summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatt Cotter <matt.cotter@mongodb.com>2016-09-27 11:32:03 -0400
committerMatt Cotter <matt.cotter@mongodb.com>2016-09-27 17:04:52 -0400
commit73365935a7d2026030a34d89463e72263fe8c25c (patch)
treed9f9c9afbbf8933c8d35347fc23d922ceb82e7af
parentcc3dd86781371f91333bdf144a7781abd140bc9d (diff)
downloadmongo-73365935a7d2026030a34d89463e72263fe8c25c.tar.gz
SERVER-26101 DBDirectClient isn't safe to auth
Diffstat
-rw-r--r--jstests/core/evalh.js18
-rw-r--r--src/mongo/scripting/mozjs/mongo.cpp2
2 files changed, 19 insertions, 1 deletions
diff --git a/jstests/core/evalh.js b/jstests/core/evalh.js
new file mode 100644
index 00000000000..e1058fbdce4
--- /dev/null
+++ b/jstests/core/evalh.js
@@ -0,0 +1,18 @@
+/**
+ * Test that db.eval does not support auth.
+ */
+(function() {
+ 'use strict';
+
+ assert.writeOK(db.evalprep.insert({}), "db must exist for eval to succeed");
+ assert(db.evalprep.drop());
+
+ // The db.auth method call getMongo().auth but catches the exception.
+ assert.eq(0, db.eval('db.auth("reader", "reader")'));
+
+ // Call the native implementation auth function and verify it does not exist under the db.eval
+ // javascript context.
+ assert.throws(function() {
+ db.eval('db.getMongo().auth("reader", "reader")');
+ });
+})();
diff --git a/src/mongo/scripting/mozjs/mongo.cpp b/src/mongo/scripting/mozjs/mongo.cpp
index 2c887804203..68d6b05719f 100644
--- a/src/mongo/scripting/mozjs/mongo.cpp
+++ b/src/mongo/scripting/mozjs/mongo.cpp
@@ -52,7 +52,7 @@ namespace mongo {
namespace mozjs {
const JSFunctionSpec MongoBase::methods[] = {
- MONGO_ATTACH_JS_CONSTRAINED_METHOD_NO_PROTO(auth, MongoLocalInfo, MongoExternalInfo),
+ MONGO_ATTACH_JS_CONSTRAINED_METHOD_NO_PROTO(auth, MongoExternalInfo),
MONGO_ATTACH_JS_CONSTRAINED_METHOD_NO_PROTO(close, MongoExternalInfo),
MONGO_ATTACH_JS_CONSTRAINED_METHOD_NO_PROTO(
copyDatabaseWithSCRAM, MongoLocalInfo, MongoExternalInfo),
View Lorry Controller Status