diff options
author | Spencer T Brody <spencer@10gen.com> | 2013-07-22 15:25:00 -0400 |
---|---|---|
committer | Spencer T Brody <spencer@10gen.com> | 2013-07-23 13:08:00 -0400 |
commit | 10c130a0c7fc88bde739beb725a20aa600f32ff1 (patch) | |
tree | 24d56d29bb9b1dada756be58b5cb9fc17fae14fc /src | |
parent | 9fdbade1caa618f32016a19e4fb7ddd5475c59f9 (diff) | |
download | mongo-10c130a0c7fc88bde739beb725a20aa600f32ff1.tar.gz |
Fully rebuild User cache on all user modifications. SERVER-9518
Diffstat (limited to 'src')
-rw-r--r-- | src/mongo/db/auth/authorization_manager.cpp | 7 | ||||
-rw-r--r-- | src/mongo/db/commands/user_management_commands.cpp | 27 |
2 files changed, 30 insertions, 4 deletions
diff --git a/src/mongo/db/auth/authorization_manager.cpp b/src/mongo/db/auth/authorization_manager.cpp index cf1255bfe7c..88318b64804 100644 --- a/src/mongo/db/auth/authorization_manager.cpp +++ b/src/mongo/db/auth/authorization_manager.cpp @@ -815,6 +815,13 @@ namespace { for (unordered_map<UserName, User*>::iterator it = _userCache.begin(); it != _userCache.end(); ++it) { it->second->invalidate(); + // Need to decrement ref count and manually clean up User object to prevent memory leaks + // since we're pinning all User objects by incrementing their ref count when we + // initially populate the cache. + // TODO(spencer): remove this once we're not pinning User objects. + it->second->decrementRefCount(); + if (it->second->getRefCount() == 0) + delete it->second; } _userCache.clear(); } diff --git a/src/mongo/db/commands/user_management_commands.cpp b/src/mongo/db/commands/user_management_commands.cpp index 9200429104a..c468c9cc747 100644 --- a/src/mongo/db/commands/user_management_commands.cpp +++ b/src/mongo/db/commands/user_management_commands.cpp @@ -150,8 +150,17 @@ namespace mongo { userObjBuilder.append("otherDBRoles", args.otherDBRoles); } - status = getGlobalAuthorizationManager()->insertPrivilegeDocument(dbname, - userObjBuilder.obj()); + AuthorizationManager* authzManager = getGlobalAuthorizationManager(); + status = authzManager->insertPrivilegeDocument(dbname, userObjBuilder.obj()); + if (!status.isOK()) { + addStatus(status, result); + return false; + } + + // Rebuild full user cache on every user modification. + // TODO(spencer): Remove this once we update user cache on-demand for each user + // modification. + status = authzManager->initilizeAllV1UserData(); if (!status.isOK()) { addStatus(status, result); return false; @@ -331,9 +340,19 @@ namespace mongo { } BSONObj updateObj = BSON("$set" << setBuilder.obj()); - status = getGlobalAuthorizationManager()->updatePrivilegeDocument( - UserName(args.userName, dbname), updateObj); + AuthorizationManager* authzManager = getGlobalAuthorizationManager(); + status = authzManager->updatePrivilegeDocument(UserName(args.userName, dbname), + updateObj); + + if (!status.isOK()) { + addStatus(status, result); + return false; + } + // Rebuild full user cache on every user modification. + // TODO(spencer): Remove this once we update user cache on-demand for each user + // modification. + status = authzManager->initilizeAllV1UserData(); if (!status.isOK()) { addStatus(status, result); return false; |