Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-38390

Set requiresAuth to false for certain commands

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.6.10
    • Component/s: None
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Sprint:
      Sharding 2018-12-31

      Description

      We need to explicitly declare requiresAuth=false if we want commands that run without authentication to work with implicit sessions. We should review the below list of commands to make sure they do so.

      Quoting SERVER-35753, the following commands should explicitly set requiresAuth to return false, so they may be run by unauthenticated clients:

      • saslStart
      • saslContinue
      • authenticate
      • getnonce
      • connectionStatus
      • buildInfo
      • ping
      • listCommands (but we rather it weren't per SERVER-35482)
      • resetError
      • getLastError
      • getPrevError
      • shutdown (but still has an auth check)
      • ismaster
      • whatsmyuri (internal)
      • _isSelf (internal)

      And the test only commands that don't require auth:

      • configureFailPoint
      • echo
      • refreshLogicalSessionCacheNow
      • waitForOngoingChunkSplits

      We should investigate if any of these commands don't set requiresAuth to be false.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              misha.tyulenev Misha Tyulenev
              Reporter:
              greg.mckeon Gregory McKeon (Inactive)
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: