[SERVER-14158] ShardingTest and authutil js incorrectly handle keyfile authentication Created: 04/Jun/14  Updated: 03/Jul/14  Resolved: 14/Jun/14

Status: Closed
Project: Core Server
Component/s: Security, Testing Infrastructure
Affects Version/s: None
Fix Version/s: 2.7.3

Type: Bug Priority: Minor - P4
Reporter: Kevin Pulo Assignee: Matt Kangas
Resolution: Done Votes: 0
Labels: community-team
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Server 2.7.3
Participants:

 Description   

Based on

https://github.com/mongodb/mongo/blob/c27e46eceedfd68801ae79af4a5bf87b86a6319d/src/mongo/db/auth/security_key.cpp#L121-L124

the server strips out all forms of whitespace from keyfiles.

However, ShardingTest and authutil.asCluster both incorrectly strip only spaces and newlines, instead of everything between 011 and 015, and space (040).

diff --git a/src/mongo/shell/shardingtest.js b/src/mongo/shell/shardingtest.js
index 282ccd0..b3c0a11 100644
--- a/src/mongo/shell/shardingtest.js
+++ b/src/mongo/shell/shardingtest.js
@@ -387,7 +387,7 @@ ShardingTest = function( testName , numShards , verboseLevel , numMongos , other
             authutil.assertAuthenticate(this._mongos, 'admin', {
                 user: '__system',
                 mechanism: 'MONGODB-CR',
-                pwd: cat(keyFile).replace(/[ \n]/g, '')
+                pwd: cat(keyFile).replace(/[\011-\015\040]/g, '')
             });
 
             try {
diff --git a/src/mongo/shell/utils_auth.js b/src/mongo/shell/utils_auth.js
index 67e44d1..ff8f154 100644
--- a/src/mongo/shell/utils_auth.js
+++ b/src/mongo/shell/utils_auth.js
@@ -72,7 +72,7 @@ var authutil;
         authutil.assertAuthenticate(conn, 'local', {
             user: '__system',
             mechanism: 'MONGODB-CR',
-            pwd: cat(keyfile).replace(/[ \n]/g, '')
+            pwd: cat(keyfile).replace(/[\011-\015\040]/g, '')
         });
 
         try {



 Comments   
Comment by Matt Kangas [ 14/Jun/14 ]

No server code modified, but improves usability of tests on Windows.

Comment by Githook User [ 14/Jun/14 ]

Author:

{u'name': u'Kevin Pulo', u'email': u'kevin.pulo@mongodb.com'}

Message: SERVER-14158 ShardingTest and authutil.asCluster correctly handle keyfile auth

Signed-off-by: Matt Kangas <matt.kangas@mongodb.com>
Branch: master
https://github.com/mongodb/mongo/commit/82fadf310eeb947b18aa73e4283f272128c5f5ef

Comment by Kevin Pulo [ 06/Jun/14 ]

I expect that the current tests succeed because the jstests/libs/key1 and key2 files only contain space and newline, but not any of the other problematic characters.

It would be great to add a key3 (and corresponding tests of ShardingTest and authutil.asCluster) along the lines of

echo -ne 'a\011b\012c\013d\014e\015f\040g' > jstests/libs/key3

I expect that such tests would fail with current HEAD, and succeed with the above patch. I'll see if I can find some time to add and check this.

Comment by Matt Kangas [ 04/Jun/14 ]

As it stands, this means tests do not succeed if the keyfile contains Windows CRLF?

Generated at Thu Feb 08 03:34:01 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.