Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-46877

saslStart command fails without an error message

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Duplicate
    • Affects Version/s: 4.3.4
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Operating System:
      ALL
    • Backport Requested:
      v4.4
    • Steps To Reproduce:
      Hide

      Send the following command to a 4.3.4 server:

      {saslStart: 1, '$db' => 'test'}
      
      

      Show
      Send the following command to a 4.3.4 server: {saslStart: 1, '$db' => 'test'}
    • Sprint:
      Security 2020-04-06, Security 2020-04-20, Security 2020-05-04, Security 2020-06-01

      Description

      If I issue a saslContinue:1 command on a connection with no fields, the server responds with a failure and provides a message explaining why the command failed:

      irb(main):023:0> a.cluster.next_primary.with_connection { |c| c.dispatch([Mongo::Protocol::Msg.new([], {}, {saslContinue: 1, '$db' => 'test'})])  }
      D, [2020-03-15T18:37:03.610646 #102446] DEBUG -- : MONGODB | [18] localhost:27017 #1 | test.saslContinue | STARTED | {}
      D, [2020-03-15T18:37:03.612064 #102446] DEBUG -- : MONGODB | [18] localhost:27017 | test.saslContinue | FAILED | No SASL session state found (17) | 0.000614045s
      => #<Mongo::Protocol::Msg:0x00005619018332e8 @flags=[], @sections=[{"ok"=>0.0, "errmsg"=>"No SASL session state found", "code"=>17, "codeName"=>"ProtocolError"}]>
      

      If I issue a saslStart:1 command in the same manner, the server responds with a failure but does not provide any diagnostic information:

      irb(main):024:0> a.cluster.next_primary.with_connection { |c| c.dispatch([Mongo::Protocol::Msg.new([], {}, {saslStart: 1, '$db' => 'test'})])  }
      D, [2020-03-15T18:37:08.082373 #102446] DEBUG -- : MONGODB | [19] localhost:27017 #1 | test.saslStart | STARTED | {}
      D, [2020-03-15T18:37:08.084307 #102446] DEBUG -- : MONGODB | [19] localhost:27017 | test.saslStart | FAILED |  () | 0.000454597s
      => #<Mongo::Protocol::Msg:0x0000561901d3c988 @flags=[], @sections=[{"ok"=>0.0, "errmsg"=>""}]>
      

      As far as I can tell there is no output in the server log either as to what might be the problem.

      The lack of diagnostic information makes it very difficult to troubleshoot why authentication is not working (I get the same empty failure response when providing, as far as I can tell, valid data for an aws authentication mechanism).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              adam.cooper Adam Cooper (Inactive)
              Reporter:
              oleg.pudeyev Oleg Pudeyev
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: