[SERVER-59970] Fix return value from authenticate command Created: 15/Sep/21  Updated: 29/Oct/23  Resolved: 20/Oct/21

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: 5.0.0
Fix Version/s: 5.2.0, 5.0.4, 5.1.0-rc2

Type: Bug Priority: Major - P3
Reporter: Sara Golemon Assignee: Sara Golemon
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Documented
is documented by DOCS-14886 [SERVER] Investigate changes in SERVE... Closed
Backwards Compatibility: Minor Change
Operating System: ALL
Backport Requested:
v5.1, v5.0
Sprint: Security 2021-11-01
Participants:

 Description   

Typed command conversion of the {authenticate: 1} command inadvertently swapped the user and db fields resulting in replies like:

 

$external> db.runCommand({authenticate: 1, mechanism: "MONGODB-X509"})
{
  dbname: 'OU=Widgets,O=Stuff Inc.,C=US,ST=New York,L=New York City,CN=widget-bob',
  user: '$external',
  ok: 1
}

This happens here: https://github.com/mongodb/mongo/blob/d5156d91a608a3b7cf30fbdb63a2d31783389a47/src/mongo/db/commands/authentication_commands.cpp#L367

return AuthenticateReply(session->getUserName().toString(),
                                            session->getDatabase().toString());

This initializes the reply through two string args to the constructor which inobviously are passed in the wrong order (DB comes first). We can fix this with a 2-line swap:

return AuthenticateReply(session->getDatabase().toString(),
                                            session->getUserName().toString());

But a more durable fix which doesn't reply on a generated constructor signature would be to construct by parts:

AuthenticateReply reply;
reply.setUser(session->getUserName());
reply.setDb(session->getDatabase());
return reply;

This way there's no ambiguity or hard to spot ordering issues.



 Comments   
Comment by Githook User [ 20/Oct/21 ]

Author:

{'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}

Message: SERVER-59970 Fix reply value from authenticate command

(cherry picked from commit 93fc544da4f7752a5ce2ab2166e94c50ea70221f)
Branch: v5.0
https://github.com/mongodb/mongo/commit/f4689fa12d78c1ecf2432bea4fc06f76f7e7adcb

Comment by Githook User [ 20/Oct/21 ]

Author:

{'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}

Message: SERVER-59970 Fix reply value from authenticate command

(cherry picked from commit 93fc544da4f7752a5ce2ab2166e94c50ea70221f)
Branch: v5.1
https://github.com/mongodb/mongo/commit/2d56fa989aea10b4c94b7a4b078f54188470f95c

Comment by Githook User [ 19/Oct/21 ]

Author:

{'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}

Message: SERVER-59970 Fix reply value from authenticate command
Branch: master
https://github.com/mongodb/mongo/commit/93fc544da4f7752a5ce2ab2166e94c50ea70221f

Generated at Thu Feb 08 05:48:38 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.