<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 04:43:11 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-36463] Bypass validation of a dummy signatures for isMaster on the unauthenticated connections</title>
                <link>https://jira.mongodb.org/browse/SERVER-36463</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;isMaster command is a part of an authentication handshake protocol. Hence if the driver used __system user then it will fail on isMaster when trying to auth a connection as the __system gets  a dummy signature by design.&lt;br/&gt;
Bypassing the dummy signature on isMaster on unauthenticated connection will allow authentication to complete without exception.&lt;/p&gt;

&lt;h2&gt;&lt;a name=&quot;SuggestedImplementation&quot;&gt;&lt;/a&gt;Suggested Implementation &lt;/h2&gt;

&lt;p&gt;1. Factor out &lt;a href=&quot;https://github.com/mongodb/mongo/blob/r4.1.1/src/mongo/db/initialize_operation_session_info.cpp#L52-L61&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/blob/r4.1.1/src/mongo/db/initialize_operation_session_info.cpp#L52-L61&lt;/a&gt; into a separate function hasAuthUsers&lt;br/&gt;
2. Add&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;bool needsSessionAndClusterTimeInit = requiresAuth() || hasAuthUsers(); // e.g. for the isMaster on the non-authenticated session will return true.&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;3. pass needsSessionAndClusterTimeInit into readRequestMetadata and validate clusterTime if the condition met&lt;/p&gt;</description>
                <environment></environment>
        <key id="584354">SERVER-36463</key>
            <summary>Bypass validation of a dummy signatures for isMaster on the unauthenticated connections</summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="misha.tyulenev@mongodb.com">Misha Tyulenev</assignee>
                                    <reporter username="misha.tyulenev@mongodb.com">Misha Tyulenev</reporter>
                        <labels>
                    </labels>
                <created>Mon, 6 Aug 2018 15:22:56 +0000</created>
                <updated>Sun, 29 Oct 2023 22:29:16 +0000</updated>
                            <resolved>Mon, 13 Aug 2018 22:12:41 +0000</resolved>
                                                    <fixVersion>3.6.7</fixVersion>
                    <fixVersion>4.0.2</fixVersion>
                    <fixVersion>4.1.2</fixVersion>
                                    <component>Sharding</component>
                                        <votes>0</votes>
                                    <watches>12</watches>
                                                                                                                <comments>
                            <comment id="1975690" author="xgen-internal-githook" created="Tue, 14 Aug 2018 18:28:11 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;username&apos;: &apos;mikety&apos;, &apos;email&apos;: &apos;misha@mongodb.com&apos;, &apos;name&apos;: &apos;Misha Tyulenev&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-36463&quot; title=&quot;Bypass validation of a dummy signatures for isMaster on the unauthenticated connections&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-36463&quot;&gt;&lt;del&gt;SERVER-36463&lt;/del&gt;&lt;/a&gt; bypass validation of dummy signatures for isMaster on the unauthenticated connections&lt;/p&gt;

&lt;p&gt;(cherry picked from commit c764ee142f633b3a88954f336b11633e1baeffdc)&lt;br/&gt;
Branch: v3.6&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/56cd2418be38c4aeacdb26f95c48ecae7c4189fd&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/56cd2418be38c4aeacdb26f95c48ecae7c4189fd&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="1975505" author="xgen-internal-githook" created="Tue, 14 Aug 2018 16:07:48 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;username&apos;: &apos;mikety&apos;, &apos;email&apos;: &apos;misha@mongodb.com&apos;, &apos;name&apos;: &apos;Misha Tyulenev&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-36463&quot; title=&quot;Bypass validation of a dummy signatures for isMaster on the unauthenticated connections&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-36463&quot;&gt;&lt;del&gt;SERVER-36463&lt;/del&gt;&lt;/a&gt; bypass validation of dummy signatures for isMaster on the unauthenticated connections&lt;br/&gt;
Branch: v4.0&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/6b58d6381785ab22d73affef5067a546f7c5c8ed&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/6b58d6381785ab22d73affef5067a546f7c5c8ed&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="1974754" author="xgen-internal-githook" created="Mon, 13 Aug 2018 22:11:54 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Misha Tyulenev&apos;, &apos;email&apos;: &apos;misha@mongodb.com&apos;, &apos;username&apos;: &apos;mikety&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-36463&quot; title=&quot;Bypass validation of a dummy signatures for isMaster on the unauthenticated connections&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-36463&quot;&gt;&lt;del&gt;SERVER-36463&lt;/del&gt;&lt;/a&gt; bypass validation of dummy signatures for isMaster on the unauthenticated connections&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/c764ee142f633b3a88954f336b11633e1baeffdc&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/c764ee142f633b3a88954f336b11633e1baeffdc&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="1967717" author="spencer.jackson@10gen.com" created="Mon, 6 Aug 2018 15:44:56 +0000"  >&lt;p&gt;OK. To figure out whether the client has authenticated users, you should obtain an AuthorizationSession off the OperationContext, then call something like:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt; authorizationSession.getAuthenticatedUserNames().more()&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;This will return true, if there is one or more user authenticated on the client.&lt;/p&gt;

&lt;p&gt;You will likely need to move logical time validation after command parsing, when you will learn the name of the command you&apos;re running. You will then need to figure out if the command is intended to be used pre-auth. You&apos;ll want to ignore the signature on isMaster, saslStart, saslContinue, authenticate, and listCommands. Rather than perform a table lookup, you&apos;ll probably want to call the&#160;&lt;tt&gt;requiresAuth()&lt;/tt&gt; method exposed on the Command base class. On master and 4.0, this will return false if the command is expected to be used pre-auth. It means this on 3.6 too, but was only checked during logical session ID parsing, and so it wasn&apos;t as comprehensively tested, so you may want to double check the command definitions.&lt;/p&gt;

&lt;p&gt;Also, be advised that a un-authenticated user may run authorized commands if the clinet is using the Localhost Auth Bypass. A client exists in this state when it is connected to localhost, the server has authentication enabled, and no users have been created in the server.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10420">
                    <name>Backports</name>
                                            <outwardlinks description="backported by">
                                                        </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                                        </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>4.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_12450" key="com.atlassian.jira.plugin.system.customfieldtypes:multicheckboxes">
                        <customfieldname>Backport Requested</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="15640"><![CDATA[v4.0]]></customfieldvalue>
    <customfieldvalue key="15141"><![CDATA[v3.6]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_13552" key="com.go2group.jira.plugin.crm:crm_generic_field">
                        <customfieldname>Case</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[[500A000000bV4BtIAK]]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 6 Aug 2018 15:44:56 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        5 years, 26 weeks, 1 day ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            5 years, 26 weeks, 1 day ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>xgen-internal-githook</customfieldvalue>
            <customfieldvalue>misha.tyulenev@mongodb.com</customfieldvalue>
            <customfieldvalue>spencer.jackson@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hu4tkv:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|htvfx3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="2451">Sharding 2018-08-13</customfieldvalue>
    <customfieldvalue id="2452">Sharding 2018-08-27</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hu4fu7:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>