Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-59970

Fix return value from authenticate command

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 5.2.0, 5.0.4, 5.1.0-rc2
    • Affects Version/s: 5.0.0
    • Component/s: None
    • None
    • Minor Change
    • ALL
    • v5.1, v5.0
    • Security 2021-11-01

      Typed command conversion of the {authenticate: 1} command inadvertently swapped the user and db fields resulting in replies like:

       

      $external> db.runCommand({authenticate: 1, mechanism: "MONGODB-X509"})
{
  dbname: 'OU=Widgets,O=Stuff Inc.,C=US,ST=New York,L=New York City,CN=widget-bob',
  user: '$external',
  ok: 1
}

      This happens here: https://github.com/mongodb/mongo/blob/d5156d91a608a3b7cf30fbdb63a2d31783389a47/src/mongo/db/commands/authentication_commands.cpp#L367 

      return AuthenticateReply(session->getUserName().toString(),
                                            session->getDatabase().toString());

      This initializes the reply through two string args to the constructor which inobviously are passed in the wrong order (DB comes first). We can fix this with a 2-line swap:

      return AuthenticateReply(session->getDatabase().toString(),
                                            session->getUserName().toString());

      But a more durable fix which doesn't reply on a generated constructor signature would be to construct by parts:

      AuthenticateReply reply;
reply.setUser(session->getUserName());
reply.setDb(session->getDatabase());
return reply;

      This way there's no ambiguity or hard to spot ordering issues.

            Assignee:
            sara.golemon@mongodb.com Sara Golemon
            Reporter:
            sara.golemon@mongodb.com Sara Golemon
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: