From 01d40849047890796d097beff99258aae47ce552 Mon Sep 17 00:00:00 2001 From: James Wahlin Date: Mon, 12 Feb 2018 11:35:10 -0500 Subject: SERVER-33221 Add find & getMore commands to session checkout whitelist --- src/mongo/db/service_entry_point_mongod.cpp | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'src/mongo') diff --git a/src/mongo/db/service_entry_point_mongod.cpp b/src/mongo/db/service_entry_point_mongod.cpp index eefbaec84be..69235c1e0c5 100644 --- a/src/mongo/db/service_entry_point_mongod.cpp +++ b/src/mongo/db/service_entry_point_mongod.cpp @@ -107,7 +107,9 @@ const StringMap cmdWhitelist = {{"delete", 1}, {"findAndModify", 1}, {"insert", 1}, {"refreshLogicalSessionCacheNow", 1}, - {"update", 1}}; + {"update", 1}, + {"find", 1}, + {"getMore", 1}}; BSONObj getRedactedCopyForLogging(const Command* command, const BSONObj& cmdObj) { mutablebson::Document cmdToLog(cmdObj, mutablebson::Document::kInPlaceDisabled); @@ -579,8 +581,12 @@ void execCommandDatabase(OperationContext* opCtx, // servers may result in a deadlock when a server tries to check out a session it is already // using to service an earlier operation in the command's chain. To avoid this, only check // out sessions for commands that require them (i.e. write commands). - OperationContextSession sessionTxnState( - opCtx, cmdWhitelist.find(command->getName()) != cmdWhitelist.cend()); + // Session checkout is also prevented for commands run within DBDirectClient. If checkout is + // required, it is expected to be handled by the outermost command. + const bool shouldCheckoutSession = + cmdWhitelist.find(command->getName()) != cmdWhitelist.cend() && + !opCtx->getClient()->isInDirectClient(); + OperationContextSession sessionTxnState(opCtx, shouldCheckoutSession); ImpersonationSessionGuard guard(opCtx); uassertStatusOK(Command::checkAuthorization(command, opCtx, request)); -- cgit v1.2.1