Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-18475

authSchemaUpgrade fails when the system.users contains non MONGODB-CR users

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical - P2
    • Resolution: Fixed
    • Affects Version/s: 3.0.0
    • Fix Version/s: 3.0.4
    • Component/s: Security
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Steps To Reproduce:
      Hide
      1. Start a v2.6 MongoDB instance and create an external user:

        ~/bin/mongodb/2.6.1-ent/mongod --dbpath ~/data/destroy/ --logpath ~/data/destroy/mongod.log --fork --setParameter authenticationMechanisms=GSSAPI,MONGODB-CR --smallfiles --noprealloc
         
        db.getSiblingDB('$external').createUser({user: "aks@WIN2012.AKS.EVILS.IN", roles: [{db: "admin", role: "root"}]})
        db.getSiblingDB('admin').system.users.find()
        

      2. Restart a v3.0.3 MongoDB instance and perform authSchemaUpgrade

        ~/bin/mongodb/3.0.3-ent/mongod --dbpath ~/data/destroy/ --logpath ~/data/destroy/mongod.log --fork --setParameter authenticationMechanisms=GSSAPI,MONGODB-CR --smallfiles --noprealloc
         
        db.adminCommand({authSchemaUpgrade: 1});
        

        This should result in the following error:

        {
        	"ok" : 0,
        	"errmsg" : "While preparing to upgrade user doc from 2.6/3.0 user data schema to the 3.0 SCRAM only schema, found a user doc missing MONGODB-CR credentials :{ _id: \"$external.aks@WIN2012.AKS.EVILS.IN\", user: \"aks@WIN2012.AKS.EVILS.IN\", db: \"$external\", credentials: { external: true }, roles: [ { role: \"root\", db: \"admin\" } ] }",
        	"code" : 18744
        }
        

      Show
      Start a v2.6 MongoDB instance and create an external user: ~/bin/mongodb/2.6.1-ent/mongod --dbpath ~/data/destroy/ --logpath ~/data/destroy/mongod.log --fork --setParameter authenticationMechanisms=GSSAPI,MONGODB-CR --smallfiles --noprealloc   db.getSiblingDB('$external').createUser({user: "aks@WIN2012.AKS.EVILS.IN", roles: [{db: "admin", role: "root"}]}) db.getSiblingDB('admin').system.users.find() Restart a v3.0.3 MongoDB instance and perform authSchemaUpgrade ~/bin/mongodb/3.0.3-ent/mongod --dbpath ~/data/destroy/ --logpath ~/data/destroy/mongod.log --fork --setParameter authenticationMechanisms=GSSAPI,MONGODB-CR --smallfiles --noprealloc   db.adminCommand({authSchemaUpgrade: 1}); This should result in the following error: { "ok" : 0, "errmsg" : "While preparing to upgrade user doc from 2.6/3.0 user data schema to the 3.0 SCRAM only schema, found a user doc missing MONGODB-CR credentials :{ _id: \"$external.aks@WIN2012.AKS.EVILS.IN\", user: \"aks@WIN2012.AKS.EVILS.IN\", db: \"$external\", credentials: { external: true }, roles: [ { role: \"root\", db: \"admin\" } ] }", "code" : 18744 }
    • Sprint:
      Security 3 05/15/15, Security 4 06/05/15

      Description

      The authSchemaUpgrade fails to perform upgrade to MongoDB v3.0 schema version if there are external users setup on the instance.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: