From ab4d1bf2ff349a82c67a09aba9452ed54d673069 Mon Sep 17 00:00:00 2001
From: Jordi Serra Torrens <jordi.serra-torrens@mongodb.com>
Date: Fri, 20 Jan 2023 12:31:34 +0000
Subject: SERVER-72535 BACKPORT-14491 Disallow creating the 'admin', 'local',
 and 'config' databases with alternative casings on sharded clusters

---
 ...arding_catalog_manager_create_database_test.cpp | 54 ++++++++++++++++++++++
 ...harding_catalog_manager_database_operations.cpp | 13 +++---
 2 files changed, 61 insertions(+), 6 deletions(-)

diff --git a/src/mongo/db/s/config/sharding_catalog_manager_create_database_test.cpp b/src/mongo/db/s/config/sharding_catalog_manager_create_database_test.cpp
index 09e5fdfd8c6..b34728c1ecb 100644
--- a/src/mongo/db/s/config/sharding_catalog_manager_create_database_test.cpp
+++ b/src/mongo/db/s/config/sharding_catalog_manager_create_database_test.cpp
@@ -312,5 +312,59 @@ TEST_F(CreateDatabaseTest, createDatabaseNoShards) {
                        ErrorCodes::ShardNotFound);
 }
 
+TEST_F(CreateDatabaseTest, CreateDatabaseAdminFails) {
+    ASSERT_THROWS_CODE(ShardingCatalogManager::get(operationContext())
+                           ->createDatabase(operationContext(), "admin"_sd, ShardId()),
+                       DBException,
+                       ErrorCodes::InvalidOptions);
+
+    // Alternative capitalizations are also invalid
+    ASSERT_THROWS_CODE(ShardingCatalogManager::get(operationContext())
+                           ->createDatabase(operationContext(), "Admin"_sd, ShardId()),
+                       DBException,
+                       ErrorCodes::InvalidOptions);
+
+    ASSERT_THROWS_CODE(ShardingCatalogManager::get(operationContext())
+                           ->createDatabase(operationContext(), "aDmIn"_sd, ShardId()),
+                       DBException,
+                       ErrorCodes::InvalidOptions);
+}
+
+TEST_F(CreateDatabaseTest, CreateDatabaseLocalFails) {
+    ASSERT_THROWS_CODE(ShardingCatalogManager::get(operationContext())
+                           ->createDatabase(operationContext(), "local"_sd, ShardId()),
+                       DBException,
+                       ErrorCodes::InvalidOptions);
+
+    // Alternative capitalizations are also invalid
+    ASSERT_THROWS_CODE(ShardingCatalogManager::get(operationContext())
+                           ->createDatabase(operationContext(), "Local"_sd, ShardId()),
+                       DBException,
+                       ErrorCodes::InvalidOptions);
+
+    ASSERT_THROWS_CODE(ShardingCatalogManager::get(operationContext())
+                           ->createDatabase(operationContext(), "lOcAl"_sd, ShardId()),
+                       DBException,
+                       ErrorCodes::InvalidOptions);
+}
+
+TEST_F(CreateDatabaseTest, CreateDatabaseConfigFails) {
+    ASSERT_THROWS_CODE(ShardingCatalogManager::get(operationContext())
+                           ->createDatabase(operationContext(), "config"_sd, ShardId()),
+                       DBException,
+                       ErrorCodes::InvalidOptions);
+
+    // Alternative capitalizations are also invalid
+    ASSERT_THROWS_CODE(ShardingCatalogManager::get(operationContext())
+                           ->createDatabase(operationContext(), "Config"_sd, ShardId()),
+                       DBException,
+                       ErrorCodes::InvalidOptions);
+
+    ASSERT_THROWS_CODE(ShardingCatalogManager::get(operationContext())
+                           ->createDatabase(operationContext(), "cOnFiG"_sd, ShardId()),
+                       DBException,
+                       ErrorCodes::InvalidOptions);
+}
+
 }  // namespace
 }  // namespace mongo
diff --git a/src/mongo/db/s/config/sharding_catalog_manager_database_operations.cpp b/src/mongo/db/s/config/sharding_catalog_manager_database_operations.cpp
index f2083ab027a..893f2c24c24 100644
--- a/src/mongo/db/s/config/sharding_catalog_manager_database_operations.cpp
+++ b/src/mongo/db/s/config/sharding_catalog_manager_database_operations.cpp
@@ -91,12 +91,13 @@ DatabaseType ShardingCatalogManager::createDatabase(OperationContext* opCtx,
                                                     const ShardId& primaryShard) {
     invariant(nsIsDbOnly(dbName));
 
-    // The admin and config databases should never be explicitly created. They "just exist",
-    // i.e. getDatabase will always return an entry for them.
-    if (dbName == NamespaceString::kAdminDb || dbName == NamespaceString::kConfigDb) {
-        uasserted(ErrorCodes::InvalidOptions,
-                  str::stream() << "cannot manually create database '" << dbName << "'");
-    }
+    // The admin, local and config databases should never be explicitly created, in any casing. They
+    // "just exist", i.e. getDatabase will always return an entry for them.
+    uassert(ErrorCodes::InvalidOptions,
+            str::stream() << "cannot manually create database '" << dbName << "'",
+            !dbName.equalCaseInsensitive(NamespaceString::kAdminDb) &&
+                !dbName.equalCaseInsensitive(NamespaceString::kLocalDb) &&
+                !dbName.equalCaseInsensitive(NamespaceString::kConfigDb));
 
     const auto catalogClient = Grid::get(opCtx)->catalogClient();
     const auto shardRegistry = Grid::get(opCtx)->shardRegistry();
-- 
cgit v1.2.1