Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-32169

A cursor created with a session cannot be killed outside that session

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • 3.6.0
    • 3.6.3, 3.7.1
    • None
    • None
    • Fully Compatible
    • ALL
    • v3.6
    • Platforms 2017-12-18

    Description

      After SERVER-28260, a cursor created with an 'lsid' cannot be killed without passing the same lsid:

      $ cat killCursorsBug.js
      db.test.insertOne({});
      var res = db.runCommand({find: "test", batchSize: 0, lsid: {id: BinData(4, "QlLfPHTySm6tqfuV+EOsVA==")}});
      res = db.runCommand({killCursors: "test", cursors: [res.cursor.id]});
      printjson(res);
      $ mongo 'mongodb://user:password@localhost:27017' killCursorsBug.js
      MongoDB shell version v3.4.10
      connecting to: mongodb://user:password@localhost:27017
      MongoDB server version: 3.7.0-180-g09d3d18
      WARNING: shell and server versions do not match
      {
      	"operationTime" : Timestamp(1512435604, 1),
      	"ok" : 0,
      	"errmsg" : "not authorized on test to execute command { killCursors: \"test\", cursors: [ 78117941810 ], $db: \"test\" }",
      	"code" : 13,
      	"codeName" : "Unauthorized"
      }
      

      killCursors should succeed when run with a different session or even no session at all.

      Attachments

        Issue Links

          Activity

            People

              sara.golemon@mongodb.com Sara Golemon
              shane.harvey@mongodb.com Shane Harvey
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: