[SERVER-33145] Access control checks for commitTransaction and abortTransaction commands Created: 06/Feb/18  Updated: 29/Oct/23  Resolved: 13/Apr/18

Status: Closed
Project: Core Server
Component/s: Replication
Affects Version/s: None
Fix Version/s: 3.7.4

Type: Task Priority: Major - P3
Reporter: Spencer Brody (Inactive) Assignee: Tess Avitabile (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-35394 Test access control of prepareTransac... Closed
Backwards Compatibility: Fully Compatible
Sprint: Repl 2018-04-09, Repl 2018-04-23
Participants:

 Comments   
Comment by Githook User [ 13/Apr/18 ]

Author:

{'email': 'tess.avitabile@mongodb.com', 'name': 'Tess Avitabile', 'username': 'tessavitabile'}

Message: SERVER-33145 Test that users can only use transactions they created
Branch: master
https://github.com/mongodb/mongo/commit/406bfc77c98836094779b8d1447a425e8666bb2f

Comment by Siyuan Zhou [ 30/Mar/18 ]

SERVER-33774 makes commitTransaction and abortTransaction commands adminOnly, which may change the required privileges. I think the plan is to allow transactions when a user can read and write the data.

Comment by Spencer Brody (Inactive) [ 29/Mar/18 ]

It's possible that they're no work to do on implementing the actual access control check, if there's already controls around which users can check out which sessions. If that's the case then this ticket would just be about adding test coverage

Comment by Siyuan Zhou [ 20/Mar/18 ]

This work should enable the auth test for "commitTransaction" and "abortTransaction". They are temporarily disabled by marking "skipUnlessReplicaSet". We don't have any auth test cases, e.g. commands_builtin_roles.js running with a replica set.

Comment by Spencer Brody (Inactive) [ 06/Feb/18 ]

I don't think there's any specific privilege that should be required to commit or abort transactions, rather a user should always (and only) be allowed to commit/abort transactions that they started. So to implement this check, I think we'll need to start tracking what user is associated with a given transaction, and have the access control check for the commands confirm that the session is authenticated as the same user as created the transaction (or is authenticated as the system user).

Generated at Thu Feb 08 04:32:27 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.