[SERVER-74292] Reject commands containing both legacy and new impersonated user metadata fields Created: 22/Feb/23  Updated: 29/Oct/23  Resolved: 28/Feb/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 7.0.0-rc0, 6.3.0-rc3

Type: Task Priority: Major - P3
Reporter: Varun Ravichandran Assignee: Varun Ravichandran
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Related
Backwards Compatibility: Fully Compatible
Backport Requested:
v6.3
Sprint: Security 2023-03-06
Participants:
Linked BF Score: 106

 Description   

SERVER-64029 prohibited impersonation of multiple users by introducing a new field for impersonated usernames while retaining backwards compatibility for the legacy version of the field. We should properly enforce that at most only one of these fields is ever present.



 Comments   
Comment by Githook User [ 30/Mar/23 ]

Author:

{'name': 'Varun Ravichandran', 'email': 'varun.ravichandran@mongodb.com', 'username': 'varunravi98'}

Message: SERVER-74292: Return errors for command requests with invalid impersonated user metadata fields

(cherry picked from commit 70b4adbb66c6396afda5b3fc73a9d61f6015e9c7)
Branch: v6.3
https://github.com/mongodb/mongo/commit/233d39b231486c3d34f2fc93a8d815469d52255a

Comment by Githook User [ 28/Feb/23 ]

Author:

{'name': 'Varun Ravichandran', 'email': 'varun.ravichandran@mongodb.com', 'username': 'varunravi98'}

Message: SERVER-74292: Return errors for command requests with invalid impersonated user metadata fields
Branch: master
https://github.com/mongodb/mongo/commit/70b4adbb66c6396afda5b3fc73a9d61f6015e9c7

Generated at Thu Feb 08 06:27:02 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.