[CDRIVER-3642] Store scram secrets in topology scanner Created: 29/Apr/20  Updated: 05/May/23

Status: Backlog
Project: C Driver
Component/s: None
Affects Version/s: 1.17.0-rc0
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Andreas Braun Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Epic Link: CDRIVER-4575

 Description   

Scram secrets are currently cached in mongoc_cluster_t, which is not available when doing speculative auth for single-threaded clients in the topology scanner. To work around this limitation, scram secrets should no longer be cached in mongoc_cluster_t, but rather mongoc_topology_scanner_t.

This came up during the code review for CDRIVER-3559 (see https://mongodbcr.appspot.com/563660001/diff/561540009/src/libmongoc/src/mongoc/mongoc-cluster.c#newcode1361)



 Comments   
Comment by Githook User [ 05/May/23 ]

Author:

{'name': 'Andreas Braun', 'email': 'alcaeus@users.noreply.github.com', 'username': 'alcaeus'}

Message: CDRIVER-4635 Reset speculative_auth_response when resetting auth state (#1258)

  • reset authentication state before creating stream
  • remove unnecessary state reset in `mongoc_topology_scanner_node_disconnect`

`mongoc_topology_scanner_node_disconnect` sets `stream` to NULL. That will result in the stream being recreated and state being reset in `mongoc_topology_scanner_node_setup`

  • skip `/Client/authenticate_cached/client` when using speculativeAuthentication

This previously passed because SCRAM would fail speculativeAuthentication and restart the authentication steps. The restart would use the SCRAM cache.

Now speculativeAuthentication succeeds. speculativeAuthentication in the topology scanner does not use the SCRAM cache (refer: CDRIVER-3642). This does not result in the expected error.

  • Reset scram step along with speculative authentication

---------

Co-authored-by: Kevin Albertson <kevin.albertson@mongodb.com>
Branch: r1.23
https://github.com/mongodb/mongo-c-driver/commit/42a818429d6d586a6abf22367ac6fea1e9ce3f2c

Comment by Githook User [ 05/May/23 ]

Author:

{'name': 'Andreas Braun', 'email': 'alcaeus@users.noreply.github.com', 'username': 'alcaeus'}

Message: CDRIVER-4635 Reset speculative_auth_response when resetting auth state (#1258)

  • reset authentication state before creating stream
  • remove unnecessary state reset in `mongoc_topology_scanner_node_disconnect`

`mongoc_topology_scanner_node_disconnect` sets `stream` to NULL. That will result in the stream being recreated and state being reset in `mongoc_topology_scanner_node_setup`

  • skip `/Client/authenticate_cached/client` when using speculativeAuthentication

This previously passed because SCRAM would fail speculativeAuthentication and restart the authentication steps. The restart would use the SCRAM cache.

Now speculativeAuthentication succeeds. speculativeAuthentication in the topology scanner does not use the SCRAM cache (refer: CDRIVER-3642). This does not result in the expected error.

  • Reset scram step along with speculative authentication

---------

Co-authored-by: Kevin Albertson <kevin.albertson@mongodb.com>
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/b2afc3d01940b133df1beb05b24c8970c9099df6

Generated at Wed Feb 07 21:18:39 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.