Fully rebuild User cache on all user modifications. SERVER-9518

author: Spencer T Brody <spencer@10gen.com> 2013-07-22 15:25:00 -0400
committer: Spencer T Brody <spencer@10gen.com> 2013-07-23 13:08:00 -0400
commit: 10c130a0c7fc88bde739beb725a20aa600f32ff1 (patch)
tree: 24d56d29bb9b1dada756be58b5cb9fc17fae14fc /src
parent: 9fdbade1caa618f32016a19e4fb7ddd5475c59f9 (diff)
download: mongo-10c130a0c7fc88bde739beb725a20aa600f32ff1.tar.gz
2 files changed, 30 insertions, 4 deletions
diff --git a/src/mongo/db/auth/authorization_manager.cpp b/src/mongo/db/auth/authorization_manager.cpp
index cf1255bfe7c..88318b64804 100644
--- a/src/mongo/db/auth/authorization_manager.cpp
+++ b/src/mongo/db/auth/authorization_manager.cpp
@@ -815,6 +815,13 @@ namespace {
         for (unordered_map<UserName, User*>::iterator it = _userCache.begin();
                 it != _userCache.end(); ++it) {
             it->second->invalidate();
+            // Need to decrement ref count and manually clean up User object to prevent memory leaks
+            // since we're pinning all User objects by incrementing their ref count when we
+            // initially populate the cache.
+            // TODO(spencer): remove this once we're not pinning User objects.
+            it->second->decrementRefCount();
+            if (it->second->getRefCount() == 0)
+                delete it->second;
         }
         _userCache.clear();
     }
diff --git a/src/mongo/db/commands/user_management_commands.cpp b/src/mongo/db/commands/user_management_commands.cpp
index 9200429104a..c468c9cc747 100644
--- a/src/mongo/db/commands/user_management_commands.cpp
+++ b/src/mongo/db/commands/user_management_commands.cpp
@@ -150,8 +150,17 @@ namespace mongo {
                 userObjBuilder.append("otherDBRoles", args.otherDBRoles);
             }
 
-            status = getGlobalAuthorizationManager()->insertPrivilegeDocument(dbname,
-                                                                              userObjBuilder.obj());
+            AuthorizationManager* authzManager = getGlobalAuthorizationManager();
+            status = authzManager->insertPrivilegeDocument(dbname, userObjBuilder.obj());
+            if (!status.isOK()) {
+                addStatus(status, result);
+                return false;
+            }
+
+            // Rebuild full user cache on every user modification.
+            // TODO(spencer): Remove this once we update user cache on-demand for each user
+            // modification.
+            status = authzManager->initilizeAllV1UserData();
             if (!status.isOK()) {
                 addStatus(status, result);
                 return false;
@@ -331,9 +340,19 @@ namespace mongo {
             }
             BSONObj updateObj = BSON("$set" << setBuilder.obj());
 
-            status = getGlobalAuthorizationManager()->updatePrivilegeDocument(
-                    UserName(args.userName, dbname), updateObj);
+            AuthorizationManager* authzManager = getGlobalAuthorizationManager();
+            status = authzManager->updatePrivilegeDocument(UserName(args.userName, dbname),
+                                                           updateObj);
+
+            if (!status.isOK()) {
+                addStatus(status, result);
+                return false;
+            }
 
+            // Rebuild full user cache on every user modification.
+            // TODO(spencer): Remove this once we update user cache on-demand for each user
+            // modification.
+            status = authzManager->initilizeAllV1UserData();
             if (!status.isOK()) {
                 addStatus(status, result);
                 return false;
author	Spencer T Brody <spencer@10gen.com>	2013-07-22 15:25:00 -0400
committer	Spencer T Brody <spencer@10gen.com>	2013-07-23 13:08:00 -0400
commit	10c130a0c7fc88bde739beb725a20aa600f32ff1 (patch)
tree	24d56d29bb9b1dada756be58b5cb9fc17fae14fc /src
parent	9fdbade1caa618f32016a19e4fb7ddd5475c59f9 (diff)
download	mongo-10c130a0c7fc88bde739beb725a20aa600f32ff1.tar.gz