[SERVER-19926] fix auth test failures on ASIO builders Created: 13/Aug/15  Updated: 19/Sep/15  Resolved: 25/Aug/15

Status: Closed
Project: Core Server
Component/s: Networking, Security
Affects Version/s: 3.1.7
Fix Version/s: 3.1.8

Type: Bug Priority: Major - P3
Reporter: Samantha Ritter (Inactive) Assignee: Adam Midvidy
Resolution: Done Votes: 0
Labels: networking
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Platform 8 08/28/15
Participants:

 Description   

Seeing failures like the following in tests such as mongos_slaveok.js:

From one server:

m31101| 2015-08-13T14:04:29.471+0000 I NETWORK  [initandlisten] connection accepted from 10.69.5.201:35683 #554 (2 connections now open)
m31101| 2015-08-13T14:04:29.473+0000 I COMMAND  [conn554] command local.$cmd command: saslStart { saslStart: 1, mechanism: "SCRAM-SHA-1", payload: BinData(0, 6E2C2C6E3D5F5F73797374656D2C723D37336949515459467033584958324E74764E78494F2F724E3341536D67437646) } ntoreturn:1 ntoskip:0 keyUpdates:0 writeConflicts:0 numYields:0 reslen:179 locks:{} protocol:op_query 0ms
m31101| 2015-08-13T14:04:29.484+0000 I COMMAND  [conn554] command local.$cmd command: saslContinue { saslContinue: 1, payload: BinData(0, 633D626977732C723D37336949515459467033584958324E74764E78494F2F724E3341536D674376465944516863654A516F42725163356B6C6C5478745338534B514641554C...), conversationId: 1 } ntoreturn:1 ntoskip:0 keyUpdates:0 writeConflicts:0 numYields:0 reslen:108 locks:{} protocol:op_query 0ms
m31101| 2015-08-13T14:04:29.484+0000 I ACCESS   [conn554] Successfully authenticated as principal __system on local
m31101| 2015-08-13T14:04:29.484+0000 I COMMAND  [conn554] command local.$cmd command: saslContinue { saslContinue: 1, payload: BinData(0, ), conversationId: 1 } ntoreturn:1 ntoskip:0 keyUpdates:0 writeConflicts:0 numYields:0 reslen:78 locks:{} protocol:op_query 0ms
m31101| 2015-08-13T14:04:29.484+0000 I COMMAND  [conn554] command admin.$cmd command: _isSelf { _isSelf: 1 } ntoreturn:1 ntoskip:0 keyUpdates:0 writeConflicts:0 numYields:0 reslen:53 locks:{} protocol:op_query 0ms
m31101| 2015-08-13T14:04:29.484+0000 I NETWORK  [conn554] end connection 10.69.5.201:35683 (1 connection now open)
m31101| 2015-08-13T14:04:29.485+0000 I NETWORK  [initandlisten] connection accepted from 10.69.5.201:35684 #555 (2 connections now open)
m31101| 2015-08-13T14:04:29.485+0000 I COMMAND  [conn555] command admin.$cmd command: isMaster { isMaster: 1 } ntoreturn:1 ntoskip:0 keyUpdates:0 writeConflicts:0 numYields:0 reslen:256 locks:{} protocol:op_query 0ms
m31101| 2015-08-13T14:04:29.485+0000 I ACCESS   [conn555] Unauthorized not authorized on admin to execute command { replSetHeartbeat: "test-rs0", pv: 1, v: 1, from: "ip-10-69-5-201:31100", fromId: 0, checkEmpty: true }
m31101| 2015-08-13T14:04:29.485+0000 D -        [conn555] User Assertion: 13:not authorized on admin to execute command { replSetHeartbeat: "test-rs0", pv: 1, v: 1, from: "ip-10-69-5-201:31100", fromId: 0, checkEmpty: true }
m31101| 2015-08-13T14:04:29.485+0000 D COMMAND  [conn555] assertion while executing command 'replSetHeartbeat' on database 'admin' with arguments '{ replSetHeartbeat: "test-rs0", pv: 1, v: 1, from: "ip-10-69-5-201:31100", fromId: 0, checkEmpty: true }' and metadata '{}': 13 not authorized on admin to execute command { replSetHeartbeat: "test-rs0", pv: 1, v: 1, from: "ip-10-69-5-201:31100", fromId: 0, checkEmpty: true }
m31101| 2015-08-13T14:04:29.485+0000 I COMMAND  [conn555] command admin.$cmd command: replSetHeartbeat { replSetHeartbeat: "test-rs0", pv: 1, v: 1, from: "ip-10-69-5-201:31100", fromId: 0, checkEmpty: true } ntoreturn:1 ntoskip:0 keyUpdates:0 writeConflicts:0 exception: not authorized on admin to execute command { replSetHeartbeat: "test-rs0", pv: 1, v: 1, from: "ip-10-69-5-201:31100", fromId: 0, checkEmpty: true } code:13 numYields:0 reslen:192 locks:{} protocol:op_command 0ms
m31101| 2015-08-13T14:04:29.485+0000 I NETWORK  [conn555] end connection 10.69.5.201:35684 (1 connection now open)

From the other:

m31100| 2015-08-13T14:04:29.484+0000 I REPL     [conn1] replSetInitiate config object with 2 members parses ok
m31100| 2015-08-13T14:04:29.485+0000 W REPL     [ReplicationExecutor] Got error (Unauthorized not authorized on admin to execute command { replSetHeartbeat: "test-rs0", pv: 1, v: 1, from: "ip-10-69-5-201:31100", fromId: 0, checkEmpty: true }) response on heartbeat request to ip-10-69-5-201:31101; { ok: 1.0, hbmsg: "" }
m31100| 2015-08-13T14:04:29.485+0000 E REPL     [conn1] replSetInitiate failed; NodeNotFound replSetInitiate quorum check failed because not all proposed set members responded affirmatively: ip-10-69-5-201:31101 failed with not authorized on admin to execute command { replSetHeartbeat: "test-rs0", pv: 1, v: 1, from: "ip-10-69-5-201:31100", fromId: 0, checkEmpty: true }
m31100| 2015-08-13T14:04:29.485+0000 I COMMAND  [conn1] command admin.$cmd command: replSetInitiate { replSetInitiate: { _id: "test-rs0", members: [ { _id: 0.0, host: "ip-10-69-5-201:31100" }, { _id: 1.0, host: "ip-10-69-5-201:31101" } ] } } ntoreturn:1 ntoskip:0 keyUpdates:0 writeConflicts:0 numYields:0 reslen:323 locks:{} protocol:op_command 15ms



 Comments   
Comment by Githook User [ 18/Aug/15 ]

Author:

{u'username': u'amidvidy', u'name': u'Adam Midvidy', u'email': u'amidvidy@gmail.com'}

Message: SERVER-19926 fix use after free in saslClientAuthenticate
Branch: master
https://github.com/mongodb/mongo/commit/d0dcca35cb84887a410cf50e3070560c9feb6aa1

Generated at Thu Feb 08 03:52:35 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.