diff options
author | Spencer T Brody <spencer@10gen.com> | 2013-09-10 15:02:00 -0400 |
---|---|---|
committer | Spencer T Brody <spencer@10gen.com> | 2013-09-11 16:33:27 -0400 |
commit | a688dfed6143fb16775008dd9bd63ac94722956b (patch) | |
tree | 8d96ef3289f1a1627376552ae4a380596bae34cf /src/mongo/db | |
parent | 260079ce653ece2fca028d6171e8f3cdfe486bd1 (diff) | |
download | mongo-a688dfed6143fb16775008dd9bd63ac94722956b.tar.gz |
SERVER-9518 Implement functions in mongos and mongod for locking authorization data
Diffstat (limited to 'src/mongo/db')
5 files changed, 36 insertions, 4 deletions
diff --git a/src/mongo/db/auth/authz_manager_external_state.h b/src/mongo/db/auth/authz_manager_external_state.h index 19fa865abe2..0769c2bf98f 100644 --- a/src/mongo/db/auth/authz_manager_external_state.h +++ b/src/mongo/db/auth/authz_manager_external_state.h @@ -154,12 +154,14 @@ namespace mongo { * to authorization, namely the admin.system.users, admin.system.roles, and * admin.system.version collections. This serializes all writers to the authorization * documents, but does not impact readers. + * This can only be called when already in the AuthorizationManager's _lock. */ virtual bool tryAcquireAuthzUpdateLock() = 0; /** * Releases the lock guarding modifications to persistent authorization data, which must * already be held. + * This can only be called when already in the AuthorizationManager's _lock. */ virtual void releaseAuthzUpdateLock() = 0; diff --git a/src/mongo/db/auth/authz_manager_external_state_d.cpp b/src/mongo/db/auth/authz_manager_external_state_d.cpp index 72e01e5f29e..9afc9784bc3 100644 --- a/src/mongo/db/auth/authz_manager_external_state_d.cpp +++ b/src/mongo/db/auth/authz_manager_external_state_d.cpp @@ -28,6 +28,9 @@ #include "mongo/db/auth/authz_manager_external_state_d.h" +#include <string> +#include <boost/thread/mutex.hpp> + #include "mongo/base/status.h" #include "mongo/db/auth/authorization_manager.h" #include "mongo/db/auth/user_name.h" @@ -232,11 +235,11 @@ namespace { } bool AuthzManagerExternalStateMongod::tryAcquireAuthzUpdateLock() { - fassertFailed(17099); + return _authzDataUpdateLock.try_lock(); } void AuthzManagerExternalStateMongod::releaseAuthzUpdateLock() { - fassertFailed(17100); + return _authzDataUpdateLock.unlock(); } } // namespace mongo diff --git a/src/mongo/db/auth/authz_manager_external_state_d.h b/src/mongo/db/auth/authz_manager_external_state_d.h index a9c050be5cb..ebb2b4fb022 100644 --- a/src/mongo/db/auth/authz_manager_external_state_d.h +++ b/src/mongo/db/auth/authz_manager_external_state_d.h @@ -28,6 +28,7 @@ #pragma once +#include <boost/thread/mutex.hpp> #include <string> #include "mongo/base/disallow_copying.h" @@ -86,6 +87,9 @@ namespace mongo { virtual Status _findUser(const string& usersNamespace, const BSONObj& query, BSONObj* result); + + private: + boost::mutex _authzDataUpdateLock; }; } // namespace mongo diff --git a/src/mongo/db/auth/authz_manager_external_state_s.cpp b/src/mongo/db/auth/authz_manager_external_state_s.cpp index 79bda6f4f8b..96a4894c06f 100644 --- a/src/mongo/db/auth/authz_manager_external_state_s.cpp +++ b/src/mongo/db/auth/authz_manager_external_state_s.cpp @@ -28,12 +28,15 @@ #include "mongo/db/auth/authz_manager_external_state_s.h" +#include <boost/scoped_ptr.hpp> #include <string> #include "mongo/client/dbclientinterface.h" +#include "mongo/client/distlock.h" #include "mongo/db/auth/authorization_manager.h" #include "mongo/db/auth/user_name.h" #include "mongo/db/jsobj.h" +#include "mongo/s/config.h" #include "mongo/s/type_database.h" #include "mongo/s/grid.h" #include "mongo/util/assert_util.h" @@ -46,6 +49,7 @@ namespace { } AuthzManagerExternalStateMongos::AuthzManagerExternalStateMongos() {} + AuthzManagerExternalStateMongos::~AuthzManagerExternalStateMongos() {} namespace { @@ -259,11 +263,25 @@ namespace { } bool AuthzManagerExternalStateMongos::tryAcquireAuthzUpdateLock() { - fassertFailed(17109); + if (_authzDataUpdateLock.get()) { + return false; + } + _authzDataUpdateLock.reset(new ScopedDistributedLock( + configServer.getConnectionString(), "authorizationData")); + + std::string errmsg; + if (!_authzDataUpdateLock->tryAcquire(&errmsg)) { + warning() << + "Error while attempting to acquire distributed lock for user modification: " << + errmsg << endl; + _authzDataUpdateLock.reset(); + return false; + } + return true; } void AuthzManagerExternalStateMongos::releaseAuthzUpdateLock() { - fassertFailed(17110); + _authzDataUpdateLock.reset(); } } // namespace mongo diff --git a/src/mongo/db/auth/authz_manager_external_state_s.h b/src/mongo/db/auth/authz_manager_external_state_s.h index 903143e707f..baec4d73dca 100644 --- a/src/mongo/db/auth/authz_manager_external_state_s.h +++ b/src/mongo/db/auth/authz_manager_external_state_s.h @@ -28,10 +28,12 @@ #pragma once +#include <boost/scoped_ptr.hpp> #include <string> #include "mongo/base/disallow_copying.h" #include "mongo/base/status.h" +#include "mongo/client/distlock.h" #include "mongo/db/auth/authz_manager_external_state.h" #include "mongo/db/auth/user_name.h" @@ -86,6 +88,9 @@ namespace mongo { virtual Status _findUser(const string& usersNamespace, const BSONObj& query, BSONObj* result); + + private: + scoped_ptr<ScopedDistributedLock> _authzDataUpdateLock; }; } // namespace mongo |