SERVER-43582 Do not auth ReplicaSet Monitor

(cherry picked from commit b5b3517afcab6efd034db87715dcefc5557b1099) (cherry picked from commit ab6d34c3001706e95439883b4c4b7f93c17feda0)
author: Sara Golemon <sara.golemon@mongodb.com> 2019-10-01 20:07:39 +0000
committer: evergreen <evergreen@mongodb.com> 2019-10-01 20:07:39 +0000
commit: f27579ad4400d5e8ab7a79fc607c1e39438eb146 (patch)
tree: 810963aa56587d66cd283151db339bce23d7f57e
parent: b5e2e827f65459fd5cf5f88c081dda01b801867d (diff)
download: mongo-f27579ad4400d5e8ab7a79fc607c1e39438eb146.tar.gz
3 files changed, 79 insertions, 1 deletions
diff --git a/jstests/auth/repl_auth_shell_mechanism.js b/jstests/auth/repl_auth_shell_mechanism.js
new file mode 100644
index 00000000000..acf724e7809
--- /dev/null
+++ b/jstests/auth/repl_auth_shell_mechanism.js
@@ -0,0 +1,72 @@
+/* Start a replica set with auth using SCRAM-SHA-256 exclusively,
+ * then connect via shell.
+`*
+ * @tags: [requires_replication]
+ */
+
+(function() {
+
+const rsTest = new ReplSetTest({nodes: 3});
+rsTest.startSet({
+    oplogSize: 10,
+    keyFile: 'jstests/libs/key1',
+    setParameter: {authenticationMechanisms: 'SCRAM-SHA-256'}
+});
+rsTest.initiate();
+rsTest.awaitSecondaryNodes();
+
+// Setup initial data.
+const primary = rsTest.getPrimary();
+const admin = primary.getDB('admin');
+admin.createUser({user: 'admin', pwd: 'password', roles: jsTest.adminUserRoles});
+admin.auth('admin', 'password');
+admin.logout();
+
+// Fetch and rearrange connection string.
+const connString = rsTest.getURL();
+const slash = connString.indexOf('/');
+const rsName = connString.substr(0, slash);
+const rsHosts = connString.substr(slash + 1);
+
+// Connect with shell using connString.
+const csShell = runMongoProgram('./mongo',
+                                '--host',
+                                connString,
+                                '-u',
+                                'admin',
+                                '--password',
+                                'password',
+                                '--authenticationDatabase',
+                                'admin',
+                                '--eval',
+                                ';');
+assert.eq(csShell, 0, 'Failed to connect using connection string');
+
+// Connect with shell explicitly specifying mechanism.
+const csShellMech = runMongoProgram('./mongo',
+                                    '--host',
+                                    connString,
+                                    '-u',
+                                    'admin',
+                                    '--password',
+                                    'password',
+                                    '--authenticationDatabase',
+                                    'admin',
+                                    '--authenticationMechanism',
+                                    'SCRAM-SHA-256',
+                                    '--eval',
+                                    ';');
+assert.eq(csShellMech, 0, 'Failed to connect using connection string');
+
+// Connect with shell using URI.
+const uriString = 'mongodb://admin:password@' + rsHosts + '/admin?replicaSet=' + rsName;
+const uriShell = runMongoProgram('./mongo', uriString, '--eval', ';');
+assert.eq(uriShell, 0, 'Failed to connect using URI');
+
+// Connect with shell using URI and explcit mechanism.
+const uriShellMech =
+    runMongoProgram('./mongo', uriString + '&authMechanism=SCRAM-SHA-256', '--eval', ';');
+assert.eq(uriShellMech, 0, 'Failed to connect using URI');
+
+rsTest.stopSet();
+})();
diff --git a/src/mongo/client/dbclient_rs.cpp b/src/mongo/client/dbclient_rs.cpp
index 40cd2f220f7..da3de227749 100644
--- a/src/mongo/client/dbclient_rs.cpp
+++ b/src/mongo/client/dbclient_rs.cpp
@@ -138,7 +138,7 @@ DBClientReplicaSet::DBClientReplicaSet(const string& name,
       _applicationName(applicationName.toString()),
       _so_timeout(so_timeout),
       _uri(std::move(uri)) {
-    if (uri.isValid()) {
+    if (_uri.isValid()) {
         _rsm = ReplicaSetMonitor::createIfNeeded(_uri);
     } else {
         _rsm = ReplicaSetMonitor::createIfNeeded(name,
diff --git a/src/mongo/client/mongo_uri_connect.cpp b/src/mongo/client/mongo_uri_connect.cpp
index e79b6271ee6..e9505e42bcc 100644
--- a/src/mongo/client/mongo_uri_connect.cpp
+++ b/src/mongo/client/mongo_uri_connect.cpp
@@ -188,6 +188,12 @@ DBClientBase* MongoURI::connect(StringData applicationName,
         return nullptr;
     }
 
+    if (!getSetName().empty()) {
+        // When performing initial topology discovery, don't bother authenticating
+        // since we will be immediately restarting our connect loop to a single node.
+        return ret.release();
+    }
+
     auto optAuthObj =
         _makeAuthObjFromOptions(ret->getMaxWireVersion(), ret->getIsMasterSaslMechanisms());
     if (optAuthObj) {
author	Sara Golemon <sara.golemon@mongodb.com>	2019-10-01 20:07:39 +0000
committer	evergreen <evergreen@mongodb.com>	2019-10-01 20:07:39 +0000
commit	f27579ad4400d5e8ab7a79fc607c1e39438eb146 (patch)
tree	810963aa56587d66cd283151db339bce23d7f57e
parent	b5e2e827f65459fd5cf5f88c081dda01b801867d (diff)
download	mongo-f27579ad4400d5e8ab7a79fc607c1e39438eb146.tar.gz