From fdf433024f0861d973846c9aa8879bbfd918ff32 Mon Sep 17 00:00:00 2001
From: Hitoshi Mitake <mitake.hitoshi@gmail.com>
Date: Mon, 31 Oct 2016 22:29:03 -0700
Subject: [PATCH] etcdserver: linearizable password checking at the API layer

For avoiding a schedule that can cause an inconsistent auth store [1],
password checking must be done in a linearizable manner.

Fixes https://github.com/coreos/etcd/issues/6675 and https://github.com/coreos/etcd/issues/6683

[1] https://github.com/coreos/etcd/issues/6675#issuecomment-255006389
---
 etcdserver/v3_server.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/etcdserver/v3_server.go b/etcdserver/v3_server.go
index 0e7f74938..1eaa90dc8 100644
--- a/etcdserver/v3_server.go
+++ b/etcdserver/v3_server.go
@@ -421,6 +421,11 @@ func (s *EtcdServer) AuthDisable(ctx context.Context, r *pb.AuthDisableRequest)
 func (s *EtcdServer) Authenticate(ctx context.Context, r *pb.AuthenticateRequest) (*pb.AuthenticateResponse, error) {
 	var result *applyResult
 
+	err := s.linearizableReadNotify(ctx)
+	if err != nil {
+		return nil, err
+	}
+
 	for {
 		checkedRevision, err := s.AuthStore().CheckPassword(r.Name, r.Password)
 		if err != nil {