Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-18475

authSchemaUpgrade fails when the system.users contains non MONGODB-CR users

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Critical - P2
    • Resolution: Fixed
    • 3.0.0
    • 3.0.4
    • Security
    • None
    • Fully Compatible
    • ALL
    • Hide
      1. Start a v2.6 MongoDB instance and create an external user:

        ~/bin/mongodb/2.6.1-ent/mongod --dbpath ~/data/destroy/ --logpath ~/data/destroy/mongod.log --fork --setParameter authenticationMechanisms=GSSAPI,MONGODB-CR --smallfiles --noprealloc
         
        db.getSiblingDB('$external').createUser({user: "aks@WIN2012.AKS.EVILS.IN", roles: [{db: "admin", role: "root"}]})
        db.getSiblingDB('admin').system.users.find()
        

      2. Restart a v3.0.3 MongoDB instance and perform authSchemaUpgrade

        ~/bin/mongodb/3.0.3-ent/mongod --dbpath ~/data/destroy/ --logpath ~/data/destroy/mongod.log --fork --setParameter authenticationMechanisms=GSSAPI,MONGODB-CR --smallfiles --noprealloc
         
        db.adminCommand({authSchemaUpgrade: 1});
        

        This should result in the following error:

        {
        	"ok" : 0,
        	"errmsg" : "While preparing to upgrade user doc from 2.6/3.0 user data schema to the 3.0 SCRAM only schema, found a user doc missing MONGODB-CR credentials :{ _id: \"$external.aks@WIN2012.AKS.EVILS.IN\", user: \"aks@WIN2012.AKS.EVILS.IN\", db: \"$external\", credentials: { external: true }, roles: [ { role: \"root\", db: \"admin\" } ] }",
        	"code" : 18744
        }
        

      Show
      Start a v2.6 MongoDB instance and create an external user: ~/bin/mongodb/2.6.1-ent/mongod --dbpath ~/data/destroy/ --logpath ~/data/destroy/mongod.log --fork --setParameter authenticationMechanisms=GSSAPI,MONGODB-CR --smallfiles --noprealloc   db.getSiblingDB('$external').createUser({user: "aks@WIN2012.AKS.EVILS.IN", roles: [{db: "admin", role: "root"}]}) db.getSiblingDB('admin').system.users.find() Restart a v3.0.3 MongoDB instance and perform authSchemaUpgrade ~/bin/mongodb/3.0.3-ent/mongod --dbpath ~/data/destroy/ --logpath ~/data/destroy/mongod.log --fork --setParameter authenticationMechanisms=GSSAPI,MONGODB-CR --smallfiles --noprealloc   db.adminCommand({authSchemaUpgrade: 1}); This should result in the following error: { "ok" : 0, "errmsg" : "While preparing to upgrade user doc from 2.6/3.0 user data schema to the 3.0 SCRAM only schema, found a user doc missing MONGODB-CR credentials :{ _id: \"$external.aks@WIN2012.AKS.EVILS.IN\", user: \"aks@WIN2012.AKS.EVILS.IN\", db: \"$external\", credentials: { external: true }, roles: [ { role: \"root\", db: \"admin\" } ] }", "code" : 18744 }
    • Security 3 05/15/15, Security 4 06/05/15

    Description

      The authSchemaUpgrade fails to perform upgrade to MongoDB v3.0 schema version if there are external users setup on the instance.

      Attachments

        Activity

          People

            andreas.nilsson Andreas Nilsson
            anil.kumar Anil Kumar
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: