[SERVER-15134] Improve logging when checking if the localhost exception still applies Created: 04/Sep/14  Updated: 01/Aug/16  Resolved: 25/Jul/16

Status: Closed
Project: Core Server
Component/s: Logging, Security
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Kevin Pulo Assignee: Kinh Hoang
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Backwards Compatibility: Fully Compatible
Sprint: Security 17 (07/15/16), Security (08/08/16)
Participants:

 Description   

When auth is enabled, no users are defined, and connections are made with the localhost exception, every operation will check to see if any users have been defined. This is because as soon as any users have been defined, the localhost exception no longer applies.

However, it is not clear from the logs that this check is being performed before every operation (even simple commands with no auth, like ping or isMaster). On a mongod, this is not so bad, but on mongos, this involves querying the first config server, which may have a substantial latency. This potential latency is not logged anywhere, nor is it included in the millis of the operation, which can be very confusing.

To help avoid this confusion, it would be useful if the logging in this area was strengthened. This could take the form of:

  • Removing the ONCE around the "note: no users configured in admin.system.users, allowing localhost access" message (possibly only for mongos).
  • Making this message more clearly indicate that until a user is configured, all subsequent operations will check if any users are defined (possibly only in mongos).
  • In mongos, make _checkShouldAllowLocalhost() log when it is about to call hasAnyPrivilegeDocuments() (this is my preferred solution). The message could be something like "checking if any users are configured (for localhost access)".
  • Anything else which clearly indicates that this check is being done (out of necessity).


 Comments   
Comment by Andreas Nilsson [ 01/Aug/16 ]

This ticket is no longer as relevant since the scope of the localhost exception have been reduced dramatically. Performance impact resulting from abuse of the system by running commands the user is unauthorized to do will show up in the logs anyways.

I have closed this ticket as "Gone away".

Generated at Thu Feb 08 03:37:02 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.