Fix ReadOnly Mode without auth-enabled (#6478)

2018-09-12 20:02:57 +02:00 · 2018-09-12 20:02:57 +02:00 · c278fd23b2
parent 9d8586b388
commit c278fd23b2
3 changed files with 5 additions and 10 deletions
--- a/arangod/Cluster/HeartbeatThread.cpp
+++ b/arangod/Cluster/HeartbeatThread.cpp
@ -411,10 +411,11 @@ void HeartbeatThread::runDBServer() {
        LOG_TOPIC(TRACE, Logger::HEARTBEAT)
            << "Looking at Sync/Commands/" + _myId;

+        // DBServers disregard the ReadOnly flag, otherwise (without authentication and JWT)
+        // we are not able to identify valid requests from other cluster servers
        AgencyReadTransaction trx(
          std::vector<std::string>({
              AgencyCommManager::path("Shutdown"),
-              AgencyCommManager::path("Readonly"),
              AgencyCommManager::path("Current/Version"),
              "/.agency"}));

@ -463,10 +464,6 @@ void HeartbeatThread::runDBServer() {
              syncDBServerStatusQuo();
            }
          }
-
-          auto readOnlySlice = result.slice()[0].get(std::vector<std::string>(
-            {AgencyCommManager::path(), "Readonly"}));
-          updateServerMode(readOnlySlice);
        }
      }

--- a/arangod/RestServer/VocbaseContext.cpp
+++ b/arangod/RestServer/VocbaseContext.cpp
@ -54,8 +54,8 @@ VocbaseContext* VocbaseContext::create(GeneralRequest& req, TRI_vocbase_t& vocba
  
  // superusers will have an empty username. This MUST be invalid
  // for users authenticating with name / password
-  bool isSuperUser = req.authenticated() && req.user().empty() &&
-                     req.authenticationMethod() == rest::AuthenticationMethod::JWT;
+  const bool isSuperUser = req.authenticated() && req.user().empty() &&
+                           req.authenticationMethod() == AuthenticationMethod::JWT;
  if (isSuperUser) {
    return new VocbaseContext(req, vocbase, ExecContext::Type::Internal,
                              /*sysLevel*/ auth::Level::RW,
--- a/arangod/Utils/ExecContext.h
+++ b/arangod/Utils/ExecContext.h
@ -53,9 +53,7 @@ class ExecContext : public RequestContext {
        _database(database),
        _canceled(false),
        _systemDbAuthLevel(systemLevel),
-        _databaseAuthLevel(dbLevel) {
-    TRI_ASSERT(!(_type == Type::Internal) || _user.empty());
-  }
+        _databaseAuthLevel(dbLevel) {}
  ExecContext(ExecContext const&) = delete;
  ExecContext(ExecContext&&) = delete;
 public: