Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-36463

Bypass validation of a dummy signatures for isMaster on the unauthenticated connections

    • Type: Icon: Improvement Improvement
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 3.6.7, 4.0.2, 4.1.2
    • Affects Version/s: None
    • Component/s: Sharding
    • Labels:
    • Fully Compatible
    • v4.0, v3.6
    • Sharding 2018-08-13, Sharding 2018-08-27

      isMaster command is a part of an authentication handshake protocol. Hence if the driver used __system user then it will fail on isMaster when trying to auth a connection as the __system gets a dummy signature by design.
      Bypassing the dummy signature on isMaster on unauthenticated connection will allow authentication to complete without exception.

      Suggested Implementation

      1. Factor out https://github.com/mongodb/mongo/blob/r4.1.1/src/mongo/db/initialize_operation_session_info.cpp#L52-L61 into a separate function hasAuthUsers
      2. Add

      bool needsSessionAndClusterTimeInit = requiresAuth() || hasAuthUsers(); // e.g. for the isMaster on the non-authenticated session will return true.

      3. pass needsSessionAndClusterTimeInit into readRequestMetadata and validate clusterTime if the condition met

            misha.tyulenev@mongodb.com Misha Tyulenev (Inactive)
            misha.tyulenev@mongodb.com Misha Tyulenev (Inactive)
            0 Vote for this issue
            13 Start watching this issue