[SERVER-61426] Legacy mongo shell sends authenticate command with database "admin" for X.509 Created: 11/Nov/21  Updated: 29/Oct/23  Resolved: 14/Feb/22

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 5.3.0

Type: Bug Priority: Minor - P4
Reporter: Divjot Arora (Inactive) Assignee: Sara Golemon
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v5.0, v4.4
Sprint: Security 2022-01-10, Security 2022-01-24, Security 2022-02-07, Security 2022-02-21
Participants:

 Description   

Based on some server-side logging, I see that using the legacy mongo shell v5.0.2 to connect with X.509 auth sends an "authenticate" command with the $db value set to "admin". This is how I'm connecting:

> mongo --tlsAllowInvalidHostnames --tls --tlsCAFile ./testdata/certs/ca.pem --tlsCertificateKeyFile ./testdata/certs/client_combined.pem  --authenticationMechanism MONGODB-X509

Using this against a locally running mongod succeeds, but interestingly, if I try to manually run such a command once authenticated, it fails as expected:

> {"authenticate": {"$numberInt":"1"},"mechanism": "MONGODB-X509","user": "CN=x509TestClient","$db": "admin"}



 Comments   
Comment by Githook User [ 11/Feb/22 ]

Author:

{'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}

Message: SERVER-61426 Use 'db' parameter to speculativeAuthenticate.authenticate when available
Branch: master
https://github.com/mongodb/mongo/commit/b357b0f68d0ff3323cebde97a560c3f42843237b

Generated at Thu Feb 08 05:52:23 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.