Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-9983

Authenticating as internal user shouldn't require a database lock

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 2.4.4, 2.5.0
    • Fix Version/s: 2.4.5, 2.5.1
    • Component/s: Concurrency, Security
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL

      Description

      Authenticating as the internal __system user currently takes a read lock on the "admin" database, looking for a privilege doc even though there will never be one. We should notice when we're authenticating as the internal user and prevent the admin db check and thus avoid the need for any locking in this case.

        Issue Links

          Activity

          Hide
          auto auto (Inactive) added a comment -

          Author:

          {u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

          Message: SERVER-9983 Do not needlessly lock when looking up privileges for the __system@local user.

          Uncorrected, this can cause replica set heartbeats to stall behind operations
          that hold the read lock for a long time.
          Branch: v2.4
          https://github.com/mongodb/mongo/commit/23344f8b7506df694f66999693ee3c00dfd6afae

          Show
          auto auto (Inactive) added a comment - Author: {u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'} Message: SERVER-9983 Do not needlessly lock when looking up privileges for the __system@local user. Uncorrected, this can cause replica set heartbeats to stall behind operations that hold the read lock for a long time. Branch: v2.4 https://github.com/mongodb/mongo/commit/23344f8b7506df694f66999693ee3c00dfd6afae
          Hide
          auto auto (Inactive) added a comment -

          Author:

          {u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

          Message: SERVER-9983 Test verifying that internal user privileges do not mask those of similarly named users.
          Branch: v2.4
          https://github.com/mongodb/mongo/commit/6ad56b63d33987ed153ba757e9f8169ef670f58e

          Show
          auto auto (Inactive) added a comment - Author: {u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'} Message: SERVER-9983 Test verifying that internal user privileges do not mask those of similarly named users. Branch: v2.4 https://github.com/mongodb/mongo/commit/6ad56b63d33987ed153ba757e9f8169ef670f58e
          Hide
          schwerin Andy Schwerin added a comment -

          Fixed on 2.4 branch, but fix not yet committed on master.

          Show
          schwerin Andy Schwerin added a comment - Fixed on 2.4 branch, but fix not yet committed on master.
          Hide
          auto auto (Inactive) added a comment -

          Author:

          {u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

          Message: SERVER-9983 Do not needlessly lock when looking up privileges for the __system@local user.

          Uncorrected, this can cause replica set heartbeats to stall behind operations
          that hold the read lock for a long time.
          Branch: master
          https://github.com/mongodb/mongo/commit/c5ad04549e40b1069029026081d9324e9e06156c

          Show
          auto auto (Inactive) added a comment - Author: {u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'} Message: SERVER-9983 Do not needlessly lock when looking up privileges for the __system@local user. Uncorrected, this can cause replica set heartbeats to stall behind operations that hold the read lock for a long time. Branch: master https://github.com/mongodb/mongo/commit/c5ad04549e40b1069029026081d9324e9e06156c
          Hide
          auto auto (Inactive) added a comment -

          Author:

          {u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

          Message: SERVER-9983 Test verifying that internal user privileges do not mask those of similarly named users.
          Branch: master
          https://github.com/mongodb/mongo/commit/fc9491ee7be6a7dc8a92a8422468284359073545

          Show
          auto auto (Inactive) added a comment - Author: {u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'} Message: SERVER-9983 Test verifying that internal user privileges do not mask those of similarly named users. Branch: master https://github.com/mongodb/mongo/commit/fc9491ee7be6a7dc8a92a8422468284359073545

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since reply:
                2 years, 6 weeks, 2 days ago
                Date of 1st Reply: