[SERVER-9983] Authenticating as internal user shouldn't require a database lock Created: 20/Jun/13  Updated: 07/Jun/17  Resolved: 21/Jun/13

Status: Closed
Project: Core Server
Component/s: Concurrency, Security
Affects Version/s: 2.4.4, 2.5.0
Fix Version/s: 2.4.5, 2.5.1

Type: Bug Priority: Major - P3
Reporter: Spencer Brody (Inactive) Assignee: Andy Schwerin
Resolution: Done Votes: 0
Labels: asp, asp-cve, asp-sdl-internal, asp-vuln-dos
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
related to SERVER-9200 Cannot Connect During Long Query Closed
related to SERVER-9986 Refactor $geoNear searches into new q... Closed
is related to SERVER-3531 map reduce doesn't seem to yield unle... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Participants:

 Description   

Authenticating as the internal __system user currently takes a read lock on the "admin" database, looking for a privilege doc even though there will never be one. We should notice when we're authenticating as the internal user and prevent the admin db check and thus avoid the need for any locking in this case.



 Comments   
Comment by auto [ 21/Jun/13 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-9983 Test verifying that internal user privileges do not mask those of similarly named users.
Branch: master
https://github.com/mongodb/mongo/commit/fc9491ee7be6a7dc8a92a8422468284359073545

Comment by auto [ 21/Jun/13 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-9983 Do not needlessly lock when looking up privileges for the __system@local user.

Uncorrected, this can cause replica set heartbeats to stall behind operations
that hold the read lock for a long time.
Branch: master
https://github.com/mongodb/mongo/commit/c5ad04549e40b1069029026081d9324e9e06156c

Comment by Andy Schwerin [ 21/Jun/13 ]

Fixed on 2.4 branch, but fix not yet committed on master.

Comment by auto [ 21/Jun/13 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-9983 Test verifying that internal user privileges do not mask those of similarly named users.
Branch: v2.4
https://github.com/mongodb/mongo/commit/6ad56b63d33987ed153ba757e9f8169ef670f58e

Comment by auto [ 21/Jun/13 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-9983 Do not needlessly lock when looking up privileges for the __system@local user.

Uncorrected, this can cause replica set heartbeats to stall behind operations
that hold the read lock for a long time.
Branch: v2.4
https://github.com/mongodb/mongo/commit/23344f8b7506df694f66999693ee3c00dfd6afae

Generated at Thu Feb 08 03:21:57 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.