[GODRIVER-831] GSSAPI Authentication starts SASL conversation wrong Created: 14/Feb/19  Updated: 28/Oct/23  Resolved: 15/Feb/19

Status: Closed
Project: Go Driver
Component/s: Authentication
Affects Version/s: None
Fix Version/s: 1.0.0-rc1

Type: Bug Priority: Major - P3
Reporter: Jeffrey Yemin Assignee: Jeffrey Yemin
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to CSHARP-2366 GSSAPI Authentication starts SASL con... Closed
related to GODRIVER-818 Go driver does not respect KRB5CCNAME... Closed

 Description   

GSSAPI Authentication is beginning the SASL conversation with an empty payload.

In 3.6 and before, MongoDB would return

{ "conversationId" : 1, "done" : false, "payload" : new BinData(0, ""), "ok" : 1.0 }

for an empty saslStart payload.

In 4.0, MongoDB passes the empty client payload per SASL spec to Kerberos which starts negotiation.

If the Go driver does start calling saslStart with a non-empty payload, this is compatible with all versions of MongoDB.



 Comments   
Comment by Githook User [ 15/Feb/19 ]

Author:

{'name': 'Craig Wilson', 'email': 'craiggwilson@gmail.com', 'username': 'craiggwilson'}

Message: GODRIVER-831: don't pass empty payload when beginning GSSAPI negotiation.
Branch: master
https://github.com/mongodb/mongo-go-driver/commit/4934d52c45fe57ea8368aafc3d8b5d28bdb39b4e

Comment by Jeffrey Yemin [ 15/Feb/19 ]

Thanks for testing, Tim.

 

craig.wilson@mongodb.com can you submit your patch as a pull request please? 

Comment by Timothy Olsen (Inactive) [ 15/Feb/19 ]

It works against MongoDB 4.0.6

Comment by Jeffrey Yemin [ 15/Feb/19 ]

PR: https://github.com/craiggwilson/mongo-go-driver/commit/4934d52c45fe57ea8368aafc3d8b5d28bdb39b4e

 

tim.olsen can you run some tests using the PR?  It fixes both Linux and Windows.

Generated at Thu Feb 08 08:35:04 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.