Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-18475

authSchemaUpgrade fails when the system.users contains non MONGODB-CR users

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Critical - P2 Critical - P2
    • 3.0.4
    • Affects Version/s: 3.0.0
    • Component/s: Security
    • None
    • Fully Compatible
    • ALL
    • Hide
      1. Start a v2.6 MongoDB instance and create an external user:
        ~/bin/mongodb/2.6.1-ent/mongod --dbpath ~/data/destroy/ --logpath ~/data/destroy/mongod.log --fork --setParameter authenticationMechanisms=GSSAPI,MONGODB-CR --smallfiles --noprealloc
        
        db.getSiblingDB('$external').createUser({user: "aks@WIN2012.AKS.EVILS.IN", roles: [{db: "admin", role: "root"}]})
        db.getSiblingDB('admin').system.users.find()
        
      2. Restart a v3.0.3 MongoDB instance and perform authSchemaUpgrade
        ~/bin/mongodb/3.0.3-ent/mongod --dbpath ~/data/destroy/ --logpath ~/data/destroy/mongod.log --fork --setParameter authenticationMechanisms=GSSAPI,MONGODB-CR --smallfiles --noprealloc
        
        db.adminCommand({authSchemaUpgrade: 1});
        

        This should result in the following error:

        {
        	"ok" : 0,
        	"errmsg" : "While preparing to upgrade user doc from 2.6/3.0 user data schema to the 3.0 SCRAM only schema, found a user doc missing MONGODB-CR credentials :{ _id: \"$external.aks@WIN2012.AKS.EVILS.IN\", user: \"aks@WIN2012.AKS.EVILS.IN\", db: \"$external\", credentials: { external: true }, roles: [ { role: \"root\", db: \"admin\" } ] }",
        	"code" : 18744
        }
        
      Show
      Start a v2.6 MongoDB instance and create an external user: ~/bin/mongodb/2.6.1-ent/mongod --dbpath ~/data/destroy/ --logpath ~/data/destroy/mongod.log --fork --setParameter authenticationMechanisms=GSSAPI,MONGODB-CR --smallfiles --noprealloc db.getSiblingDB('$external').createUser({user: "aks@WIN2012.AKS.EVILS.IN", roles: [{db: "admin", role: "root"}]}) db.getSiblingDB('admin').system.users.find() Restart a v3.0.3 MongoDB instance and perform authSchemaUpgrade ~/bin/mongodb/3.0.3-ent/mongod --dbpath ~/data/destroy/ --logpath ~/data/destroy/mongod.log --fork --setParameter authenticationMechanisms=GSSAPI,MONGODB-CR --smallfiles --noprealloc db.adminCommand({authSchemaUpgrade: 1}); This should result in the following error: { "ok" : 0, "errmsg" : "While preparing to upgrade user doc from 2.6/3.0 user data schema to the 3.0 SCRAM only schema, found a user doc missing MONGODB-CR credentials :{ _id: \"$external.aks@WIN2012.AKS.EVILS.IN\", user: \"aks@WIN2012.AKS.EVILS.IN\", db: \"$external\", credentials: { external: true }, roles: [ { role: \"root\", db: \"admin\" } ] }", "code" : 18744 }
    • Security 3 05/15/15, Security 4 06/05/15

      The authSchemaUpgrade fails to perform upgrade to MongoDB v3.0 schema version if there are external users setup on the instance.

            Assignee:
            andreas.nilsson Andreas Nilsson
            Reporter:
            anil.kumar Anil Kumar
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: