fix data race in code for logging login attempts

logging of login attempts happens in the background, because we don't want to block regular operation with disk since for such logging. however, when a line is logged, we evaluate some attributes of a connection, notably the username. but about when we do authentication, we change the username on a connection. so we were reading and writing at the same time. this is now fixed by evaluating the attributes before we pass off the logger to the goroutine. found by the go race detector.
2025-07-12 19:44:34 +03:00 · 2025-02-19 15:23:19 +01:00
parent de6262b90a
commit cbe5bb235c
8 changed files with 89 additions and 48 deletions
--- a/store/init.go
+++ b/store/init.go
@ -21,7 +21,7 @@ import (
 var AuthDB *bstore.DB
 var AuthDBTypes = []any{TLSPublicKey{}, LoginAttempt{}, LoginAttemptState{}}

-// Init opens auth.db.
+// Init opens auth.db and starts the login writer.
 func Init(ctx context.Context) error {
 	if AuthDB != nil {
 		return fmt.Errorf("already initialized")
@ -36,7 +36,7 @@ func Init(ctx context.Context) error {
 		return err
 	}

-	startLoginAttemptWriter(ctx)
+	startLoginAttemptWriter()

 	go func() {
 		defer func() {
@ -67,12 +67,18 @@ func Init(ctx context.Context) error {
 	return nil
 }

-// Close closes auth.db.
+// Close closes auth.db and stops the login writer.
 func Close() error {
 	if AuthDB == nil {
 		return fmt.Errorf("not open")
 	}
+
+	stopc := make(chan struct{})
+	writeLoginAttemptStop <- stopc
+	<-stopc
+
 	err := AuthDB.Close()
 	AuthDB = nil
+
 	return err
 }