Permalink
Browse files

SERVER-9983 Do not needlessly lock when looking up privileges for the…

… __system@local user.

Uncorrected, this can cause replica set heartbeats to stall behind operations
that hold the read lock for a long time.
  • Loading branch information...
1 parent 021b9bb commit c5ad04549e40b1069029026081d9324e9e06156c @amschwerin amschwerin committed Jun 20, 2013
Showing with 13 additions and 7 deletions.
  1. +13 −7 src/mongo/db/auth/authorization_session.cpp
@@ -63,9 +63,21 @@ namespace {
_authenticatedPrincipals.add(principal);
if (!principal->isImplicitPrivilegeAcquisitionEnabled())
return;
+
+ const std::string dbname = principal->getName().getDB().toString();
+ if (dbname == StringData("local", StringData::LiteralTag()) &&
+ principal->getName().getUser() == internalSecurity.user) {
+
+ // Grant full access to internal user
+ ActionSet allActions;
+ allActions.addAllActions();
+ acquirePrivilege(Privilege(PrivilegeSet::WILDCARD_RESOURCE, allActions),
+ principal->getName());
+ return;
+ }
+
_acquirePrivilegesForPrincipalFromDatabase(ADMIN_DBNAME, principal->getName());
principal->markDatabaseAsProbed(ADMIN_DBNAME);
- const std::string dbname = principal->getName().getDB().toString();
_acquirePrivilegesForPrincipalFromDatabase(dbname, principal->getName());
principal->markDatabaseAsProbed(dbname);
_externalState->onAddAuthorizedPrincipal(principal);
@@ -146,12 +158,6 @@ namespace {
<< user.getDB(),
0);
}
- if (user.getUser() == internalSecurity.user) {
- // Grant full access to internal user
- ActionSet allActions;
- allActions.addAllActions();
- return acquirePrivilege(Privilege(PrivilegeSet::WILDCARD_RESOURCE, allActions), user);
- }
return _externalState->getAuthorizationManager().buildPrivilegeSet(dbname,
user,
privilegeDocument,

0 comments on commit c5ad045

Please sign in to comment.