diff options
author | Matt Cotter <matt.cotter@mongodb.com> | 2017-04-11 12:19:05 -0400 |
---|---|---|
committer | Mark Benvenuto <mark.benvenuto@mongodb.com> | 2017-04-11 12:19:05 -0400 |
commit | 0b3006eacb51de20c1d45dcc0d704eb1a2838d07 (patch) | |
tree | b339e733cd36dfa0507172682b71f5141e59ac2e | |
parent | 3f277a981e675734be498d4581babe5ab5548a5c (diff) | |
download | mongo-0b3006eacb51de20c1d45dcc0d704eb1a2838d07.tar.gz |
SERVER-26101 DBDirectClient isn't safe to auth
(cherry picked from commit 73365935a7d2026030a34d89463e72263fe8c25c)
-rw-r--r-- | jstests/core/evalh.js | 18 | ||||
-rw-r--r-- | src/mongo/scripting/mozjs/mongo.cpp | 2 |
2 files changed, 19 insertions, 1 deletions
diff --git a/jstests/core/evalh.js b/jstests/core/evalh.js new file mode 100644 index 00000000000..e1058fbdce4 --- /dev/null +++ b/jstests/core/evalh.js @@ -0,0 +1,18 @@ +/** + * Test that db.eval does not support auth. + */ +(function() { + 'use strict'; + + assert.writeOK(db.evalprep.insert({}), "db must exist for eval to succeed"); + assert(db.evalprep.drop()); + + // The db.auth method call getMongo().auth but catches the exception. + assert.eq(0, db.eval('db.auth("reader", "reader")')); + + // Call the native implementation auth function and verify it does not exist under the db.eval + // javascript context. + assert.throws(function() { + db.eval('db.getMongo().auth("reader", "reader")'); + }); +})(); diff --git a/src/mongo/scripting/mozjs/mongo.cpp b/src/mongo/scripting/mozjs/mongo.cpp index 31164398961..095622e47cc 100644 --- a/src/mongo/scripting/mozjs/mongo.cpp +++ b/src/mongo/scripting/mozjs/mongo.cpp @@ -49,7 +49,7 @@ namespace mongo { namespace mozjs { const JSFunctionSpec MongoBase::methods[] = { - MONGO_ATTACH_JS_CONSTRAINED_METHOD_NO_PROTO(auth, MongoLocalInfo, MongoExternalInfo), + MONGO_ATTACH_JS_CONSTRAINED_METHOD_NO_PROTO(auth, MongoExternalInfo), MONGO_ATTACH_JS_CONSTRAINED_METHOD_NO_PROTO( copyDatabaseWithSCRAM, MongoLocalInfo, MongoExternalInfo), MONGO_ATTACH_JS_CONSTRAINED_METHOD_NO_PROTO(cursorFromId, MongoLocalInfo, MongoExternalInfo), |