Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-37527

Broken logic in ServerMechanismBase class.

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.0.5, 4.1.6
    • Affects Version/s: 4.0.0, 4.0.3, 4.1.3
    • Component/s: Internal Code, Security
    • None
    • Fully Compatible
    • ALL
    • v4.0
    • Security 2018-11-05, Security 2018-11-19, Security 2018-12-03

      The ServerMechanismBase class has isDone method. Comment in the source code of this method say:

       

          /**
     * Returns true if the conversation has completed.
     * Note that this does not mean authentication succeeded!
     * An error may have occurred.
     */

      The problem is that if SASL error occurs isDone will never return true because of this code in ServerMechanismBase::step:

       

       

              auto result = stepImpl(opCtx, input);
        if (result.isOK()) {
            bool isDone;
            std::string responseMessage;
            std::tie(isDone, responseMessage) = result.getValue();
            _done = isDone;
            return responseMessage;
        }

      As you can see _done variable is only assigned if step's result is OK.

       

       

      This bug affects AuthenticationSession's lifecycle management implemented in CmdSaslStart::run and CmdSaslContinue::run methods. In case of authentication error (for example in case of the wrong password) those methods fail to destroy current client's AuthenticationSession instance because mechanism.isDone() returns false.

            Assignee:
            sara.golemon@mongodb.com Sara Golemon
            Reporter:
            igorsol Igor Solodovnikov
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: