-
Type:
Task
-
Resolution: Won't Fix
-
Priority:
Major - P3
-
Affects Version/s: None
-
Component/s: None
-
Labels:None
As a note for documentation, we may cite that from 5.0.0 through 5.0.3 (inclusive) the
command incorrectly swaps the values returned via user and dbname.
Description of Linked Ticket
Typed command conversion of the {authenticate: 1} command inadvertently swapped the user and db fields resulting in replies like:
$external> db.runCommand({authenticate: 1, mechanism: "MONGODB-X509"})
{
dbname: 'OU=Widgets,O=Stuff Inc.,C=US,ST=New York,L=New York City,CN=widget-bob',
user: '$external',
ok: 1
}
This happens here: https://github.com/mongodb/mongo/blob/d5156d91a608a3b7cf30fbdb63a2d31783389a47/src/mongo/db/commands/authentication_commands.cpp#L367
return AuthenticateReply(session->getUserName().toString(),
session->getDatabase().toString());
This initializes the reply through two string args to the constructor which inobviously are passed in the wrong order (DB comes first). We can fix this with a 2-line swap:
return AuthenticateReply(session->getDatabase().toString(),
session->getUserName().toString());
But a more durable fix which doesn't reply on a generated constructor signature would be to construct by parts:
AuthenticateReply reply; reply.setUser(session->getUserName()); reply.setDb(session->getDatabase()); return reply;
This way there's no ambiguity or hard to spot ordering issues.
- documents
-
SERVER-59970 Fix return value from authenticate command
-
- Closed
-