SERVER-9516 Make getUserDescription in mongod look in the right collection during upgrade.

author: Andy Schwerin <schwerin@10gen.com> 2013-10-18 13:30:46 -0400
committer: Andy Schwerin <schwerin@10gen.com> 2013-10-31 09:57:35 -0400
commit: 3fcc1206716d8a89b91a932b58fae059b8f750e6 (patch)
tree: bf0302dbdc2e0f62bba04aeed95f27baad753792 /src/mongo/db
parent: 59c349c00ecd5de1adb18f398a63917c36c8334b (diff)
download: mongo-3fcc1206716d8a89b91a932b58fae059b8f750e6.tar.gz
3 files changed, 32 insertions, 9 deletions
diff --git a/src/mongo/db/auth/authorization_manager.cpp b/src/mongo/db/auth/authorization_manager.cpp
index e570489cd9e..003592c812f 100644
--- a/src/mongo/db/auth/authorization_manager.cpp
+++ b/src/mongo/db/auth/authorization_manager.cpp
@@ -85,6 +85,7 @@ namespace mongo {
 
     const NamespaceString AuthorizationManager::adminCommandNamespace("admin.$cmd");
     const NamespaceString AuthorizationManager::rolesCollectionNamespace("admin.system.roles");
+    const NamespaceString AuthorizationManager::usersAltCollectionNamespace("admin.new.users");
     const NamespaceString AuthorizationManager::usersCollectionNamespace("admin.system.users");
     const NamespaceString AuthorizationManager::versionCollectionNamespace("admin.system.version");
 
@@ -885,7 +886,8 @@ namespace mongo {
             return builder.obj();
         }
 
-        const NamespaceString newusersCollectionNamespace("admin._newusers");
+        const NamespaceString newusersCollectionNamespace(
+                AuthorizationManager::usersAltCollectionNamespace);
         const NamespaceString backupUsersCollectionNamespace("admin.backup.users");
         const BSONObj versionDocumentQuery = BSON("_id" << 1);
 
diff --git a/src/mongo/db/auth/authorization_manager.h b/src/mongo/db/auth/authorization_manager.h
index c1621d8390e..4161d81f6a0 100644
--- a/src/mongo/db/auth/authorization_manager.h
+++ b/src/mongo/db/auth/authorization_manager.h
@@ -84,6 +84,7 @@ namespace mongo {
 
         static const NamespaceString adminCommandNamespace;
         static const NamespaceString rolesCollectionNamespace;
+        static const NamespaceString usersAltCollectionNamespace;
         static const NamespaceString usersCollectionNamespace;
         static const NamespaceString versionCollectionNamespace;
 
diff --git a/src/mongo/db/auth/authz_manager_external_state_d.cpp b/src/mongo/db/auth/authz_manager_external_state_d.cpp
index a11b52eb6b3..77e79953188 100644
--- a/src/mongo/db/auth/authz_manager_external_state_d.cpp
+++ b/src/mongo/db/auth/authz_manager_external_state_d.cpp
@@ -143,16 +143,36 @@ namespace {
                                                                BSONObj* result) {
 
         BSONObj userDoc;
-        Status status = _findUser(
-                "admin.system.users",
-                BSON(AuthorizationManager::USER_NAME_FIELD_NAME << userName.getUser() <<
-                     AuthorizationManager::USER_DB_FIELD_NAME << userName.getDB()),
-                &userDoc);
-        if (!status.isOK())
-            return status;
+        {
+            Client::ReadContext ctx("admin");
+            int authzVersion;
+            Status status = getStoredAuthorizationVersion(&authzVersion);
+            if (!status.isOK())
+                return status;
+
+            switch (authzVersion) {
+            case AuthorizationManager::schemaVersion26Upgrade:
+            case AuthorizationManager::schemaVersion26Final:
+                break;
+            default:
+                return Status(ErrorCodes::AuthSchemaIncompatible, mongoutils::str::stream() <<
+                              "Unsupported schema version for getUserDescription(): " <<
+                              authzVersion);
+            }
+
+            status = _findUser(
+                    (authzVersion == AuthorizationManager::schemaVersion26Final ?
+                     AuthorizationManager::usersCollectionNamespace.ns() :
+                     AuthorizationManager::usersAltCollectionNamespace.ns()),
+                    BSON(AuthorizationManager::USER_NAME_FIELD_NAME << userName.getUser() <<
+                         AuthorizationManager::USER_DB_FIELD_NAME << userName.getDB()),
+                    &userDoc);
+            if (!status.isOK())
+                return status;
+        }
 
         BSONElement directRolesElement;
-        status = bsonExtractTypedField(userDoc, "roles", Array, &directRolesElement);
+        Status status = bsonExtractTypedField(userDoc, "roles", Array, &directRolesElement);
         if (!status.isOK())
             return status;
         std::vector<RoleName> directRoles;
author	Andy Schwerin <schwerin@10gen.com>	2013-10-18 13:30:46 -0400
committer	Andy Schwerin <schwerin@10gen.com>	2013-10-31 09:57:35 -0400
commit	3fcc1206716d8a89b91a932b58fae059b8f750e6 (patch)
tree	bf0302dbdc2e0f62bba04aeed95f27baad753792 /src/mongo/db
parent	59c349c00ecd5de1adb18f398a63917c36c8334b (diff)
download	mongo-3fcc1206716d8a89b91a932b58fae059b8f750e6.tar.gz