diff options
author | Matt Cotter <matt.cotter@mongodb.com> | 2016-09-27 11:32:03 -0400 |
---|---|---|
committer | Matt Cotter <matt.cotter@mongodb.com> | 2016-09-27 17:04:52 -0400 |
commit | 73365935a7d2026030a34d89463e72263fe8c25c (patch) | |
tree | d9f9c9afbbf8933c8d35347fc23d922ceb82e7af | |
parent | cc3dd86781371f91333bdf144a7781abd140bc9d (diff) | |
download | mongo-73365935a7d2026030a34d89463e72263fe8c25c.tar.gz |
SERVER-26101 DBDirectClient isn't safe to auth
-rw-r--r-- | jstests/core/evalh.js | 18 | ||||
-rw-r--r-- | src/mongo/scripting/mozjs/mongo.cpp | 2 |
2 files changed, 19 insertions, 1 deletions
diff --git a/jstests/core/evalh.js b/jstests/core/evalh.js new file mode 100644 index 00000000000..e1058fbdce4 --- /dev/null +++ b/jstests/core/evalh.js @@ -0,0 +1,18 @@ +/** + * Test that db.eval does not support auth. + */ +(function() { + 'use strict'; + + assert.writeOK(db.evalprep.insert({}), "db must exist for eval to succeed"); + assert(db.evalprep.drop()); + + // The db.auth method call getMongo().auth but catches the exception. + assert.eq(0, db.eval('db.auth("reader", "reader")')); + + // Call the native implementation auth function and verify it does not exist under the db.eval + // javascript context. + assert.throws(function() { + db.eval('db.getMongo().auth("reader", "reader")'); + }); +})(); diff --git a/src/mongo/scripting/mozjs/mongo.cpp b/src/mongo/scripting/mozjs/mongo.cpp index 2c887804203..68d6b05719f 100644 --- a/src/mongo/scripting/mozjs/mongo.cpp +++ b/src/mongo/scripting/mozjs/mongo.cpp @@ -52,7 +52,7 @@ namespace mongo { namespace mozjs { const JSFunctionSpec MongoBase::methods[] = { - MONGO_ATTACH_JS_CONSTRAINED_METHOD_NO_PROTO(auth, MongoLocalInfo, MongoExternalInfo), + MONGO_ATTACH_JS_CONSTRAINED_METHOD_NO_PROTO(auth, MongoExternalInfo), MONGO_ATTACH_JS_CONSTRAINED_METHOD_NO_PROTO(close, MongoExternalInfo), MONGO_ATTACH_JS_CONSTRAINED_METHOD_NO_PROTO( copyDatabaseWithSCRAM, MongoLocalInfo, MongoExternalInfo), |