diff --git a/sdk/core/azure-core/inc/azure/core/http/policies/policy.hpp b/sdk/core/azure-core/inc/azure/core/http/policies/policy.hpp index c0dbe7d9ea..fd419cdfb4 100644 --- a/sdk/core/azure-core/inc/azure/core/http/policies/policy.hpp +++ b/sdk/core/azure-core/inc/azure/core/http/policies/policy.hpp @@ -569,6 +569,7 @@ namespace Azure { namespace Core { namespace Http { namespace Policies { std::unique_ptr Clone() const override { + // Can't use std::make_shared here because copy constructor is not public. return std::unique_ptr(new BearerTokenAuthenticationPolicy(*this)); } diff --git a/sdk/keyvault/azure-security-keyvault-administration/CHANGELOG.md b/sdk/keyvault/azure-security-keyvault-administration/CHANGELOG.md index 6617440192..ca1c47d8d2 100644 --- a/sdk/keyvault/azure-security-keyvault-administration/CHANGELOG.md +++ b/sdk/keyvault/azure-security-keyvault-administration/CHANGELOG.md @@ -8,6 +8,8 @@ ### Bugs Fixed +- [[#4754]](https://github.com/Azure/azure-sdk-for-cpp/issues/4754) Thread safety for authentication policy. + ### Other Changes ## 4.0.0-beta.3 (2023-04-11) diff --git a/sdk/keyvault/azure-security-keyvault-certificates/CHANGELOG.md b/sdk/keyvault/azure-security-keyvault-certificates/CHANGELOG.md index 30185487ce..b22b36353f 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/CHANGELOG.md +++ b/sdk/keyvault/azure-security-keyvault-certificates/CHANGELOG.md @@ -8,6 +8,8 @@ ### Bugs Fixed +- [[#4754]](https://github.com/Azure/azure-sdk-for-cpp/issues/4754) Thread safety for authentication policy. + ### Other Changes ## 4.2.0 (2023-05-09) diff --git a/sdk/keyvault/azure-security-keyvault-keys/CHANGELOG.md b/sdk/keyvault/azure-security-keyvault-keys/CHANGELOG.md index 7be35f06a3..93864d5b48 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/CHANGELOG.md +++ b/sdk/keyvault/azure-security-keyvault-keys/CHANGELOG.md @@ -8,6 +8,8 @@ ### Bugs Fixed +- [[#4754]](https://github.com/Azure/azure-sdk-for-cpp/issues/4754) Thread safety for authentication policy. + ### Other Changes - Fixed GCC 13 compilation error. (A community contribution, courtesy of _[adamdebreceni](https://github.com/adamdebreceni)_) diff --git a/sdk/keyvault/azure-security-keyvault-secrets/CHANGELOG.md b/sdk/keyvault/azure-security-keyvault-secrets/CHANGELOG.md index cc3d31c6c9..8e31fa46fe 100644 --- a/sdk/keyvault/azure-security-keyvault-secrets/CHANGELOG.md +++ b/sdk/keyvault/azure-security-keyvault-secrets/CHANGELOG.md @@ -8,6 +8,8 @@ ### Bugs Fixed +- [[#4754]](https://github.com/Azure/azure-sdk-for-cpp/issues/4754) Thread safety for authentication policy. + ### Other Changes ## 4.2.0 (2023-05-09) diff --git a/sdk/keyvault/azure-security-keyvault-shared/inc/azure/keyvault/shared/keyvault_challenge_based_auth.hpp b/sdk/keyvault/azure-security-keyvault-shared/inc/azure/keyvault/shared/keyvault_challenge_based_auth.hpp index cd3e41f658..d438ed2169 100644 --- a/sdk/keyvault/azure-security-keyvault-shared/inc/azure/keyvault/shared/keyvault_challenge_based_auth.hpp +++ b/sdk/keyvault/azure-security-keyvault-shared/inc/azure/keyvault/shared/keyvault_challenge_based_auth.hpp @@ -12,6 +12,8 @@ #include #include +#include +#include #include namespace Azure { namespace Security { namespace KeyVault { namespace _internal { @@ -23,6 +25,16 @@ namespace Azure { namespace Security { namespace KeyVault { namespace _internal : public Core::Http::Policies::_internal::BearerTokenAuthenticationPolicy { private: mutable Core::Credentials::TokenRequestContext m_tokenRequestContext; + mutable std::shared_timed_mutex m_tokenRequestContextMutex; + + protected: + KeyVaultChallengeBasedAuthenticationPolicy( + KeyVaultChallengeBasedAuthenticationPolicy const& other) + : BearerTokenAuthenticationPolicy(other) + { + std::shared_lock readLock(other.m_tokenRequestContextMutex); + m_tokenRequestContext = other.m_tokenRequestContext; + } public: explicit KeyVaultChallengeBasedAuthenticationPolicy( @@ -35,7 +47,9 @@ namespace Azure { namespace Security { namespace KeyVault { namespace _internal std::unique_ptr Clone() const override { - return std::make_unique(*this); + // Can't use std::make_shared here because copy constructor is not public. + return std::unique_ptr( + new KeyVaultChallengeBasedAuthenticationPolicy(*this)); } private: @@ -44,7 +58,11 @@ namespace Azure { namespace Security { namespace KeyVault { namespace _internal Core::Http::Policies::NextHttpPolicy& nextPolicy, Core::Context const& context) const override { - AuthenticateAndAuthorizeRequest(request, m_tokenRequestContext, context); + { + std::shared_lock readLock(m_tokenRequestContextMutex); + AuthenticateAndAuthorizeRequest(request, m_tokenRequestContext, context); + } + return nextPolicy.Send(request, context); } @@ -62,8 +80,11 @@ namespace Azure { namespace Security { namespace KeyVault { namespace _internal ValidateChallengeResponse(scope, request.GetUrl().GetHost()); auto const tenantId = GetTenantId(GetAuthorization(challenge)); - m_tokenRequestContext.TenantId = tenantId; - m_tokenRequestContext.Scopes = {scope}; + { + std::unique_lock writeLock(m_tokenRequestContextMutex); + m_tokenRequestContext.TenantId = tenantId; + m_tokenRequestContext.Scopes = {scope}; + } AuthenticateAndAuthorizeRequest(request, m_tokenRequestContext, context); return true;