diff options
author | Sara Golemon <sara.golemon@mongodb.com> | 2019-11-11 16:10:07 +0000 |
---|---|---|
committer | evergreen <evergreen@mongodb.com> | 2019-11-11 16:10:07 +0000 |
commit | 8fd34f1860e97d2af5e3a8c6e72f8ffa1765d841 (patch) | |
tree | 0babc0f90b4d9d5359aff8d8c90638ab1f469e81 | |
parent | 11f0c4ae55b6f0f14df16d4b01e1826a7d5824bb (diff) | |
download | mongo-8fd34f1860e97d2af5e3a8c6e72f8ffa1765d841.tar.gz |
SERVER-35463 Mark listCommands as pre-auth
(cherry picked from commit aa14a86962b0746038d1d6a6ba34485a40e614c6)
-rw-r--r-- | jstests/auth/listcommands_preauth.js | 33 | ||||
-rw-r--r-- | src/mongo/db/commands/generic.cpp | 3 |
2 files changed, 36 insertions, 0 deletions
diff --git a/jstests/auth/listcommands_preauth.js b/jstests/auth/listcommands_preauth.js new file mode 100644 index 00000000000..3cbfc72a6dd --- /dev/null +++ b/jstests/auth/listcommands_preauth.js @@ -0,0 +1,33 @@ +// Make sure that listCommands doesn't require authentication. + +(function() { + 'use strict'; + + function runTest(conn) { + const admin = conn.getDB('admin'); + + // Commands should succeed in auth-bypass mode regardless of requiresAuth(). + assert.commandWorked(admin.runCommand({listCommands: 1}), + "listCommands should work pre-auth"); + + admin.createUser({user: 'admin', pwd: 'pass', roles: jsTest.adminUserRoles}); + + // listCommands should STILL work, because it does not require auth. + assert.commandWorked(admin.runCommand({listCommands: 1}), + "listCommands should work pre-auth"); + } + + const mongod = MongoRunner.runMongod({auth: ""}); + runTest(mongod); + MongoRunner.stopMongod(mongod); + + // TODO: Remove 'shardAsReplicaSet: false' when SERVER-32672 is fixed. + const st = new ShardingTest({ + shards: 1, + mongos: 1, + config: 1, + other: {keyFile: 'jstests/libs/key1', shardAsReplicaSet: false} + }); + runTest(st.s0); + st.stop(); +})(); diff --git a/src/mongo/db/commands/generic.cpp b/src/mongo/db/commands/generic.cpp index 224cfa38340..22a54ca1be4 100644 --- a/src/mongo/db/commands/generic.cpp +++ b/src/mongo/db/commands/generic.cpp @@ -271,6 +271,9 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, std::vector<Privilege>* out) {} // No auth required + bool requiresAuth() const final { + return false; + } virtual bool run(OperationContext* opCtx, const string& ns, const BSONObj& cmdObj, |