Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 8.2.0-rc0
Affects Version/s: 8.1.0-rc0
Component/s: None
Labels:
None

Assigned Teams:

Server Security
Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v8.1
Sprint:
Server Security 2025-04-14, Server Security 2025-04-28, Server Security 2025-05-09
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

~~SERVER-90284~~ added authorization requirements to buildInfo. It looks like made buildInfo unable to be collected by FTDC : we should ensure FTDC can collect buildInfo.

There are 3 scenarios for returning buildInfo cmd:

BuildInfoAuthModeEnum::kVersionOnlyIfPreAuth:

Only the version will be returned before auth.
Full buildInfo returned if authenticated.

BuildInfoAuthModeEnum::kAllowedPreAuth:

Full buildInfo returned before and after auth.

BuildInfoAuthModeEnum::kRequiresAuth:

No version or buildInfo returned before auth.
Full buildInfo returned after auth.

jstests/auth/buildinfo_auth_cmd.js already covers this test cases.

This change extends BuildInfoAuthModeEnum::kRequiresAuth to allow returning buildInfo when the cmd is called directly by ::typedRun() (which is the default for all commands). This allows FTDC to call it without being authenticated.

related to

SERVER-90245 FTDC logs warnings about deprecated server parameters at startup

Open

SERVER-90284 Make buildInfo command require authn

Closed

Assignee:: Adrian Gonzalez Montemayor

Reporter:: Didier Nadeau

Participants:: Adrian Gonzalez Montemayor, Didier Nadeau, Githook User

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: Mar 25 2025 08:47:04 PM UTC

Updated:: May 08 2025 03:39:37 PM UTC

Resolved:: Apr 28 2025 04:57:01 PM UTC

Confidence Status Last Update:: 10/Apr/25 3:08 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates