summaryrefslogtreecommitdiff
path: root/src/mongo/db/auth
diff options
context:
space:
mode:
authorMark Benvenuto <mark.benvenuto@mongodb.com>2021-10-11 13:52:46 -0400
committerEvergreen Agent <no-reply@evergreen.mongodb.com>2021-10-14 21:01:28 +0000
commit25feddcaef0c01b5bedb11a288ca86dc19d00cb8 (patch)
treee15a01b1d068dfd20791e8255e50d08ef5f43d6f /src/mongo/db/auth
parent4b445f9d21ad18ee5d3218383b5180a4b9a9da01 (diff)
downloadmongo-25feddcaef0c01b5bedb11a288ca86dc19d00cb8.tar.gz
SERVER-60317 Fix TSAN errors in Authorization Contract
Diffstat (limited to 'src/mongo/db/auth')
-rw-r--r--src/mongo/db/auth/authorization_contract.cpp11
-rw-r--r--src/mongo/db/auth/authorization_contract.h7
2 files changed, 18 insertions, 0 deletions
diff --git a/src/mongo/db/auth/authorization_contract.cpp b/src/mongo/db/auth/authorization_contract.cpp
index 6f78c07f150..3c127c4ee45 100644
--- a/src/mongo/db/auth/authorization_contract.cpp
+++ b/src/mongo/db/auth/authorization_contract.cpp
@@ -41,6 +41,8 @@
namespace mongo {
void AuthorizationContract::clear() {
+ stdx::lock_guard<Mutex> lck(_mutex);
+
_checks.reset();
for (size_t i = 0; i < _privilegeChecks.size(); ++i) {
_privilegeChecks[i].removeAllActions();
@@ -48,26 +50,35 @@ void AuthorizationContract::clear() {
}
void AuthorizationContract::addAccessCheck(AccessCheckEnum check) {
+ stdx::lock_guard<Mutex> lck(_mutex);
+
_checks.set(static_cast<size_t>(check), true);
}
bool AuthorizationContract::hasAccessCheck(AccessCheckEnum check) const {
+ stdx::lock_guard<Mutex> lck(_mutex);
+
return _checks.test(static_cast<size_t>(check));
}
void AuthorizationContract::addPrivilege(const Privilege& p) {
+ stdx::lock_guard<Mutex> lck(_mutex);
+
auto matchType = p.getResourcePattern().matchType();
_privilegeChecks[static_cast<size_t>(matchType)].addAllActionsFromSet(p.getActions());
}
bool AuthorizationContract::hasPrivileges(const Privilege& p) const {
+ stdx::lock_guard<Mutex> lck(_mutex);
+
auto matchType = p.getResourcePattern().matchType();
return _privilegeChecks[static_cast<size_t>(matchType)].contains(p.getActions());
}
bool AuthorizationContract::contains(const AuthorizationContract& other) const {
+ stdx::lock_guard<Mutex> lck(_mutex);
if ((_checks | other._checks) != _checks) {
if (kDebugBuild) {
diff --git a/src/mongo/db/auth/authorization_contract.h b/src/mongo/db/auth/authorization_contract.h
index 2541481d72e..f5400557d3c 100644
--- a/src/mongo/db/auth/authorization_contract.h
+++ b/src/mongo/db/auth/authorization_contract.h
@@ -67,6 +67,11 @@ public:
}
}
+ AuthorizationContract(const AuthorizationContract& other) {
+ _checks = other._checks;
+ _privilegeChecks = other._privilegeChecks;
+ }
+
/**
* Clear the authorization contract
*/
@@ -98,6 +103,8 @@ public:
bool contains(const AuthorizationContract& other) const;
private:
+ mutable Mutex _mutex = MONGO_MAKE_LATCH("AuthorizationContract::_mutex");
+
// Set of access checks performed
std::bitset<kNumAccessCheckEnum> _checks;
View Lorry Controller Status