[SERVER-46877] saslStart command fails without an error message Created: 15/Mar/20  Updated: 12/May/21  Resolved: 19/May/20

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: 4.3.4
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Oleg Pudeyev (Inactive) Assignee: Adam Cooper (Inactive)
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Duplicate
is duplicated by SERVER-47188 Command saslStart returns empty `errm... Closed
Operating System: ALL
Backport Requested:
v4.4
Steps To Reproduce:

Send the following command to a 4.3.4 server:

{saslStart: 1, '$db' => 'test'}

Sprint: Security 2020-04-06, Security 2020-04-20, Security 2020-05-04, Security 2020-06-01
Participants:

 Description   

If I issue a saslContinue:1 command on a connection with no fields, the server responds with a failure and provides a message explaining why the command failed:

irb(main):023:0> a.cluster.next_primary.with_connection { |c| c.dispatch([Mongo::Protocol::Msg.new([], {}, {saslContinue: 1, '$db' => 'test'})])  }
D, [2020-03-15T18:37:03.610646 #102446] DEBUG -- : MONGODB | [18] localhost:27017 #1 | test.saslContinue | STARTED | {}
D, [2020-03-15T18:37:03.612064 #102446] DEBUG -- : MONGODB | [18] localhost:27017 | test.saslContinue | FAILED | No SASL session state found (17) | 0.000614045s
=> #<Mongo::Protocol::Msg:0x00005619018332e8 @flags=[], @sections=[{"ok"=>0.0, "errmsg"=>"No SASL session state found", "code"=>17, "codeName"=>"ProtocolError"}]>

If I issue a saslStart:1 command in the same manner, the server responds with a failure but does not provide any diagnostic information:

irb(main):024:0> a.cluster.next_primary.with_connection { |c| c.dispatch([Mongo::Protocol::Msg.new([], {}, {saslStart: 1, '$db' => 'test'})])  }
D, [2020-03-15T18:37:08.082373 #102446] DEBUG -- : MONGODB | [19] localhost:27017 #1 | test.saslStart | STARTED | {}
D, [2020-03-15T18:37:08.084307 #102446] DEBUG -- : MONGODB | [19] localhost:27017 | test.saslStart | FAILED |  () | 0.000454597s
=> #<Mongo::Protocol::Msg:0x0000561901d3c988 @flags=[], @sections=[{"ok"=>0.0, "errmsg"=>""}]>

As far as I can tell there is no output in the server log either as to what might be the problem.

The lack of diagnostic information makes it very difficult to troubleshoot why authentication is not working (I get the same empty failure response when providing, as far as I can tell, valid data for an aws authentication mechanism).


Generated at Thu Feb 08 05:12:41 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.