diff options
| author | Daniel Alabi <alabidan@gmail.com> | 2015-05-15 08:24:27 -0400 |
|---|---|---|
| committer | Daniel Alabi <alabidan@gmail.com> | 2015-05-18 10:37:45 -0400 |
| commit | b631186c3bde82f4894b31b58c769a9e83453601 (patch) | |
| tree | b10e640d6228dc43e2625b6b351a68e438cc2242 /src | |
| parent | d31bf41e161177d933bcac782a3fce3ef61f190a (diff) | |
| download | mongo-b631186c3bde82f4894b31b58c769a9e83453601.tar.gz | |
SERVER-18478 Get rid of UpdateGuard and simplify locking for user management commands on mongod
Diffstat (limited to 'src')
| -rw-r--r-- | src/mongo/db/auth/SConscript | 1 | ||||
| -rw-r--r-- | src/mongo/db/auth/authorization_manager.cpp | 9 | ||||
| -rw-r--r-- | src/mongo/db/auth/authorization_manager.h | 14 | ||||
| -rw-r--r-- | src/mongo/db/auth/authz_documents_update_guard.cpp | 57 | ||||
| -rw-r--r-- | src/mongo/db/auth/authz_documents_update_guard.h | 69 | ||||
| -rw-r--r-- | src/mongo/db/auth/authz_manager_external_state.cpp | 4 | ||||
| -rw-r--r-- | src/mongo/db/auth/authz_manager_external_state.h | 16 | ||||
| -rw-r--r-- | src/mongo/db/auth/authz_manager_external_state_d.cpp | 12 | ||||
| -rw-r--r-- | src/mongo/db/auth/authz_manager_external_state_d.h | 5 | ||||
| -rw-r--r-- | src/mongo/db/auth/authz_manager_external_state_mock.cpp | 6 | ||||
| -rw-r--r-- | src/mongo/db/auth/authz_manager_external_state_mock.h | 2 | ||||
| -rw-r--r-- | src/mongo/db/auth/authz_manager_external_state_s.cpp | 27 | ||||
| -rw-r--r-- | src/mongo/db/auth/authz_manager_external_state_s.h | 6 | ||||
| -rw-r--r-- | src/mongo/db/commands/user_management_commands.cpp | 135 |
14 files changed, 89 insertions, 274 deletions
diff --git a/src/mongo/db/auth/SConscript b/src/mongo/db/auth/SConscript index b8aa0e38063..94fa4f24f74 100644 --- a/src/mongo/db/auth/SConscript +++ b/src/mongo/db/auth/SConscript @@ -12,7 +12,6 @@ env.Library('authcore', ['action_set.cpp', 'action_type.cpp', 'authorization_manager.cpp', 'authorization_session.cpp', - 'authz_documents_update_guard.cpp', 'authz_manager_external_state.cpp', 'authz_manager_external_state_local.cpp', 'authz_session_external_state.cpp', diff --git a/src/mongo/db/auth/authorization_manager.cpp b/src/mongo/db/auth/authorization_manager.cpp index 8e68dbbcbb4..42fb2216780 100644 --- a/src/mongo/db/auth/authorization_manager.cpp +++ b/src/mongo/db/auth/authorization_manager.cpp @@ -46,7 +46,6 @@ #include "mongo/crypto/mechanism_scram.h" #include "mongo/db/auth/action_set.h" #include "mongo/db/auth/authorization_session.h" -#include "mongo/db/auth/authz_documents_update_guard.h" #include "mongo/db/auth/authz_manager_external_state.h" #include "mongo/db/auth/privilege.h" #include "mongo/db/auth/role_graph.h" @@ -750,14 +749,6 @@ namespace mongo { return Status::OK(); } - bool AuthorizationManager::tryAcquireAuthzUpdateLock(StringData why) { - return _externalState->tryAcquireAuthzUpdateLock(why); - } - - void AuthorizationManager::releaseAuthzUpdateLock() { - return _externalState->releaseAuthzUpdateLock(); - } - namespace { /** diff --git a/src/mongo/db/auth/authorization_manager.h b/src/mongo/db/auth/authorization_manager.h index a87e5c0e4cf..2825269be58 100644 --- a/src/mongo/db/auth/authorization_manager.h +++ b/src/mongo/db/auth/authorization_manager.h @@ -395,20 +395,6 @@ namespace mongo { Status _initializeUserFromPrivilegeDocument(User* user, const BSONObj& privDoc); /** - * Tries to acquire the global lock guarding modifications to all persistent data related - * to authorization, namely the admin.system.users, admin.system.roles, and - * admin.system.version collections. This serializes all writers to the authorization - * documents, but does not impact readers. - */ - bool tryAcquireAuthzUpdateLock(StringData why); - - /** - * Releases the lock guarding modifications to persistent authorization data, which must - * already be held. - */ - void releaseAuthzUpdateLock(); - - /** * Performs one step in the process of upgrading the stored authorization data to the * newest schema. * diff --git a/src/mongo/db/auth/authz_documents_update_guard.cpp b/src/mongo/db/auth/authz_documents_update_guard.cpp deleted file mode 100644 index 25bfef87a94..00000000000 --- a/src/mongo/db/auth/authz_documents_update_guard.cpp +++ /dev/null @@ -1,57 +0,0 @@ -/** -* Copyright (C) 2013 10gen Inc. -* -* This program is free software: you can redistribute it and/or modify -* it under the terms of the GNU Affero General Public License, version 3, -* as published by the Free Software Foundation. -* -* This program is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU Affero General Public License for more details. -* -* You should have received a copy of the GNU Affero General Public License -* along with this program. If not, see <http://www.gnu.org/licenses/>. -* -* As a special exception, the copyright holders give permission to link the -* code of portions of this program with the OpenSSL library under certain -* conditions as described in each individual source file and distribute -* linked combinations including the program with the OpenSSL library. You -* must comply with the GNU Affero General Public License in all respects for -* all of the code used other than as permitted herein. If you modify file(s) -* with this exception, you may extend this exception to your version of the -* file(s), but you are not obligated to do so. If you do not wish to do so, -* delete this exception statement from your version. If you delete this -* exception statement from all source files in the program, then also delete -* it in the license file. -*/ - -#include "mongo/db/auth/authz_documents_update_guard.h" - -#include "mongo/db/auth/authorization_manager.h" - - -namespace mongo { - - AuthzDocumentsUpdateGuard::AuthzDocumentsUpdateGuard(AuthorizationManager* authzManager) - : _authzManager(authzManager), _lockedForUpdate(false) {} - - AuthzDocumentsUpdateGuard::~AuthzDocumentsUpdateGuard() { - if (_lockedForUpdate) { - unlock(); - } - } - - bool AuthzDocumentsUpdateGuard::tryLock(StringData why) { - fassert(17126, !_lockedForUpdate); - _lockedForUpdate = _authzManager->tryAcquireAuthzUpdateLock(why); - return _lockedForUpdate; - } - - void AuthzDocumentsUpdateGuard::unlock() { - fassert(17127, _lockedForUpdate); - _authzManager->releaseAuthzUpdateLock(); - _lockedForUpdate = false; - } - -} // namespace mongo diff --git a/src/mongo/db/auth/authz_documents_update_guard.h b/src/mongo/db/auth/authz_documents_update_guard.h deleted file mode 100644 index 9a81409a8cb..00000000000 --- a/src/mongo/db/auth/authz_documents_update_guard.h +++ /dev/null @@ -1,69 +0,0 @@ -/** -* Copyright (C) 2013 10gen Inc. -* -* This program is free software: you can redistribute it and/or modify -* it under the terms of the GNU Affero General Public License, version 3, -* as published by the Free Software Foundation. -* -* This program is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU Affero General Public License for more details. -* -* You should have received a copy of the GNU Affero General Public License -* along with this program. If not, see <http://www.gnu.org/licenses/>. -* -* As a special exception, the copyright holders give permission to link the -* code of portions of this program with the OpenSSL library under certain -* conditions as described in each individual source file and distribute -* linked combinations including the program with the OpenSSL library. You -* must comply with the GNU Affero General Public License in all respects for -* all of the code used other than as permitted herein. If you modify file(s) -* with this exception, you may extend this exception to your version of the -* file(s), but you are not obligated to do so. If you do not wish to do so, -* delete this exception statement from your version. If you delete this -* exception statement from all source files in the program, then also delete -* it in the license file. -*/ - -#pragma once - -#include "mongo/base/disallow_copying.h" -#include "mongo/base/string_data.h" - -namespace mongo { - - class AuthorizationManager; - - /* - * Guard object for locking the lock that serializes all writes to the persistent authorization - * documents. - */ - class AuthzDocumentsUpdateGuard { - MONGO_DISALLOW_COPYING(AuthzDocumentsUpdateGuard); - public: - explicit AuthzDocumentsUpdateGuard(AuthorizationManager* authzManager); - ~AuthzDocumentsUpdateGuard(); - - /** - * Tries to acquire the global lock guarding modifications to all persistent data related - * to authorization, namely the admin.system.users, admin.system.roles, and - * admin.system.version collections. This serializes all writers to the authorization - * documents, but does not impact readers. - * Returns whether or not it was successful at acquiring the lock. - */ - bool tryLock(StringData why); - - /** - * Releases the lock guarding modifications to persistent authorization data, which must - * already be held. - */ - void unlock(); - - private: - AuthorizationManager* _authzManager; - // True if the Guard has locked the lock that guards modifications to authz documents. - bool _lockedForUpdate; - }; - -} // namespace mongo diff --git a/src/mongo/db/auth/authz_manager_external_state.cpp b/src/mongo/db/auth/authz_manager_external_state.cpp index 2ed2ee6376e..9d9d1763439 100644 --- a/src/mongo/db/auth/authz_manager_external_state.cpp +++ b/src/mongo/db/auth/authz_manager_external_state.cpp @@ -41,10 +41,6 @@ namespace mongo { stdx::function<std::unique_ptr<AuthzManagerExternalState>()> AuthzManagerExternalState::create; -#ifndef _MSC_EXTENSIONS - const long long AuthzManagerExternalState::_authzUpdateLockAcquisitionTimeoutMillis; -#endif - AuthzManagerExternalState::AuthzManagerExternalState() {} AuthzManagerExternalState::~AuthzManagerExternalState() {} diff --git a/src/mongo/db/auth/authz_manager_external_state.h b/src/mongo/db/auth/authz_manager_external_state.h index 9614b2d6989..05b1ba18aeb 100644 --- a/src/mongo/db/auth/authz_manager_external_state.h +++ b/src/mongo/db/auth/authz_manager_external_state.h @@ -226,20 +226,6 @@ namespace mongo { const BSONObj& writeConcern, int* numRemoved) = 0; - /** - * Tries to acquire the global lock guarding modifications to all persistent data related - * to authorization, namely the admin.system.users, admin.system.roles, and - * admin.system.version collections. This serializes all writers to the authorization - * documents, but does not impact readers. - */ - virtual bool tryAcquireAuthzUpdateLock(StringData why) = 0; - - /** - * Releases the lock guarding modifications to persistent authorization data, which must - * already be held. - */ - virtual void releaseAuthzUpdateLock() = 0; - virtual void logOp( OperationContext* txn, const char* op, @@ -250,8 +236,6 @@ namespace mongo { protected: AuthzManagerExternalState(); // This class should never be instantiated directly. - - static const long long _authzUpdateLockAcquisitionTimeoutMillis = 5000; }; } // namespace mongo diff --git a/src/mongo/db/auth/authz_manager_external_state_d.cpp b/src/mongo/db/auth/authz_manager_external_state_d.cpp index 7871f8d5a78..79e81727242 100644 --- a/src/mongo/db/auth/authz_manager_external_state_d.cpp +++ b/src/mongo/db/auth/authz_manager_external_state_d.cpp @@ -32,8 +32,6 @@ #include "mongo/db/auth/authz_manager_external_state_d.h" -#include <boost/thread/mutex.hpp> -#include <boost/date_time/time_duration.hpp> #include <string> #include "mongo/base/status.h" @@ -189,14 +187,4 @@ namespace mongo { } } - bool AuthzManagerExternalStateMongod::tryAcquireAuthzUpdateLock(StringData why) { - LOG(2) << "Attempting to lock user data for: " << why << endl; - return _authzDataUpdateLock.timed_lock( - boost::posix_time::milliseconds(_authzUpdateLockAcquisitionTimeoutMillis)); - } - - void AuthzManagerExternalStateMongod::releaseAuthzUpdateLock() { - return _authzDataUpdateLock.unlock(); - } - } // namespace mongo diff --git a/src/mongo/db/auth/authz_manager_external_state_d.h b/src/mongo/db/auth/authz_manager_external_state_d.h index 7a3e1f98de4..3c8fa8aa1c6 100644 --- a/src/mongo/db/auth/authz_manager_external_state_d.h +++ b/src/mongo/db/auth/authz_manager_external_state_d.h @@ -79,11 +79,6 @@ namespace mongo { const BSONObj& query, const BSONObj& writeConcern, int* numRemoved); - virtual bool tryAcquireAuthzUpdateLock(StringData why); - virtual void releaseAuthzUpdateLock(); - - private: - boost::timed_mutex _authzDataUpdateLock; }; } // namespace mongo diff --git a/src/mongo/db/auth/authz_manager_external_state_mock.cpp b/src/mongo/db/auth/authz_manager_external_state_mock.cpp index a8939fceb70..047ca78d52c 100644 --- a/src/mongo/db/auth/authz_manager_external_state_mock.cpp +++ b/src/mongo/db/auth/authz_manager_external_state_mock.cpp @@ -271,12 +271,6 @@ namespace { return Status::OK(); } - bool AuthzManagerExternalStateMock::tryAcquireAuthzUpdateLock(StringData) { - return true; - } - - void AuthzManagerExternalStateMock::releaseAuthzUpdateLock() {} - std::vector<BSONObj> AuthzManagerExternalStateMock::getCollectionContents( const NamespaceString& collectionName) { return mapFindWithDefault(_documents, collectionName, std::vector<BSONObj>()); diff --git a/src/mongo/db/auth/authz_manager_external_state_mock.h b/src/mongo/db/auth/authz_manager_external_state_mock.h index 92698263295..585d954e7ba 100644 --- a/src/mongo/db/auth/authz_manager_external_state_mock.h +++ b/src/mongo/db/auth/authz_manager_external_state_mock.h @@ -99,8 +99,6 @@ namespace mongo { const BSONObj& query, const BSONObj& writeConcern, int* numRemoved); - virtual bool tryAcquireAuthzUpdateLock(StringData why); - virtual void releaseAuthzUpdateLock(); std::vector<BSONObj> getCollectionContents(const NamespaceString& collectionName); diff --git a/src/mongo/db/auth/authz_manager_external_state_s.cpp b/src/mongo/db/auth/authz_manager_external_state_s.cpp index 40c844f9a7a..19e32f62003 100644 --- a/src/mongo/db/auth/authz_manager_external_state_s.cpp +++ b/src/mongo/db/auth/authz_manager_external_state_s.cpp @@ -332,31 +332,4 @@ namespace { return res; } - bool AuthzManagerExternalStateMongos::tryAcquireAuthzUpdateLock(StringData why) { - boost::lock_guard<boost::mutex> lkLocal(_distLockGuard); - if (_authzDataUpdateLock.get()) { - return false; - } - - auto timeout = stdx::chrono::milliseconds(_authzUpdateLockAcquisitionTimeoutMillis); - auto scopedDistLock = grid.catalogManager()->getDistLockManager()->lock( - "authorizationData", why, timeout); - - if (!scopedDistLock.isOK()) { - warning() << "Error while attempting to acquire distributed lock for " - << "user modification: " << scopedDistLock.getStatus().toString(); - return false; - } - - _authzDataUpdateLock = stdx::make_unique<DistLockManager::ScopedDistLock>( - std::move(scopedDistLock.getValue())); - - return true; - } - - void AuthzManagerExternalStateMongos::releaseAuthzUpdateLock() { - boost::lock_guard<boost::mutex> lkLocal(_distLockGuard); - _authzDataUpdateLock.reset(); - } - } // namespace mongo diff --git a/src/mongo/db/auth/authz_manager_external_state_s.h b/src/mongo/db/auth/authz_manager_external_state_s.h index 194d2f08f8f..31295aa3ec3 100644 --- a/src/mongo/db/auth/authz_manager_external_state_s.h +++ b/src/mongo/db/auth/authz_manager_external_state_s.h @@ -105,12 +105,6 @@ namespace mongo { const BSONObj& query, const BSONObj& writeConcern, int* numRemoved); - virtual bool tryAcquireAuthzUpdateLock(StringData why); - virtual void releaseAuthzUpdateLock(); - - private: - boost::mutex _distLockGuard; // Guards access to _authzDataUpdateLock - std::unique_ptr<DistLockManager::ScopedDistLock> _authzDataUpdateLock; }; } // namespace mongo diff --git a/src/mongo/db/commands/user_management_commands.cpp b/src/mongo/db/commands/user_management_commands.cpp index fbac3ef177b..7e2e1c100b3 100644 --- a/src/mongo/db/commands/user_management_commands.cpp +++ b/src/mongo/db/commands/user_management_commands.cpp @@ -32,6 +32,7 @@ #include "mongo/db/commands/user_management_commands.h" +#include <boost/thread/mutex.hpp> #include <string> #include <vector> @@ -46,7 +47,6 @@ #include "mongo/db/audit.h" #include "mongo/db/auth/action_set.h" #include "mongo/db/auth/action_type.h" -#include "mongo/db/auth/authz_documents_update_guard.h" #include "mongo/db/auth/authorization_manager.h" #include "mongo/db/auth/authorization_manager_global.h" #include "mongo/db/auth/authorization_session.h" @@ -56,14 +56,18 @@ #include "mongo/db/auth/user.h" #include "mongo/db/auth/user_document_parser.h" #include "mongo/db/auth/user_management_commands_parser.h" +#include "mongo/db/client.h" #include "mongo/db/commands.h" #include "mongo/db/jsobj.h" +#include "mongo/db/operation_context.h" +#include "mongo/db/service_context.h" #include "mongo/platform/unordered_set.h" #include "mongo/stdx/functional.h" #include "mongo/util/log.h" #include "mongo/util/mongoutils/str.h" #include "mongo/util/net/ssl_manager.h" #include "mongo/util/sequence_util.h" +#include "mongo/util/time_support.h" namespace mongo { @@ -74,6 +78,15 @@ namespace mongo { using std::stringstream; using std::vector; +namespace { + + // Used to obtain mutex that guards modifications to persistent authorization data + const auto getAuthzDataMutex = ServiceContext::declareDecoration<boost::timed_mutex>(); + + const Seconds authzDataMutexAcquisitionTimeout{5}; + +} // namespace + class CmdCreateUser : public Command { public: @@ -162,7 +175,8 @@ namespace mongo { userObjBuilder.append(AuthorizationManager::USER_DB_FIELD_NAME, args.userName.getDB()); - AuthorizationManager* authzManager = getGlobalAuthorizationManager(); + ServiceContext* serviceContext = txn->getClient()->getServiceContext(); + AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext); int authzVersion; status = authzManager->getAuthorizationVersion(txn, &authzVersion); if (!status.isOK()) { @@ -200,8 +214,9 @@ namespace mongo { return appendCommandStatus(result, status); } - AuthzDocumentsUpdateGuard updateGuard(authzManager); - if (!updateGuard.tryLock("Create user")) { + boost::unique_lock<boost::timed_mutex> lk(getAuthzDataMutex(serviceContext), + authzDataMutexAcquisitionTimeout); + if (!lk) { return appendCommandStatus( result, Status(ErrorCodes::LockBusy, "Could not lock auth data update lock.")); @@ -319,14 +334,16 @@ namespace mongo { updateSetBuilder.append("roles", auth::rolesVectorToBSONArray(args.roles)); } - AuthorizationManager* authzManager = getGlobalAuthorizationManager(); - AuthzDocumentsUpdateGuard updateGuard(authzManager); - if (!updateGuard.tryLock("Update user")) { + ServiceContext* serviceContext = txn->getClient()->getServiceContext(); + boost::unique_lock<boost::timed_mutex> lk(getAuthzDataMutex(serviceContext), + authzDataMutexAcquisitionTimeout); + if (!lk) { return appendCommandStatus( result, Status(ErrorCodes::LockBusy, "Could not lock auth data update lock.")); } + AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext); status = auth::requireAuthSchemaVersion26Final(txn, authzManager); if (!status.isOK()) { return appendCommandStatus(result, status); @@ -391,14 +408,16 @@ namespace mongo { int options, string& errmsg, BSONObjBuilder& result) { - AuthorizationManager* authzManager = getGlobalAuthorizationManager(); - AuthzDocumentsUpdateGuard updateGuard(authzManager); - if (!updateGuard.tryLock("Drop user")) { + ServiceContext* serviceContext = txn->getClient()->getServiceContext(); + boost::unique_lock<boost::timed_mutex> lk(getAuthzDataMutex(serviceContext), + authzDataMutexAcquisitionTimeout); + if (!lk) { return appendCommandStatus( result, Status(ErrorCodes::LockBusy, "Could not lock auth data update lock.")); } + AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext); Status status = auth::requireAuthSchemaVersion26Final(txn, authzManager); if (!status.isOK()) { return appendCommandStatus(result, status); @@ -470,14 +489,16 @@ namespace mongo { int options, string& errmsg, BSONObjBuilder& result) { - AuthorizationManager* authzManager = getGlobalAuthorizationManager(); - AuthzDocumentsUpdateGuard updateGuard(authzManager); - if (!updateGuard.tryLock("Drop all users from database")) { + ServiceContext* serviceContext = txn->getClient()->getServiceContext(); + boost::unique_lock<boost::timed_mutex> lk(getAuthzDataMutex(serviceContext), + authzDataMutexAcquisitionTimeout); + if (!lk) { return appendCommandStatus( result, Status(ErrorCodes::LockBusy, "Could not lock auth data update lock.")); } + AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext); Status status = auth::requireAuthSchemaVersion26Final(txn, authzManager); if (!status.isOK()) { return appendCommandStatus(result, status); @@ -538,14 +559,16 @@ namespace mongo { int options, string& errmsg, BSONObjBuilder& result) { - AuthorizationManager* authzManager = getGlobalAuthorizationManager(); - AuthzDocumentsUpdateGuard updateGuard(authzManager); - if (!updateGuard.tryLock("Grant roles to user")) { + ServiceContext* serviceContext = txn->getClient()->getServiceContext(); + boost::unique_lock<boost::timed_mutex> lk(getAuthzDataMutex(serviceContext), + authzDataMutexAcquisitionTimeout); + if (!lk) { return appendCommandStatus( result, Status(ErrorCodes::LockBusy, "Could not lock auth data update lock.")); } + AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext); Status status = auth::requireAuthSchemaVersion26Final(txn, authzManager); if (!status.isOK()) { return appendCommandStatus(result, status); @@ -621,14 +644,16 @@ namespace mongo { int options, string& errmsg, BSONObjBuilder& result) { - AuthorizationManager* authzManager = getGlobalAuthorizationManager(); - AuthzDocumentsUpdateGuard updateGuard(authzManager); - if (!updateGuard.tryLock("Revoke roles from user")) { + ServiceContext* serviceContext = txn->getClient()->getServiceContext(); + boost::unique_lock<boost::timed_mutex> lk(getAuthzDataMutex(serviceContext), + authzDataMutexAcquisitionTimeout); + if (!lk) { return appendCommandStatus( result, Status(ErrorCodes::LockBusy, "Could not lock auth data update lock.")); } + AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext); Status status = auth::requireAuthSchemaVersion26Final(txn, authzManager); if (!status.isOK()) { return appendCommandStatus(result, status); @@ -880,14 +905,16 @@ namespace mongo { roleObjBuilder.append("roles", auth::rolesVectorToBSONArray(args.roles)); - AuthorizationManager* authzManager = getGlobalAuthorizationManager(); - AuthzDocumentsUpdateGuard updateGuard(authzManager); - if (!updateGuard.tryLock("Create role")) { + ServiceContext* serviceContext = txn->getClient()->getServiceContext(); + boost::unique_lock<boost::timed_mutex> lk(getAuthzDataMutex(serviceContext), + authzDataMutexAcquisitionTimeout); + if (!lk) { return appendCommandStatus( result, Status(ErrorCodes::LockBusy, "Could not lock auth data update lock.")); } + AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext); status = auth::requireAuthSchemaVersion26Final(txn, authzManager); if (!status.isOK()) { return appendCommandStatus(result, status); @@ -972,14 +999,16 @@ namespace mongo { updateSetBuilder.append("roles", auth::rolesVectorToBSONArray(args.roles)); } - AuthorizationManager* authzManager = getGlobalAuthorizationManager(); - AuthzDocumentsUpdateGuard updateGuard(authzManager); - if (!updateGuard.tryLock("Update role")) { + ServiceContext* serviceContext = txn->getClient()->getServiceContext(); + boost::unique_lock<boost::timed_mutex> lk(getAuthzDataMutex(serviceContext), + authzDataMutexAcquisitionTimeout); + if (!lk) { return appendCommandStatus( result, Status(ErrorCodes::LockBusy, "Could not lock auth data update lock.")); } + AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext); status = auth::requireAuthSchemaVersion26Final(txn, authzManager); if (!status.isOK()) { return appendCommandStatus(result, status); @@ -1047,14 +1076,16 @@ namespace mongo { int options, string& errmsg, BSONObjBuilder& result) { - AuthorizationManager* authzManager = getGlobalAuthorizationManager(); - AuthzDocumentsUpdateGuard updateGuard(authzManager); - if (!updateGuard.tryLock("Grant privileges to role")) { + ServiceContext* serviceContext = txn->getClient()->getServiceContext(); + boost::unique_lock<boost::timed_mutex> lk(getAuthzDataMutex(serviceContext), + authzDataMutexAcquisitionTimeout); + if (!lk) { return appendCommandStatus( result, Status(ErrorCodes::LockBusy, "Could not lock auth data update lock.")); } + AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext); Status status = auth::requireAuthSchemaVersion26Final(txn, authzManager); if (!status.isOK()) { return appendCommandStatus(result, status); @@ -1168,14 +1199,16 @@ namespace mongo { int options, string& errmsg, BSONObjBuilder& result) { - AuthorizationManager* authzManager = getGlobalAuthorizationManager(); - AuthzDocumentsUpdateGuard updateGuard(authzManager); - if (!updateGuard.tryLock("Revoke privileges from role")) { + ServiceContext* serviceContext = txn->getClient()->getServiceContext(); + boost::unique_lock<boost::timed_mutex> lk(getAuthzDataMutex(serviceContext), + authzDataMutexAcquisitionTimeout); + if (!lk) { return appendCommandStatus( result, Status(ErrorCodes::LockBusy, "Could not lock auth data update lock.")); } + AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext); Status status = auth::requireAuthSchemaVersion26Final(txn, authzManager); if (!status.isOK()) { return appendCommandStatus(result, status); @@ -1314,14 +1347,16 @@ namespace mongo { " is a built-in role and cannot be modified.")); } - AuthorizationManager* authzManager = getGlobalAuthorizationManager(); - AuthzDocumentsUpdateGuard updateGuard(authzManager); - if (!updateGuard.tryLock("Grant roles to role")) { + ServiceContext* serviceContext = txn->getClient()->getServiceContext(); + boost::unique_lock<boost::timed_mutex> lk(getAuthzDataMutex(serviceContext), + authzDataMutexAcquisitionTimeout); + if (!lk) { return appendCommandStatus( result, Status(ErrorCodes::LockBusy, "Could not lock auth data update lock.")); } + AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext); status = auth::requireAuthSchemaVersion26Final(txn, authzManager); if (!status.isOK()) { return appendCommandStatus(result, status); @@ -1396,14 +1431,16 @@ namespace mongo { int options, string& errmsg, BSONObjBuilder& result) { - AuthorizationManager* authzManager = getGlobalAuthorizationManager(); - AuthzDocumentsUpdateGuard updateGuard(authzManager); - if (!updateGuard.tryLock("Revoke roles from role")) { + ServiceContext* serviceContext = txn->getClient()->getServiceContext(); + boost::unique_lock<boost::timed_mutex> lk(getAuthzDataMutex(serviceContext), + authzDataMutexAcquisitionTimeout); + if (!lk) { return appendCommandStatus( result, Status(ErrorCodes::LockBusy, "Could not lock auth data update lock.")); } + AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext); Status status = auth::requireAuthSchemaVersion26Final(txn, authzManager); if (!status.isOK()) { return appendCommandStatus(result, status); @@ -1498,14 +1535,16 @@ namespace mongo { int options, string& errmsg, BSONObjBuilder& result) { - AuthorizationManager* authzManager = getGlobalAuthorizationManager(); - AuthzDocumentsUpdateGuard updateGuard(authzManager); - if (!updateGuard.tryLock("Drop role")) { + ServiceContext* serviceContext = txn->getClient()->getServiceContext(); + boost::unique_lock<boost::timed_mutex> lk(getAuthzDataMutex(serviceContext), + authzDataMutexAcquisitionTimeout); + if (!lk) { return appendCommandStatus( result, Status(ErrorCodes::LockBusy, "Could not lock auth data update lock.")); } + AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext); Status status = auth::requireAuthSchemaVersion26Final(txn, authzManager); if (!status.isOK()) { return appendCommandStatus(result, status); @@ -1669,14 +1708,16 @@ namespace mongo { return appendCommandStatus(result, status); } - AuthorizationManager* authzManager = getGlobalAuthorizationManager(); - AuthzDocumentsUpdateGuard updateGuard(authzManager); - if (!updateGuard.tryLock("Drop roles from database")) { + ServiceContext* serviceContext = txn->getClient()->getServiceContext(); + boost::unique_lock<boost::timed_mutex> lk(getAuthzDataMutex(serviceContext), + authzDataMutexAcquisitionTimeout); + if (!lk) { return appendCommandStatus( result, Status(ErrorCodes::LockBusy, "Could not lock auth data update lock.")); } + AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext); status = auth::requireAuthSchemaVersion26Final(txn, authzManager); if (!status.isOK()) { return appendCommandStatus(result, status); @@ -2320,14 +2361,16 @@ namespace mongo { "\"tempRolescollection\"")); } - AuthorizationManager* authzManager = getGlobalAuthorizationManager(); - AuthzDocumentsUpdateGuard updateGuard(authzManager); - if (!updateGuard.tryLock("_mergeAuthzCollections")) { + ServiceContext* serviceContext = txn->getClient()->getServiceContext(); + boost::unique_lock<boost::timed_mutex> lk(getAuthzDataMutex(serviceContext), + authzDataMutexAcquisitionTimeout); + if (!lk) { return appendCommandStatus( result, Status(ErrorCodes::LockBusy, "Could not lock auth data update lock.")); } + AuthorizationManager* authzManager = AuthorizationManager::get(serviceContext); status = auth::requireAuthSchemaVersion26Final(txn, authzManager); if (!status.isOK()) { return appendCommandStatus(result, status); |