diff options
author | Spencer T Brody <spencer@mongodb.com> | 2015-02-25 17:31:08 -0500 |
---|---|---|
committer | Spencer T Brody <spencer@mongodb.com> | 2015-02-26 15:13:14 -0500 |
commit | 85d2238a163249f7d8e2c26933681b4374af19d0 (patch) | |
tree | aa5286d33ab7e70bc39da6521d81ec745baea169 /src/mongo/db/auth/authorization_manager.h | |
parent | 6769eca988fd96f68f15d54a37f135eea3298406 (diff) | |
download | mongo-85d2238a163249f7d8e2c26933681b4374af19d0.tar.gz |
SERVER-12235 Cache whether any users exist for checking whether the localhost exception should be in effect
Diffstat (limited to 'src/mongo/db/auth/authorization_manager.h')
-rw-r--r-- | src/mongo/db/auth/authorization_manager.h | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/src/mongo/db/auth/authorization_manager.h b/src/mongo/db/auth/authorization_manager.h index c3371bb11c7..a6b4f4ae068 100644 --- a/src/mongo/db/auth/authorization_manager.h +++ b/src/mongo/db/auth/authorization_manager.h @@ -179,8 +179,15 @@ namespace mongo { */ OID getCacheGeneration(); - // Returns true if there exists at least one privilege document in the system. - bool hasAnyPrivilegeDocuments(OperationContext* txn) const; + /** + * Returns true if there exists at least one privilege document in the system. + * Used by the AuthorizationSession to determine whether localhost connections should be + * granted special access to bootstrap the system. + * NOTE: If this method ever returns true, the result is cached in _privilegeDocsExist, + * meaning that once this method returns true it will continue to return true for the + * lifetime of this process, even if all users are subsequently dropped from the system. + */ + bool hasAnyPrivilegeDocuments(OperationContext* txn); /** * Updates the auth schema version document to reflect the current state of the system. @@ -478,6 +485,14 @@ namespace mongo { */ bool _authEnabled; + /** + * A cache of whether there are any users set up for the cluster. + */ + bool _privilegeDocsExist; + + // Protects _privilegeDocsExist + mutable boost::mutex _privilegeDocsExistMutex; + boost::scoped_ptr<AuthzManagerExternalState> _externalState; /** |