diff options
author | Andreas Nilsson <andreas.nilsson@10gen.com> | 2014-11-13 11:52:34 -0500 |
---|---|---|
committer | Andreas Nilsson <andreas.nilsson@10gen.com> | 2014-11-13 11:55:50 -0500 |
commit | 2882b7b7e6606f8d45941fd83d9707bb8a4b3f7d (patch) | |
tree | 07306824f233e1742f1fe0d113b2b60281da9489 /src/mongo/db | |
parent | d1cba25b72f41a2374eae4f74e12299196149580 (diff) | |
download | mongo-2882b7b7e6606f8d45941fd83d9707bb8a4b3f7d.tar.gz |
SERVER-15947 Prevent starting a 2.8 server with 2.4 auth indexes
Diffstat (limited to 'src/mongo/db')
-rw-r--r-- | src/mongo/db/auth/auth_index_d.cpp | 49 | ||||
-rw-r--r-- | src/mongo/db/auth/auth_index_d.h | 4 | ||||
-rw-r--r-- | src/mongo/db/db.cpp | 8 |
3 files changed, 30 insertions, 31 deletions
diff --git a/src/mongo/db/auth/auth_index_d.cpp b/src/mongo/db/auth/auth_index_d.cpp index ddcb6986de7..410a6e24de6 100644 --- a/src/mongo/db/auth/auth_index_d.cpp +++ b/src/mongo/db/auth/auth_index_d.cpp @@ -74,38 +74,33 @@ namespace { } // namespace - void configureSystemIndexes(OperationContext* txn) { - int authzVersion; - Status status = getGlobalAuthorizationManager()->getAuthorizationVersion( - txn, &authzVersion); - if (!status.isOK()) { - return; - } - - if (authzVersion >= AuthorizationManager::schemaVersion26Final) { - const NamespaceString systemUsers("admin", "system.users"); + Status verifySystemIndexes(OperationContext* txn) { + const NamespaceString systemUsers = AuthorizationManager::usersCollectionNamespace; - // Make sure the old unique index from v2.4 on system.users doesn't exist. - AutoGetDb autoDb(txn, systemUsers.db(), MODE_X); - if (!autoDb.getDb()) { - return; - } + // Make sure the old unique index from v2.4 on system.users doesn't exist. + AutoGetDb autoDb(txn, systemUsers.db(), MODE_X); + if (!autoDb.getDb()) { + return Status::OK(); + } - Collection* collection = autoDb.getDb()->getCollection(txn, - NamespaceString(systemUsers)); - if (!collection) { - return; - } + Collection* collection = autoDb.getDb()->getCollection(txn, + NamespaceString(systemUsers)); + if (!collection) { + return Status::OK(); + } - IndexCatalog* indexCatalog = collection->getIndexCatalog(); - IndexDescriptor* oldIndex = NULL; + IndexCatalog* indexCatalog = collection->getIndexCatalog(); + IndexDescriptor* oldIndex = NULL; - WriteUnitOfWork wunit(txn); - while ((oldIndex = indexCatalog->findIndexByKeyPattern(txn, v1SystemUsersKeyPattern))) { - indexCatalog->dropIndex(txn, oldIndex); - } - wunit.commit(); + if (indexCatalog && + (oldIndex = indexCatalog->findIndexByKeyPattern(txn, v1SystemUsersKeyPattern))) { + return Status(ErrorCodes::AuthSchemaIncompatible, + "Old 2.4 style user index identified. " + "The authentication schema needs to be updated by " + "running authSchemaUpgrade on a 2.6 server."); } + + return Status::OK(); } void createSystemIndexes(OperationContext* txn, Collection* collection) { diff --git a/src/mongo/db/auth/auth_index_d.h b/src/mongo/db/auth/auth_index_d.h index 71568b7b377..b643e7c8a11 100644 --- a/src/mongo/db/auth/auth_index_d.h +++ b/src/mongo/db/auth/auth_index_d.h @@ -44,10 +44,10 @@ namespace authindex { void createSystemIndexes(OperationContext* txn, Collection* collection); /** - * Ensures that exactly the appropriate indexes to support authentication and authorization + * Verifies that only the appropriate indexes to support authentication and authorization * are present in the admin database */ - void configureSystemIndexes(OperationContext* txn); + Status verifySystemIndexes(OperationContext* txn); } // namespace authindex } // namespace mongo diff --git a/src/mongo/db/db.cpp b/src/mongo/db/db.cpp index 40d5e8c88a8..d087a27b547 100644 --- a/src/mongo/db/db.cpp +++ b/src/mongo/db/db.cpp @@ -553,11 +553,15 @@ namespace mongo { mongo::signalForkSuccess(); #endif - authindex::configureSystemIndexes(&txn); + Status status = authindex::verifySystemIndexes(&txn); + if (!status.isOK()) { + log() << status.reason(); + exitCleanly(EXIT_NEED_UPGRADE); + } // SERVER-14090: Verify that auth schema version is schemaVersion26Final. int foundSchemaVersion; - Status status = getGlobalAuthorizationManager()->getAuthorizationVersion( + status = getGlobalAuthorizationManager()->getAuthorizationVersion( &txn, &foundSchemaVersion); if (!status.isOK()) { log() << "Auth schema version is incompatible: " |