diff options
author | Andy Schwerin <schwerin@10gen.com> | 2013-06-20 17:42:05 -0400 |
---|---|---|
committer | Andy Schwerin <schwerin@10gen.com> | 2013-06-21 10:50:49 -0400 |
commit | 6ad56b63d33987ed153ba757e9f8169ef670f58e (patch) | |
tree | 1f3982acca6b0c9e32a39d863778b47a1afcf17f | |
parent | 23344f8b7506df694f66999693ee3c00dfd6afae (diff) | |
download | mongo-6ad56b63d33987ed153ba757e9f8169ef670f58e.tar.gz |
SERVER-9983 Test verifying that internal user privileges do not mask those of similarly named users.
-rw-r--r-- | jstests/auth/system_user_privileges.js | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/jstests/auth/system_user_privileges.js b/jstests/auth/system_user_privileges.js new file mode 100644 index 00000000000..6d397e70999 --- /dev/null +++ b/jstests/auth/system_user_privileges.js @@ -0,0 +1,101 @@ +/* + * Regression test for SECURITY-27. + * + * Verifies that creating a user named "__system" in any database does not get internal system + * privileges. + * + * Operates by creating an "admin" user for set-up, then creating __system users in the "test", + * "admin" and "local" databases. Then, it verifies that the __system@local user is shadowed for + * password and privilege purposes by the keyfile. It then procedes to verify that the + * __system@test and __system@admin users are _not_ shadowed in any way by the keyfile user. + */ + +(function() { + + "use strict"; + + // Runs the "count" command on a database in a way that returns the result document, for easier + // inspection of the errmsg. + function runCountCommand(conn, dbName, collectionName) { + return conn.getDB(dbName).runCommand({ count: collectionName }); + } + + // Asserts that on the given "conn", "dbName"."collectionName".count() fails as unauthorized. + function assertCountUnauthorized(conn, dbName, collectionName) { + assert.eq(runCountCommand(conn, dbName, collectionName).errmsg, + "unauthorized", + "On " + dbName + "." + collectionName); + } + + var conn = MongoRunner.runMongod({ smallfiles: "", auth: "" }); + + var admin = conn.getDB('admin'); + var test = conn.getDB('test'); + var local = conn.getDB('local'); + + // + // Preliminary set up. + // + admin.addUser('admin', 'a'); + admin.auth('admin', 'a'); + + // + // Add users named "__system" with no privileges on "test", "admin" and "local". The one in + // "local" is shadowed by the keyfile. + // + + test.addUser({user: '__system', pwd: 'a', roles: []}); + admin.addUser({user: '__system', pwd: 'a', roles: []}); + local.addUser({user: '__system', pwd: 'a', roles: []}); + + // + // Add some data to count. + // + + admin.foo.insert({_id: 1}); + test.foo.insert({_id: 2}); + local.foo.insert({_id: 3}); + + + admin.logout(); + assertCountUnauthorized(conn, "admin", "foo"); + assertCountUnauthorized(conn, "local", "foo"); + assertCountUnauthorized(conn, "test", "foo"); + + // + // Validate that you cannot even log in as __system@local with the supplied password; you _must_ + // use the password from the keyfile. + // + assert(!local.auth('__system', 'a')) + assertCountUnauthorized(conn, "admin", "foo"); + assertCountUnauthorized(conn, "local", "foo"); + assertCountUnauthorized(conn, "test", "foo"); + + // + // Validate that __system@test is not shadowed by the keyfile __system user. + // + test.auth('__system', 'a'); + assertCountUnauthorized(conn, "admin", "foo"); + assertCountUnauthorized(conn, "local", "foo"); + assertCountUnauthorized(conn, "test", "foo"); + + test.logout(); + assertCountUnauthorized(conn, "admin", "foo"); + assertCountUnauthorized(conn, "local", "foo"); + assertCountUnauthorized(conn, "test", "foo"); + + // + // Validate that __system@test is not shadowed by the keyfile __system user. + // + admin.auth('__system', 'a'); + assertCountUnauthorized(conn, "admin", "foo"); + assertCountUnauthorized(conn, "local", "foo"); + assertCountUnauthorized(conn, "test", "foo"); + + admin.logout(); + assertCountUnauthorized(conn, "admin", "foo"); + assertCountUnauthorized(conn, "local", "foo"); + assertCountUnauthorized(conn, "test", "foo"); + +})(); + |