Skip to content

Commit

Permalink
SERVER-9983 Do not needlessly lock when looking up privileges for the…
Browse files Browse the repository at this point in the history 
… __system@local user.

Uncorrected, this can cause replica set heartbeats to stall behind operations
that hold the read lock for a long time.
  • Loading branch information
Andy Schwerin committed Jun 20, 2013
1 parent 021b9bb commit c5ad045
Showing 1 changed file with 13 additions and 7 deletions.
20 changes: 13 additions & 7 deletions src/mongo/db/auth/authorization_session.cpp
View file
Expand Up @@ -63,9 +63,21 @@ namespace {
_authenticatedPrincipals.add(principal);
if (!principal->isImplicitPrivilegeAcquisitionEnabled())
return;

const std::string dbname = principal->getName().getDB().toString();
if (dbname == StringData("local", StringData::LiteralTag()) &&
principal->getName().getUser() == internalSecurity.user) {

// Grant full access to internal user
ActionSet allActions;
allActions.addAllActions();
acquirePrivilege(Privilege(PrivilegeSet::WILDCARD_RESOURCE, allActions),
principal->getName());
return;
}

_acquirePrivilegesForPrincipalFromDatabase(ADMIN_DBNAME, principal->getName());
principal->markDatabaseAsProbed(ADMIN_DBNAME);
const std::string dbname = principal->getName().getDB().toString();
_acquirePrivilegesForPrincipalFromDatabase(dbname, principal->getName());
principal->markDatabaseAsProbed(dbname);
_externalState->onAddAuthorizedPrincipal(principal);
Expand Down Expand Up @@ -146,12 +158,6 @@ namespace {
<< user.getDB(),
0);
}
if (user.getUser() == internalSecurity.user) {
// Grant full access to internal user
ActionSet allActions;
allActions.addAllActions();
return acquirePrivilege(Privilege(PrivilegeSet::WILDCARD_RESOURCE, allActions), user);
}
return _externalState->getAuthorizationManager().buildPrivilegeSet(dbname,
user,
privilegeDocument,
Expand Down

0 comments on commit c5ad045

Please sign in to comment.