Skip to content
Browse files

SERVER-9983 Do not needlessly lock when looking up privileges for the…

… __system@local user.

Uncorrected, this can cause replica set heartbeats to stall behind operations
that hold the read lock for a long time.
  • Loading branch information...
1 parent d2b8eab commit 23344f8b7506df694f66999693ee3c00dfd6afae @andy10gen andy10gen committed Jun 20, 2013
Showing with 13 additions and 8 deletions.
  1. +13 −8 src/mongo/db/auth/authorization_manager.cpp
View
21 src/mongo/db/auth/authorization_manager.cpp
@@ -394,9 +394,21 @@ namespace {
_authenticatedPrincipals.add(principal);
if (!principal->isImplicitPrivilegeAcquisitionEnabled())
return;
+
+ const std::string dbname = principal->getName().getDB().toString();
+ if (dbname == StringData("local", StringData::LiteralTag()) &&
+ principal->getName().getUser() == internalSecurity.user) {
+
+ // Grant full access to internal user
+ ActionSet allActions;
+ allActions.addAllActions();
+ acquirePrivilege(Privilege(PrivilegeSet::WILDCARD_RESOURCE, allActions),
+ principal->getName());
+ return;
+ }
+
_acquirePrivilegesForPrincipalFromDatabase(ADMIN_DBNAME, principal->getName());
principal->markDatabaseAsProbed(ADMIN_DBNAME);
- const std::string dbname = principal->getName().getDB().toString();
_acquirePrivilegesForPrincipalFromDatabase(dbname, principal->getName());
principal->markDatabaseAsProbed(dbname);
}
@@ -491,13 +503,6 @@ namespace {
<< principal.getDB(),
0);
}
- if (principal.getUser() == internalSecurity.user) {
- // Grant full access to internal user
- ActionSet allActions;
- allActions.addAllActions();
- return acquirePrivilege(Privilege(PrivilegeSet::WILDCARD_RESOURCE, allActions),
- principal);
- }
return buildPrivilegeSet(dbname, principal, privilegeDocument, &_acquiredPrivileges);
}

0 comments on commit 23344f8

Please sign in to comment.
Something went wrong with that request. Please try again.