Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-62413

[client certificate auth] Only mark the tuple a match if it contains an existing user

    XMLWordPrintable

Details

    • Untriaged
    • 0
    • Unknown

    Description

      When a username is extracted from a client certificate, we don't check user for existence. We need to add this check before stopping the matching process.
      In other words, current algorithm is:

      1. We start from the first tuple in the list: (path, prefix, delimiter).
      2. If we can extract the username from the certificate using that tuple the authentication is successful, we return extracted username.
      3. If this is the last tuple, authentication has failed, stop.
      4. Switch to the next tuple, and go to step 2.

      We should modify it the following way:

      1. We start from the first tuple in the list: (path, prefix, delimiter).
      2. If we can extract the username from the certificate using that tuple and that local user exists in couchbase-server the authentication is successful, we return extracted username.
      3. If this is the last tuple, authentication has failed, stop.
      4. Switch to the next tuple, and go to step 2.

      Attachments

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. MB-63001 Client certificate authentication for cluster admin failing in 7.2.6/7.6.3

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          is cloned by

          Bug - A problem which impairs or prevents the functions of the product. MB-62945 [client certificate auth] Only mark the tuple a match if it contains an existing user

          • Major - Major loss of function.
          • Resolved
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MB-62945 [client certificate auth] Only mark the tuple a match if it contains an existing user

          • Major - Major loss of function.
          • Resolved
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              shaazin.sheikh Shaazin Sheikh
              timofey.barmin Timofey Barmin
              Votes:
              1 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                PagerDuty