SERVER-43582 Do not auth ReplicaSet Monitor

(cherry picked from commit b5b3517afcab6efd034db87715dcefc5557b1099) (cherry picked from commit ab6d34c3001706e95439883b4c4b7f93c17feda0)
author: Sara Golemon <sara.golemon@mongodb.com> 2019-10-01 21:01:49 +0000
committer: evergreen <evergreen@mongodb.com> 2019-10-01 21:01:49 +0000
commit: ad4402a1e83d9f2b304bcf10cfbe60746389e94c (patch)
tree: 6d4deeb38f75aaa4b3a2ef58f19d6b92908615fa
parent: 17d4fb584cc224af26e08d957bfdcccf4cf9c39f (diff)
download: mongo-ad4402a1e83d9f2b304bcf10cfbe60746389e94c.tar.gz
3 files changed, 79 insertions, 1 deletions
diff --git a/jstests/auth/repl_auth_shell_mechanism.js b/jstests/auth/repl_auth_shell_mechanism.js
new file mode 100644
index 00000000000..e81a0b8d6f5
--- /dev/null
+++ b/jstests/auth/repl_auth_shell_mechanism.js
@@ -0,0 +1,72 @@
+/* Start a replica set with auth using SCRAM-SHA-256 exclusively,
+ * then connect via shell.
+`*
+ * @tags: [requires_replication]
+ */
+
+(function() {
+
+    const rsTest = new ReplSetTest({nodes: 3});
+    rsTest.startSet({
+        oplogSize: 10,
+        keyFile: 'jstests/libs/key1',
+        setParameter: {authenticationMechanisms: 'SCRAM-SHA-256'}
+    });
+    rsTest.initiate();
+    rsTest.awaitSecondaryNodes();
+
+    // Setup initial data.
+    const primary = rsTest.getPrimary();
+    const admin = primary.getDB('admin');
+    admin.createUser({user: 'admin', pwd: 'password', roles: jsTest.adminUserRoles});
+    admin.auth('admin', 'password');
+    admin.logout();
+
+    // Fetch and rearrange connection string.
+    const connString = rsTest.getURL();
+    const slash = connString.indexOf('/');
+    const rsName = connString.substr(0, slash);
+    const rsHosts = connString.substr(slash + 1);
+
+    // Connect with shell using connString.
+    const csShell = runMongoProgram('./mongo',
+                                    '--host',
+                                    connString,
+                                    '-u',
+                                    'admin',
+                                    '--password',
+                                    'password',
+                                    '--authenticationDatabase',
+                                    'admin',
+                                    '--eval',
+                                    ';');
+    assert.eq(csShell, 0, 'Failed to connect using connection string');
+
+    // Connect with shell explicitly specifying mechanism.
+    const csShellMech = runMongoProgram('./mongo',
+                                        '--host',
+                                        connString,
+                                        '-u',
+                                        'admin',
+                                        '--password',
+                                        'password',
+                                        '--authenticationDatabase',
+                                        'admin',
+                                        '--authenticationMechanism',
+                                        'SCRAM-SHA-256',
+                                        '--eval',
+                                        ';');
+    assert.eq(csShellMech, 0, 'Failed to connect using connection string');
+
+    // Connect with shell using URI.
+    const uriString = 'mongodb://admin:password@' + rsHosts + '/admin?replicaSet=' + rsName;
+    const uriShell = runMongoProgram('./mongo', uriString, '--eval', ';');
+    assert.eq(uriShell, 0, 'Failed to connect using URI');
+
+    // Connect with shell using URI and explcit mechanism.
+    const uriShellMech =
+        runMongoProgram('./mongo', uriString + '&authMechanism=SCRAM-SHA-256', '--eval', ';');
+    assert.eq(uriShellMech, 0, 'Failed to connect using URI');
+
+    rsTest.stopSet();
+})();
diff --git a/src/mongo/client/dbclient_rs.cpp b/src/mongo/client/dbclient_rs.cpp
index 69a4ac6c1f5..c33009a2eff 100644
--- a/src/mongo/client/dbclient_rs.cpp
+++ b/src/mongo/client/dbclient_rs.cpp
@@ -139,7 +139,7 @@ DBClientReplicaSet::DBClientReplicaSet(const string& name,
       _applicationName(applicationName.toString()),
       _so_timeout(so_timeout),
       _uri(std::move(uri)) {
-    if (uri.isValid()) {
+    if (_uri.isValid()) {
         _rsm = ReplicaSetMonitor::createIfNeeded(_uri);
     } else {
         _rsm = ReplicaSetMonitor::createIfNeeded(name,
diff --git a/src/mongo/client/mongo_uri_connect.cpp b/src/mongo/client/mongo_uri_connect.cpp
index 2b2ec362c41..c3ecfa90329 100644
--- a/src/mongo/client/mongo_uri_connect.cpp
+++ b/src/mongo/client/mongo_uri_connect.cpp
@@ -207,6 +207,12 @@ DBClientBase* MongoURI::connect(StringData applicationName,
         return nullptr;
     }
 
+    if (!getSetName().empty()) {
+        // When performing initial topology discovery, don't bother authenticating
+        // since we will be immediately restarting our connect loop to a single node.
+        return ret.release();
+    }
+
     auto optAuthObj =
         _makeAuthObjFromOptions(ret->getMaxWireVersion(), ret->getIsMasterSaslMechanisms());
     if (optAuthObj) {
author	Sara Golemon <sara.golemon@mongodb.com>	2019-10-01 21:01:49 +0000
committer	evergreen <evergreen@mongodb.com>	2019-10-01 21:01:49 +0000
commit	ad4402a1e83d9f2b304bcf10cfbe60746389e94c (patch)
tree	6d4deeb38f75aaa4b3a2ef58f19d6b92908615fa
parent	17d4fb584cc224af26e08d957bfdcccf4cf9c39f (diff)
download	mongo-ad4402a1e83d9f2b304bcf10cfbe60746389e94c.tar.gz