[SERVER-39864] Move principal name extraction to error handler in SASL Start Created: 27/Feb/19 Updated: 29/Oct/23 Resolved: 17/Apr/19 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 4.0.6, 4.1.8 |
| Fix Version/s: | 4.0.10, 4.1.11 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Sara Golemon |
| Resolution: | Fixed | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Operating System: | ALL | ||||||||
| Backport Requested: |
v4.0
|
||||||||
| Sprint: | Security 2019-04-22 | ||||||||
| Participants: | |||||||||
| Case: | (copied to CRM) | ||||||||
| Description |
|
Not all mechanisms allow the server to know an authenticating principal's name after the first client-to-server message. Some of these mechanism may emit log warnings when attempting to access the name. We should only attempt to extract the principal name if we believe we need it for an error message, to keep the logging to a minimum. |
| Comments |
| Comment by Githook User [ 17/Apr/19 ] | |
|
Author: {'email': 'sara.golemon@mongodb.com', 'name': 'Sara Golemon', 'username': 'sgolemon'}Message: (cherry picked from commit 70a2729673f629f1881abc042e3374e6cffa05bb) | |
| Comment by Githook User [ 17/Apr/19 ] | |
|
Author: {'name': 'Sara Golemon', 'username': 'sgolemon', 'email': 'sara.golemon@mongodb.com'}Message: | |
| Comment by Bruce Lucas (Inactive) [ 27/Feb/19 ] | |
|
User visible symptom:
|