Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-32169

A cursor created with a session cannot be killed outside that session

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 3.6.0
    • Fix Version/s: 3.6.3, 3.7.1
    • Component/s: None
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Backport Requested:
      v3.6
    • Sprint:
      Platforms 2017-12-18

      Description

      After SERVER-28260, a cursor created with an 'lsid' cannot be killed without passing the same lsid:

      $ cat killCursorsBug.js
      db.test.insertOne({});
      var res = db.runCommand({find: "test", batchSize: 0, lsid: {id: BinData(4, "QlLfPHTySm6tqfuV+EOsVA==")}});
      res = db.runCommand({killCursors: "test", cursors: [res.cursor.id]});
      printjson(res);
      $ mongo 'mongodb://user:password@localhost:27017' killCursorsBug.js
      MongoDB shell version v3.4.10
      connecting to: mongodb://user:password@localhost:27017
      MongoDB server version: 3.7.0-180-g09d3d18
      WARNING: shell and server versions do not match
      {
      	"operationTime" : Timestamp(1512435604, 1),
      	"ok" : 0,
      	"errmsg" : "not authorized on test to execute command { killCursors: \"test\", cursors: [ 78117941810 ], $db: \"test\" }",
      	"code" : 13,
      	"codeName" : "Unauthorized"
      }
      

      killCursors should succeed when run with a different session or even no session at all.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              sara.golemon Sara Golemon
              Reporter:
              shane.harvey Shane Harvey
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: