-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Minor - P4
-
Affects Version/s: None
-
Component/s: Authentication
Hi folks,
In search we implemented a wireprotocol server.
We manage to authenticate to this server using the old mongo shell and the java driver, however our server rejects saslContinue from mongosh due to missing `==` padding from the client.
I do not know why this is not an issue when authenticating to mongod or mongos, I am assuming that padding is completely ignored there.
I tested this with anna.henningsen@mongodb.com patch and it seemed to fix the issue.
binary: https://evergreen.mongodb.com/rawdiff/64f2055d1e2d178cdedf34f4/?patch_number=0
This is the difference between command-response between mongo shell and mongosh
https://gist.github.com/orenovadia/696912997aad9bf9a7936b6a468b1a92
For more context see this conversation:
https://app.slack.com/client/T024FNNHU/CB3CW8M8C
CC: spencer.jackson@mongodb.com
—
Ensure that we don't strip padded = from saslStart responses that are passed to saslContinue.
AC
Implementation
- Implement the suggested fix to preserve trailing `=`s https://evergreen.mongodb.com/rawdiff/64f2055d1e2d178cdedf34f4/?patch_number=0
Testing
- Mock saslStart and saslContinue responses that they padded with `=` so we can check that it is preserved in the parsed payload in saslContinue