAllSessionsByPatternImpersonator { +public: + ScopedKillAllSessionsByPatternImpersonator(OperationContext* opCtx, + const KillAllSessionsByPattern& pattern) { + AuthorizationSession* authSession = AuthorizationSession::get(opCtx->getClient()); + + if (pattern.getUsers() && pattern.getRoles()) { + std::tie(_names, _roles) = getKillAllSessionsByPatternImpersonateData(pattern); + _raii.emplace(authSession, &_names, &_roles); + } + } + +private: + std::vector<UserName> _names; + std::vector<RoleName> _roles; + boost::optional<AuthorizationSession::ScopedImpersonate> _raii; +}; + +/** + * This elaborate bit of artiface helps us to adapt the shape of a cursor manager that we know from + * logical sessions with the different ways to cancel cursors in mongos versus mongod. I.e. the + * two types share no code, but do share enough shape to re-use some boilerplate. + */ +template <typename Eraser> +class KillSessionsCursorManagerVisitor { +public: + KillSessionsCursorManagerVisitor(OperationContext* opCtx, + const SessionKiller::Matcher& matcher, + Eraser&& eraser) + : _opCtx(opCtx), _matcher(matcher), _eraser(eraser) {} + + template <typename Mgr> + void operator()(Mgr& mgr) { + LogicalSessionIdSet activeSessions; + mgr.appendActiveSessions(&activeSessions); + + for (const auto& session : activeSessions) { + if (const KillAllSessionsByPattern* pattern = _matcher.match(session)) { + ScopedKillAllSessionsByPatternImpersonator impersonator(_opCtx, *pattern); + + auto cursors = mgr.getCursorsForSession(session); + for (const auto& id : cursors) { + try { + _eraser(mgr, id); + } catch (...) { + _failures.push_back(exceptionToStatus()); + } + } + } + } + } + + Status getStatus() const { + if (_failures.empty()) { + return Status::OK(); + } + + if (_failures.size() == 1) { + return _failures.back(); + } + + return Status(_failures.back().code(), + str::stream() << "Encountered " << _failures.size() + << " errors while killing cursors, " + "showing most recent error: " + << _failures.back().reason()); + } + +private: + OperationContext* _opCtx; + const SessionKiller::Matcher& _matcher; + std::vector<Status> _failures; + Eraser _eraser; +}; + +template <typename Eraser> +auto makeKillSessionsCursorManagerVisitor(OperationContext* opCtx, + const SessionKiller::Matcher& matcher, + Eraser&& eraser) { + return KillSessionsCursorManagerVisitor<std::decay_t<Eraser>>{ + opCtx, matcher, std::forward<Eraser>(eraser)}; +} + +} // namespace mongo diff --git a/src/mongo/db/kill_sessions_local.cpp b/src/mongo/db/kill_sessions_local.cpp new file mode 100644 index 00000000000..981cab7d85c --- /dev/null +++ b/src/mongo/db/kill_sessions_local.cpp @@ -0,0 +1,63 @@ +/** + * Copyright (C) 2017 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. + */ + +#define MONGO_LOG_DEFAULT_COMPONENT ::mongo::logger::LogComponent::kCommand + +#include "mongo/platform/basic.h" + +#include "mongo/db/kill_sessions_local.h" + +#include "mongo/db/client.h" +#include "mongo/db/cursor_manager.h" +#include "mongo/db/kill_sessions_common.h" +#include "mongo/db/operation_context.h" +#include "mongo/db/service_context.h" +#include "mongo/util/log.h" + +namespace mongo { + +SessionKiller::Result killSessionsLocalKillCursors(OperationContext* opCtx, + const SessionKiller::Matcher& matcher) { + + auto status = CursorManager::killCursorsWithMatchingSessions(opCtx, matcher); + + if (status.isOK()) { + return std::vector<HostAndPort>{}; + } else { + return status; + } +} + +SessionKiller::Result killSessionsLocal(OperationContext* opCtx, + const SessionKiller::Matcher& matcher, + SessionKiller::UniformRandomBitGenerator* urbg) { + uassertStatusOK(killSessionsLocalKillCursors(opCtx, matcher)); + return uassertStatusOK(killSessionsLocalKillOps(opCtx, matcher)); +} + +} // namespace mongo diff --git a/src/mongo/db/kill_sessions_local.h b/src/mongo/db/kill_sessions_local.h new file mode 100644 index 00000000000..0785eb9d6a1 --- /dev/null +++ b/src/mongo/db/kill_sessions_local.h @@ -0,0 +1,44 @@ +/** + * Copyright (C) 2017 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. + */ + +#pragma once + +#include "mongo/db/kill_sessions.h" + +#include "mongo/db/session_killer.h" + +namespace mongo { + +SessionKiller::Result killSessionsLocal(OperationContext* opCtx, + const SessionKiller::Matcher& matcher, + SessionKiller::UniformRandomBitGenerator* urbg); + +SessionKiller::Result killSessionsLocalKillCursors(OperationContext* opCtx, + const SessionKiller::Matcher& matcher); + +} // namespace mongo diff --git a/src/mongo/db/logical_session_id.h b/src/mongo/db/logical_session_id.h index 37937d79a56..24629bdd050 100644 --- a/src/mongo/db/logical_session_id.h +++ b/src/mongo/db/logical_session_id.h @@ -112,4 +112,7 @@ inline StringBuilder& operator<<(StringBuilder& s, const LogicalSessionFromClien using LogicalSessionIdSet = stdx::unordered_set<LogicalSessionId, LogicalSessionIdHash>; using LogicalSessionRecordSet = stdx::unordered_set<LogicalSessionRecord, LogicalSessionRecordHash>; +template <typename T> +using LogicalSessionIdMap = stdx::unordered_map<LogicalSessionId, T, LogicalSessionIdHash>; + } // namespace mongo diff --git a/src/mongo/db/logical_session_id_test.cpp b/src/mongo/db/logical_session_id_test.cpp index 48b25dc4148..c10ce634cfc 100644 --- a/src/mongo/db/logical_session_id_test.cpp +++ b/src/mongo/db/logical_session_id_test.cpp @@ -157,6 +157,24 @@ TEST_F(LogicalSessionIdTest, ConstructorFromClientWithPassedUidWithPermissions) ASSERT_EQ(lsid.getUid(), uid); } +TEST_F(LogicalSessionIdTest, ConstructorFromClientWithPassedUidWithNonImpersonatePermissions) { + auto id = UUID::gen(); + auto uid = SHA256Block{}; + addSimpleUser(UserName("simple", "test")); + + LogicalSessionFromClient req; + req.setId(id); + req.setUid(uid); + + LogicalSessionId lsid = makeLogicalSessionId( + req, + _opCtx.get(), + {Privilege{ResourcePattern::forClusterResource(), ActionType::startSession}}); + + ASSERT_EQ(lsid.getId(), id); + ASSERT_EQ(lsid.getUid(), uid); +} + TEST_F(LogicalSessionIdTest, ConstructorFromClientWithPassedUidWithoutAuthedUser) { auto id = UUID::gen(); auto uid = SHA256Block{}; @@ -168,7 +186,7 @@ TEST_F(LogicalSessionIdTest, ConstructorFromClientWithPassedUidWithoutAuthedUser ASSERT_THROWS(makeLogicalSessionId(req, _opCtx.get()), AssertionException); } -TEST_F(LogicalSessionIdTest, ConstructorFromClientWithPassedUidWithoutPermissions) { +TEST_F(LogicalSessionIdTest, ConstructorFromClientWithPassedNonMatchingUidWithoutPermissions) { auto id = UUID::gen(); auto uid = SHA256Block{}; addSimpleUser(UserName("simple", "test")); @@ -180,6 +198,21 @@ TEST_F(LogicalSessionIdTest, ConstructorFromClientWithPassedUidWithoutPermission ASSERT_THROWS(makeLogicalSessionId(req, _opCtx.get()), AssertionException); } +TEST_F(LogicalSessionIdTest, ConstructorFromClientWithPassedMatchingUidWithoutPermissions) { + auto id = UUID::gen(); + User* user = addSimpleUser(UserName("simple", "test")); + auto uid = user->getDigest(); + + LogicalSessionFromClient req; + req.setId(id); + req.setUid(uid); + + LogicalSessionId lsid = makeLogicalSessionId(req, _opCtx.get()); + + ASSERT_EQ(lsid.getId(), id); + ASSERT_EQ(lsid.getUid(), uid); +} + TEST_F(LogicalSessionIdTest, GenWithUser) { User* user = addSimpleUser(UserName("simple", "test")); auto lsid = makeLogicalSessionId(_opCtx.get()); diff --git a/src/mongo/db/pipeline/pipeline_d.cpp b/src/mongo/db/pipeline/pipeline_d.cpp index 0405d78e1b8..f796cd1a9fc 100644 --- a/src/mongo/db/pipeline/pipeline_d.cpp +++ b/src/mongo/db/pipeline/pipeline_d.cpp @@ -280,6 +280,11 @@ public: infoBuilder.append("killPending", true); } + if (clientOpCtx->getLogicalSessionId()) { + BSONObjBuilder bob(infoBuilder.subobjStart("lsid")); + clientOpCtx->getLogicalSessionId()->serialize(&bob); + } + CurOp::get(clientOpCtx) ->reportState(&infoBuilder, (truncateMode == CurrentOpTruncateMode::kTruncateOps)); diff --git a/src/mongo/db/s/sharding_task_executor.cpp b/src/mongo/db/s/sharding_task_executor.cpp index 967dbe713bb..08362e55d66 100644 --- a/src/mongo/db/s/sharding_task_executor.cpp +++ b/src/mongo/db/s/sharding_task_executor.cpp @@ -111,30 +111,43 @@ StatusWith<TaskExecutor::CallbackHandle> ShardingTaskExecutor::scheduleRemoteCom return _executor->scheduleRemoteCommand(request, cb); } + boost::optional<RemoteCommandRequest> newRequest; + + if (request.opCtx->getLogicalSessionId() && !request.cmdObj.hasField("lsid")) { + newRequest.emplace(request); + BSONObjBuilder bob(std::move(newRequest->cmdObj)); + { + BSONObjBuilder subbob(bob.subobjStart("lsid")); + request.opCtx->getLogicalSessionId()->serialize(&subbob); + } + + newRequest->cmdObj = bob.obj(); + } + std::shared_ptr<OperationTimeTracker> timeTracker = OperationTimeTracker::get(request.opCtx); auto clusterGLE = ClusterLastErrorInfo::get(request.opCtx->getClient()); - auto shardingCb = [timeTracker, clusterGLE, request, cb]( + auto shardingCb = [timeTracker, clusterGLE, cb]( const TaskExecutor::RemoteCommandCallbackArgs& args) { ON_BLOCK_EXIT([&cb, &args]() { cb(args); }); // Update replica set monitor info. - auto shard = grid.shardRegistry()->getShardForHostNoReload(request.target); + auto shard = grid.shardRegistry()->getShardForHostNoReload(args.request.target); if (!shard) { - LOG(1) << "Could not find shard containing host: " << request.target.toString(); + LOG(1) << "Could not find shard containing host: " << args.request.target.toString(); } if (!args.response.isOK()) { if (shard) { - shard->updateReplSetMonitor(request.target, args.response.status); + shard->updateReplSetMonitor(args.request.target, args.response.status); } LOG(1) << "Error processing the remote request, not updating operationTime or gLE"; return; } if (shard) { - shard->updateReplSetMonitor(request.target, + shard->updateReplSetMonitor(args.request.target, getStatusFromCommandResult(args.response.data)); } @@ -153,9 +166,9 @@ StatusWith<TaskExecutor::CallbackHandle> ShardingTaskExecutor::scheduleRemoteCom if (swShardingMetadata.isOK()) { auto shardingMetadata = std::move(swShardingMetadata.getValue()); - auto shardConn = ConnectionString::parse(request.target.toString()); + auto shardConn = ConnectionString::parse(args.request.target.toString()); if (!shardConn.isOK()) { - severe() << "got bad host string in saveGLEStats: " << request.target; + severe() << "got bad host string in saveGLEStats: " << args.request.target; } clusterGLE->addHostOpTime(shardConn.getValue(), @@ -169,7 +182,7 @@ StatusWith<TaskExecutor::CallbackHandle> ShardingTaskExecutor::scheduleRemoteCom } }; - return _executor->scheduleRemoteCommand(request, shardingCb); + return _executor->scheduleRemoteCommand(newRequest ? *newRequest : request, shardingCb); } void ShardingTaskExecutor::cancel(const CallbackHandle& cbHandle) { diff --git a/src/mongo/db/service_entry_point_mongod.cpp b/src/mongo/db/service_entry_point_mongod.cpp index 491a61dc9ea..64ab9ab7271 100644 --- a/src/mongo/db/service_entry_point_mongod.cpp +++ b/src/mongo/db/service_entry_point_mongod.cpp @@ -450,7 +450,7 @@ bool runCommandImpl(OperationContext* opCtx, return result; } - result = command->enhancedRun(opCtx, request, inPlaceReplyBob); + result = command->publicRun(opCtx, request, inPlaceReplyBob); } else { auto wcResult = extractWriteConcern(opCtx, cmd, db); if (!wcResult.isOK()) { @@ -471,7 +471,7 @@ bool runCommandImpl(OperationContext* opCtx, opCtx, command->getName(), lastOpBeforeRun, &inPlaceReplyBob); }); - result = command->enhancedRun(opCtx, request, inPlaceReplyBob); + result = command->publicRun(opCtx, request, inPlaceReplyBob); // Nothing in run() should change the writeConcern. dassert(SimpleBSONObjComparator::kInstance.evaluate(opCtx->getWriteConcern().toBSON() == diff --git a/src/mongo/db/session_killer.cpp b/src/mongo/db/session_killer.cpp new file mode 100644 index 00000000000..034cc93038b --- /dev/null +++ b/src/mongo/db/session_killer.cpp @@ -0,0 +1,200 @@ +/** + * Copyright (C) 2017 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. + */ + +#include "mongo/platform/basic.h" + +#include "mongo/db/session_killer.h" + +#include "mongo/db/auth/authorization_session.h" +#include "mongo/db/client.h" +#include "mongo/db/operation_context.h" +#include "mongo/db/service_context.h" +#include "mongo/util/destructor_guard.h" +#include "mongo/util/scopeguard.h" + +namespace mongo { + +namespace { +const auto getSessionKiller = ServiceContext::declareDecoration<std::shared_ptr<SessionKiller>>(); +} // namespace + +SessionKiller::SessionKiller(ServiceContext* sc, KillFunc killer) + : _killFunc(std::move(killer)), _urbg(std::random_device{}()), _reapResults() { + _thread = stdx::thread([this, sc] { + // This is the background killing thread + + Client::setCurrent(sc->makeClient("SessionKiller")); + + stdx::unique_lock<stdx::mutex> lk(_mutex); + + // While we're not in shutdown + while (!_inShutdown) { + // Wait until we're woken up, and should either shutdown, or have something new to reap. + _killerCV.wait(lk, [&] { return _inShutdown || _nextToReap.size(); }); + + // If we're in shutdown we're done + if (_inShutdown) { + return; + } + + // Otherwise make an opctx and head into kill + auto opCtx = cc().makeOperationContext(); + _periodicKill(opCtx.get(), lk); + } + }); +} + +SessionKiller::~SessionKiller() { + DESTRUCTOR_GUARD([&] { + { + stdx::lock_guard<stdx::mutex> lk(_mutex); + _inShutdown = true; + } + _killerCV.notify_one(); + _callerCV.notify_all(); + _thread.join(); + }()); +} + +SessionKiller::ReapResult::ReapResult() : result(std::make_shared<boost::optional<Result>>()) {} + +SessionKiller::Matcher::Matcher(KillAllSessionsByPatternSet&& patterns) + : _patterns(std::move(patterns)) { + for (const auto& pattern : _patterns) { + if (pattern.getUid()) { + _uids.emplace(pattern.getUid().get(), &pattern); + } else if (pattern.getLsid()) { + _lsids.emplace(pattern.getLsid().get(), &pattern); + } else { + // If we're killing everything, it's the only pattern we care about. + decltype(_patterns) onlyKillAll{{pattern}}; + using std::swap; + swap(_patterns, onlyKillAll); + + _killAll = &(*_patterns.begin()); + break; + } + } +} + +const KillAllSessionsByPatternSet& SessionKiller::Matcher::getPatterns() const { + return _patterns; +} + +const KillAllSessionsByPattern* SessionKiller::Matcher::match(const LogicalSessionId& lsid) const { + if (_killAll) { + return _killAll; + } + + { + auto iter = _lsids.find(lsid); + if (iter != _lsids.end()) { + return iter->second; + } + } + + { + auto iter = _uids.find(lsid.getUid()); + if (iter != _uids.end()) { + return iter->second; + } + } + + return nullptr; +} + +SessionKiller* SessionKiller::get(ServiceContext* service) { + return getSessionKiller(service).get(); +} + +SessionKiller* SessionKiller::get(OperationContext* ctx) { + return get(ctx->getServiceContext()); +} + +std::shared_ptr<SessionKiller::Result> SessionKiller::kill( + OperationContext* opCtx, const KillAllSessionsByPatternSet& toKill) { + stdx::unique_lock<stdx::mutex> lk(_mutex); + + // Save a shared_ptr to the current reapResults (I.e. the next thing to get killed). + auto reapResults = _reapResults; + + // Dump all your lsids in. + for (const auto& item : toKill) { + _nextToReap.emplace(item); + } + + // Wake up the killer. + _killerCV.notify_one(); + + // Wait until our results are there, or the killer is shutting down. + opCtx->waitForConditionOrInterrupt( + _callerCV, lk, [&] { return reapResults.result->is_initialized() || _inShutdown; }); + + // If the killer is shutting down, throw. + uassert(ErrorCodes::ShutdownInProgress, "SessionKiller shutting down", !_inShutdown); + + // Otherwise, alias (via the aliasing ctor of shared_ptr) a shared_ptr to the actual results + // (inside the optional) to keep our contract. That ctor form returns a shared_ptr which + // returns one type, while keeping a refcount on a control block from a different type. + return {reapResults.result, reapResults.result->get_ptr()}; +} + +void SessionKiller::_periodicKill(OperationContext* opCtx, stdx::unique_lock<stdx::mutex>& lk) { + // Pull our current workload onto the stack. Swap it for empties. + decltype(_nextToReap) nextToReap; + decltype(_reapResults) reapResults; + { + using std::swap; + swap(nextToReap, _nextToReap); + swap(reapResults, _reapResults); + } + + // Drop the lock and run the killer. + lk.unlock(); + + Matcher matcher(std::move(nextToReap)); + boost::optional<Result> results; + try { + results.emplace(_killFunc(opCtx, matcher, &_urbg)); + } catch (...) { + results.emplace(exceptionToStatus()); + } + lk.lock(); + + invariant(results); + + // Expose the results and notify callers + *(reapResults.result) = std::move(results); + _callerCV.notify_all(); +}; + +void SessionKiller::set(ServiceContext* sc, std::shared_ptr<SessionKiller> sk) { + getSessionKiller(sc) = sk; +} + +} // namespace mongo diff --git a/src/mongo/db/session_killer.h b/src/mongo/db/session_killer.h new file mode 100644 index 00000000000..2e13df038d8 --- /dev/null +++ b/src/mongo/db/session_killer.h @@ -0,0 +1,145 @@ +/** + * Copyright (C) 2017 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. + */ + +#pragma once + +#include <boost/optional.hpp> +#include <memory> +#include <random> +#include <vector> + +#include "mongo/base/status_with.h" +#include "mongo/db/kill_sessions.h" +#include "mongo/stdx/condition_variable.h" +#include "mongo/stdx/functional.h" +#include "mongo/stdx/mutex.h" +#include "mongo/stdx/thread.h" +#include "mongo/stdx/unordered_set.h" +#include "mongo/util/net/hostandport.h" + +namespace mongo { + +/** + * The SessionKiller enforces a single thread for session killing for any given ServiceContext. + * + * The killer owns a background thread which actually does the work, and callers batch their kills + * together each round, before the killer starts its dispatching, after which they batch up for the + * next round. + * + * The KillFunc's kill function is passed in to its constructor, and parameterizes its behavior + * depending on context (mongod/mongos). + */ +class SessionKiller { +public: + /** + * The Result of a call is either: + * + * Status::OK(), empty vector - we killed everything + * Status::OK(), filled vector - we killed something. HostAndPort is filled with nodes we + * failed to kill on. + * + * !Status::OK() - The kill function itself failed. I.e. we may have killed nothing. + * + * This contract has a helper in kill_sessions_common.h which adapts results for command + * implementations. (killSessionsCmdHelper) + */ + using Result = StatusWith<std::vector<HostAndPort>>; + using UniformRandomBitGenerator = std::minstd_rand; + + class Matcher { + public: + Matcher(KillAllSessionsByPatternSet&& patterns); + + const KillAllSessionsByPatternSet& getPatterns() const; + + const KillAllSessionsByPattern* match(const LogicalSessionId& lsid) const; + + private: + KillAllSessionsByPatternSet _patterns; + LogicalSessionIdMap<const KillAllSessionsByPattern*> _lsids; + stdx::unordered_map<SHA256Block, const KillAllSessionsByPattern*, SHA256Block::Hash> _uids; + const KillAllSessionsByPattern* _killAll = nullptr; + }; + + /** + * A process specific kill function (we have a different impl in mongos versus mongod). + */ + using KillFunc = + stdx::function<Result(OperationContext*, const Matcher&, UniformRandomBitGenerator* urbg)>; + + /** + * The killer lives as a decoration on the service context. + */ + static SessionKiller* get(ServiceContext* service); + static SessionKiller* get(OperationContext* opCtx); + + /** + * This method binds the SessionKiller to the ServiceContext. + */ + static void set(ServiceContext* ctx, std::shared_ptr<SessionKiller> sk); + + explicit SessionKiller(ServiceContext* sc, KillFunc killer); + ~SessionKiller(); + + /** + * This is the api for killSessions commands to invoke the killer. It blocks until the kill is + * finished, or until it fails (times out on all nodes in mongos). + */ + std::shared_ptr<Result> kill(OperationContext* opCtx, + const KillAllSessionsByPatternSet& toKill); + +private: + /** + * This struct is a helper to default fill in the result, which is otherwise a little error + * prone. + */ + struct ReapResult { + ReapResult(); + + std::shared_ptr<boost::optional<Result>> result; + }; + + void _periodicKill(OperationContext* opCtx, stdx::unique_lock<stdx::mutex>& lk); + + KillFunc _killFunc; + + stdx::thread _thread; + + stdx::mutex _mutex; + stdx::condition_variable _callerCV; + stdx::condition_variable _killerCV; + + UniformRandomBitGenerator _urbg; + + ReapResult _reapResults; + KillAllSessionsByPatternSet _nextToReap; + + bool _inShutdown = false; +}; + +} // namespace mongo |