[SERVER-38390] Set requiresAuth to false for certain commands Created: 04/Dec/18  Updated: 29/Oct/23  Resolved: 18/Dec/18

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 3.6.10

Type: Improvement Priority: Major - P3
Reporter: Gregory McKeon (Inactive) Assignee: Misha Tyulenev
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
is duplicated by SERVER-34820 buildInfo fails when no users are aut... Closed
Related
related to SERVER-35382 _isSelf command needs to be marked re... Closed
related to SERVER-35463 Mark listCommands as pre-auth Closed
related to SERVER-34653 don't even parse requiresAuth command... Closed
Backwards Compatibility: Fully Compatible
Sprint: Sharding 2018-12-31
Participants:

 Description   

We need to explicitly declare requiresAuth=false if we want commands that run without authentication to work with implicit sessions. We should review the below list of commands to make sure they do so.

Quoting SERVER-35753, the following commands should explicitly set requiresAuth to return false, so they may be run by unauthenticated clients:

  • saslStart
  • saslContinue
  • authenticate
  • getnonce
  • connectionStatus
  • buildInfo
  • ping
  • listCommands (but we rather it weren't per SERVER-35482)
  • resetError
  • getLastError
  • getPrevError
  • shutdown (but still has an auth check)
  • ismaster
  • whatsmyuri (internal)
  • _isSelf (internal)

And the test only commands that don't require auth:

  • configureFailPoint
  • echo
  • refreshLogicalSessionCacheNow
  • waitForOngoingChunkSplits

We should investigate if any of these commands don't set requiresAuth to be false.



 Comments   
Comment by Githook User [ 18/Dec/18 ]

Author:

{'username': 'mikety', 'email': 'misha@mongodb.com', 'name': 'Misha Tyulenev'}

Message: SERVER-38390 set requiresAuth to false for some commands
Branch: v3.6
https://github.com/mongodb/mongo/commit/478fc1d2f6b08c8db170ebab0b0faf8f14048c0f

Generated at Thu Feb 08 04:48:49 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.