[SERVER-40665] Using the PLAIN SASL mechanism can invariant during startup Created: 16/Apr/19  Updated: 29/Oct/23  Resolved: 22/Apr/19

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 4.1.11

Type: Bug Priority: Major - P3
Reporter: Jonathan Reams Assignee: Jonathan Reams
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Backwards Compatibility: Fully Compatible
Operating System: Linux
Steps To Reproduce:

Start mongod with the authenticationMechanisms setParameter set to PLAIN,GSSAPI,SCRAM-SHA-1.

The server will crash:

2019-04-15T08:28:00.069-0700 I CONTROL  [main] Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols 'none'
2019-04-15T08:28:00.076-0700 W ACCESS   [main] LDAP library does not advertise support for thread safety. All access will be serialized and connection pooling will be disabled. Link mongod against libldap_r to enable concurrent use of LDAP.
2019-04-15T08:28:00.086-0700 F -        [main] Fatal Assertion 17508 at src/mongo/db/service_context.cpp 71
2019-04-15T08:28:00.086-0700 F -        [main] 
 
***aborting after fassert() failure
 
 
2019-04-15T08:28:00.094-0700 F -        [main] Got signal: 6 (Aborted).
 0x55ac3e4eb4a1 0x55ac3e4eac9e 0x55ac3e4ead36 0x7f5fe3d365d0 0x7f5fe3990207 0x7f5fe39918f8 0x55ac3c894e24 0x55ac3c870be3 0x55ac3cd1452f 0x55ac3cd17f2e 0x55ac3cd188d5 0x55ac3cd13a55 0x55ac3e3d3005 0x55ac3c912ee9 0x55ac3c8a0119 0x7f5fe397c3d5 0x55ac3c90eebe
----- BEGIN BACKTRACE -----
{"backtrace":[{"b":"55AC3BB90000","o":"295B4A1","s":"_ZN5mongo15printStackTraceERSo"},{"b":"55AC3BB90000","o":"295AC9E"},{"b":"55AC3BB90000","o":"295AD36"},{"b":"7F5FE3D27000","o":"F5D0"},{"b":"7F5FE395A000","o":"36207","s":"gsignal"},{"b":"7F5FE395A000","o":"378F8","s":"abort"},{"b":"55AC3BB90000","o":"D04E24","s":"_ZN5mongo32fassertFailedNoTraceWithLocationEiPKcj"},{"b":"55AC3BB90000","o":"CE0BE3"},{"b":"55AC3BB90000","o":"118452F","s":"_ZNK5mongo23PLAINServerFactoryProxy13securityLevelEv"},{"b":"55AC3BB90000","o":"1187F2E","s":"_ZSt16__merge_adaptiveIN9__gnu_cxx17__normal_iteratorIPSt10unique_ptrIN5mongo17ServerFactoryBaseESt14default_deleteIS4_EESt6vectorIS7_SaIS7_EEEElS8_NS0_5__ops15_Iter_comp_iterIZNS3_27SASLServerMechanismRegistry15registerFactoryINS3_23PLAINServerFactoryProxyEEEbNSF_24ValidateGlobalMechanismsEEUlRKT_RKT0_E_EEEvSJ_SJ_SJ_SM_SM_T1_SM_T2_"},{"b":"55AC3BB90000","o":"11888D5","s":"_ZSt22__stable_sort_adaptiveIN9__gnu_cxx17__normal_iteratorIPSt10unique_ptrIN5mongo17ServerFactoryBaseESt14default_deleteIS4_EESt6vectorIS7_SaIS7_EEEES8_lNS0_5__ops15_Iter_comp_iterIZNS3_27SASLServerMechanismRegistry15registerFactoryINS3_23PLAINServerFactoryProxyEEEbNSF_24ValidateGlobalMechanismsEEUlRKT_RKT0_E_EEEvSJ_SJ_SM_T1_T2_"},{"b":"55AC3BB90000","o":"1183A55"},{"b":"55AC3BB90000","o":"2843005","s":"_ZN5mongo14ServiceContext4makeEv"},{"b":"55AC3BB90000","o":"D82EE9"},{"b":"55AC3BB90000","o":"D10119"},{"b":"7F5FE395A000","o":"223D5","s":"__libc_start_main"},{"b":"55AC3BB90000","o":"D7EEBE"}],"processInfo":{ "mongodbVersion" : "4.1.9", "gitVersion" : "a5fa363117062a20d6056c76e01edb3a08f71b7c", "compiledModules" : [ "enterprise" ], "uname" : { "sysname" : "Linux", "release" : "3.10.0-957.el7.x86_64", "version" : "#1 SMP Thu Oct 4 20:48:51 UTC 2018", "machine" : "x86_64" }, "somap" : [ { "b" : "55AC3BB90000", "elfType" : 3, "buildId" : "A7754CC4CD6007DE4FBF9DE99817B197DAB4EDFD" }, { "b" : "7FFE4376B000", "elfType" : 3, "buildId" : "163C2DC43405427478788BAD0AFD537A7ACF7A13" }, { "b" : "7F5FE6AA9000", "path" : "/lib64/libnetsnmpmibs.so.31", "elfType" : 3, "buildId" : "004ABEE761FE447B841AA4C3B4A0B888106850C7" }, { "b" : "7F5FE689A000", "path" : "/lib64/libsensors.so.4", "elfType" : 3, "buildId" : "26BAB9899431B0B41F4F27AA3193131FBC787C09" }, { "b" : "7F5FE6696000", "path" : "/lib64/libdl.so.2", "elfType" : 3, "buildId" : "67AD3498AC7DE3EAB952A243094DF5C12A21CD7D" }, { "b" : "7F5FE642E000", "path" : "/lib64/librpm.so.3", "elfType" : 3, "buildId" : "3A9ED8711CA5B7073127DF89031758BAC051AEB5" }, { "b" : "7F5FE6201000", "path" : "/lib64/librpmio.so.3", "elfType" : 3, "buildId" : "63AA5CEEF5B7B1A2CD7ED15BF7ED73CCA45A23B7" }, { "b" : "7F5FE5F93000", "path" : "/lib64/libnetsnmpagent.so.31", "elfType" : 3, "buildId" : "F1EEC61134F8FD1553560FAB87D01014AD18D32B" }, { "b" : "7F5FE5D88000", "path" : "/lib64/libwrap.so.0", "elfType" : 3, "buildId" : "F751FEF2271CC88C55BECDA85D9531C286BF5812" }, { "b" : "7F5FE5A86000", "path" : "/lib64/libnetsnmp.so.31", "elfType" : 3, "buildId" : "D443C7B944B5C1E0E09122F430D48099E22619EF" }, { "b" : "7F5FE5814000", "path" : "/lib64/libssl.so.10", "elfType" : 3, "buildId" : "AEF5E6F2240B55F90E9DF76CFBB8B9D9F5286583" }, { "b" : "7F5FE53B3000", "path" : "/lib64/libcrypto.so.10", "elfType" : 3, "buildId" : "8BD89856B64DD5189BF075EF574EDF203F93D44A" }, { "b" : "7F5FE515E000", "path" : "/lib64/libldap-2.4.so.2", "elfType" : 3, "buildId" : "12A786C7B37A21C89A311AACB79944BF217051E1" }, { "b" : "7F5FE4F4F000", "path" : "/lib64/liblber-2.4.so.2", "elfType" : 3, "buildId" : "8832509D0687D79342E29FC6FEC587EA85C04CF4" }, { "b" : "7F5FE4D32000", "path" : "/lib64/libsasl2.so.3", "elfType" : 3, "buildId" : "9AF2AD92DADE046C6260DCCF02846BF78ABC658C" }, { "b" : "7F5FE4AE5000", "path" : "/lib64/libgssapi_krb5.so.2", "elfType" : 3, "buildId" : "B5C83BDE7ED7026835B779FA0F957FCCCD599F40" }, { "b" : "7F5FE487C000", "path" : "/lib64/libcurl.so.4", "elfType" : 3, "buildId" : "85F01551F029D8E8DFAAE6739F31FFB96D27610E" }, { "b" : "7F5FE457A000", "path" : "/lib64/libm.so.6", "elfType" : 3, "buildId" : "918D3696BF321AA8D32950AB2AB8D0F1B21AC907" }, { "b" : "7F5FE4361000", "path" : "/lib64/libresolv.so.2", "elfType" : 3, "buildId" : "4C488F6E7044BB966162C1F7081ABBA6EBB2B485" }, { "b" : "7F5FE4159000", "path" : "/lib64/librt.so.1", "elfType" : 3, "buildId" : "EFDE2029C9A4A20BE5B8D8AE7E6551FF9B5755D2" }, { "b" : "7F5FE3F43000", "path" : "/lib64/libgcc_s.so.1", "elfType" : 3, "buildId" : "179F202998E429AA1215907F6D4C5C1BB9C90136" }, { "b" : "7F5FE3D27000", "path" : "/lib64/libpthread.so.0", "elfType" : 3, "buildId" : "3D9441083D079DC2977F1BD50C8068D11767232D" }, { "b" : "7F5FE395A000", "path" : "/lib64/libc.so.6", "elfType" : 3, "buildId" : "8A05388886E079A56950262D27F1894688A015D3" }, { "b" : "7F5FE6F62000", "path" : "/lib64/ld-linux-x86-64.so.2", "elfType" : 3, "buildId" : "5DA2D47925497B2F5875A7D8D1799A1227E2FDE4" }, { "b" : "7F5FE35CC000", "path" : "/usr/lib64/perl5/CORE/libperl.so", "elfType" : 3, "buildId" : "E5118FCFE7744C19F229274F2888C54F807C97FC" }, { "b" : "7F5FE33B2000", "path" : "/lib64/libnsl.so.1", "elfType" : 3, "buildId" : "B1DC715EF11A8ACF2176AE6D34914328F9DBE9CC" }, { "b" : "7F5FE317B000", "path" : "/lib64/libcrypt.so.1", "elfType" : 3, "buildId" : "740CAD898E29E1F3B73A323CCEC4A7C88911647F" }, { "b" : "7F5FE2F78000", "path" : "/lib64/libutil.so.1", "elfType" : 3, "buildId" : "BFB22A176189006BBF996A7664CCC6BDB2EB9BD9" }, { "b" : "7F5FE2C4B000", "path" : "/lib64/libnss3.so", "elfType" : 3, "buildId" : "289D245DC413161931C170A1DFB9676582C84DBF" }, { "b" : "7F5FE2A3B000", "path" : "/lib64/libbz2.so.1", "elfType" : 3, "buildId" : "E31FA8F847E049A7AB920BA0AAD2113C080B2CC8" }, { "b" : "7F5FE2825000", "path" : "/lib64/libz.so.1", "elfType" : 3, "buildId" : "B9D5F73428BD6AD68C96986B57BEA3B7CEDB9745" }, { "b" : "7F5FE260D000", "path" : "/lib64/libelf.so.1", "elfType" : 3, "buildId" : "A22999760AD7CF97A32E5A78C34238D56034F9DD" }, { "b" : "7F5FE23E7000", "path" : "/lib64/liblzma.so.5", "elfType" : 3, "buildId" : "66FEE65F44C6C46764C9DC4ADA60BC85AF7AE36F" }, { "b" : "7F5FE21DD000", "path" : "/lib64/libpopt.so.0", "elfType" : 3, "buildId" : "1A75F65C340B52F21E8CAF1D48C641818A008440" }, { "b" : "7F5FE1FB6000", "path" : "/lib64/libselinux.so.1", "elfType" : 3, "buildId" : "D2DD4DA3FDE1477D25BFFF80F3A25FDB541A8179" }, { "b" : "7F5FE1DB1000", "path" : "/lib64/libcap.so.2", "elfType" : 3, "buildId" : "4C7ADED703D3BFE82EADDC84B5199C1D50D1FA4A" }, { "b" : "7F5FE1BA8000", "path" : "/lib64/libacl.so.1", "elfType" : 3, "buildId" : "1C21ACA3DA7D28B10EFFE506D0D4E978C993410D" }, { "b" : "7F5FE197A000", "path" : "/lib64/liblua-5.1.so", "elfType" : 3, "buildId" : "473F207910C926F2D177400F81A51CD5AAE02173" }, { "b" : "7F5FE15BC000", "path" : "/lib64/libdb-5.3.so", "elfType" : 3, "buildId" : "E066C6871E5636C7941577E6A91AE83464E96AEE" }, { "b" : "7F5FE1393000", "path" : "/lib64/libaudit.so.1", "elfType" : 3, "buildId" : "1B298E71E97B742F93F2F6D8FC7BDDA655CDF5EF" }, { "b" : "7F5FE10AA000", "path" : "/lib64/libkrb5.so.3", "elfType" : 3, "buildId" : "8B63976509135BA73A12153D6FDF7B3B9E5D2A54" }, { "b" : "7F5FE0EA6000", "path" : "/lib64/libcom_err.so.2", "elfType" : 3, "buildId" : "C77BC26CE4D420861BAEBCC075C418BD9311BB5C" }, { "b" : "7F5FE0C8B000", "path" : "/lib64/libk5crypto.so.3", "elfType" : 3, "buildId" : "6183129B5F29CA14580E517DF94EF317761FA6C9" }, { "b" : "7F5FE0A39000", "path" : "/lib64/libssl3.so", "elfType" : 3, "buildId" : "DE2FC96025F4F43AA6E48523D354581D2C5E0669" }, { "b" : "7F5FE0812000", "path" : "/lib64/libsmime3.so", "elfType" : 3, "buildId" : "9757EB6D93E31024C436919A89BEF33CA4F1B984" }, { "b" : "7F5FE05E3000", "path" : "/lib64/libnssutil3.so", "elfType" : 3, "buildId" : "B7F45CBBFB31A1390DA3CD65494FB4824046B22C" }, { "b" : "7F5FE03DF000", "path" : "/lib64/libplds4.so", "elfType" : 3, "buildId" : "24835AAB32F52DF9EFACEBA6DE7E9134B302F877" }, { "b" : "7F5FE01DA000", "path" : "/lib64/libplc4.so", "elfType" : 3, "buildId" : "C08A53AF54D3BDB4C2E924CCA4D0754F976FCF65" }, { "b" : "7F5FDFF9C000", "path" : "/lib64/libnspr4.so", "elfType" : 3, "buildId" : "775C8FB1A2D708968742CBFAF1436F5AB9AB3CC9" }, { "b" : "7F5FDFD8D000", "path" : "/lib64/libkrb5support.so.0", "elfType" : 3, "buildId" : "98F619035053EF68358099CE7CF1AA528B3B229D" }, { "b" : "7F5FDFB89000", "path" : "/lib64/libkeyutils.so.1", "elfType" : 3, "buildId" : "8CA73C16CFEB9A8B5660015B9223B09F87041CAD" }, { "b" : "7F5FDF956000", "path" : "/lib64/libidn.so.11", "elfType" : 3, "buildId" : "F4123103FB2318594448C44E47091DD68D1C78C0" }, { "b" : "7F5FDF72C000", "path" : "/lib64/libssh2.so.1", "elfType" : 3, "buildId" : "964423B6B0ED1FD8FA32E0B8E825A5D120D872F1" }, { "b" : "7F5FDF529000", "path" : "/lib64/libfreebl3.so", "elfType" : 3, "buildId" : "B758881F4B6AF6C28C07A1A57713CBD2144628D4" }, { "b" : "7F5FDF2C7000", "path" : "/lib64/libpcre.so.1", "elfType" : 3, "buildId" : "F5B144F9F5D9BE451C80211B34DB2CE348E039B6" }, { "b" : "7F5FDF0C2000", "path" : "/lib64/libattr.so.1", "elfType" : 3, "buildId" : "3F24C8E8E78BC5F4F66AA11ECCF86991A6C777EB" }, { "b" : "7F5FDEEBC000", "path" : "/lib64/libcap-ng.so.0", "elfType" : 3, "buildId" : "3A7BCD7998B4D5C6684C0AA25BBE17FDFA5ADB78" }, { "b" : "7F5FDECB5000", "path" : "/usr/lib64/sasl2/libsasldb.so", "elfType" : 3, "buildId" : "27BA8548F3BDA4317ED595B5000A8C4E49222F6D" }, { "b" : "7F5FDEAA7000", "path" : "/usr/lib64/sasl2/libdigestmd5.so", "elfType" : 3, "buildId" : "FAC6F191064F4EBA3BE0C29505251974DE338FA1" }, { "b" : "7F5FDE89D000", "path" : "/usr/lib64/sasl2/libscram.so", "elfType" : 3, "buildId" : "9A1CEC0E377126F841471C50B0128658B24ED198" }, { "b" : "7F5FDE698000", "path" : "/usr/lib64/sasl2/liblogin.so", "elfType" : 3, "buildId" : "D3E5DB8413C6FC880B6282C6DC3125B5188701FA" }, { "b" : "7F5FDE493000", "path" : "/usr/lib64/sasl2/libanonymous.so", "elfType" : 3, "buildId" : "23C8102DCB840A13CF2A66C2AF0E7B22E008A9F6" }, { "b" : "7F5FDE28D000", "path" : "/usr/lib64/sasl2/libcrammd5.so", "elfType" : 3, "buildId" : "A1512DFE5682B14B91AFB3E0D0B8A87EAEB32C09" }, { "b" : "7F5FDE084000", "path" : "/usr/lib64/sasl2/libgssapiv2.so", "elfType" : 3, "buildId" : "64F057F8E8DCCB50B90E3193E95B21618CA7C576" }, { "b" : "7F5FDDE7F000", "path" : "/usr/lib64/sasl2/libplain.so", "elfType" : 3, "buildId" : "459CF5F55E040D7B08E7C7BC3873B99DDE7FFF45" } ] }}
 mongod(_ZN5mongo15printStackTraceERSo+0x41) [0x55ac3e4eb4a1]
 mongod(+0x295AC9E) [0x55ac3e4eac9e]
 mongod(+0x295AD36) [0x55ac3e4ead36]
 libpthread.so.0(+0xF5D0) [0x7f5fe3d365d0]
 libc.so.6(gsignal+0x37) [0x7f5fe3990207]
 libc.so.6(abort+0x148) [0x7f5fe39918f8]
 mongod(_ZN5mongo32fassertFailedNoTraceWithLocationEiPKcj+0x0) [0x55ac3c894e24]
 mongod(+0xCE0BE3) [0x55ac3c870be3]
 mongod(_ZNK5mongo23PLAINServerFactoryProxy13securityLevelEv+0x1F) [0x55ac3cd1452f]
 mongod(_ZSt16__merge_adaptiveIN9__gnu_cxx17__normal_iteratorIPSt10unique_ptrIN5mongo17ServerFactoryBaseESt14default_deleteIS4_EESt6vectorIS7_SaIS7_EEEElS8_NS0_5__ops15_Iter_comp_iterIZNS3_27SASLServerMechanismRegistry15registerFactoryINS3_23PLAINServerFactoryProxyEEEbNSF_24ValidateGlobalMechanismsEEUlRKT_RKT0_E_EEEvSJ_SJ_SJ_SM_SM_T1_SM_T2_+0xEE) [0x55ac3cd17f2e]
 mongod(_ZSt22__stable_sort_adaptiveIN9__gnu_cxx17__normal_iteratorIPSt10unique_ptrIN5mongo17ServerFactoryBaseESt14default_deleteIS4_EESt6vectorIS7_SaIS7_EEEES8_lNS0_5__ops15_Iter_comp_iterIZNS3_27SASLServerMechanismRegistry15registerFactoryINS3_23PLAINServerFactoryProxyEEEbNSF_24ValidateGlobalMechanismsEEUlRKT_RKT0_E_EEEvSJ_SJ_SM_T1_T2_+0x95) [0x55ac3cd188d5]
 mongod(+0x1183A55) [0x55ac3cd13a55]
 mongod(_ZN5mongo14ServiceContext4makeEv+0x75) [0x55ac3e3d3005]
 mongod(+0xD82EE9) [0x55ac3c912ee9]
 mongod(+0xD10119) [0x55ac3c8a0119]
 libc.so.6(__libc_start_main+0xF5) [0x7f5fe397c3d5]
 mongod(+0xD7EEBE) [0x55ac3c90eebe]
-----  END BACKTRACE  -----

Sprint: Security 2019-04-22
Participants:

 Description   

Registering the PLAN sasl mechanism before the global service context is set can cause an invariant because the SASL mechanism depends on service context decorations being available to know its security level. This only happens if both GSSAPI and LDAP simple binds are supported for authentication - specifying the setParameter authenticationMechanisms to PLAIN,GSSAPI,SCRAM-SHA1 and specifying some LDAP servers is what will trigger this bug.



 Comments   
Comment by Githook User [ 22/Apr/19 ]

Author:

{'email': 'jbreams@mongodb.com', 'name': 'Jonathan Reams', 'username': 'jbreams'}

Message: SERVER-40665 Ensure that you can use both GSSAPI and PLAIN ldap authentication
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/acdd3be4cce75ef98a35955040046ba2338f7526

Generated at Thu Feb 08 04:55:39 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.