[SERVER-11049] Failed X509 Auth returns 0.0 for ok value Created: 05/Oct/13 Updated: 10/Dec/14 Resolved: 07/Oct/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 2.5.3 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Trivial - P5 |
| Reporter: | Craig Wilson | Assignee: | Unassigned |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Windows Build with ssl, git hash d1a4564bbac9b1317ee3d684bb26931a3f450b29 |
||
| Issue Links: |
|
||||
| Operating System: | Windows | ||||
| Steps To Reproduce: |
|
||||
| Participants: | |||||
| Description |
|
Upon failed X509 authentication, the server returns { "ok" : 0.0, "errmsg" : "auth failed", "code" : 18 }. ok should either be true or false or 0 or 1. I know we are bit lax currently regarding this, but it seems like we should pick something going forward and stick with it, and 0.0 doesn't seem to be the right choice. |
| Comments |
| Comment by Craig Wilson [ 07/Oct/13 ] |
|
If that's the thing you guys are standardizing on, then I'm fine. The .NET driver, at least, handles all 3 the same way in responses to commands; because all 3 exist somewhere. Anyways, looks like this should remain as is, so let's just leave it. Close up the bug report. Thanks for answering Andy. |
| Comment by Andy Schwerin [ 07/Oct/13 ] |
|
Check out https://github.com/mongodb/mongo/blob/master/src/mongo/db/commands.cpp#L216 . Almost all code paths currently return 0.0 and 1.0 in the "ok" field. I'm happy to switch over to 0 and 1, if it won't break drivers. It'll change lots of commands, though. |
| Comment by Craig Wilson [ 05/Oct/13 ] |
|
You are absolutely right. MONGODB-CR also fails with 0.0. I figured since this was a new feature, might as well make it's result standardized with whatever you guys are gonna do going forward, but if you're sharing code, it's probably not worth the effort at this point. |
| Comment by Andy Schwerin [ 05/Oct/13 ] |
|
I'm a little surprised that this would happen for this and not for MONGODB-CR authentications, since they use almost exactly the same code paths. Can you confirm that logging in as a non-existent user with MONGODB-CR behaves differently? Is this a mongos or mongod? |