[SERVER-18475] authSchemaUpgrade fails when the system.users contains non MONGODB-CR users - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical - P2
Resolution: Done
Affects Version/s: 3.0.0
Fix Version/s: 3.0.4
Component/s: Security
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL

Steps To Reproduce:

Hide

Start a v2.6 MongoDB instance and create an external user:

~/bin/mongodb/2.6.1-ent/mongod --dbpath ~/data/destroy/ --logpath ~/data/destroy/mongod.log --fork --setParameter authenticationMechanisms=GSSAPI,MONGODB-CR --smallfiles --noprealloc

db.getSiblingDB('$external').createUser({user: "aks@WIN2012.AKS.EVILS.IN", roles: [{db: "admin", role: "root"}]})

db.getSiblingDB('admin').system.users.find()

Restart a v3.0.3 MongoDB instance and perform authSchemaUpgrade

~/bin/mongodb/3.0.3-ent/mongod --dbpath ~/data/destroy/ --logpath ~/data/destroy/mongod.log --fork --setParameter authenticationMechanisms=GSSAPI,MONGODB-CR --smallfiles --noprealloc

db.adminCommand({authSchemaUpgrade: 1});

This should result in the following error:

	"ok" : 0,

	"errmsg" : "While preparing to upgrade user doc from 2.6/3.0 user data schema to the 3.0 SCRAM only schema, found a user doc missing MONGODB-CR credentials :{ _id: \"$external.aks@WIN2012.AKS.EVILS.IN\", user: \"aks@WIN2012.AKS.EVILS.IN\", db: \"$external\", credentials: { external: true }, roles: [ { role: \"root\", db: \"admin\" } ] }",

	"code" : 18744

Show

Start a v2.6 MongoDB instance and create an external user: ~/bin/mongodb/2.6.1-ent/mongod --dbpath ~/data/destroy/ --logpath ~/data/destroy/mongod.log --fork --setParameter authenticationMechanisms=GSSAPI,MONGODB-CR --smallfiles --noprealloc db.getSiblingDB('$external').createUser({user: "aks@WIN2012.AKS.EVILS.IN", roles: [{db: "admin", role: "root"}]}) db.getSiblingDB('admin').system.users.find() Restart a v3.0.3 MongoDB instance and perform authSchemaUpgrade ~/bin/mongodb/3.0.3-ent/mongod --dbpath ~/data/destroy/ --logpath ~/data/destroy/mongod.log --fork --setParameter authenticationMechanisms=GSSAPI,MONGODB-CR --smallfiles --noprealloc db.adminCommand({authSchemaUpgrade: 1}); This should result in the following error: { "ok" : 0, "errmsg" : "While preparing to upgrade user doc from 2.6/3.0 user data schema to the 3.0 SCRAM only schema, found a user doc missing MONGODB-CR credentials :{ _id: \"$external.aks@WIN2012.AKS.EVILS.IN\", user: \"aks@WIN2012.AKS.EVILS.IN\", db: \"$external\", credentials: { external: true }, roles: [ { role: \"root\", db: \"admin\" } ] }", "code" : 18744 }

Sprint:
Security 3 05/15/15, Security 4 06/05/15

Description

The authSchemaUpgrade fails to perform upgrade to MongoDB v3.0 schema version if there are external users setup on the instance.

Attachments

Activity

People

Assignee:: Andreas Nilsson

Reporter:: Anil Kumar

Participants:: Andreas Nilsson, Anil Kumar, Githook User

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: May 14 2015 05:02:25 PM UTC

Updated:: Jun 19 2015 06:32:12 PM UTC

Resolved:: May 27 2015 06:29:24 PM UTC