[SERVER-8213] Make copyDB and clone work with auth when using new-style users Created: 17/Jan/13 Updated: 30/Oct/15 Resolved: 28/Oct/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 2.4.0-rc0 |
| Fix Version/s: | 2.5.4 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Spencer Brody (Inactive) | Assignee: | Spencer Brody (Inactive) |
| Resolution: | Done | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||||||
| Operating System: | ALL | ||||||||||||||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||||||||||||||
| Description |
|
If using extended-form privilege documents it is impossible to run the copyDB and clone commands if auth is enabled. See the discussion in |
| Comments |
| Comment by auto [ 28/Oct/13 ] |
|
Author: {u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@10gen.com'}Message: |
| Comment by auto [ 06/Sep/13 ] |
|
Author: {u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@10gen.com'}Message: |
| Comment by Spencer Brody (Inactive) [ 23/Apr/13 ] |
|
Proposed plan: copyDatabase is the only one that could work when the source server is outside the current cluster and has auth enabled, because it's the only one that takes a username and password argument. It is easy have have all 3 require whatever privileges they need to write to the target (which is the machine that the commands are run on), the problem is for when the source for clone or copyDatabase is part of the same cluster, you need to also require the necessary source privileges. Plan is first check if the source is the current machine (there's an easy way to do this by calling HostAndPort::isSelf), and if not, to then create a new connection to the source and attempt to authenticate using the internal cluster credentials. If the source is the same machine, or if the authentication is successful, then we assume the source machine is part of the same cluster and require the necessary privileges to read from source. |
| Comment by Andy Schwerin [ 21/Mar/13 ] |
|
Can you describe a proposed solution? |