[SERVER-39864] Move principal name extraction to error handler in SASL Start Created: 27/Feb/19  Updated: 29/Oct/23  Resolved: 17/Apr/19

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 4.0.6, 4.1.8
Fix Version/s: 4.0.10, 4.1.11

Type: Bug Priority: Major - P3
Reporter: Spencer Jackson Assignee: Sara Golemon
Resolution: Fixed Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Related
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v4.0
Sprint: Security 2019-04-22
Participants:
Case:

 Description   

Not all mechanisms allow the server to know an authenticating principal's name after the first client-to-server message. Some of these mechanism may emit log warnings when attempting to access the name. We should only attempt to extract the principal name if we believe we need it for an error message, to keep the logging to a minimum.



 Comments   
Comment by Githook User [ 17/Apr/19 ]

Author:

{'email': 'sara.golemon@mongodb.com', 'name': 'Sara Golemon', 'username': 'sgolemon'}

Message: SERVER-39864 Only request principal name during saslStart when needed

(cherry picked from commit 70a2729673f629f1881abc042e3374e6cffa05bb)
Branch: v4.0
https://github.com/mongodb/mongo/commit/5f6b94b6413a2af3106a342b11e261f647873035

Comment by Githook User [ 17/Apr/19 ]

Author:

{'name': 'Sara Golemon', 'username': 'sgolemon', 'email': 'sara.golemon@mongodb.com'}

Message: SERVER-39864 Only request principal name during saslStart when needed
Branch: master
https://github.com/mongodb/mongo/commit/70a2729673f629f1881abc042e3374e6cffa05bb

Comment by Bruce Lucas (Inactive) [ 27/Feb/19 ]

User visible symptom:

Was not able to acquire principal id from Cyrus SASL: -6

Generated at Thu Feb 08 04:53:20 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.