vitalif
/
etcd
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #11735 from wswcfan/optimize-auth-lock-performance 

auth: dramatically improve checkPassword performance
release-3.5
Jingyi Hu 2020-04-01 23:24:35 +08:00 committed by GitHub
parent dd816f0735 9cf3162d11
commit 054b0e5d93
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
auth/store.go
View File

@ -319,24 +319,34 @@ func (as *authStore) CheckPassword(username, password string) (uint64, error) {
return 0, ErrAuthNotEnabled
}
tx := as.be.BatchTx()
tx.Lock()
defer tx.Unlock()
var user *authpb.User
// CompareHashAndPassword is very expensive, so we use closures
// to avoid putting it in the critical section of the tx lock.
revision, err := func() (uint64, error) {
tx := as.be.BatchTx()
tx.Lock()
defer tx.Unlock()
user := getUser(as.lg, tx, username)
if user == nil {
return 0, ErrAuthFailed
}
user = getUser(as.lg, tx, username)
if user == nil {
return 0, ErrAuthFailed
}
if user.Options != nil && user.Options.NoPassword {
return 0, ErrAuthFailed
if user.Options != nil && user.Options.NoPassword {
return 0, ErrAuthFailed
}
return getRevision(tx), nil
}()
if err != nil {
return 0, err
}
if bcrypt.CompareHashAndPassword(user.Password, []byte(password)) != nil {
as.lg.Info("invalid password", zap.String("user-name", username))
return 0, ErrAuthFailed
}
return getRevision(tx), nil
return revision, nil
}
func (as *authStore) Recover(be backend.Backend) {