[CSHARP-2366] GSSAPI Authentication starts SASL conversation wrong Created: 27/Aug/18  Updated: 28/Oct/23  Resolved: 17/Sep/18

Status: Closed
Project: C# Driver
Component/s: Security
Affects Version/s: None
Fix Version/s: 2.7.1

Type: Bug Priority: Major - P3
Reporter: Mark Benvenuto Assignee: Mark Benvenuto
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
is related to GODRIVER-831 GSSAPI Authentication starts SASL con... Closed
Case:

 Description   

GSSAPI Authentication is beginning the SASL conversation with an empty payload.

In 3.6 and before, MongoDB would return

{ "conversationId" : 1, "done" : false, "payload" : new BinData(0, ""), "ok" : 1.0 }

for an empty saslStart payload.

In 4.0, MongoDB passes the empty client payload per SASL spec to Kerberos which starts negotiation.

The C# driver should not pass an empty payload unless it wants to start SPNEGO.

If the C# driver does start calling saslStart with a non-empty payload, this is compatible with all versions of MongoDB.



 Comments   
Comment by Githook User [ 06/Nov/18 ]

Author:

{'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}

Message: CSHARP-2366: GSSAPI Scram Authentication starts scram conversation wrong
Branch: v2.7.x
https://github.com/mongodb/mongo-csharp-driver/commit/77db6ea9dd55fc0ce02fd0fa9bfd2f81a662a166

Comment by Githook User [ 17/Sep/18 ]

Author:

{'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}

Message: CSHARP-2366: GSSAPI Scram Authentication starts scram conversation wrong
Branch: master
https://github.com/mongodb/mongo-csharp-driver/commit/821ba56ebedd982b713f6d995e51244df88d5ffe

Comment by Vincent Kam (Inactive) [ 12/Sep/18 ]

https://github.com/vincentkam/mongo-csharp-driver/pull/23

Generated at Wed Feb 07 21:42:21 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.