diff options
Diffstat (limited to 'src/mongo/db/db.cpp')
| -rw-r--r-- | src/mongo/db/db.cpp | 64 |
1 files changed, 39 insertions, 25 deletions
diff --git a/src/mongo/db/db.cpp b/src/mongo/db/db.cpp index 92049d1f2a6..e18b60efb17 100644 --- a/src/mongo/db/db.cpp +++ b/src/mongo/db/db.cpp @@ -679,32 +679,46 @@ static void _initAndListen(int listenPort) { #ifndef _WIN32 mongo::signalForkSuccess(); #endif + AuthorizationManager* globalAuthzManager = getGlobalAuthorizationManager(); + if (globalAuthzManager->shouldValidateAuthSchemaOnStartup()) { + Status status = authindex::verifySystemIndexes(startupOpCtx.get()); + if (!status.isOK()) { + log() << status.reason(); + exitCleanly(EXIT_NEED_UPGRADE); + } - Status status = authindex::verifySystemIndexes(startupOpCtx.get()); - if (!status.isOK()) { - log() << status.reason(); - exitCleanly(EXIT_NEED_UPGRADE); - } - - // SERVER-14090: Verify that auth schema version is schemaVersion26Final. - int foundSchemaVersion; - status = getGlobalAuthorizationManager()->getAuthorizationVersion(startupOpCtx.get(), - &foundSchemaVersion); - if (!status.isOK()) { - log() << "Auth schema version is incompatible: " - << "User and role management commands require auth data to have " - << "at least schema version " << AuthorizationManager::schemaVersion26Final - << " but startup could not verify schema version: " << status.toString() << endl; - exitCleanly(EXIT_NEED_UPGRADE); - } - if (foundSchemaVersion < AuthorizationManager::schemaVersion26Final) { - log() << "Auth schema version is incompatible: " - << "User and role management commands require auth data to have " - << "at least schema version " << AuthorizationManager::schemaVersion26Final - << " but found " << foundSchemaVersion << ". In order to upgrade " - << "the auth schema, first downgrade MongoDB binaries to version " - << "2.6 and then run the authSchemaUpgrade command." << endl; - exitCleanly(EXIT_NEED_UPGRADE); + // SERVER-14090: Verify that auth schema version is schemaVersion26Final. + int foundSchemaVersion; + status = globalAuthzManager->getAuthorizationVersion(startupOpCtx.get(), + &foundSchemaVersion); + if (!status.isOK()) { + log() << "Auth schema version is incompatible: " + << "User and role management commands require auth data to have " + << "at least schema version " << AuthorizationManager::schemaVersion26Final + << " but startup could not verify schema version: " << status.toString() + << endl; + exitCleanly(EXIT_NEED_UPGRADE); + } + if (foundSchemaVersion < AuthorizationManager::schemaVersion26Final) { + log() << "Auth schema version is incompatible: " + << "User and role management commands require auth data to have " + << "at least schema version " << AuthorizationManager::schemaVersion26Final + << " but found " << foundSchemaVersion << ". In order to upgrade " + << "the auth schema, first downgrade MongoDB binaries to version " + << "2.6 and then run the authSchemaUpgrade command." << endl; + exitCleanly(EXIT_NEED_UPGRADE); + } + } else if (globalAuthzManager->isAuthEnabled()) { + error() << "Auth must be disabled when starting without auth schema validation"; + exitCleanly(EXIT_BADOPTIONS); + } else { + // If authSchemaValidation is disabled and server is running without auth, + // warn the user and continue startup without authSchema metadata checks. + log() << startupWarningsLog; + log() << "** WARNING: Startup auth schema validation checks are disabled for the " + "database." << startupWarningsLog; + log() << "** This mode should only be used to manually repair corrupted auth " + "data." << startupWarningsLog; } getDeleter()->startWorkers(); |