[CDRIVER-530] SASL version check does not do what you think it does Created: 17/Feb/15  Updated: 08/Jan/24  Resolved: 08/Jun/15

Status: Closed
Project: C Driver
Component/s: auth, Build, libmongoc
Affects Version/s: 1.1.0
Fix Version/s: 1.2-beta0

Type: Bug Priority: Major - P3
Reporter: Ryan Schmidt Assignee: Unassigned
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on CDRIVER-547 inappropriate use of sasl_client_init... Closed
Related
related to PHPC-306 Check for sasl_client_done when gener... Closed
related to CDRIVER-1207 Deprecated SASL functions and possibl... Closed
related to CDRIVER-1233 Crash after Kerberos plugin cleanup r... Closed

 Description   

mongo-c-driver 1.1.0 (and the latest code in the repository also) contains the file src/mongoc/mongoc-sasl.c with this code intended to only call the function sasl_client_done on SASL version 2.1.24 or greater:

#if (SASL_VERSION_MAJOR >= 2) && \
    (SASL_VERSION_MINOR >= 1) && \
    (SASL_VERSION_STEP >= 24) && \
    (!defined(__APPLE__))
   sasl_client_done ();
#endif

This code is clearly completely wrong. What will happen if the SASL version is 2.2.0? or 3.0.0? (sasl_client_done will not be called, though you would want it to be.)

Another problem: you're checking the SASL version at compile time. What if the version of SASL at compile time is different from the SASL version at runtime?



 Comments   
Comment by Githook User [ 05/Aug/15 ]

Author:

{u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}

Message: CDRIVER-530 fix check for sasl_client_done
Branch: 1.2.0-dev
https://github.com/mongodb/mongo-c-driver/commit/a7b013e1bf698f1cea594dc34b8906e1bb4be5fe

Comment by Githook User [ 05/Aug/15 ]

Author:

{u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}

Message: CDRIVER-530 check for sasl_client_done
(cherry picked from commit 672670c)
Branch: 1.2.0-dev
https://github.com/mongodb/mongo-c-driver/commit/f725505dd38f4ba3660ab3857c2be079fdbea039

Comment by Githook User [ 12/Jun/15 ]

Author:

{u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@emptysquare.net'}

Message: Merge pull request #238 from ajdavis/CDRIVER-530-sasl-version-check

C Driver SASL fixes
Branch: 1.2.0-dev
https://github.com/mongodb/mongo-c-driver/commit/06a0fab5ae4ecaa5aff6dcab01bdc2beca891818

Comment by Githook User [ 12/Jun/15 ]

Author:

{u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}

Message: CDRIVER-530 fix check for sasl_client_done
(cherry picked from commit a7b013e)
Branch: 1.2.0-dev
https://github.com/mongodb/mongo-c-driver/commit/8055633d19eef92a735dbaf805a440b1f1f7a388

Comment by Githook User [ 12/Jun/15 ]

Author:

{u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}

Message: CDRIVER-530 cleaner check for sasl_client_done
Branch: 1.2.0-dev
https://github.com/mongodb/mongo-c-driver/commit/8762b735ae180d99f9337377259b6f5bc40905a0

Comment by Githook User [ 12/Jun/15 ]

Author:

{u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}

Message: CDRIVER-530 check for sasl_client_done
Branch: 1.2.0-dev
https://github.com/mongodb/mongo-c-driver/commit/672670cd4938c346849c29b0c980f084e1f476b1

Comment by Githook User [ 05/Jun/15 ]

Author:

{u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}

Message: CDRIVER-530 fix check for sasl_client_done
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/a7b013e1bf698f1cea594dc34b8906e1bb4be5fe

Comment by Githook User [ 05/Jun/15 ]

Author:

{u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}

Message: CDRIVER-530 check for sasl_client_done
(cherry picked from commit 672670c)
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/f725505dd38f4ba3660ab3857c2be079fdbea039

Comment by Mira Carey [ 26/Feb/15 ]

Hi,

The version check is certainly sloppy, thanks for pointing that out. We'll definitely want to disambiguate it for a future release.

I don't think this can be a bug today (we require a min version of 2.1.6, and 2.1.26 is the latest cyrus sasl release from 3 years ago), and looking closely, I think we may just be doing this entirely wrong (sasl_client_done unloads global plugins... we probably shouldn't be doing that on a per connection basis). So I'm going to open a new ticket to check on that functionality that I'll have this ticket depend on.

Regards,
Jason

Generated at Wed Feb 07 21:09:47 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.