Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-8798

Shell doesn't invalidate cached credentials at db.logout()

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • 2.5.1
    • 2.4.0-rc1
    • Security, Shell
    • None

    Description

      The shell doesn't invalidate cached database credentials when db.logout() is run. Thus, db.logout() will be "undone" if there is a connection reset.

      // insert data as topsecretuser, who has r/w to testDb
      testDb.auth('topsecretuser','p')
      testDb.secrets.insert({data:"secret"})
       
      // log out as topsecretuser
      testDb.logout()
      testDb.secrets.findOne() // returns error, as expected
       
      // log in as clusteruser, who has clusterAdmin
      // use stepdown to force database reconnection (can also cycle mongod, etc)
      adminDb.auth('clusteruser','p')
      adminDb.runCommand({ replSetStepDown: 60 })
       
      // topsecretuser gets logged in again
      testDb.setSlaveOk()
      testDb.secrets.findOne() // returns success, unexpected

      Attachments

        Activity

          People

            andreas.nilsson Andreas Nilsson
            rassi J Rassi
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: