diff options
author | Sara Golemon <sara.golemon@mongodb.com> | 2018-06-06 17:33:47 -0400 |
---|---|---|
committer | Sara Golemon <sara.golemon@mongodb.com> | 2018-06-06 20:39:46 -0400 |
commit | 447573aeace6eb5acd48ad041f68bd0af01c70c9 (patch) | |
tree | 2d493d75e0635a14b6dc38f4a8c9365f9aaa7185 | |
parent | 967e8eb7cd2f3835663dda89176a2118ac5a06fa (diff) | |
download | mongo-447573aeace6eb5acd48ad041f68bd0af01c70c9.tar.gz |
SERVER-35463 Mark listCommands as pre-auth
-rw-r--r-- | jstests/auth/listcommands_preauth.js | 38 | ||||
-rw-r--r-- | src/mongo/db/commands/generic.cpp | 3 |
2 files changed, 41 insertions, 0 deletions
diff --git a/jstests/auth/listcommands_preauth.js b/jstests/auth/listcommands_preauth.js new file mode 100644 index 00000000000..4967628bc22 --- /dev/null +++ b/jstests/auth/listcommands_preauth.js @@ -0,0 +1,38 @@ +// Make sure that listCommands doesn't require authentication. + +(function() { + 'use strict'; + + function runTest(conn) { + const admin = conn.getDB('admin'); + + // Commands should succeed in auth-bypass mode regardless of requiresAuth(). + assert.commandWorked(admin.runCommand({listDatabases: 1}), + "listDatabases shouldn't work pre-auth"); + assert.commandWorked(admin.runCommand({listCommands: 1}), + "listCommands should work pre-auth"); + + admin.createUser({user: 'admin', pwd: 'pass', roles: jsTest.adminUserRoles}); + + // listDatabases should now fail, because auth bypass is no longer valid. + assert.commandFailed(admin.runCommand({listDatabases: 1}), + "listDatabases shouldn't work pre-auth"); + // listCommands should STILL work, because it does not require auth. + assert.commandWorked(admin.runCommand({listCommands: 1}), + "listCommands should work pre-auth"); + } + + const mongod = MongoRunner.runMongod({auth: ""}); + runTest(mongod); + MongoRunner.stopMongod(mongod); + + // TODO: Remove 'shardAsReplicaSet: false' when SERVER-32672 is fixed. + const st = new ShardingTest({ + shards: 1, + mongos: 1, + config: 1, + other: {keyFile: 'jstests/libs/key1', shardAsReplicaSet: false} + }); + runTest(st.s0); + st.stop(); +})(); diff --git a/src/mongo/db/commands/generic.cpp b/src/mongo/db/commands/generic.cpp index 0f5889f655e..277b22aba99 100644 --- a/src/mongo/db/commands/generic.cpp +++ b/src/mongo/db/commands/generic.cpp @@ -143,6 +143,9 @@ public: virtual void addRequiredPrivileges(const std::string& dbname, const BSONObj& cmdObj, std::vector<Privilege>* out) const {} // No auth required + bool requiresAuth() const final { + return false; + } virtual bool run(OperationContext* opCtx, const string& ns, const BSONObj& cmdObj, |