[SERVER-31640] Parse Logical Session IDs for authenticated clients under localhost auth bypass Created: 19/Oct/17  Updated: 30/Oct/23  Resolved: 13/Nov/17

Status: Closed
Project: Core Server
Component/s: Internal Code
Affects Version/s: None
Fix Version/s: 3.6.0-rc4

Type: Bug Priority: Major - P3
Reporter: Spencer Jackson Assignee: Spencer Jackson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Platforms 2017-11-13
Participants:
Linked BF Score: 0

 Description   

A mongos may connect to a shard server using a localhost connection. LSIDs should be parsed from commands executed via this connection. Because the shard may not have local users, this connection may be under the localhost auth bypass, which normally prevents LSID parsing. However, the mongos will authenticate as the __system user. Authentication, even when no users exist on the system, should cause LSID parsing to occur.



 Comments   
Comment by Githook User [ 13/Nov/17 ]

Author:

{'name': 'Spencer Jackson', 'username': 'spencerjackson', 'email': 'spencer.jackson@mongodb.com'}

Message: SERVER-31640: Parse logical session IDS for authenticated clients
Branch: master
https://github.com/mongodb/mongo/commit/292bfa1f74e28b8d8408b37b68f2897f65f7ed02

Generated at Thu Feb 08 04:27:43 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.