SERVER-38887 Return names encapsulated when falling back on privilege inspection

(cherry picked from commit 116a97a5dac8ebf8784b15ff09569afd9032cdc6)

3 files changed, 41 insertions, 9 deletions

diff --git a/jstests/auth/list_databases.js b/jstests/auth/list_databases.js
index 9bac4b68387..a69472fb77f 100644
--- a/jstests/auth/list_databases.js
+++ b/jstests/auth/list_databases.js
@@ -74,6 +74,8 @@
                 // Ignore these for simplicity.
                 return (db !== 'local') && (db !== 'config');
             }
+
+            // Invoking {listDatabases: 1} directly.
             function tryList(cmd, expect_dbs) {
                 const dbs = assert.commandWorked(admin.runCommand(cmd));
                 assert.eq(dbs.databases
@@ -125,8 +127,12 @@
                         return adminCommandMethod(cmd);
                     };
                     // Command fails, but we dispatch via _getDatabaseNamesFromPrivileges().
-                    assert.eq(mongod.getDBs(), test.authDbs || test.dbs);
-                    // Still dispatches with explciti nameOnly===true.
+                    assert.eq(mongod.getDBs().databases.map(function(x) {
+                        return x.name;
+                    }),
+                              test.authDbs || test.dbs);
+
+                    // Still dispatches with explicit nameOnly===true, returns only names.
                     assert.eq(mongod.getDBs(undefined, undefined, true), test.authDbs || test.dbs);
 
                     // Command fails and unable to dispatch because nameOnly !== true.
diff --git a/src/mongo/shell/mongo.js b/src/mongo/shell/mongo.js
index 46b09f9c8cd..e0be81a6b56 100644
--- a/src/mongo/shell/mongo.js
+++ b/src/mongo/shell/mongo.js
@@ -61,7 +61,7 @@ Mongo.prototype._getDatabaseNamesFromPrivileges = function() {
 
     const ret = this.adminCommand({connectionStatus: 1, showPrivileges: 1});
     if (!ret.ok) {
-        throw _getErrorWithCode(res, "Failed to acquire database information from privileges");
+        throw _getErrorWithCode(ret, "Failed to acquire database information from privileges");
     }
 
     const privileges = (ret.authInfo || {}).authenticatedUserPrivileges;
@@ -112,14 +112,29 @@ Mongo.prototype.getDBs = function(driverSession = this._getDefaultSession(),
         // asked for anything difficult to provide from userspace, then we can
         // fallback on inspecting the user's permissions.
         // This means that:
-        //   * filter should be empty, as reimplementing that logic is out of scope.
-        //   * nameOnly should not be false as we can't infer size information.
-        //   * authorizedDatabases should not be false as those are the only DBs we can infer.
-        // Note that if the above are true and we get Unauthorized, that also means
+        //   * filter must be undefined, as reimplementing that logic is out of scope.
+        //   * nameOnly must not be false as we can't infer size information.
+        //   * authorizedDatabases must not be false as those are the only DBs we can infer.
+        // Note that if the above are valid and we get Unauthorized, that also means
         // that we MUST be talking to a pre-4.0 mongod.
+        //
+        // Like the server response mode, this path will return a simple list of
+        // names if nameOnly is specified as true.
+        // If nameOnly is undefined, we come as close as we can to what the
+        // server would return by supplying the databases key of the returned
+        // object.  Other information is unavailable.
         if ((res.code === ErrorCodes.Unauthorized) && (filter === undefined) &&
             (nameOnly !== false) && (authorizedDatabases !== false)) {
-            return this._getDatabaseNamesFromPrivileges();
+            const names = this._getDatabaseNamesFromPrivileges();
+            if (nameOnly === true) {
+                return names;
+            } else {
+                return {
+                    databases: names.map(function(x) {
+                        return {name: x};
+                    }),
+                };
+            }
         }
         throw _getErrorWithCode(res, "listDatabases failed:" + tojson(res));
     }
diff --git a/src/mongo/shell/utils.js b/src/mongo/shell/utils.js
index 245f87857ff..1f01019aef9 100644
--- a/src/mongo/shell/utils.js
+++ b/src/mongo/shell/utils.js
@@ -873,7 +873,18 @@ shellHelper.show = function(what) {
     }
 
     if (what == "dbs" || what == "databases") {
-        var dbs = db.getMongo().getDBs(db.getSession());
+        var mongo = db.getMongo();
+        var dbs;
+        try {
+            dbs = mongo.getDBs(db.getSession(), undefined, false);
+        } catch (ex) {
+            // Unable to get detailed information, retry name-only.
+            mongo.getDBs(db.getSession(), undefined, true).forEach(function(x) {
+                print(x);
+            });
+            return "";
+        }
+
         var dbinfo = [];
         var maxNameLength = 0;
         var maxGbDigits = 0;