summaryrefslogtreecommitdiff
path: root/jstests/auth
diff options
context:
space:
mode:
authorShreyas Kalyan <shreyas.kalyan@10gen.com>2019-01-29 17:55:46 -0500
committerShreyas Kalyan <shreyas.kalyan@10gen.com>2019-02-04 14:33:43 -0500
commit1b1cf52e94c49ca4c6d8ba693e949c2b655e74b5 (patch)
tree4b1207bf363fa5ebde769e30030b3a8452bee360 /jstests/auth
parentf06d8bc5b4c1e7b167a93d57930ad919ec4760b9 (diff)
downloadmongo-1b1cf52e94c49ca4c6d8ba693e949c2b655e74b5.tar.gz
SERVER-39056 Further refine readWriteAnyDatabase
Diffstat (limited to 'jstests/auth')
-rw-r--r--jstests/auth/lib/commands_lib.js18
-rw-r--r--jstests/auth/renameRestrictedCollections.js109
-rw-r--r--jstests/auth/renameSystemCollections.js78
3 files changed, 127 insertions, 78 deletions
diff --git a/jstests/auth/lib/commands_lib.js b/jstests/auth/lib/commands_lib.js
index c991c5c63e0..6899d0646aa 100644
--- a/jstests/auth/lib/commands_lib.js
+++ b/jstests/auth/lib/commands_lib.js
@@ -3826,6 +3826,24 @@ var authCommandsLib = {
]
},
{
+ testname: "dbstats_on_local",
+ command: {dbStats: 1},
+ skipSharded: true,
+ testcases: [
+ {
+ runOnDb: "local",
+ roles: {
+ "readLocal": 1,
+ "readWriteLocal": 1,
+ "clusterAdmin": 1,
+ "clusterMonitor": 1,
+ "root": 1,
+ "__system": 1,
+ },
+ },
+ ]
+ },
+ {
testname: "find_config_changelog",
command: {find: "changelog"},
testcases: [
diff --git a/jstests/auth/renameRestrictedCollections.js b/jstests/auth/renameRestrictedCollections.js
new file mode 100644
index 00000000000..1105da4eb3d
--- /dev/null
+++ b/jstests/auth/renameRestrictedCollections.js
@@ -0,0 +1,109 @@
+(function() {
+ 'use strict';
+
+ // SERVER-8623: Test that renameCollection can't be used to bypass auth checks on system
+ // namespaces
+ const conn = MongoRunner.runMongod({auth: ""});
+
+ const adminDB = conn.getDB("admin");
+ const configDB = conn.getDB("config");
+ const localDB = conn.getDB("local");
+ const CodeUnauthorized = 13;
+
+ const backdoorUserDoc = {user: 'backdoor', db: 'admin', pwd: 'hashed', roles: ['root']};
+
+ adminDB.createUser({user: 'userAdmin', pwd: 'password', roles: ['userAdminAnyDatabase']});
+
+ adminDB.auth('userAdmin', 'password');
+ adminDB.createUser({user: 'readWriteAdmin', pwd: 'password', roles: ['readWriteAnyDatabase']});
+ adminDB.createUser({
+ user: 'readWriteAndUserAdmin',
+ pwd: 'password',
+ roles: ['readWriteAnyDatabase', 'userAdminAnyDatabase']
+ });
+ adminDB.createUser({user: 'root', pwd: 'password', roles: ['root']});
+ adminDB.createUser({user: 'rootier', pwd: 'password', roles: ['__system']});
+ adminDB.logout();
+
+ jsTestLog("Test that a readWrite user can't rename system.profile to something they can read");
+ adminDB.auth('readWriteAdmin', 'password');
+ var res = adminDB.system.profile.renameCollection("profile");
+ assert.eq(0, res.ok);
+ assert.eq(CodeUnauthorized, res.code);
+
+ jsTestLog("Test that a readWrite user can't rename system.users to something they can read");
+ res = adminDB.system.users.renameCollection("users");
+ assert.eq(0, res.ok);
+ assert.eq(CodeUnauthorized, res.code);
+ assert.eq(0, adminDB.users.count());
+
+ jsTestLog("Test that a readWrite user can't use renameCollection to override system.users");
+ adminDB.users.insert(backdoorUserDoc);
+ res = adminDB.users.renameCollection("system.users", true);
+ assert.eq(0, res.ok);
+ assert.eq(CodeUnauthorized, res.code);
+ adminDB.users.drop();
+
+ jsTestLog("Test that a userAdmin can't rename system.users without readWrite");
+ adminDB.logout();
+ adminDB.auth('userAdmin', 'password');
+ res = adminDB.system.users.renameCollection("users");
+ assert.eq(0, res.ok);
+ assert.eq(CodeUnauthorized, res.code);
+ assert.eq(5, adminDB.system.users.count());
+
+ adminDB.auth('readWriteAndUserAdmin', 'password');
+ assert.eq(0, adminDB.users.count());
+
+ jsTestLog("Test that even with userAdmin AND dbAdmin you CANNOT rename to/from system.users");
+ res = adminDB.system.users.renameCollection("users");
+ assert.eq(0, res.ok);
+ assert.eq(CodeUnauthorized, res.code);
+ assert.eq(5, adminDB.system.users.count());
+
+ adminDB.users.drop();
+ adminDB.users.insert(backdoorUserDoc);
+ res = adminDB.users.renameCollection("system.users");
+ assert.eq(0, res.ok);
+ assert.eq(CodeUnauthorized, res.code);
+
+ assert.eq(null, adminDB.system.users.findOne({user: backdoorUserDoc.user}));
+ assert.neq(null, adminDB.system.users.findOne({user: 'userAdmin'}));
+
+ adminDB.auth('rootier', 'password');
+
+ jsTestLog("Test that with __system you CAN rename to/from system.users");
+ res = adminDB.system.users.renameCollection("users", true);
+ assert.eq(1, res.ok, tojson(res));
+
+ // Test permissions against the configDB and localDB
+
+ // Start with test against inserting to and renaming collections in config and local
+ // as userAdminAnyDatabase.
+ assert.writeOK(configDB.test.insert({'a': 1}));
+ assert.commandWorked(configDB.test.renameCollection('test2'));
+
+ assert.writeOK(localDB.test.insert({'a': 1}));
+ assert.commandWorked(localDB.test.renameCollection('test2'));
+ adminDB.logout();
+
+ // Test renaming collection in config with readWriteAnyDatabase
+ assert(adminDB.auth('readWriteAdmin', 'password'));
+ res = configDB.test2.insert({'b': 2});
+ assert.writeError(res, 13, "not authorized on config to execute command");
+ res = configDB.test2.renameCollection('test');
+ assert.eq(0, res.ok);
+ assert.eq(CodeUnauthorized, res.code);
+
+ // Test renaming collection in local with readWriteAnyDatabase
+ res = localDB.test2.insert({'b': 2});
+ assert.writeError(res, 13, "not authorized on config to execute command");
+ res = localDB.test2.renameCollection('test');
+ assert.eq(0, res.ok);
+ assert.eq(CodeUnauthorized, res.code);
+
+ // At this point, all the user documents are gone, so further activity may be unauthorized,
+ // depending on cluster configuration. So, this is the end of the test.
+ MongoRunner.stopMongod(conn, {user: 'userAdmin', pwd: 'password'});
+
+})(); \ No newline at end of file
diff --git a/jstests/auth/renameSystemCollections.js b/jstests/auth/renameSystemCollections.js
deleted file mode 100644
index 212287becb7..00000000000
--- a/jstests/auth/renameSystemCollections.js
+++ /dev/null
@@ -1,78 +0,0 @@
-// SERVER-8623: Test that renameCollection can't be used to bypass auth checks on system namespaces
-var conn = MongoRunner.runMongod({auth: ""});
-
-var adminDB = conn.getDB("admin");
-var testDB = conn.getDB("testdb");
-var testDB2 = conn.getDB("testdb2");
-
-var CodeUnauthorized = 13;
-
-var backdoorUserDoc = {user: 'backdoor', db: 'admin', pwd: 'hashed', roles: ['root']};
-
-adminDB.createUser({user: 'userAdmin', pwd: 'password', roles: ['userAdminAnyDatabase']});
-
-adminDB.auth('userAdmin', 'password');
-adminDB.createUser({user: 'readWriteAdmin', pwd: 'password', roles: ['readWriteAnyDatabase']});
-adminDB.createUser({
- user: 'readWriteAndUserAdmin',
- pwd: 'password',
- roles: ['readWriteAnyDatabase', 'userAdminAnyDatabase']
-});
-adminDB.createUser({user: 'root', pwd: 'password', roles: ['root']});
-adminDB.createUser({user: 'rootier', pwd: 'password', roles: ['__system']});
-adminDB.logout();
-
-jsTestLog("Test that a readWrite user can't rename system.profile to something they can read");
-adminDB.auth('readWriteAdmin', 'password');
-res = adminDB.system.profile.renameCollection("profile");
-assert.eq(0, res.ok);
-assert.eq(CodeUnauthorized, res.code);
-
-jsTestLog("Test that a readWrite user can't rename system.users to something they can read");
-var res = adminDB.system.users.renameCollection("users");
-assert.eq(0, res.ok);
-assert.eq(CodeUnauthorized, res.code);
-assert.eq(0, adminDB.users.count());
-
-jsTestLog("Test that a readWrite user can't use renameCollection to override system.users");
-adminDB.users.insert(backdoorUserDoc);
-res = adminDB.users.renameCollection("system.users", true);
-assert.eq(0, res.ok);
-assert.eq(CodeUnauthorized, res.code);
-adminDB.users.drop();
-
-jsTestLog("Test that a userAdmin can't rename system.users without readWrite");
-adminDB.logout();
-adminDB.auth('userAdmin', 'password');
-var res = adminDB.system.users.renameCollection("users");
-assert.eq(0, res.ok);
-assert.eq(CodeUnauthorized, res.code);
-assert.eq(5, adminDB.system.users.count());
-
-adminDB.auth('readWriteAndUserAdmin', 'password');
-assert.eq(0, adminDB.users.count());
-
-jsTestLog("Test that even with userAdmin AND dbAdmin you CANNOT rename to/from system.users");
-var res = adminDB.system.users.renameCollection("users");
-assert.eq(0, res.ok);
-assert.eq(CodeUnauthorized, res.code);
-assert.eq(5, adminDB.system.users.count());
-
-adminDB.users.drop();
-adminDB.users.insert(backdoorUserDoc);
-var res = adminDB.users.renameCollection("system.users");
-assert.eq(0, res.ok);
-assert.eq(CodeUnauthorized, res.code);
-
-assert.eq(null, adminDB.system.users.findOne({user: backdoorUserDoc.user}));
-assert.neq(null, adminDB.system.users.findOne({user: 'userAdmin'}));
-
-adminDB.auth('rootier', 'password');
-
-jsTestLog("Test that with __system you CAN rename to/from system.users");
-var res = adminDB.system.users.renameCollection("users", true);
-assert.eq(1, res.ok, tojson(res));
-
-// At this point, all the user documents are gone, so further activity may be unauthorized,
-// depending on cluster configuration. So, this is the end of the test.
-MongoRunner.stopMongod(conn, {user: 'userAdmin', pwd: 'password'}); \ No newline at end of file