[SERVER-29731] Auth checks must have access to document sequences Created: 19/Jun/17  Updated: 30/Oct/23  Resolved: 13/Jul/17

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 3.5.11

Type: Bug Priority: Major - P3
Reporter: Mathias Stearn Assignee: Mathias Stearn
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Repl 2017-07-31
Participants:

 Description   

This is currently only nessesary for inserting into system.indexes. That will fail today if the index specification is in an op_msg document sequence.



 Comments   
Comment by Githook User [ 13/Jul/17 ]

Author:

{u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'}

Message: SERVER-29731 command auth auditing should get access to document sequences
Branch: master
https://github.com/mongodb/mongo/commit/9a49ee3a03e02597086e577f06a71a0723bc0582

Comment by Githook User [ 13/Jul/17 ]

Author:

{u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'}

Message: SERVER-29731 Add sharding_jscore_passthrough_opquery suite
Branch: master
https://github.com/mongodb/mongo/commit/013f374c9d055cf434102fad2b6bfd83bb7616a9

Comment by Githook User [ 13/Jul/17 ]

Author:

{u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'}

Message: SERVER-29731 upconvertRequest now uses document sequences where appropriate

In addition to improving test coverage for document sequences, this also
improves performance of insert commands sent over OP_QUERY since they will no
longer copy the objects during upconversion.
Branch: master
https://github.com/mongodb/mongo/commit/10d31e1e3b4f32f842489e2a2de66a547e550b5a

Comment by Githook User [ 13/Jul/17 ]

Author:

{u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'}

Message: SERVER-29731 upconvertRequest shouldn't separate data and metadata
Branch: master
https://github.com/mongodb/mongo/commit/704d2dc2a533e6297a6e77e23fb6afbf574e9572

Comment by Githook User [ 13/Jul/17 ]

Author:

{u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'}

Message: SERVER-29731 Auth checks get access to document sequences
Branch: master
https://github.com/mongodb/mongo/commit/c4883a9d289a01e8e4f45ccac7f19f59f2892c42

Comment by Githook User [ 13/Jul/17 ]

Author:

{u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'}

Message: SERVER-29731 don't pass cmdobj to localHostOnlyIfNoAuth()

It wasn't used. If we need it in the future, it should probably use
OpMsgRequest.
Branch: master
https://github.com/mongodb/mongo/commit/b32c49eadcfab7c7e321a4d539e770d2a70e9730

Comment by Githook User [ 13/Jul/17 ]

Author:

{u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'}

Message: SERVER-29731 get errmsg out of BasicCommand api

It is now only used by commands deriving from ErrmsgCommandDeprecated.
Branch: master
https://github.com/mongodb/mongo/commit/8d555140ce24b9f59e4672a0ed026502fdfffd2c

Comment by Githook User [ 13/Jul/17 ]

Author:

{u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'}

Message: SERVER-29731 Get errmsg out of public Command API
Branch: master
https://github.com/mongodb/mongo/commit/b6abff538f84abecae2bd7137173a37a8626ac14

Comment by Githook User [ 13/Jul/17 ]

Author:

{u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'}

Message: SERVER-29731 Make BasicCommand a real separate type
Branch: master
https://github.com/mongodb/mongo/commit/8c228549b7e29f0c83eb94f4c913e61cd61523a9

Comment by Githook User [ 13/Jul/17 ]

Author:

{u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'}

Message: SERVER-29731 convert all direct subclasses of Command to BasicCommand
Branch: master
https://github.com/mongodb/mongo/commit/1f21d889f89cf1338ff198264d63b029314eef7a

Comment by Githook User [ 13/Jul/17 ]

Author:

{u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'}

Message: SERVER-29731 Unify logic around directly invoking a command
Branch: master
https://github.com/mongodb/mongo/commit/a6cc94d141f13feff33178a769c81282c7bc0170

Comment by Githook User [ 13/Jul/17 ]

Author:

{u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'redbeard0531@gmail.com'}

Message: SERVER-29731 Enterprise changes for document sequence aware auth checks
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/d1d94e1e3ae2ecdfdf179bd54c2111db10d9b233

Generated at Thu Feb 08 04:21:40 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.