[SERVER-26257] DBDirectClient should not support auth Created: 22/Sep/16  Updated: 13/Jan/21  Resolved: 13/Jan/21

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: 3.3.12
Fix Version/s: 4.9.0

Type: Task Priority: Major - P3
Reporter: Mark Benvenuto Assignee: Sergey Galtsev (Inactive)
Resolution: Done Votes: 0
Labels: neweng
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-33648 Attempting to perform user- and role-... Closed
is related to SERVER-26101 DBDirectClient isn't safe to auth Closed
Backwards Compatibility: Fully Compatible
Sprint: Security 2021-01-11, Security 2021-01-25
Participants:

 Description   

Per SERVER-26101, the auth method is not supported on DBDirectClent. The fix in SERVER-26101 removed it from the JavaScript context, but there may other indirect paths to this function.

The DBDirectClient class should override the auth method, and change it to uassert that it is not supported to be sure.



 Comments   
Comment by Githook User [ 13/Jan/21 ]

Author:

{'name': 'Sergey Galtsev', 'email': 'sergey.galtsev@mongodb.com', 'username': 'brushless-glitch'}

Message: SERVER-26257 Prevent dbdirectclient from authenticatng
Branch: master
https://github.com/mongodb/mongo/commit/55b25212fbfa2d3335e83ee29bd5a1e156be2778

Generated at Thu Feb 08 04:11:34 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.