SERVER-12235 Cache whether any users exist for checking whether the localhost exception should be in effect

1 files changed, 17 insertions, 2 deletions

diff --git a/src/mongo/db/auth/authorization_manager.h b/src/mongo/db/auth/authorization_manager.h
index c3371bb11c7..a6b4f4ae068 100644
--- a/src/mongo/db/auth/authorization_manager.h
+++ b/src/mongo/db/auth/authorization_manager.h
@@ -179,8 +179,15 @@ namespace mongo {
          */
         OID getCacheGeneration();
 
-        // Returns true if there exists at least one privilege document in the system.
-        bool hasAnyPrivilegeDocuments(OperationContext* txn) const;
+        /**
+         * Returns true if there exists at least one privilege document in the system.
+         * Used by the AuthorizationSession to determine whether localhost connections should be
+         * granted special access to bootstrap the system.
+         * NOTE: If this method ever returns true, the result is cached in _privilegeDocsExist,
+         * meaning that once this method returns true it will continue to return true for the
+         * lifetime of this process, even if all users are subsequently dropped from the system.
+         */
+        bool hasAnyPrivilegeDocuments(OperationContext* txn);
 
         /**
          * Updates the auth schema version document to reflect the current state of the system.
@@ -478,6 +485,14 @@ namespace mongo {
          */
         bool _authEnabled;
 
+        /**
+         * A cache of whether there are any users set up for the cluster.
+         */
+        bool _privilegeDocsExist;
+
+        // Protects _privilegeDocsExist
+        mutable boost::mutex _privilegeDocsExistMutex;
+
         boost::scoped_ptr<AuthzManagerExternalState> _externalState;
 
         /**