summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSara Golemon <sara.golemon@mongodb.com>2018-06-06 17:33:47 -0400
committerSara Golemon <sara.golemon@mongodb.com>2018-06-06 20:39:46 -0400
commit447573aeace6eb5acd48ad041f68bd0af01c70c9 (patch)
tree2d493d75e0635a14b6dc38f4a8c9365f9aaa7185
parent967e8eb7cd2f3835663dda89176a2118ac5a06fa (diff)
downloadmongo-447573aeace6eb5acd48ad041f68bd0af01c70c9.tar.gz
SERVER-35463 Mark listCommands as pre-auth
-rw-r--r--jstests/auth/listcommands_preauth.js38
-rw-r--r--src/mongo/db/commands/generic.cpp3
2 files changed, 41 insertions, 0 deletions
diff --git a/jstests/auth/listcommands_preauth.js b/jstests/auth/listcommands_preauth.js
new file mode 100644
index 00000000000..4967628bc22
--- /dev/null
+++ b/jstests/auth/listcommands_preauth.js
@@ -0,0 +1,38 @@
+// Make sure that listCommands doesn't require authentication.
+
+(function() {
+ 'use strict';
+
+ function runTest(conn) {
+ const admin = conn.getDB('admin');
+
+ // Commands should succeed in auth-bypass mode regardless of requiresAuth().
+ assert.commandWorked(admin.runCommand({listDatabases: 1}),
+ "listDatabases shouldn't work pre-auth");
+ assert.commandWorked(admin.runCommand({listCommands: 1}),
+ "listCommands should work pre-auth");
+
+ admin.createUser({user: 'admin', pwd: 'pass', roles: jsTest.adminUserRoles});
+
+ // listDatabases should now fail, because auth bypass is no longer valid.
+ assert.commandFailed(admin.runCommand({listDatabases: 1}),
+ "listDatabases shouldn't work pre-auth");
+ // listCommands should STILL work, because it does not require auth.
+ assert.commandWorked(admin.runCommand({listCommands: 1}),
+ "listCommands should work pre-auth");
+ }
+
+ const mongod = MongoRunner.runMongod({auth: ""});
+ runTest(mongod);
+ MongoRunner.stopMongod(mongod);
+
+ // TODO: Remove 'shardAsReplicaSet: false' when SERVER-32672 is fixed.
+ const st = new ShardingTest({
+ shards: 1,
+ mongos: 1,
+ config: 1,
+ other: {keyFile: 'jstests/libs/key1', shardAsReplicaSet: false}
+ });
+ runTest(st.s0);
+ st.stop();
+})();
diff --git a/src/mongo/db/commands/generic.cpp b/src/mongo/db/commands/generic.cpp
index 0f5889f655e..277b22aba99 100644
--- a/src/mongo/db/commands/generic.cpp
+++ b/src/mongo/db/commands/generic.cpp
@@ -143,6 +143,9 @@ public:
virtual void addRequiredPrivileges(const std::string& dbname,
const BSONObj& cmdObj,
std::vector<Privilege>* out) const {} // No auth required
+ bool requiresAuth() const final {
+ return false;
+ }
virtual bool run(OperationContext* opCtx,
const string& ns,
const BSONObj& cmdObj,