[SERVER-18140] Allow getParameter to be executed locally against an arbiter in an authenticated replica set Created: 20/Apr/15  Updated: 19/Sep/15  Resolved: 28/Apr/15

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 3.0.1
Fix Version/s: 3.0.3, 3.1.3

Type: Bug Priority: Major - P3
Reporter: Louisa Berger Assignee: Amalia Hawkins
Resolution: Done Votes: 0
Labels: ET
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
is related to SERVER-18169 Regression: Auth enabled arbiter cann... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Completed:
Sprint: Security 2 04/24/15, Security 3 05/15/15
Participants:

 Description   
Issue Status as of Apr 29, 2015

ISSUE SUMMARY
Because arbiters do not replicate data, they do not have a copy of a replica set's credentials, and therefore refuse all authentication attempts when auth is required. As a result certain operations required for basic maintenance and for integration with MMS, that were previousily available via the localhost exception, are no longer possible.

This change makes following operations available to clients that have access to an arbiter via the localhost exception:

  • getCmdLineOpts
  • serverStatus
  • getParameter
  • shutdown

WORKAROUNDS

None.

AFFECTED VERSIONS

3.0.0, 3.0.1, and 3.0.2

FIX VERSION
The fix is included in the 3.0.3 production release.

Original description

In 2.6.x it was possible to execute getParameter against an arbiter in an authenticated replica set. In 3.0.1 it is not.

Please restore the ability to execute getParameter against an arbiter in an authenticated replica set, at least from localhost.



 Comments   
Comment by Githook User [ 28/Apr/15 ]

Author:

{u'username': u'hawka', u'name': u'Amalia Hawkins', u'email': u'amalia.hawkins@10gen.com'}

Message: SERVER-18140: Allow getParameter to be executed locally against an arbiter in an authenticated replica set
Branch: master
https://github.com/mongodb/mongo/commit/3fe79932f7f20a78bd55f879863899c2443ab1a7

Comment by Githook User [ 28/Apr/15 ]

Author:

{u'username': u'hawka', u'name': u'Amalia Hawkins', u'email': u'amalia.hawkins@10gen.com'}

Message: SERVER-18140: Allow getParameter to be executed locally against an arbiter in an authenticated replica set

(cherry-picked from commit e6cddcf94d2e2bdc30c7f36e77eb377085146adb)
Branch: v3.0
https://github.com/mongodb/mongo/commit/913050a185855aaccd725d95f04eaf6dd414525f

Comment by Githook User [ 21/Apr/15 ]

Author:

{u'username': u'hawka', u'name': u'Amalia Hawkins', u'email': u'amalia.hawkins@10gen.com'}

Message: Revert "SERVER-18140 allow getParamter to be executed locally against arbiter in auth'd replset"

This reverts commit 7d08d3559838f12792d4540c8400e0f955455405.
Branch: master
https://github.com/mongodb/mongo/commit/1e0624eb98e4c5609ddf86c8f14bdea68bce9f3b

Comment by Githook User [ 21/Apr/15 ]

Author:

{u'username': u'hawka', u'name': u'Amalia Hawkins', u'email': u'amalia.hawkins@10gen.com'}

Message: Revert "SERVER-18140 allow getParameter to be executed locally against arbiter in auth'd replset"

This reverts commit 6e3fceb6cf8fd4176150b7dd84d036c285889e3d.
Branch: v3.0
https://github.com/mongodb/mongo/commit/4c1abad5a285071e55f1a88f619b13a290b3e794

Comment by Githook User [ 21/Apr/15 ]

Author:

{u'username': u'hawka', u'name': u'Amalia Hawkins', u'email': u'amalia.hawkins@10gen.com'}

Message: SERVER-18140 allow getParameter to be executed locally against arbiter in auth'd replset

(cherry-picked from commit 7d08d3559838f12792d4540c8400e0f955455405)
Branch: v3.0
https://github.com/mongodb/mongo/commit/6e3fceb6cf8fd4176150b7dd84d036c285889e3d

Comment by Githook User [ 21/Apr/15 ]

Author:

{u'username': u'hawka', u'name': u'Amalia Hawkins', u'email': u'amalia.hawkins@10gen.com'}

Message: SERVER-18140 allow getParamter to be executed locally against arbiter in auth'd replset
Branch: master
https://github.com/mongodb/mongo/commit/7d08d3559838f12792d4540c8400e0f955455405

Generated at Thu Feb 08 03:46:41 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.