[SERVER-21535] mongos should ignore actions it doesn't recognize when parsing user privileges at authentication time Created: 18/Nov/15  Updated: 04/May/17  Resolved: 09/Dec/15

Status: Closed
Project: Core Server
Component/s: Security, Sharding
Affects Version/s: None
Fix Version/s: 3.3.0

Type: Bug Priority: Major - P3
Reporter: Spencer Brody (Inactive) Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: bkp
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Related
related to SERVER-21486 successful authentication does not gi... Closed
related to SERVER-29050 Create upgrade/downgrade mechanism fo... Backlog
is related to SERVER-21561 Remove privilege redaction added for ... Closed
is related to SERVER-21567 Add unit test for mongos ignoring unr... Closed
Backwards Compatibility: Minor Change
Operating System: ALL
Backport Requested:
v3.2
Sprint: Sharding C (11/20/15), Sharding D (12/11/15)
Participants:

 Description   

This is to aid mixed-version operation during upgrade.

Now that we update mongods before mongoses, we can run into a problem where a user goes to authenticated to an old mongos, the mongos goes to load the privileges for that user from a new config server mongod, and then the mongos sees actions it doesn't recognize. This currently causes mongos to completely ignore any privileges with actions it doesn't recognize, which could leave the user logged in but missing many of the privileges they expect to see.



 Comments   
Comment by Githook User [ 09/Dec/15 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@mongodb.com'}

Message: SERVER-21535 Make mongos ignore unrecognized actions during privilege parsing while authenticating users
Branch: master
https://github.com/mongodb/mongo/commit/13270a048515916324c5f44958c225550d5c4dc9

Generated at Thu Feb 08 03:57:38 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.