Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Major - P3
Fix Version/s: 2.5.3
Affects Version/s: None
Component/s: None
Labels:
- 26qa
- stringdata-use-after-free

Operating System:
ALL
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Tested on Windows 7 with OpenSSL 101e

Server:

PS C:\10gen\mongo> .\mongod.exe --sslOnNormalPorts --sslPEMKeyFile .\jstests\libs\server.pem --sslCRLFile .\jstests\libs\crl.pem --sslCAFile .\jstests\libs\ca.pem --sslWeakCertificateValidation --auth
2013-09-30T16:28:25.955-0700 ssl imported 1 revoked certificate from the revocation list.
2013-09-30T16:28:25.971-0700 ssl imported 1 revoked certificate from the revocation list.
2013-09-30T16:28:25.971-0700 [initandlisten] MongoDB starting : pid=1252 port=27017 dbpath=\data\db\ 64-bit host=win764
2013-09-30T16:28:25.971-0700 [initandlisten]
2013-09-30T16:28:25.986-0700 [initandlisten] ** NOTE: This is a development version (2.5.3-pre-) of MongoDB.
2013-09-30T16:28:25.986-0700 [initandlisten] **       Not recommended for production.
2013-09-30T16:28:25.986-0700 [initandlisten]
2013-09-30T16:28:25.986-0700 [initandlisten] db version v2.5.3-pre-
2013-09-30T16:28:26.002-0700 [initandlisten] targetMinOS: Windows 7/Windows Server 2008 R2
2013-09-30T16:28:26.002-0700 [initandlisten] git version: 10870bd2798db3c257d35a905985a066a8df82ec
2013-09-30T16:28:26.002-0700 [initandlisten] OpenSSL version: OpenSSL 1.0.1e 11 Feb 2013
2013-09-30T16:28:26.002-0700 [initandlisten] build info: windows sys.getwindowsversion(major=6, minor=1, build=7601, platform=2, service_pack='Service Pack 1') BOOST_LIB_VERSION=1_49
2013-09-30T16:28:26.018-0700 [initandlisten] allocator: system
2013-09-30T16:28:26.018-0700 [initandlisten] options: { auth: true, ssl: { CAFile: ".\jstests\libs\ca.pem", CRLFile: ".\jstests\libs\crl.pem", PEMKeyFile: ".\jstests\libs\server.pem", sslOnNormalPorts: true, weakCertificateValidation: true
} }

Client:

PS C:\10gen\mongo> .\mongo.exe --ssl --sslPEMKeyFile .\jstests\libs\client.pem
MongoDB shell version: 2.5.3-pre-
connecting to: test
Server has startup warnings:
2013-09-30T16:28:25.971-0700 [initandlisten]
2013-09-30T16:28:25.986-0700 [initandlisten] ** NOTE: This is a development version (2.5.3-pre-) of MongoDB.
2013-09-30T16:28:25.986-0700 [initandlisten] **       Not recommended for production.
2013-09-30T16:28:25.986-0700 [initandlisten]
>
>
> use $external
switched to db $external
>
> db.addUser({user: "CN=client,OU=kerneluser,O=10Gen,L=New York City,ST=New York,C=US", roles: [{name: 'userAdminAnyDatabase', source: 'admin', hasRole: true, 'canDelegate': true}, {name: 'readWriteAnyDatabase', source: 'admin', hasRole: true, 'canDelegate': true}, {name: 'dbAdminAnyDatabase', source: 'admin', hasRole: true, 'canDelegate': true}]})
{
        "user" : "CN=client,OU=kerneluser,O=10Gen,L=New York City,ST=New York,C=US",
        "roles" : [
                {
                        "name" : "userAdminAnyDatabase",
                        "source" : "admin",
                        "hasRole" : true,
                        "canDelegate" : true
                },
                {
                        "name" : "readWriteAnyDatabase",
                        "source" : "admin",
                        "hasRole" : true,
                        "canDelegate" : true
                },
                {
                        "name" : "dbAdminAnyDatabase",
                        "source" : "admin",
                        "hasRole" : true,
                        "canDelegate" : true
                }
        ]
}
> db
$external
> db.auth({user: "CN=client,OU=kerneluser,O=10Gen,L=New York City,ST=New York,C=US", mechanism: 'MONGODB-X509'})
Error: 18 { ok: 0.0, errmsg: "auth failed", code: 18 }
0

Server log:

...
2013-09-30T16:29:59.752-0700 [conn1] insert admin.system.users ninserted:1 keyUpdates:0  259ms
2013-09-30T16:29:59.752-0700 [conn1] command $external.$cmd command: { createUser: "CN=client,OU=kerneluser,O=10Gen,L=New York City,ST=New York,C=US", roles: [ { name: "userAdminAnyDatabase", source: "admin", hasRole: true, canDelegate: true }, { name: "readWriteAnyDatabase", source: "admin", hasRole: true, canDelegate: true }, { name: "dbAdminAnyDatabase", source: "admin", hasRole: true, canDelegate: true } ], writeConcern: { w: "majority", wtimeout: 30000.0 } } ntoreturn:1 keyUpdates:0 locks(micros) W:263758 r:19 reslen:37 267ms
2013-09-30T16:30:10.471-0700 [conn1] assertion 13 not authorized for query on $external.system.namespaces ns:$external.system.namespaces query:{}
2013-09-30T16:30:26.033-0700 [conn1]  authenticate db: $external { authenticate: 1, mechanism: "MONGODB-X509", user: "CN=client,OU=kerneluser,O=10Gen,L=New York City,ST=New York,C=US" }
2013-09-30T16:30:26.049-0700 [conn1] Failed to authenticate CN=client,OU=kerneluser,O=10Gen,L=New York City,ST=New York,C=US@$external with mechanism MONGODB-X509: AuthenticationFailed There is no x.509 client certificate matching the user.
...

A Windows client can authenticate to a Linux server, but not a Windows server. A Linux client also can not authenticate to a Windows server.

Assignee:: Bernie Hackett
Reporter:: Bernie Hackett
Participants:: Andreas Nilsson, auto, Bernie Hackett, Spencer Brody
Votes:: 0 Vote for this issue
Watchers:: 7 Start watching this issue

Created:: Sep 30 2013 11:47:00 PM UTC
Updated:: Jul 11 2016 05:39:24 PM UTC
Resolved:: Oct 03 2013 09:15:40 PM UTC

Details

Description

Attachments

Activity

People

Dates