Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-1928

"Unknown command error" from authentication and misformatted domain socket URI

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 1.5.1
    • Affects Version/s: 1.5.0
    • Component/s: libmongoc
    • None
    • Environment:
      MongoDB 3.2, libmongoc-1.5.0-rc6

      In PHPLIB-174, a user failed to escape the Unix domain socket path in their connection URI and received an odd exception message when database authentication failed.

      I extracted the following trace while reproducing the scenario with MongoDB 3.2 and a build of the PHPC linked against libmongoc 1.5.0-rc6:

      [2016-11-17T23:40:11+00:00]     stream: TRACE   > ENTRY: mongoc_stream_read():268
      [2016-11-17T23:40:11+00:00]     stream: TRACE   > ENTRY: mongoc_stream_readv():226
      [2016-11-17T23:40:11+00:00]     stream: TRACE   > ENTRY: _mongoc_stream_socket_readv():139
      [2016-11-17T23:40:11+00:00]     socket: TRACE   > ENTRY: mongoc_socket_recv():797
      [2016-11-17T23:40:11+00:00]     socket: TRACE   >  EXIT: mongoc_socket_recv():826
      [2016-11-17T23:40:11+00:00]     stream: TRACE   >  EXIT: _mongoc_stream_socket_readv():188
      [2016-11-17T23:40:11+00:00]     stream: TRACE   > TRACE: mongoc_stream_readv():236 readv = 0x7ffdf48cb8b0 [1]
      [2016-11-17T23:40:11+00:00]     stream: TRACE   > 00000:  57 00 00 00 02 24 65 72  72 00 3e 00 00 00 6e 6f  W . . . . $ e r  r . > . . . n o
      [2016-11-17T23:40:11+00:00]     stream: TRACE   > 00010:  74 20 61 75 74 68 6f 72  69 7a 65 64 20 66 6f 72  t   a u t h o r  i z e d   f o r
      [2016-11-17T23:40:11+00:00]     stream: TRACE   > 00020:  20 71 75 65 72 79 20 6f  6e 20 74 6d 70 2f 6d 6f    q u e r y   o  n   t m p / m o
      [2016-11-17T23:40:11+00:00]     stream: TRACE   > 00030:  6e 67 6f 64 62 2d 32 37  30 31 37 2e 73 6f 63 6b  n g o d b - 2 7  0 1 7 . s o c k
      [2016-11-17T23:40:11+00:00]     stream: TRACE   > 00040:  2f 61 64 6d 69 6e 2e 24  63 6d 64 00 10 63 6f 64  / a d m i n . $  c m d . . c o d
      [2016-11-17T23:40:11+00:00]     stream: TRACE   > 00050:  65 00 0d 00 00 00 00                              e . . . . . .
      [2016-11-17T23:40:11+00:00]     stream: TRACE   >  EXIT: mongoc_stream_readv():239
      [2016-11-17T23:40:11+00:00]     stream: TRACE   >  EXIT: mongoc_stream_read():280
      [2016-11-17T23:40:11+00:00]     mongoc: TRACE   > ENTRY: _mongoc_populate_cmd_error():770
      [2016-11-17T23:40:11+00:00]     mongoc: TRACE   >  EXIT: _mongoc_populate_cmd_error():795
      

      This translates to:

      {
          "$err" : "not authorized for query on tmp\/mongodb-27017.sock.$cmd",
          "code" : 13
      }
      

      From the MongoDB logs, the following command was being executed at the time:

      2016-11-17T18:40:11.336-0500 I QUERY    [conn1] assertion 13 not authorized for query on tmp/mongodb-27017.sock/admin.$cmd ns:tmp/mongodb-27017.sock/admin.$cmd query:{ saslStart: 1, mechanism: "SCRAM-SHA-1", payload: BinData(0, 6E2C2C6E3D666F6F2C723D6774713035457335496C70736E456D762B6F55554D76376868666156474F7066), autoAuthorize: 1 }
      

      I consulted the legacy PHP driver and it did consult the "$err" field when checking for cursor errors (see: mongo_connect_send_packet()). Based on the trace data, _mongoc_populate_cmd_error() is being used to populate the bson_error_t. Perhaps _mongoc_populate_query_error(), which does check for "$err" and "code" fields, should be used instead.

            Assignee:
            jesse@mongodb.com A. Jesse Jiryu Davis
            Reporter:
            jmikola@mongodb.com Jeremy Mikola
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: