[SERVER-17671] Refuse to complete initial sync from nodes with 2.4-style auth data - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major - P3
Resolution: Done
Affects Version/s: None
Fix Version/s: 3.0.2, 3.1.1
Component/s: Security
Labels:
None

Backwards Compatibility:
Fully Compatible
Backport Completed:

3.0.2

Description

Currently we have a few authentication startup checks in 3.0:

check for indexes on system.users
check for schema version

These checks prevent mongod from starting even when auth is off, but without this improvement you can sync a 3.0 node from 2.6 node with the 2.4 auth schema, and it will work just fine until you try to restart the node.

We should validate during initial sync that the sync source has a new enough auth schema version.

Attachments

Issue Links

is related to

SERVER-25943 Initial sync should handle invalid authSchema document

Closed

related to

SERVER-17808 Ensure availability in initial_sync_unsupported_auth_schema.js test

Closed

SERVER-17998 Ignore socket exceptions in initial_sync_unsupported_auth_schema.js test

Closed

SERVER-17826 Ignore ismaster exceptions in initial_sync_unsupported_auth_schema.js test

Closed

links to

Pull request 940

Activity

People

Assignee:: Andy Schwerin

Reporter:: Alexander Komyagin

Participants:: Alexander Komyagin, Andy Schwerin, Githook User

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: Mar 19 2015 10:36:56 PM UTC

Updated:: Jun 09 2017 08:38:44 PM UTC

Resolved:: Mar 25 2015 07:08:43 PM UTC