<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 06:38:26 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-78466] SessionsCollectionRS::_makePrimaryConnection() can reauthenticate as __system</title>
                <link>https://jira.mongodb.org/browse/SERVER-78466</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;The &lt;tt&gt;SessionsCollectionRS&lt;/tt&gt; class is responsible for accessing the &lt;tt&gt;config.sessions&lt;/tt&gt; collection on replica sets. The &lt;tt&gt;_makePrimaryConnection()&lt;/tt&gt; method is used to retrieve a connection to the primary node before performing some kind of operation on the sessions collection.&#160;&lt;/p&gt;

&lt;p&gt;Today, the implementation of this method retrieves a &lt;tt&gt;ScopedDbCollection&lt;/tt&gt;, which comes from the internal connection pool, and then authenticates as the &lt;tt&gt;__system&lt;/tt&gt; user on the connection before performing the requisite operation. After the operation is completed, the connection is returned to the pool.&lt;/p&gt;

&lt;p&gt;As a result, it is possible that the connection from the pool has already been authenticated as &lt;tt&gt;_&lt;em&gt;system&lt;/tt&gt;. Ever since &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-56267&quot; title=&quot;Prevent authentication as multiple users on API versioned connections&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-56267&quot;&gt;&lt;del&gt;SERVER-56267&lt;/del&gt;&lt;/a&gt;, the auth subsystem now logs a warning whenever a client reauthenticates as the same user already authenticated on the connection. This can result in unnecessary log spam, so this method should strive to only authenticate as &lt;tt&gt;&lt;/em&gt;_system&lt;/tt&gt; once.&lt;/p&gt;</description>
                <environment></environment>
        <key id="2377688">SERVER-78466</key>
            <summary>SessionsCollectionRS::_makePrimaryConnection() can reauthenticate as __system</summary>
                <type id="3" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14718&amp;avatarType=issuetype">Task</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="10038" iconUrl="https://jira.mongodb.org/images/icons/subtask.gif" description="">Backlog</status>
                    <statusCategory id="2" key="new" colorName="default"/>
                                    <resolution id="-1">Unresolved</resolution>
                                        <assignee username="backlog-server-cluster-scalability">Backlog - Cluster Scalability</assignee>
                                    <reporter username="varun.ravichandran@mongodb.com">Varun Ravichandran</reporter>
                        <labels>
                            <label>sharding-nyc-subteam3</label>
                    </labels>
                <created>Mon, 26 Jun 2023 23:41:05 +0000</created>
                <updated>Tue, 12 Dec 2023 15:58:15 +0000</updated>
                                                                                                <votes>3</votes>
                                    <watches>8</watches>
                                                                                                                <comments>
                            <comment id="5859499" author="JIRAUSER1275711" created="Tue, 7 Nov 2023 03:52:20 +0000"  >&lt;p&gt;Hope the issue is resolved soon. Apart from simply getting those bulk of irritating messages every few minutes, they could actually hamper while troubleshooting a real issue and also add to the volume of log.&lt;/p&gt;</comment>
                            <comment id="5858019" author="vgrippa@gmail.com" created="Mon, 6 Nov 2023 18:00:09 +0000"  >&lt;p&gt;It also affects 6.0.11.&lt;/p&gt;</comment>
                            <comment id="5587653" author="varun.ravichandran" created="Mon, 24 Jul 2023 19:42:40 +0000"  >&lt;p&gt;After conversation with &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=randolph%40mongodb.com&quot; class=&quot;user-hover&quot; rel=&quot;randolph@mongodb.com&quot;&gt;randolph@mongodb.com&lt;/a&gt; offline, reassigning to Sharding NYC as they own the &lt;tt&gt;config.sessions&lt;/tt&gt; machinery.&lt;/p&gt;</comment>
                            <comment id="5565379" author="JIRAUSER1262924" created="Thu, 13 Jul 2023 21:41:08 +0000"  >&lt;p&gt;Thanks &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=jason.chan%40mongodb.com&quot; class=&quot;user-hover&quot; rel=&quot;jason.chan@mongodb.com&quot;&gt;jason.chan@mongodb.com&lt;/a&gt; , assigning to&#160;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=varun.ravichandran%40mongodb.com&quot; class=&quot;user-hover&quot; rel=&quot;varun.ravichandran@mongodb.com&quot;&gt;varun.ravichandran@mongodb.com&lt;/a&gt; for further investigation, will keep you posted.&lt;/p&gt;</comment>
                            <comment id="5560813" author="jason.chan" created="Wed, 12 Jul 2023 15:49:13 +0000"  >&lt;p&gt;From talking to &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=varun.ravichandran%40mongodb.com&quot; class=&quot;user-hover&quot; rel=&quot;varun.ravichandran@mongodb.com&quot;&gt;varun.ravichandran@mongodb.com&lt;/a&gt;&lt;/p&gt;
&lt;blockquote&gt;&lt;p&gt;So the problem is that the SessionsCollectionRS class grabs a &lt;a href=&quot;https://github.com/10gen/mongo/blob/1df6a1b3318b2634cf38c22f775d1e494933ebda/src/mongo/db/session/sessions_collection_rs.cpp#L81&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;ScopedDbConnection&lt;/a&gt; (which I believe comes from the connection pool) and attempts to connect to the config server primary. It then &lt;a href=&quot;https://github.com/10gen/mongo/blob/1df6a1b3318b2634cf38c22f775d1e494933ebda/src/mongo/db/session/sessions_collection_rs.cpp#L83C1-L86&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;explicitly authenticates as the internal&lt;/a&gt; __system user. If the ScopedDbConnection had already been authenticated as __system, the explicit authentication succeeds but emits a warning log about reauthentication. Ideally, we want each connection to only authenticate once, so here, we would want a way to check whether the ScopedDbConnection was already authenticated or not before authenticating as __system.&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Going by the last sentence above, it sounds like the fix here might be more related to semantics around authentication rather than code in the ConnectionPool itself. I wonder if Security would be better equipped to know how to prioritize and implement this fix? cc: &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=adam.rayner%40mongodb.com&quot; class=&quot;user-hover&quot; rel=&quot;adam.rayner@mongodb.com&quot;&gt;adam.rayner@mongodb.com&lt;/a&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=brad.moore%40mongodb.com&quot; class=&quot;user-hover&quot; rel=&quot;brad.moore@mongodb.com&quot;&gt;brad.moore@mongodb.com&lt;/a&gt;&lt;/p&gt;
</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="2283685">SERVER-74688</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="2283685">SERVER-74688</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>5.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_12751" key="com.atlassian.jira.plugin.system.customfieldtypes:multiselect">
                        <customfieldname>Assigned Teams</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="26583"><![CDATA[Cluster Scalability]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 3 Jul 2023 19:23:44 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        13 weeks, 2 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>dbeng-pm-bot</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            13 weeks, 2 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>adam.rayner@mongodb.com</customfieldvalue>
            <customfieldvalue>backlog-server-cluster-scalability</customfieldvalue>
            <customfieldvalue>dennis.carvalho@nomura.com</customfieldvalue>
            <customfieldvalue>jason.chan@mongodb.com</customfieldvalue>
            <customfieldvalue>varun.ravichandran@mongodb.com</customfieldvalue>
            <customfieldvalue>vgrippa@gmail.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|i2fhov:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hrfs71:og</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="7326">Security 2023-07-24</customfieldvalue>
    <customfieldvalue id="7403">Security 2023-08-07</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10555" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>Story Points</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|i2f3u7:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>