diff options
author | Sara Golemon <sara.golemon@mongodb.com> | 2019-01-14 22:45:00 +0000 |
---|---|---|
committer | Sara Golemon <sara.golemon@mongodb.com> | 2019-01-18 17:57:18 +0000 |
commit | 508ca70c796d643327d27a108aa7ad3aefa850b5 (patch) | |
tree | e447ddd56cde8482ef8c66f0726f604bd768ed7a | |
parent | 1176598c287ec62f52107ef99b8f1a66b6dc6d8a (diff) | |
download | mongo-508ca70c796d643327d27a108aa7ad3aefa850b5.tar.gz |
SERVER-38887 Return names encapsulated when falling back on privilege inspection
(cherry picked from commit 116a97a5dac8ebf8784b15ff09569afd9032cdc6)
-rw-r--r-- | jstests/auth/list_databases.js | 10 | ||||
-rw-r--r-- | src/mongo/shell/mongo.js | 27 | ||||
-rw-r--r-- | src/mongo/shell/utils.js | 13 |
3 files changed, 41 insertions, 9 deletions
diff --git a/jstests/auth/list_databases.js b/jstests/auth/list_databases.js index 9bac4b68387..a69472fb77f 100644 --- a/jstests/auth/list_databases.js +++ b/jstests/auth/list_databases.js @@ -74,6 +74,8 @@ // Ignore these for simplicity. return (db !== 'local') && (db !== 'config'); } + + // Invoking {listDatabases: 1} directly. function tryList(cmd, expect_dbs) { const dbs = assert.commandWorked(admin.runCommand(cmd)); assert.eq(dbs.databases @@ -125,8 +127,12 @@ return adminCommandMethod(cmd); }; // Command fails, but we dispatch via _getDatabaseNamesFromPrivileges(). - assert.eq(mongod.getDBs(), test.authDbs || test.dbs); - // Still dispatches with explciti nameOnly===true. + assert.eq(mongod.getDBs().databases.map(function(x) { + return x.name; + }), + test.authDbs || test.dbs); + + // Still dispatches with explicit nameOnly===true, returns only names. assert.eq(mongod.getDBs(undefined, undefined, true), test.authDbs || test.dbs); // Command fails and unable to dispatch because nameOnly !== true. diff --git a/src/mongo/shell/mongo.js b/src/mongo/shell/mongo.js index 46b09f9c8cd..e0be81a6b56 100644 --- a/src/mongo/shell/mongo.js +++ b/src/mongo/shell/mongo.js @@ -61,7 +61,7 @@ Mongo.prototype._getDatabaseNamesFromPrivileges = function() { const ret = this.adminCommand({connectionStatus: 1, showPrivileges: 1}); if (!ret.ok) { - throw _getErrorWithCode(res, "Failed to acquire database information from privileges"); + throw _getErrorWithCode(ret, "Failed to acquire database information from privileges"); } const privileges = (ret.authInfo || {}).authenticatedUserPrivileges; @@ -112,14 +112,29 @@ Mongo.prototype.getDBs = function(driverSession = this._getDefaultSession(), // asked for anything difficult to provide from userspace, then we can // fallback on inspecting the user's permissions. // This means that: - // * filter should be empty, as reimplementing that logic is out of scope. - // * nameOnly should not be false as we can't infer size information. - // * authorizedDatabases should not be false as those are the only DBs we can infer. - // Note that if the above are true and we get Unauthorized, that also means + // * filter must be undefined, as reimplementing that logic is out of scope. + // * nameOnly must not be false as we can't infer size information. + // * authorizedDatabases must not be false as those are the only DBs we can infer. + // Note that if the above are valid and we get Unauthorized, that also means // that we MUST be talking to a pre-4.0 mongod. + // + // Like the server response mode, this path will return a simple list of + // names if nameOnly is specified as true. + // If nameOnly is undefined, we come as close as we can to what the + // server would return by supplying the databases key of the returned + // object. Other information is unavailable. if ((res.code === ErrorCodes.Unauthorized) && (filter === undefined) && (nameOnly !== false) && (authorizedDatabases !== false)) { - return this._getDatabaseNamesFromPrivileges(); + const names = this._getDatabaseNamesFromPrivileges(); + if (nameOnly === true) { + return names; + } else { + return { + databases: names.map(function(x) { + return {name: x}; + }), + }; + } } throw _getErrorWithCode(res, "listDatabases failed:" + tojson(res)); } diff --git a/src/mongo/shell/utils.js b/src/mongo/shell/utils.js index 245f87857ff..1f01019aef9 100644 --- a/src/mongo/shell/utils.js +++ b/src/mongo/shell/utils.js @@ -873,7 +873,18 @@ shellHelper.show = function(what) { } if (what == "dbs" || what == "databases") { - var dbs = db.getMongo().getDBs(db.getSession()); + var mongo = db.getMongo(); + var dbs; + try { + dbs = mongo.getDBs(db.getSession(), undefined, false); + } catch (ex) { + // Unable to get detailed information, retry name-only. + mongo.getDBs(db.getSession(), undefined, true).forEach(function(x) { + print(x); + }); + return ""; + } + var dbinfo = []; var maxNameLength = 0; var maxGbDigits = 0; |