Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-36463

Bypass validation of a dummy signatures for isMaster on the unauthenticated connections

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 3.6.7, 4.0.2, 4.1.2
    • Sharding
    • None
    • Fully Compatible
    • v4.0, v3.6
    • Sharding 2018-08-13, Sharding 2018-08-27

    Description

      isMaster command is a part of an authentication handshake protocol. Hence if the driver used __system user then it will fail on isMaster when trying to auth a connection as the __system gets a dummy signature by design.
      Bypassing the dummy signature on isMaster on unauthenticated connection will allow authentication to complete without exception.

      Suggested Implementation

      1. Factor out https://github.com/mongodb/mongo/blob/r4.1.1/src/mongo/db/initialize_operation_session_info.cpp#L52-L61 into a separate function hasAuthUsers
      2. Add

      bool needsSessionAndClusterTimeInit = requiresAuth() || hasAuthUsers(); // e.g. for the isMaster on the non-authenticated session will return true.
      

      3. pass needsSessionAndClusterTimeInit into readRequestMetadata and validate clusterTime if the condition met

      Attachments

        Activity

          People

            misha.tyulenev@mongodb.com Misha Tyulenev
            misha.tyulenev@mongodb.com Misha Tyulenev
            Votes:
            0 Vote for this issue
            Watchers:
            12 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: