diff options
author | Mark Benvenuto <mark.benvenuto@mongodb.com> | 2021-10-11 13:52:46 -0400 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-10-14 21:01:28 +0000 |
commit | 25feddcaef0c01b5bedb11a288ca86dc19d00cb8 (patch) | |
tree | e15a01b1d068dfd20791e8255e50d08ef5f43d6f /src/mongo/db/auth | |
parent | 4b445f9d21ad18ee5d3218383b5180a4b9a9da01 (diff) | |
download | mongo-25feddcaef0c01b5bedb11a288ca86dc19d00cb8.tar.gz |
SERVER-60317 Fix TSAN errors in Authorization Contract
Diffstat (limited to 'src/mongo/db/auth')
-rw-r--r-- | src/mongo/db/auth/authorization_contract.cpp | 11 | ||||
-rw-r--r-- | src/mongo/db/auth/authorization_contract.h | 7 |
2 files changed, 18 insertions, 0 deletions
diff --git a/src/mongo/db/auth/authorization_contract.cpp b/src/mongo/db/auth/authorization_contract.cpp index 6f78c07f150..3c127c4ee45 100644 --- a/src/mongo/db/auth/authorization_contract.cpp +++ b/src/mongo/db/auth/authorization_contract.cpp @@ -41,6 +41,8 @@ namespace mongo { void AuthorizationContract::clear() { + stdx::lock_guard<Mutex> lck(_mutex); + _checks.reset(); for (size_t i = 0; i < _privilegeChecks.size(); ++i) { _privilegeChecks[i].removeAllActions(); @@ -48,26 +50,35 @@ void AuthorizationContract::clear() { } void AuthorizationContract::addAccessCheck(AccessCheckEnum check) { + stdx::lock_guard<Mutex> lck(_mutex); + _checks.set(static_cast<size_t>(check), true); } bool AuthorizationContract::hasAccessCheck(AccessCheckEnum check) const { + stdx::lock_guard<Mutex> lck(_mutex); + return _checks.test(static_cast<size_t>(check)); } void AuthorizationContract::addPrivilege(const Privilege& p) { + stdx::lock_guard<Mutex> lck(_mutex); + auto matchType = p.getResourcePattern().matchType(); _privilegeChecks[static_cast<size_t>(matchType)].addAllActionsFromSet(p.getActions()); } bool AuthorizationContract::hasPrivileges(const Privilege& p) const { + stdx::lock_guard<Mutex> lck(_mutex); + auto matchType = p.getResourcePattern().matchType(); return _privilegeChecks[static_cast<size_t>(matchType)].contains(p.getActions()); } bool AuthorizationContract::contains(const AuthorizationContract& other) const { + stdx::lock_guard<Mutex> lck(_mutex); if ((_checks | other._checks) != _checks) { if (kDebugBuild) { diff --git a/src/mongo/db/auth/authorization_contract.h b/src/mongo/db/auth/authorization_contract.h index 2541481d72e..f5400557d3c 100644 --- a/src/mongo/db/auth/authorization_contract.h +++ b/src/mongo/db/auth/authorization_contract.h @@ -67,6 +67,11 @@ public: } } + AuthorizationContract(const AuthorizationContract& other) { + _checks = other._checks; + _privilegeChecks = other._privilegeChecks; + } + /** * Clear the authorization contract */ @@ -98,6 +103,8 @@ public: bool contains(const AuthorizationContract& other) const; private: + mutable Mutex _mutex = MONGO_MAKE_LATCH("AuthorizationContract::_mutex"); + // Set of access checks performed std::bitset<kNumAccessCheckEnum> _checks; |