[Az.Accounts] Use mutex to prevent cross process file I/O (#12281)

isra-fel · web-flow · commit 2e8d288d3161 · 2020-06-30T10:56:05.000+08:00
* use mutex to prevent cross process writing

to token cache file

* prevent cross-process write to profile file

* change log

* Use "Local" mutex; put ReleaseMutex() in finally
diff --git a/src/Accounts/Accounts/ChangeLog.md b/src/Accounts/Accounts/ChangeLog.md
@@ -19,6 +19,8 @@
 -->
 ## Upcoming Release
 
+* Fixed an issue that may cause authentication errors in multi-process scenarios such as running multiple Azure PowerShell cmdlets using `Start-Job` [#9448]
+
 ## Version 1.9.0
 * Supported discovering environment setting by default and adding environment via `Add-AzEnvironment`
 * Update preloaded assemblies [#12024], [#11976]
diff --git a/src/Accounts/Authentication.ResourceManager/ProtectedFileProvider.cs b/src/Accounts/Authentication.ResourceManager/ProtectedFileProvider.cs
@@ -36,13 +36,18 @@ public abstract class ProtectedFileProvider : IFileProvider, IDisposable
         public const int MaxTries = 30;
         static readonly TimeSpan RetryInterval = TimeSpan.FromMilliseconds(500);
         protected Stream _stream;
-        object _initializationLock = new object();
+
+        /// <summary>
+        /// Use a Mutex to prevent cross-process file I/O
+        /// </summary>
+        /// <returns></returns>
+        private static readonly Mutex _initializationLock = new Mutex(false, @"Local\AzurePowerShellProtectedFileProviderInit");
         public string FilePath { get; set; }
 
         protected IDataStore DataStore { get; set; }
 
         /// <summary>
-        /// 
+        ///
         /// </summary>
         public Stream Stream
         {
@@ -87,7 +92,8 @@ public StreamWriter CreateWriter()
 
         protected virtual void InitializeStream()
         {
-            lock (_initializationLock)
+            _initializationLock.WaitOne();
+            try
             {
                 if (_stream == null)
                 {
@@ -96,10 +102,13 @@ protected virtual void InitializeStream()
                     {
                         throw new UnauthorizedAccessException(string.Format(Resources.FileLockFailure, FilePath));
                     }
-
                     _stream = stream;
                 }
             }
+            finally
+            {
+                _initializationLock.ReleaseMutex();
+            }
         }
 
         protected abstract Stream AcquireLock(string filePath);
diff --git a/src/Accounts/Authentication/Authentication/ProtectedFileTokenCache.cs b/src/Accounts/Authentication/Authentication/ProtectedFileTokenCache.cs
@@ -12,12 +12,14 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
+using Hyak.Common;
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.Azure.Commands.Common.Authentication.Properties;
 using Microsoft.IdentityModel.Clients.ActiveDirectory;
 using System;
 using System.IO;
 using System.Security.Cryptography;
+using System.Threading;
 
 #if NETSTANDARD
 namespace Microsoft.Azure.Commands.Common.Authentication.Core
@@ -41,7 +43,10 @@ public class ProtectedFileTokenCache : TokenCache, IAzureTokenCache
 #endif
                  "TokenCache.dat");
 
-        private static readonly object fileLock = new object();
+        /// <summary>
+        /// A mutex to prevent IO to token cache file across threads / processes.
+        /// </summary>
+        private static readonly Mutex fileLock = new Mutex(false, @"Local\AzurePowerShellAdalTokenCacheFile");
 
         private static readonly Lazy<ProtectedFileTokenCache> instance = new Lazy<ProtectedFileTokenCache>(() => new ProtectedFileTokenCache());
 
@@ -123,12 +128,13 @@ void EnsureStateSaved()
 
         private void ReadFileIntoCache(string cacheFileName = null)
         {
-            if(cacheFileName == null)
+            if (cacheFileName == null)
             {
                 cacheFileName = ProtectedFileTokenCache.CacheFileName;
             }
 
-            lock (fileLock)
+            fileLock.WaitOne();
+            try
             {
                 if (_store.FileExists(cacheFileName))
                 {
@@ -150,11 +156,15 @@ private void ReadFileIntoCache(string cacheFileName = null)
                     }
                 }
             }
+            finally
+            {
+                fileLock.ReleaseMutex();
+            }
         }
 
         private void WriteCacheIntoFile(string cacheFileName = null)
         {
-            if(cacheFileName == null)
+            if (cacheFileName == null)
             {
                 cacheFileName = ProtectedFileTokenCache.CacheFileName;
             }
@@ -165,19 +175,25 @@ private void WriteCacheIntoFile(string cacheFileName = null)
             var dataToWrite = Serialize();
 #endif
 
-            lock(fileLock)
+            fileLock.WaitOne();
+            try
             {
                 if (HasStateChanged)
                 {
                     _store.WriteFile(cacheFileName, dataToWrite);
-                    HasStateChanged =  false;
+                    HasStateChanged = false;
                 }
             }
+            finally
+            {
+                fileLock.ReleaseMutex();
+            }
         }
 
         private void EnsureCacheFile(string cacheFileName = null)
         {
-            lock (fileLock)
+            fileLock.WaitOne();
+            try
             {
                 if (_store.FileExists(cacheFileName))
                 {
@@ -207,6 +223,10 @@ private void EnsureCacheFile(string cacheFileName = null)
 #endif
                 _store.WriteFile(cacheFileName, dataToWrite);
             }
+            finally
+            {
+                fileLock.ReleaseMutex();
+            }
         }
     }
 }
diff --git a/src/Accounts/Authentication/AzureSessionInitializer.cs b/src/Accounts/Authentication/AzureSessionInitializer.cs
@@ -26,6 +26,7 @@
 #if NETSTANDARD
 using Microsoft.Azure.Commands.Common.Authentication.Core;
 #endif
+using Hyak.Common;
 
 namespace Microsoft.Azure.Commands.Common.Authentication
 {
@@ -73,8 +74,10 @@ static IAzureTokenCache InitializeTokenCache(IDataStore store, string cacheDirec
                     var cachePath = Path.Combine(cacheDirectory, cacheFile);
                     result = new ProtectedFileTokenCache(cachePath, store);
                 }
-                catch
+                catch (Exception ex)
                 {
+                    TracingAdapter.Information("[AzureSessionInitializer]: Cannot initialize token cache in 'CurrentUser' mode. Falling back to 'Process' mode.");
+                    TracingAdapter.Information($"[AzureSessionInitializer]: Message: {ex.Message}; Stacktrace: {ex.StackTrace}");
                 }
             }
 
@@ -159,10 +162,12 @@ static ContextAutosaveSettings InitializeSessionSettings(IDataStore store, strin
                     store.WriteFile(autoSavePath, JsonConvert.SerializeObject(result));
                 }
             }
-            catch
+            catch (Exception ex)
             {
                 // ignore exceptions in reading settings from disk
                 result.Mode = ContextSaveMode.Process;
+                TracingAdapter.Information("[AzureSessionInitializer]: Cannot read settings from disk. Falling back to 'Process' mode.");
+                TracingAdapter.Information($"[AzureSessionInitializer]: Message: {ex.Message}; Stacktrace: {ex.StackTrace}");
             }
 
             return result;

Original file line number	Diff line number	Diff line change
`@@ -36,13 +36,18 @@ public abstract class ProtectedFileProvider : IFileProvider, IDisposable`
`36`	`36`	`public const int MaxTries = 30;`
`37`	`37`	`static readonly TimeSpan RetryInterval = TimeSpan.FromMilliseconds(500);`
`38`	`38`	`protected Stream _stream;`
`39`		`- object _initializationLock = new object();`
	`39`	`+`
	`40`	`+ /// <summary>`
	`41`	`+ /// Use a Mutex to prevent cross-process file I/O`
	`42`	`+ /// </summary>`
	`43`	`+ /// <returns></returns>`
	`44`	`+ private static readonly Mutex _initializationLock = new Mutex(false, @"Local\AzurePowerShellProtectedFileProviderInit");`
`40`	`45`	`public string FilePath { get; set; }`
`41`	`46`
`42`	`47`	`protected IDataStore DataStore { get; set; }`
`43`	`48`
`44`	`49`	`/// <summary>`
`45`		`- ///`
	`50`	`+ ///`
`46`	`51`	`/// </summary>`
`47`	`52`	`public Stream Stream`
`48`	`53`	`{`
`@@ -87,7 +92,8 @@ public StreamWriter CreateWriter()`
`87`	`92`
`88`	`93`	`protected virtual void InitializeStream()`
`89`	`94`	`{`
`90`		`- lock (_initializationLock)`
	`95`	`+ _initializationLock.WaitOne();`
	`96`	`+ try`
`91`	`97`	`{`
`92`	`98`	`if (_stream == null)`
`93`	`99`	`{`
`@@ -96,10 +102,13 @@ protected virtual void InitializeStream()`
`96`	`102`	`{`
`97`	`103`	`throw new UnauthorizedAccessException(string.Format(Resources.FileLockFailure, FilePath));`
`98`	`104`	`}`
`99`		`-`
`100`	`105`	`_stream = stream;`
`101`	`106`	`}`
`102`	`107`	`}`
	`108`	`+ finally`
	`109`	`+ {`
	`110`	`+ _initializationLock.ReleaseMutex();`
	`111`	`+ }`
`103`	`112`	`}`
`104`	`113`
`105`	`114`	`protected abstract Stream AcquireLock(string filePath);`
Original file line number	Diff line number	Diff line change
`@@ -12,12 +12,14 @@`
`12`	`12`	`// limitations under the License.`
`13`	`13`	`// ----------------------------------------------------------------------------------`
`14`	`14`
	`15`	`+using Hyak.Common;`
`15`	`16`	`using Microsoft.Azure.Commands.Common.Authentication.Abstractions;`
`16`	`17`	`using Microsoft.Azure.Commands.Common.Authentication.Properties;`
`17`	`18`	`using Microsoft.IdentityModel.Clients.ActiveDirectory;`
`18`	`19`	`using System;`
`19`	`20`	`using System.IO;`
`20`	`21`	`using System.Security.Cryptography;`
	`22`	`+using System.Threading;`
`21`	`23`
`22`	`24`	`#if NETSTANDARD`
`23`	`25`	`namespace Microsoft.Azure.Commands.Common.Authentication.Core`
`@@ -41,7 +43,10 @@ public class ProtectedFileTokenCache : TokenCache, IAzureTokenCache`
`41`	`43`	`#endif`
`42`	`44`	`"TokenCache.dat");`
`43`	`45`
`44`		`- private static readonly object fileLock = new object();`
	`46`	`+ /// <summary>`
	`47`	`+ /// A mutex to prevent IO to token cache file across threads / processes.`
	`48`	`+ /// </summary>`
	`49`	`+ private static readonly Mutex fileLock = new Mutex(false, @"Local\AzurePowerShellAdalTokenCacheFile");`
`45`	`50`
`46`	`51`	`private static readonly Lazy<ProtectedFileTokenCache> instance = new Lazy<ProtectedFileTokenCache>(() => new ProtectedFileTokenCache());`
`47`	`52`
`@@ -123,12 +128,13 @@ void EnsureStateSaved()`
`123`	`128`
`124`	`129`	`private void ReadFileIntoCache(string cacheFileName = null)`
`125`	`130`	`{`
`126`		`- if(cacheFileName == null)`
	`131`	`+ if (cacheFileName == null)`
`127`	`132`	`{`
`128`	`133`	`cacheFileName = ProtectedFileTokenCache.CacheFileName;`
`129`	`134`	`}`
`130`	`135`
`131`		`- lock (fileLock)`
	`136`	`+ fileLock.WaitOne();`
	`137`	`+ try`
`132`	`138`	`{`
`133`	`139`	`if (_store.FileExists(cacheFileName))`
`134`	`140`	`{`
`@@ -150,11 +156,15 @@ private void ReadFileIntoCache(string cacheFileName = null)`
`150`	`156`	`}`
`151`	`157`	`}`
`152`	`158`	`}`
	`159`	`+ finally`
	`160`	`+ {`
	`161`	`+ fileLock.ReleaseMutex();`
	`162`	`+ }`
`153`	`163`	`}`
`154`	`164`
`155`	`165`	`private void WriteCacheIntoFile(string cacheFileName = null)`
`156`	`166`	`{`
`157`		`- if(cacheFileName == null)`
	`167`	`+ if (cacheFileName == null)`
`158`	`168`	`{`
`159`	`169`	`cacheFileName = ProtectedFileTokenCache.CacheFileName;`
`160`	`170`	`}`
`@@ -165,19 +175,25 @@ private void WriteCacheIntoFile(string cacheFileName = null)`
`165`	`175`	`var dataToWrite = Serialize();`
`166`	`176`	`#endif`
`167`	`177`
`168`		`- lock(fileLock)`
	`178`	`+ fileLock.WaitOne();`
	`179`	`+ try`
`169`	`180`	`{`
`170`	`181`	`if (HasStateChanged)`
`171`	`182`	`{`
`172`	`183`	`_store.WriteFile(cacheFileName, dataToWrite);`
`173`		`- HasStateChanged = false;`
	`184`	`+ HasStateChanged = false;`
`174`	`185`	`}`
`175`	`186`	`}`
	`187`	`+ finally`
	`188`	`+ {`
	`189`	`+ fileLock.ReleaseMutex();`
	`190`	`+ }`
`176`	`191`	`}`
`177`	`192`
`178`	`193`	`private void EnsureCacheFile(string cacheFileName = null)`
`179`	`194`	`{`
`180`		`- lock (fileLock)`
	`195`	`+ fileLock.WaitOne();`
	`196`	`+ try`
`181`	`197`	`{`
`182`	`198`	`if (_store.FileExists(cacheFileName))`
`183`	`199`	`{`
`@@ -207,6 +223,10 @@ private void EnsureCacheFile(string cacheFileName = null)`
`207`	`223`	`#endif`
`208`	`224`	`_store.WriteFile(cacheFileName, dataToWrite);`
`209`	`225`	`}`
	`226`	`+ finally`
	`227`	`+ {`
	`228`	`+ fileLock.ReleaseMutex();`
	`229`	`+ }`
`210`	`230`	`}`
`211`	`231`	`}`
`212`	`232`	`}`
Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,7 @@`
`26`	`26`	`#if NETSTANDARD`
`27`	`27`	`using Microsoft.Azure.Commands.Common.Authentication.Core;`
`28`	`28`	`#endif`
	`29`	`+using Hyak.Common;`
`29`	`30`
`30`	`31`	`namespace Microsoft.Azure.Commands.Common.Authentication`
`31`	`32`	`{`
`@@ -73,8 +74,10 @@ static IAzureTokenCache InitializeTokenCache(IDataStore store, string cacheDirec`
`73`	`74`	`var cachePath = Path.Combine(cacheDirectory, cacheFile);`
`74`	`75`	`result = new ProtectedFileTokenCache(cachePath, store);`
`75`	`76`	`}`
`76`		`- catch`
	`77`	`+ catch (Exception ex)`
`77`	`78`	`{`
	`79`	`+ TracingAdapter.Information("[AzureSessionInitializer]: Cannot initialize token cache in 'CurrentUser' mode. Falling back to 'Process' mode.");`
	`80`	`+ TracingAdapter.Information($"[AzureSessionInitializer]: Message: {ex.Message}; Stacktrace: {ex.StackTrace}");`
`78`	`81`	`}`
`79`	`82`	`}`
`80`	`83`
`@@ -159,10 +162,12 @@ static ContextAutosaveSettings InitializeSessionSettings(IDataStore store, strin`
`159`	`162`	`store.WriteFile(autoSavePath, JsonConvert.SerializeObject(result));`
`160`	`163`	`}`
`161`	`164`	`}`
`162`		`- catch`
	`165`	`+ catch (Exception ex)`
`163`	`166`	`{`
`164`	`167`	`// ignore exceptions in reading settings from disk`
`165`	`168`	`result.Mode = ContextSaveMode.Process;`
	`169`	`+ TracingAdapter.Information("[AzureSessionInitializer]: Cannot read settings from disk. Falling back to 'Process' mode.");`
	`170`	`+ TracingAdapter.Information($"[AzureSessionInitializer]: Message: {ex.Message}; Stacktrace: {ex.StackTrace}");`
`166`	`171`	`}`
`167`	`172`
`168`	`173`	`return result;`