SERVER-20873 Add separate key file using 644 permission

3 files changed, 24 insertions, 24 deletions

diff --git a/jstests/libs/key1_644 b/jstests/libs/key1_644
new file mode 100644
index 00000000000..b5c19e4092f
--- /dev/null
+++ b/jstests/libs/key1_644
@@ -0,0 +1 @@
+foop de doop
diff --git a/jstests/replsets/auth1.js b/jstests/replsets/auth1.js
index ea9173efbbd..1c254fbf7bd 100644
--- a/jstests/replsets/auth1.js
+++ b/jstests/replsets/auth1.js
@@ -6,6 +6,12 @@ var name = "rs_auth1";
 var port = allocatePorts(5);
 var path = "jstests/libs/";
 
+// These keyFiles have their permissions set to 600 later in the test.
+var key1_600 = path+"key1";
+var key2_600 = path+"key2";
+
+// This keyFile has its permissions set to 644 later in the test.
+var key1_644 = path+"key1_644";
 
 print("try starting mongod with auth");
 var m = MongoRunner.runMongod({auth : "", port : port[4], dbpath : MongoRunner.dataDir + "/wrong-auth"});
@@ -16,24 +22,17 @@ MongoRunner.stopMongod(m);
 
 
 print("reset permissions");
-run("chmod", "644", path+"key1");
-run("chmod", "644", path+"key2");
+run("chmod", "644", key1_644);
 
 
 print("try starting mongod");
-m = runMongoProgram( "mongod", "--keyFile", path+"key1", "--port", port[0], "--dbpath", MongoRunner.dataPath + name);
+m = runMongoProgram( "mongod", "--keyFile", key1_644, "--port", port[0], "--dbpath", MongoRunner.dataPath + name);
 
 
 print("should fail with wrong permissions");
 assert.eq(m, _isWindows()? 100 : 1, "mongod should exit w/ 1 (EXIT_FAILURE): permissions too open");
 MongoRunner.stopMongod(port[0]);
 
-
-print("change permissions on #1 & #2");
-run("chmod", "600", path+"key1");
-run("chmod", "600", path+"key2");
-
-
 print("add a user to server0: foo");
 m = MongoRunner.runMongod({dbpath: MongoRunner.dataPath + name + "-0"});
 m.getDB("admin").createUser({user: "foo", pwd: "bar", roles: jsTest.adminUserRoles});
@@ -44,11 +43,11 @@ MongoRunner.stopMongod(m);
 print("start up rs");
 var rs = new ReplSetTest({"name" : name, "nodes" : 3, "startPort" : port[0]});
 print("restart 0 with keyFile");
-m = rs.restart(0, {"keyFile" : path+"key1"});
+m = rs.restart(0, {"keyFile" : key1_600});
 print("restart 1 with keyFile");
-rs.start(1, {"keyFile" : path+"key1"});
+rs.start(1, {"keyFile" : key1_600});
 print("restart 2 with keyFile");
-rs.start(2, {"keyFile" : path+"key1"});
+rs.start(2, {"keyFile" : key1_600});
 
 var result = m.getDB("admin").auth("foo", "bar");
 assert.eq(result, 1, "login failed");
@@ -116,7 +115,7 @@ for (var i=0; i<1000; i++) {
 assert.writeOK(bulk.execute({ w: 2 }));
 
 print("resync");
-rs.restart(mId, {"keyFile" : path+"key1"});
+rs.restart(mId, {"keyFile" : key1_600});
 master = rs.getMaster();
 
 print("add some more data 2");
@@ -131,7 +130,7 @@ var conn = MongoRunner.runMongod({dbpath: MongoRunner.dataPath + name + "-3",
                                   port: port[3],
                                   replSet: "rs_auth1",
                                   oplogSize: 2,
-                                  keyFile: path + "key2"});
+                                  keyFile: key2_600});
 
 
 master.getDB("admin").auth("foo", "bar");
@@ -167,7 +166,7 @@ var conn = MongoRunner.runMongod({dbpath: MongoRunner.dataPath + name + "-3",
                                   port: port[3],
                                   replSet: "rs_auth1",
                                   oplogSize: 2,
-                                  keyFile: path + "key1"});
+                                  keyFile: key1_600});
 
 wait(function() {
     try {
diff --git a/jstests/replsets/auth2.js b/jstests/replsets/auth2.js
index dfdaa6b53fb..da62d4d0589 100644
--- a/jstests/replsets/auth2.js
+++ b/jstests/replsets/auth2.js
@@ -14,16 +14,16 @@ var testInvalidAuthStates = function() {
 
     rs.waitForState(rs.nodes[0], rs.SECONDARY);
 
-    rs.restart(1, {"keyFile" : path+"key1"});
-    rs.restart(2, {"keyFile" : path+"key1"});
+    rs.restart(1, {"keyFile" : key1});
+    rs.restart(2, {"keyFile" : key1});
 };
 
 var name = "rs_auth2";
 var path = "jstests/libs/";
 
-print("change permissions on #1 & #2");
-run("chmod", "600", path+"key1");
-run("chmod", "600", path+"key2");
+// These keyFiles have their permissions set to 600 later in the test.
+var key1 = path+"key1";
+var key2 = path+"key2";
 
 var rs = new ReplSetTest({name: name, nodes: 3});
 var nodes = rs.startSet();
@@ -44,9 +44,9 @@ var m = rs.nodes[0];
 
 print("starting 1 and 2 with key file");
 rs.stop(1);
-rs.restart(1, {"keyFile" : path+"key1"});
+rs.restart(1, {"keyFile" : key1});
 rs.stop(2);
-rs.restart(2, {"keyFile" : path+"key1"});
+rs.restart(2, {"keyFile" : key1});
 
 // auth to all nodes with auth
 rs.nodes[1].getDB("admin").auth("foo", "bar");
@@ -56,7 +56,7 @@ testInvalidAuthStates();
 print("restart mongod with bad keyFile");
 
 rs.stop(0);
-m = rs.restart(0, {"keyFile" : path+"key2"});
+m = rs.restart(0, {"keyFile" : key2});
 
 //auth to all nodes
 rs.nodes[0].getDB("admin").auth("foo", "bar");
@@ -65,6 +65,6 @@ rs.nodes[2].getDB("admin").auth("foo", "bar");
 testInvalidAuthStates();
 
 rs.stop(0);
-m = rs.restart(0, {"keyFile" : path+"key1"});
+m = rs.restart(0, {"keyFile" : key1});
 
 print("0 becomes a secondary");