Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Critical - P2
Fix Version/s: 3.0.4
Affects Version/s: 3.0.0
Component/s: Security
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Steps To Reproduce:
Hide

Start a v2.6 MongoDB instance and create an external user:

~/bin/mongodb/2.6.1-ent/mongod --dbpath ~/data/destroy/ --logpath ~/data/destroy/mongod.log --fork --setParameter authenticationMechanisms=GSSAPI,MONGODB-CR --smallfiles --noprealloc db.getSiblingDB('$external').createUser({user: "aks@WIN2012.AKS.EVILS.IN", roles: [{db: "admin", role: "root"}]}) db.getSiblingDB('admin').system.users.find()

Restart a v3.0.3 MongoDB instance and perform authSchemaUpgrade

~/bin/mongodb/3.0.3-ent/mongod --dbpath ~/data/destroy/ --logpath ~/data/destroy/mongod.log --fork --setParameter authenticationMechanisms=GSSAPI,MONGODB-CR --smallfiles --noprealloc db.adminCommand({authSchemaUpgrade: 1});

This should result in the following error:

{ "ok" : 0, "errmsg" : "While preparing to upgrade user doc from 2.6/3.0 user data schema to the 3.0 SCRAM only schema, found a user doc missing MONGODB-CR credentials :{ _id: \"$external.aks@WIN2012.AKS.EVILS.IN\", user: \"aks@WIN2012.AKS.EVILS.IN\", db: \"$external\", credentials: { external: true }, roles: [ { role: \"root\", db: \"admin\" } ] }", "code" : 18744 }
Show
Start a v2.6 MongoDB instance and create an external user: ~/bin/mongodb/2.6.1-ent/mongod --dbpath ~/data/destroy/ --logpath ~/data/destroy/mongod.log --fork --setParameter authenticationMechanisms=GSSAPI,MONGODB-CR --smallfiles --noprealloc db.getSiblingDB('$external').createUser({user: "aks@WIN2012.AKS.EVILS.IN", roles: [{db: "admin", role: "root"}]}) db.getSiblingDB('admin').system.users.find() Restart a v3.0.3 MongoDB instance and perform authSchemaUpgrade ~/bin/mongodb/3.0.3-ent/mongod --dbpath ~/data/destroy/ --logpath ~/data/destroy/mongod.log --fork --setParameter authenticationMechanisms=GSSAPI,MONGODB-CR --smallfiles --noprealloc db.adminCommand({authSchemaUpgrade: 1}); This should result in the following error: { "ok" : 0, "errmsg" : "While preparing to upgrade user doc from 2.6/3.0 user data schema to the 3.0 SCRAM only schema, found a user doc missing MONGODB-CR credentials :{ _id: \"$external.aks@WIN2012.AKS.EVILS.IN\", user: \"aks@WIN2012.AKS.EVILS.IN\", db: \"$external\", credentials: { external: true }, roles: [ { role: \"root\", db: \"admin\" } ] }", "code" : 18744 }
Sprint:
Security 3 05/15/15, Security 4 06/05/15
Confidence Status:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

The authSchemaUpgrade fails to perform upgrade to MongoDB v3.0 schema version if there are external users setup on the instance.

Assignee:: Andreas Nilsson (Inactive)

Reporter:: Anil Kumar (Inactive)

Participants:: Andreas Nilsson, Anil Kumar, Githook User

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: May 14 2015 05:02:25 PM UTC

Updated:: Jun 19 2015 06:32:12 PM UTC

Resolved:: May 27 2015 06:29:24 PM UTC

GA Target Date:: None

Public Preview Target Date:: None

Private Preview Target Date:: None

Experiment Target Date:: None

Details

Description

Attachments

Activity

People

Dates