Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-21486

successful authentication does not give full privilege with 3.0 mongos and 3.2 mongod

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 3.2.0-rc4
    • Affects Version/s: 3.2.0-rc2
    • Component/s: Security, Sharding
    • None
    • Fully Compatible
    • ALL
    • Hide

      run jstests/sharding/authmr.js with everything in 3.2 expect for mongos, which is in 3.0

      Show
      run jstests/sharding/authmr.js with everything in 3.2 expect for mongos, which is in 3.0
    • Sharding C (11/20/15), Sharding D (12/11/15)

      It appears that even if a user authenticates successfully as an admin user, it does not have the full privilege.

      This appears be the culprit since ActionSet::parseActionSetFromStringVector breaks out immediately when it sees an unrecognized action:

      2015-11-16T15:57:49.199-0500 W ACCESS   [conn1] Could not parse privilege element in user document for admin@admin: Unrecognized action privilege string: bypassDocumentValidation
      2015-11-16T15:57:49.218-0500 I ACCESS   [conn1] Successfully authenticated as principal admin on admin
      

        1. userdoc.json
          4 kB
          Spencer Jackson

            Assignee:
            spencer@mongodb.com Spencer Brody (Inactive)
            Reporter:
            randolph@mongodb.com Randolph Tan
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved: