Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-46877

saslStart command fails without an error message

    • Type: Icon: Bug Bug
    • Resolution: Duplicate
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 4.3.4
    • Component/s: None
    • None
    • ALL
    • v4.4
    • Hide

      Send the following command to a 4.3.4 server:

      {saslStart: 1, '$db' => 'test'}
      
      
      Show
      Send the following command to a 4.3.4 server: {saslStart: 1, '$db' => 'test' }
    • Security 2020-04-06, Security 2020-04-20, Security 2020-05-04, Security 2020-06-01

      If I issue a saslContinue:1 command on a connection with no fields, the server responds with a failure and provides a message explaining why the command failed:

      irb(main):023:0> a.cluster.next_primary.with_connection { |c| c.dispatch([Mongo::Protocol::Msg.new([], {}, {saslContinue: 1, '$db' => 'test'})])  }
      D, [2020-03-15T18:37:03.610646 #102446] DEBUG -- : MONGODB | [18] localhost:27017 #1 | test.saslContinue | STARTED | {}
      D, [2020-03-15T18:37:03.612064 #102446] DEBUG -- : MONGODB | [18] localhost:27017 | test.saslContinue | FAILED | No SASL session state found (17) | 0.000614045s
      => #<Mongo::Protocol::Msg:0x00005619018332e8 @flags=[], @sections=[{"ok"=>0.0, "errmsg"=>"No SASL session state found", "code"=>17, "codeName"=>"ProtocolError"}]>
      

      If I issue a saslStart:1 command in the same manner, the server responds with a failure but does not provide any diagnostic information:

      irb(main):024:0> a.cluster.next_primary.with_connection { |c| c.dispatch([Mongo::Protocol::Msg.new([], {}, {saslStart: 1, '$db' => 'test'})])  }
      D, [2020-03-15T18:37:08.082373 #102446] DEBUG -- : MONGODB | [19] localhost:27017 #1 | test.saslStart | STARTED | {}
      D, [2020-03-15T18:37:08.084307 #102446] DEBUG -- : MONGODB | [19] localhost:27017 | test.saslStart | FAILED |  () | 0.000454597s
      => #<Mongo::Protocol::Msg:0x0000561901d3c988 @flags=[], @sections=[{"ok"=>0.0, "errmsg"=>""}]>
      

      As far as I can tell there is no output in the server log either as to what might be the problem.

      The lack of diagnostic information makes it very difficult to troubleshoot why authentication is not working (I get the same empty failure response when providing, as far as I can tell, valid data for an aws authentication mechanism).

            Assignee:
            adam.cooper@mongodb.com Adam Cooper (Inactive)
            Reporter:
            oleg.pudeyev@mongodb.com Oleg Pudeyev (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: