SERVER-28260 Check coauth for killCursors and add killAnyCursors

(cherry picked from commit d75b113186e1914a5f2dc6d1983d604324a8f7f1)
author: Sara Golemon <sara.golemon@mongodb.com> 2017-11-02 09:53:31 -0400
committer: Sara Golemon <sara.golemon@mongodb.com> 2018-01-10 12:50:22 -0500
commit: 66acd9fffbea524fba9fffaf9935b7263efaf747 (patch)
tree: 3394b870c2fc9601406ff3a8c5ed257edc6c6506 /jstests/auth/lib/commands_lib.js
parent: 62dfefcf12986f71f3f71b38748d13ab98335b5b (diff)
download: mongo-66acd9fffbea524fba9fffaf9935b7263efaf747.tar.gz
1 files changed, 19 insertions, 17 deletions
diff --git a/jstests/auth/lib/commands_lib.js b/jstests/auth/lib/commands_lib.js
index f06d8c980ac..092856a4170 100644
--- a/jstests/auth/lib/commands_lib.js
+++ b/jstests/auth/lib/commands_lib.js
@@ -3877,8 +3877,21 @@ var authCommandsLib = {
         },
         {
           testname: "killCursors",
-          command: {killCursors: "foo", cursors: [NumberLong("123")]},
-          skipSharded: true,  // TODO enable when killCursors command is implemented on mongos
+          setup: function(runOnDb) {
+              return runOnDb;
+          },
+          command: function(runOnDb) {
+              // Don't create the cursor during setup() because we're not logged in yet.
+              // Cursor must be created with same user who tries to kill it.
+              const cmd = runOnDb.runCommand({find: "foo", batchSize: 2});
+              if (cmd.ok === 1) {
+                  return {killCursors: "foo", cursors: [cmd.cursor.id]};
+              } else {
+                  // If we can't even execute a find, then we certainly can't kill it.
+                  // Let it fail/unauthorized via the find command
+                  return {find: "foo", batchSize: 2};
+              }
+          },
           testcases: [
               {
                 runOnDb: firstDbName,
@@ -3888,29 +3901,18 @@ var authCommandsLib = {
                     readWrite: 1,
                     readWriteAnyDatabase: 1,
                     dbOwner: 1,
-                    hostManager: 1,
-                    clusterAdmin: 1,
                     backup: 1,
                     root: 1,
                     __system: 1
                 },
-                privileges:
-                    [{resource: {db: firstDbName, collection: "foo"}, actions: ["killCursors"]}],
+                privileges: [{resource: {db: firstDbName, collection: "foo"}, actions: ["find"]}],
                 expectFail: true
               },
               {
                 runOnDb: secondDbName,
-                roles: {
-                    readAnyDatabase: 1,
-                    readWriteAnyDatabase: 1,
-                    hostManager: 1,
-                    clusterAdmin: 1,
-                    backup: 1,
-                    root: 1,
-                    __system: 1
-                },
-                privileges:
-                    [{resource: {db: secondDbName, collection: "foo"}, actions: ["killCursors"]}],
+                roles:
+                    {readAnyDatabase: 1, readWriteAnyDatabase: 1, backup: 1, root: 1, __system: 1},
+                privileges: [{resource: {db: secondDbName, collection: "foo"}, actions: ["find"]}],
                 expectFail: true
               }
           ]
author	Sara Golemon <sara.golemon@mongodb.com>	2017-11-02 09:53:31 -0400
committer	Sara Golemon <sara.golemon@mongodb.com>	2018-01-10 12:50:22 -0500
commit	66acd9fffbea524fba9fffaf9935b7263efaf747 (patch)
tree	3394b870c2fc9601406ff3a8c5ed257edc6c6506 /jstests/auth/lib/commands_lib.js
parent	62dfefcf12986f71f3f71b38748d13ab98335b5b (diff)
download	mongo-66acd9fffbea524fba9fffaf9935b7263efaf747.tar.gz