Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

server/auth: enable tokenProvider if recoved store enables auth

Browse Source 
we found a lease leak issue:
if a new member(by member add) is recovered by snapshot, and then
become leader, the lease will never expire afterwards. leader will
log the revoke failure caused by "invalid auth token", since the
token provider is not functional, and drops all generated token
from upper layer, which in this case, is the lease revoking
routine.
This commit is contained in:
cfz 2021-07-02 13:06:28 +08:00 committed by cfz
parent 14c527f59a
commit b12f8c12ce
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
server/auth/simple_token.go
View File

@ -156,6 +156,11 @@ func (t *tokenSimple) invalidateUser(username string) {
} }
func (t *tokenSimple) enable() { func (t *tokenSimple) enable() {
t.simpleTokensMu.Lock()
defer t.simpleTokensMu.Unlock()
if t.simpleTokenKeeper != nil { // already enabled
return
}
if t.simpleTokenTTL <= 0 { if t.simpleTokenTTL <= 0 {
t.simpleTokenTTL = simpleTokenTTLDefault t.simpleTokenTTL = simpleTokenTTLDefault
} }

3
server/auth/store.go
View File

@ -358,6 +358,9 @@ func (as *authStore) Recover(be backend.Backend) {
as.enabledMu.Lock() as.enabledMu.Lock()
as.enabled = enabled as.enabled = enabled
if enabled {
as.tokenProvider.enable()
}
as.enabledMu.Unlock() as.enabledMu.Unlock()
} }