1
2 /**
3 * Copyright (C) 2018-present MongoDB, Inc.
4 *
5 * This program is free software: you can redistribute it and/or modify
6 * it under the terms of the Server Side Public License, version 1,
7 * as published by MongoDB, Inc.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * Server Side Public License for more details.
13 *
14 * You should have received a copy of the Server Side Public License
15 * along with this program. If not, see
16 * <http://www.mongodb.com/licensing/server-side-public-license>.
17 *
18 * As a special exception, the copyright holders give permission to link the
19 * code of portions of this program with the OpenSSL library under certain
20 * conditions as described in each individual source file and distribute
21 * linked combinations including the program with the OpenSSL library. You
22 * must comply with the Server Side Public License in all respects for
23 * all of the code used other than as permitted herein. If you modify file(s)
24 * with this exception, you may extend this exception to your version of the
25 * file(s), but you are not obligated to do so. If you do not wish to do so,
26 * delete this exception statement from your version. If you delete this
27 * exception statement from all source files in the program, then also delete
28 * it in the license file.
29 */
30
31 #pragma once
32
33 #include "mongo/db/kill_sessions.h"
34
35 #include <vector>
36
37 #include "mongo/base/status.h"
38 #include "mongo/db/auth/authorization_session.h"
39 #include "mongo/db/operation_context.h"
40 #include "mongo/db/session_killer.h"
41 #include "mongo/stdx/unordered_set.h"
42 #include "mongo/util/stringutils.h"
43
44 namespace mongo {
45
46 /**
47 * Local killing involves looping over all local operations, checking to see if they have matching
48 * logical session ids, and killing if they do.
49 */
50 SessionKiller::Result killSessionsLocalKillOps(OperationContext* opCtx,
51 const SessionKiller::Matcher& matcher);
52
53 /**
54 * Helper for executing a pattern set from a kill sessions style command.
55 */
56 Status killSessionsCmdHelper(OperationContext* opCtx,
57 BSONObjBuilder& result,
58 const KillAllSessionsByPatternSet& patterns);
59
60 class ScopedKillAllSessionsByPatternImpersonator {
61 public:
ScopedKillAllSessionsByPatternImpersonator(OperationContext * opCtx,const KillAllSessionsByPattern & pattern)62 ScopedKillAllSessionsByPatternImpersonator(OperationContext* opCtx,
63 const KillAllSessionsByPattern& pattern) {
64 AuthorizationSession* authSession = AuthorizationSession::get(opCtx->getClient());
65
66 if (pattern.getUsers() && pattern.getRoles()) {
67 std::tie(_names, _roles) = getKillAllSessionsByPatternImpersonateData(pattern);
68 _raii.emplace(authSession, &_names, &_roles);
69 }
70 }
71
72 private:
73 std::vector<UserName> _names;
74 std::vector<RoleName> _roles;
75 boost::optional<AuthorizationSession::ScopedImpersonate> _raii;
76 };
77
78 /**
79 * This elaborate bit of artiface helps us to adapt the shape of a cursor manager that we know from
80 * logical sessions with the different ways to cancel cursors in mongos versus mongod. I.e. the
81 * two types share no code, but do share enough shape to re-use some boilerplate.
82 */
83 template <typename Eraser>
84 class KillSessionsCursorManagerVisitor {
85 public:
KillSessionsCursorManagerVisitor(OperationContext * opCtx,const SessionKiller::Matcher & matcher,Eraser && eraser)86 KillSessionsCursorManagerVisitor(OperationContext* opCtx,
87 const SessionKiller::Matcher& matcher,
88 Eraser&& eraser)
89 : _opCtx(opCtx), _matcher(matcher), _cursorsKilled(0), _eraser(eraser) {}
90
91 template <typename Mgr>
operator()92 void operator()(Mgr& mgr) noexcept {
93 LogicalSessionIdSet activeSessions;
94 mgr.appendActiveSessions(&activeSessions);
95
96 for (const auto& session : activeSessions) {
97 if (const KillAllSessionsByPattern* pattern = _matcher.match(session)) {
98 ScopedKillAllSessionsByPatternImpersonator impersonator(_opCtx, *pattern);
99
100 auto cursors = mgr.getCursorsForSession(session);
101 for (const auto& id : cursors) {
102 try {
103 _eraser(mgr, id);
104 _cursorsKilled++;
105 } catch (const ExceptionFor<ErrorCodes::CursorNotFound>&) {
106 // Cursor was killed separately after this command was initiated. Still
107 // count the cursor as killed here, since the user's request is
108 // technically satisfied.
109 _cursorsKilled++;
110 } catch (const DBException& ex) {
111 _failures.push_back(ex.toStatus());
112 }
113 }
114 }
115 }
116 }
117
getStatus()118 Status getStatus() const {
119 if (_failures.empty()) {
120 return Status::OK();
121 }
122
123 if (_failures.size() == 1) {
124 return _failures.back();
125 }
126
127 return Status(_failures.back().code(),
128 str::stream() << "Encountered " << _failures.size()
129 << " errors while killing cursors, "
130 "showing most recent error: "
131 << _failures.back().reason());
132 }
133
getCursorsKilled()134 int getCursorsKilled() const {
135 return _cursorsKilled;
136 }
137
138 private:
139 OperationContext* _opCtx;
140 const SessionKiller::Matcher& _matcher;
141 std::vector<Status> _failures;
142 int _cursorsKilled;
143 Eraser _eraser;
144 };
145
146 template <typename Eraser>
makeKillSessionsCursorManagerVisitor(OperationContext * opCtx,const SessionKiller::Matcher & matcher,Eraser && eraser)147 auto makeKillSessionsCursorManagerVisitor(OperationContext* opCtx,
148 const SessionKiller::Matcher& matcher,
149 Eraser&& eraser) {
150 return KillSessionsCursorManagerVisitor<std::decay_t<Eraser>>{
151 opCtx, matcher, std::forward<Eraser>(eraser)};
152 }
153
154 } // namespace mongo
155