2.4 mongos can continue creating old schema user docs even after auth schema has been upgraded

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Won't Fix
    • Priority: Major - P3
    • None
    • Affects Version/s: 2.5.4
    • Component/s: Security
    • ALL
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      1. Create a sharded cluster on 2.4, with auth enabled and 2 or more mongos processes, create a user with privileges for userAdminAnyDatabase
      2. On one of the 2.4 mongos, log in as the user with userAdminAnyDatabase
      3. On the other 2.4 mongos:

      • shut it down, upgrade its binary to 2.5 and restart with --upgrade
      • log in and run the authSchemaUpgrade commands

      4. On the first 2.4 mongos (which is still connected and logged in as the user with userAdminAnyDatabase) run the db.addUser command.
      It will create a user doc with the old schema. So listing system users shows:

      > st1.s0.getDB("admin").system.users.find().pretty()
{
	"_id" : "admin.mike",
	"user" : "mike",
	"db" : "admin",
	"credentials" : {
		"MONGODB-CR" : "0b201b8e2a0193849c8acdcfd92ee73c"
	},
	"roles" : [
		{
			"role" : "userAdminAnyDatabase",
			"db" : "admin"
		},
		{
			"role" : "clusterAdmin",
			"db" : "admin"
		},
		{
			"role" : "readWriteAnyDatabase",
			"db" : "admin"
		}
	]
}
{
	"_id" : ObjectId("52b1f1a06a1f4ec0f8a6f7da"),
	"user" : "mike2",
	"pwd" : "e6861c06f0f85ed57ddede151b59d49e",
	"roles" : [
		"read"
	]
}
{
	"_id" : "admin.mike3",
	"user" : "mike3",
	"db" : "admin",
	"credentials" : {
		"MONGODB-CR" : "1946dc61e1429e2195d1706f057084fe"
	},
	"roles" : [
		{
			"role" : "read",
			"db" : "admin"
		}
	]
}

      Script to reproduce this:

      var st1 = new ShardingTest({shards:2, mongos:2, keyFile: "testkeyfile",
                            other:{mongosOptions:{binVersion:MongoRunner.versionIterator(["2.4", "2.4"])},
                            shardOptions:{binVersion:MongoRunner.versionIterator(["2.5"])},
                            configOptions:{binVersion:"2.5"}, separateConfig:true}})

st1.s1.getDB("admin").addUser({user:"mike", pwd:"blah", roles:["userAdminAnyDatabase", "clusterAdmin", "readWriteAnyDatabase"]})
st1.s1.getDB("admin").auth("mike", "blah")
//Stop balancer so that --upgrade can proceed
st1.s1.getDB("config").settings.update({ _id: "balancer" }, { $set : { stopped: true } }, true );
MongoRunner.stopMongos(st1.s0)
st1.s0 = MongoRunner.runMongos({restart:st1.s0, binVersion:"2.5", upgrade:""})
st1.s0.getDB("admin").auth("mike","blah")

do {
	res = st1.s0.getDB("admin").runCommand({authSchemaUpgradeStep: 1});
	print(tojson(res));
} while (res.ok && !res.done);


st1.s1.getDB("admin").addUser({user:"mike2", pwd:"blah", roles:["read"]})
printjson(st1.s1.getDB("admin").system.users.find().toArray())

            Assignee:
            Andy Schwerin
            Reporter:
            Michael O'Brien
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: