Details
Description
Typed command conversion of the {authenticate: 1} command inadvertently swapped the user and db fields resulting in replies like:
$external> db.runCommand({authenticate: 1, mechanism: "MONGODB-X509"})
|
{
|
dbname: 'OU=Widgets,O=Stuff Inc.,C=US,ST=New York,L=New York City,CN=widget-bob',
|
user: '$external',
|
ok: 1
|
}
|
This happens here: https://github.com/mongodb/mongo/blob/d5156d91a608a3b7cf30fbdb63a2d31783389a47/src/mongo/db/commands/authentication_commands.cpp#L367
return AuthenticateReply(session->getUserName().toString(),
|
session->getDatabase().toString());
|
This initializes the reply through two string args to the constructor which inobviously are passed in the wrong order (DB comes first). We can fix this with a 2-line swap:
return AuthenticateReply(session->getDatabase().toString(),
|
session->getUserName().toString());
|
But a more durable fix which doesn't reply on a generated constructor signature would be to construct by parts:
AuthenticateReply reply;
|
reply.setUser(session->getUserName());
|
reply.setDb(session->getDatabase());
|
return reply;
|
This way there's no ambiguity or hard to spot ordering issues.
Attachments
Issue Links
- is documented by
-
DOCS-14886 [SERVER] Investigate changes in SERVER-59970: Fix return value from authenticate command
-
- Closed
-