[SERVER-778] don't give read lock when write lock needed in weird auth case Created: 18/Mar/10  Updated: 12/Jul/16  Resolved: 11/May/10

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 1.5.2

Type: Bug Priority: Major - P3
Reporter: Aaron Staple Assignee: Eliot Horowitz (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:

 Description   

So I was able to create a new WRITE command that got run with a read lock and did an insert without asserting. Presumably a lockType=WRITE/requiresAuth=false combo is unusual. There are a couple such commands right now, but I think they would more properly have read locks. Might be worth putting a guard in execCommand() anyway.

struct BogusCmd : public Command {
BogusCmd() : Command( "bogus" ){}
virtual bool slaveOk()

{ return true; }

virtual LockType locktype()

{ return WRITE; }

virtual bool requiresAuth()

{ return false; }

virtual bool run(const char * badns, BSONObj& cmdObj, string& errmsg, BSONObjBuilder& result, bool)

{ log() << "mutex state: " << dbMutex.getState() << endl; BSONObj o = BSON( "a" << "b" ); theDataFileMgr.insert( "test.test", o ); return true; }

} bogusCommand;



 Comments   
Comment by auto [ 11/May/10 ]

Author:

{'login': 'erh', 'name': 'Eliot Horowitz', 'email': 'eliot@10gen.com'}

Message: SERVER-778 don't allow running write command with read lock
http://github.com/mongodb/mongo/commit/a5e1865e2802a1a3abc078d5f3715aff111d95a1

Comment by Aaron Staple [ 18/Mar/10 ]

My fix made it impossible for a read only user to use db.eval, since $eval is a WRITE mode command and once a write lock is acquired that's currently how auth is checked. Is $eval a write lock command because we have trouble running multithreaded js? If this is the case you'll run into trouble when someone only has read access, because $eval will run with a read lock instead.

I'm not sure it always makes sense for the lock type to be tied to the access type.

Comment by auto [ 18/Mar/10 ]

Author:

{'login': 'astaple', 'name': 'Aaron', 'email': 'aaron@10gen.com'}

Message: Revert "SERVER-778 don't allow running write command with read lock"

This reverts commit ad6e86e451b94230041d413e7c46fc0ad30c7633.
http://github.com/mongodb/mongo/commit/e07aa8a7ca29241d4209cf05db1fb63d38af49e7

Comment by Aaron Staple [ 18/Mar/10 ]

Just going to allow running with a write lock when the command doesn't require auth. There's no checking the lock type farther down, and we don't want to run with the wrong type. SERVER-779 will eliminate the write commands that don't require auth.

Comment by auto [ 18/Mar/10 ]

Author:

{'login': 'astaple', 'name': 'Aaron', 'email': 'aaron@10gen.com'}

Message: SERVER-778 don't allow running write command with read lock
http://github.com/mongodb/mongo/commit/ad6e86e451b94230041d413e7c46fc0ad30c7633

Generated at Thu Feb 08 02:55:07 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.