[SERVER-21535] mongos should ignore actions it doesn't recognize when parsing user privileges at authentication time Created: 18/Nov/15 Updated: 04/May/17 Resolved: 09/Dec/15 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security, Sharding |
| Affects Version/s: | None |
| Fix Version/s: | 3.3.0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Spencer Brody (Inactive) | Assignee: | Spencer Brody (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | bkp | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||
| Backwards Compatibility: | Minor Change | ||||||||||||||||||||||||
| Operating System: | ALL | ||||||||||||||||||||||||
| Backport Requested: |
v3.2
|
||||||||||||||||||||||||
| Sprint: | Sharding C (11/20/15), Sharding D (12/11/15) | ||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||
| Description |
|
This is to aid mixed-version operation during upgrade. Now that we update mongods before mongoses, we can run into a problem where a user goes to authenticated to an old mongos, the mongos goes to load the privileges for that user from a new config server mongod, and then the mongos sees actions it doesn't recognize. This currently causes mongos to completely ignore any privileges with actions it doesn't recognize, which could leave the user logged in but missing many of the privileges they expect to see. |
| Comments |
| Comment by Githook User [ 09/Dec/15 ] |
|
Author: {u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@mongodb.com'}Message: |