Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Done
Priority: Major - P3
Fix Version/s: None
Component/s: None
Labels:
None

Driver Compliance:

$i18n.getText("admin.common.words.hide")

Key	Status/Resolution	FixVersion
RUBY-782	Done	1.11.0
PYTHON-714	Done	2.7.2, 3.0
CXX-178	Won't Fix
CSHARP-1090	Done	1.10, 2.0
JAVA-1528	Done	2.13.0, 3.0.0
CDRIVER-642	Done	1.1.5

$i18n.getText("admin.common.words.show")

#scriptField, #scriptField *{ border: 1px solid black; } #scriptField{ border-collapse: collapse; } #scriptField td { text-align: center; /* Center-align text in table cells */ } #scriptField td.key { text-align: left; /* Left-align text in the Key column */ } #scriptField a { text-decoration: none; /* Remove underlines from links */ border: none; /* Remove border from links */ } /* Add green background color to cells with FixVersion */ #scriptField td.hasFixVersion { background-color: #00FF00; /* Green color code */ } /* Center-align the first row headers */ #scriptField th { text-align: center; } Key Status/Resolution FixVersion RUBY-782 Done 1.11.0 PYTHON-714 Done 2.7.2, 3.0 CXX-178 Won't Fix CSHARP-1090 Done 1.10, 2.0 JAVA-1528 Done 2.13.0, 3.0.0 CDRIVER-642 Done 1.1.5

Most drivers that provide an addUser helper also support updating users through that helper. With MongoDB 2.6 the usersInfo command is used to determine if the addUser helper should call createUser or updateUser when passed a given username. Starting with MongoDB 2.7.0 the scope of the localhost exception for authentication was dramatically narrowed. It is no longer possible to call the userInfo command unauthenticated, even when the localhost exception is in effect. Any driver that calls usersInfo in its addUser helper can no longer be used to add the first admin user while the localhost exception is in effect:

>>> c = pymongo.MongoClient()
>>> try:
...     c.admin.add_user('admin', 'pass', roles=['root'])
... except Exception as exc:
...     print exc.details
... 
{u'code': 13, u'ok': 0.0, u'errmsg': u'not authorized on admin to execute command { usersInfo: "admin" }'}
>>> 
>>> c.admin.command('createUser', 'admin', pwd='pass', roles=['root'])
{u'ok': 1.0}
>>> c.admin.authenticate('admin', 'pass')
True
>>> c.server_info()['version']
u'2.7.2'

A workaround for this issue is to catch the exception and call createUser if the error code is 13 (Unauthorized). Any exception from the createUser call should propagate to the user application.

https://github.com/mongodb/mongo/blob/master/src/mongo/base/error_codes.err

depends on

CDRIVER-642 Work around localhost exception issues in add_user when connected to MongoDB >= 2.7.1

Closed

CXX-178 Add Security Helper Methods

Closed

CSHARP-1090 Work around localhost exception issues in addUser helpers

Closed

PYTHON-714 Work around localhost exception issues in add_user when connected to MongoDB >= 2.7.1

Closed

RUBY-782 Change add_user helper command to work with narrowed localhost exception.

Closed

JAVA-1528 Work around localhost exception issues in addUser helpers

Closed

is related to

DRIVERS-127 Deprecate "addUser" helpers in favor of "createUser" and "updateUser" helpers

Closed

DRIVERS-162 Work around reduction of localhost exception permissions in MongoDB >= 2.7.1

Closed

SERVER-12621 Reduce localhost exception permissions

Closed

(1 depends on, 3 is related to)

Assignee:: Barrie Segal

Reporter:: Bernie Hackett

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: Jun 20 2014 07:38:03 PM UTC

Updated:: Apr 15 2019 05:29:13 PM UTC

Resolved:: Jun 21 2016 06:45:41 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates