[SERVER-11049] Failed X509 Auth returns 0.0 for ok value Created: 05/Oct/13  Updated: 10/Dec/14  Resolved: 07/Oct/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.5.3
Fix Version/s: None

Type: Bug Priority: Trivial - P5
Reporter: Craig Wilson Assignee: Unassigned
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Windows Build with ssl, git hash d1a4564bbac9b1317ee3d684bb26931a3f450b29


Issue Links:
Depends
Operating System: Windows
Steps To Reproduce:
  1. launch an ssl enabled server.
  2. use a driver with a client certificate for which a user does not exist.
Participants:

 Description   

Upon failed X509 authentication, the server returns

{ "ok" : 0.0, "errmsg" : "auth failed", "code" : 18 }

.

ok should either be true or false or 0 or 1. I know we are bit lax currently regarding this, but it seems like we should pick something going forward and stick with it, and 0.0 doesn't seem to be the right choice.



 Comments   
Comment by Craig Wilson [ 07/Oct/13 ]

If that's the thing you guys are standardizing on, then I'm fine. The .NET driver, at least, handles all 3 the same way in responses to commands; because all 3 exist somewhere. Anyways, looks like this should remain as is, so let's just leave it. Close up the bug report. Thanks for answering Andy.

Comment by Andy Schwerin [ 07/Oct/13 ]

Check out https://github.com/mongodb/mongo/blob/master/src/mongo/db/commands.cpp#L216 . Almost all code paths currently return 0.0 and 1.0 in the "ok" field. I'm happy to switch over to 0 and 1, if it won't break drivers. It'll change lots of commands, though.

Comment by Craig Wilson [ 05/Oct/13 ]

You are absolutely right. MONGODB-CR also fails with 0.0. I figured since this was a new feature, might as well make it's result standardized with whatever you guys are gonna do going forward, but if you're sharing code, it's probably not worth the effort at this point.

Comment by Andy Schwerin [ 05/Oct/13 ]

I'm a little surprised that this would happen for this and not for MONGODB-CR authentications, since they use almost exactly the same code paths. Can you confirm that logging in as a non-existent user with MONGODB-CR behaves differently? Is this a mongos or mongod?

Generated at Thu Feb 08 03:24:44 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.