[SERVER-11329] Authentication Error number does not match the error code in error message Created: 23/Oct/13 Updated: 11/Jul/16 Resolved: 30/Oct/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Logging, Security |
| Affects Version/s: | 2.5.3 |
| Fix Version/s: | 2.5.4 |
| Type: | Question | Priority: | Minor - P4 |
| Reporter: | Bin Lan | Assignee: | Andreas Nilsson |
| Resolution: | Done | Votes: | 0 |
| Labels: | 26qa | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Participants: | |||||||||
| Description |
|
We found that some of the Error numbers do not match the error codes in the error message body, for example: Error: 18 { ok: 0.0, errmsg: "X.509 authentication must always use the $external database.", code: 17 }Error: 18 { ok: 0.0, errmsg: "User not found", code: 11 }Should they be the same or it is expected behavior? You can observe the above output by running the test case found here: https://github.com/10gen/QA/blob/master/QA-335/auth_error_code_X509.js You can uncomment line 25 to see a detailed error message. |
| Comments |
| Comment by auto [ 30/Oct/13 ] |
|
Author: {u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}Message: |
| Comment by Andreas Nilsson [ 25/Oct/13 ] |
|
In the shell (client/dbclient.cpp) lines 553 and 580 we call auth and uasserts with ErrorCodes::AuthenticationFailed and the errmsg from the auth call. That error message might contain a different error code as displayed above. Alternative ways forward: |
| Comment by Andreas Nilsson [ 25/Oct/13 ] |
|
Here is another one when using a disabled auth mechanism: Error: 18 { ok: 0.0, errmsg: "Challenge-response authentication using getnonce and authenticate commands is disabled.", code: 2 } |
| Comment by Andreas Nilsson [ 24/Oct/13 ] |
|
So these correctly corresponds to: and they get wrapped into an AuthenticationFailed 18. schwerin, what do you want to do about this? I remember us specifically choosing ProtocolError over AuthenticationFailed in the x.509 case. |
| Comment by Bin Lan [ 23/Oct/13 ] |
|
andreas.nilsson@10gen.com, I updated the ticket with the actual test case we uploaded to github. |
| Comment by Andreas Nilsson [ 23/Oct/13 ] |
|
bin.lan@10gen.com can you please provide the scenarios to reproduce these error messages. |