diff options
author | Sara Golemon <sara.golemon@mongodb.com> | 2019-10-01 20:07:39 +0000 |
---|---|---|
committer | evergreen <evergreen@mongodb.com> | 2019-10-01 20:07:39 +0000 |
commit | f27579ad4400d5e8ab7a79fc607c1e39438eb146 (patch) | |
tree | 810963aa56587d66cd283151db339bce23d7f57e | |
parent | b5e2e827f65459fd5cf5f88c081dda01b801867d (diff) | |
download | mongo-f27579ad4400d5e8ab7a79fc607c1e39438eb146.tar.gz |
SERVER-43582 Do not auth ReplicaSet Monitor
(cherry picked from commit b5b3517afcab6efd034db87715dcefc5557b1099)
(cherry picked from commit ab6d34c3001706e95439883b4c4b7f93c17feda0)
-rw-r--r-- | jstests/auth/repl_auth_shell_mechanism.js | 72 | ||||
-rw-r--r-- | src/mongo/client/dbclient_rs.cpp | 2 | ||||
-rw-r--r-- | src/mongo/client/mongo_uri_connect.cpp | 6 |
3 files changed, 79 insertions, 1 deletions
diff --git a/jstests/auth/repl_auth_shell_mechanism.js b/jstests/auth/repl_auth_shell_mechanism.js new file mode 100644 index 00000000000..acf724e7809 --- /dev/null +++ b/jstests/auth/repl_auth_shell_mechanism.js @@ -0,0 +1,72 @@ +/* Start a replica set with auth using SCRAM-SHA-256 exclusively, + * then connect via shell. +`* + * @tags: [requires_replication] + */ + +(function() { + +const rsTest = new ReplSetTest({nodes: 3}); +rsTest.startSet({ + oplogSize: 10, + keyFile: 'jstests/libs/key1', + setParameter: {authenticationMechanisms: 'SCRAM-SHA-256'} +}); +rsTest.initiate(); +rsTest.awaitSecondaryNodes(); + +// Setup initial data. +const primary = rsTest.getPrimary(); +const admin = primary.getDB('admin'); +admin.createUser({user: 'admin', pwd: 'password', roles: jsTest.adminUserRoles}); +admin.auth('admin', 'password'); +admin.logout(); + +// Fetch and rearrange connection string. +const connString = rsTest.getURL(); +const slash = connString.indexOf('/'); +const rsName = connString.substr(0, slash); +const rsHosts = connString.substr(slash + 1); + +// Connect with shell using connString. +const csShell = runMongoProgram('./mongo', + '--host', + connString, + '-u', + 'admin', + '--password', + 'password', + '--authenticationDatabase', + 'admin', + '--eval', + ';'); +assert.eq(csShell, 0, 'Failed to connect using connection string'); + +// Connect with shell explicitly specifying mechanism. +const csShellMech = runMongoProgram('./mongo', + '--host', + connString, + '-u', + 'admin', + '--password', + 'password', + '--authenticationDatabase', + 'admin', + '--authenticationMechanism', + 'SCRAM-SHA-256', + '--eval', + ';'); +assert.eq(csShellMech, 0, 'Failed to connect using connection string'); + +// Connect with shell using URI. +const uriString = 'mongodb://admin:password@' + rsHosts + '/admin?replicaSet=' + rsName; +const uriShell = runMongoProgram('./mongo', uriString, '--eval', ';'); +assert.eq(uriShell, 0, 'Failed to connect using URI'); + +// Connect with shell using URI and explcit mechanism. +const uriShellMech = + runMongoProgram('./mongo', uriString + '&authMechanism=SCRAM-SHA-256', '--eval', ';'); +assert.eq(uriShellMech, 0, 'Failed to connect using URI'); + +rsTest.stopSet(); +})(); diff --git a/src/mongo/client/dbclient_rs.cpp b/src/mongo/client/dbclient_rs.cpp index 40cd2f220f7..da3de227749 100644 --- a/src/mongo/client/dbclient_rs.cpp +++ b/src/mongo/client/dbclient_rs.cpp @@ -138,7 +138,7 @@ DBClientReplicaSet::DBClientReplicaSet(const string& name, _applicationName(applicationName.toString()), _so_timeout(so_timeout), _uri(std::move(uri)) { - if (uri.isValid()) { + if (_uri.isValid()) { _rsm = ReplicaSetMonitor::createIfNeeded(_uri); } else { _rsm = ReplicaSetMonitor::createIfNeeded(name, diff --git a/src/mongo/client/mongo_uri_connect.cpp b/src/mongo/client/mongo_uri_connect.cpp index e79b6271ee6..e9505e42bcc 100644 --- a/src/mongo/client/mongo_uri_connect.cpp +++ b/src/mongo/client/mongo_uri_connect.cpp @@ -188,6 +188,12 @@ DBClientBase* MongoURI::connect(StringData applicationName, return nullptr; } + if (!getSetName().empty()) { + // When performing initial topology discovery, don't bother authenticating + // since we will be immediately restarting our connect loop to a single node. + return ret.release(); + } + auto optAuthObj = _makeAuthObjFromOptions(ret->getMaxWireVersion(), ret->getIsMasterSaslMechanisms()); if (optAuthObj) { |