[SERVER-13868] We don't mark V1 users as probed on databases for which they do not have surrogate user documents Created: 07/May/14  Updated: 11/Jul/16  Resolved: 07/May/14

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.6.1
Fix Version/s: 2.6.2, 2.7.1

Type: Bug Priority: Major - P3
Reporter: Spencer Brody (Inactive) Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Completed:
Participants:

 Description   
Issue Status as of May 14, 2014

ISSUE SUMMARY
For v2.4 style users, MongoDB checks for surrogate users on the database being accessed. If no such user is present, MongoDB does not mark the database as "probed", and keeps checking for a surrogate document every time the user executes an operation on the same database. This can cause serious slowdowns in a system using a 2.6 mongos with v2.4 style users.

USER IMPACT
Environments with v2.4 style users can experience significant performance impact due to the repeated queries on the system.users collection. The impact is more pronounced on sharded configurations because of network round trips.

WORKAROUNDS
A workaround is to add a surrogate user document with no roles to the database for the user in question. For example, if user Bob is defined on the admin database, and this user is used to access the foo database, run the following on foo:

> use foo
> db.addUser({user:'Bob', userSource:'admin', roles:[]});

When probing for user documents on that database, this will return a document, and therefore mark the database as "probed" for this particular user.

AFFECTED VERSIONS
Versions 2.6.0 and 2.6.1 were affected by this issue.

FIX VERSION
The fix is included in the 2.6.2 production release.

RESOLUTION DETAILS
The database is marked as probed in the authorization manager, even if no surrogate user has been found.

Original description

In v2.4 a user defined on db A can be given privileges on db B by adding a "surrogate" user document on db B. To support this functionality in 2.6, whenever we do an authorization check for a v2.4 style user, we check if there is a surrogate user doc for that user on the database being accessed. We keep track of which databases we've already checked for surrogate documents for each user, in that user's list of "probed" databases. The problem is that if there is not a surrogate doc for a user on a given database, we neglect to mark that database as probed, which means that the next time that user does an operation on the same database it will try to check for a surrogate doc again, every single time. This can cause serious slowdowns in a system using a 2.6 mongos with v2.4 style users.



 Comments   
Comment by Githook User [ 15/May/14 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@mongodb.com'}

Message: SERVER-13868 Mark V1 users as probed on databases that they do not have surrogate user docs on
(cherry picked from commit d900470dc3fbe19539a8404b5216974b9688f90e)
Branch: v2.6
https://github.com/mongodb/mongo/commit/36a43587509d9caaae6480c533d59d894a2daec2

Comment by Githook User [ 07/May/14 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@mongodb.com'}

Message: SERVER-13868 Mark V1 users as probed on databases that they do not have surrogate user docs on
Branch: master
https://github.com/mongodb/mongo/commit/d900470dc3fbe19539a8404b5216974b9688f90e

Comment by Spencer Brody (Inactive) [ 07/May/14 ]

One workaround is to add a surrogate user doc with no roles to db B for the user in question, so that when we probe the database we find something, which will make us remember not to probe that db for that user again.

Generated at Thu Feb 08 03:33:09 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.