[SERVER-18475] authSchemaUpgrade fails when the system.users contains non MONGODB-CR users Created: 14/May/15  Updated: 19/Jun/15  Resolved: 27/May/15

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 3.0.0
Fix Version/s: 3.0.4

Type: Bug Priority: Critical - P2
Reporter: Anil Kumar Assignee: Andreas Nilsson
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Tested
Backwards Compatibility: Fully Compatible
Operating System: ALL
Steps To Reproduce:
  1. Start a v2.6 MongoDB instance and create an external user:

    ~/bin/mongodb/2.6.1-ent/mongod --dbpath ~/data/destroy/ --logpath ~/data/destroy/mongod.log --fork --setParameter authenticationMechanisms=GSSAPI,MONGODB-CR --smallfiles --noprealloc
     
    db.getSiblingDB('$external').createUser({user: "aks@WIN2012.AKS.EVILS.IN", roles: [{db: "admin", role: "root"}]})
    db.getSiblingDB('admin').system.users.find()
    

  2. Restart a v3.0.3 MongoDB instance and perform authSchemaUpgrade

    ~/bin/mongodb/3.0.3-ent/mongod --dbpath ~/data/destroy/ --logpath ~/data/destroy/mongod.log --fork --setParameter authenticationMechanisms=GSSAPI,MONGODB-CR --smallfiles --noprealloc
     
    db.adminCommand({authSchemaUpgrade: 1});
    

    This should result in the following error:

    {
    	"ok" : 0,
    	"errmsg" : "While preparing to upgrade user doc from 2.6/3.0 user data schema to the 3.0 SCRAM only schema, found a user doc missing MONGODB-CR credentials :{ _id: \"$external.aks@WIN2012.AKS.EVILS.IN\", user: \"aks@WIN2012.AKS.EVILS.IN\", db: \"$external\", credentials: { external: true }, roles: [ { role: \"root\", db: \"admin\" } ] }",
    	"code" : 18744
    }
    

Sprint: Security 3 05/15/15, Security 4 06/05/15
Participants:

 Description   

The authSchemaUpgrade fails to perform upgrade to MongoDB v3.0 schema version if there are external users setup on the instance.



 Comments   
Comment by Githook User [ 27/May/15 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-18475 Skip $external users in authSchemaUpgrade
Branch: v3.0
https://github.com/mongodb/mongo/commit/80e33b6548931d4e074016c068557ae53400b8d3

Generated at Thu Feb 08 03:47:48 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.