SERVER-32410 Validate User::CredentialData during auth

(cherry picked from commit fb8046d813af032d6d51327affbab9b6199fe654) base64::validate() checks removed as they're a 3.6 API. This doesn't materially hurt the fix as the later decodes will fail in a predictable and correct way. clang-format reapplied to match v3.2 formatting.
author: Sara Golemon <sara.golemon@mongodb.com> 2017-12-19 14:17:37 -0500
committer: Sara Golemon <sara.golemon@mongodb.com> 2018-01-12 11:50:57 -0500
commit: 385ed430991ed698ea4de674caddf526715f5f0d (patch)
tree: 8a1442478314431ec6ecd4c208d1e68f91123316 /jstests
parent: 0f8edc6e87fc4eb2242207932ff22961d31cf9b9 (diff)
download: mongo-385ed430991ed698ea4de674caddf526715f5f0d.tar.gz
1 files changed, 44 insertions, 0 deletions
diff --git a/jstests/auth/scram-credentials-invalid.js b/jstests/auth/scram-credentials-invalid.js
new file mode 100644
index 00000000000..f26e70fae43
--- /dev/null
+++ b/jstests/auth/scram-credentials-invalid.js
@@ -0,0 +1,44 @@
+// Ensure that attempting to use SCRAM-SHA-1 auth on a
+// user with invalid SCRAM-SHA-1 credentials fails gracefully.
+
+(function() {
+    'use strict';
+
+    function runTest(mongod) {
+        assert(mongod);
+        const admin = mongod.getDB('admin');
+        const test = mongod.getDB('test');
+
+        admin.createUser({user: 'admin', pwd: 'pass', roles: jsTest.adminUserRoles});
+        assert(admin.auth('admin', 'pass'));
+
+        test.createUser({user: 'user', pwd: 'pass', roles: jsTest.basicUserRoles});
+
+        // Give the test user an invalid set of SCRAM-SHA-1 credentials.
+        assert.eq(admin.system.users.update({_id: "test.user"},
+                                            {
+                                              $set: {
+                                                  "credentials.SCRAM-SHA-1": {
+                                                      salt: "AAAA",
+                                                      storedKey: "AAAA",
+                                                      serverKey: "AAAA",
+                                                      iterationCount: 10000
+                                                  }
+                                              }
+                                            }).nModified,
+                  1,
+                  "Should have updated one document for user@test");
+        admin.logout();
+
+        assert(!test.auth({user: 'user', pwd: 'pass'}));
+
+        assert.soon(function() {
+            const log = cat(mongod.fullOptions.logFile);
+            return /Unable to perform SCRAM-SHA-1 auth.* invalid SCRAM credentials/.test(log);
+        }, "No warning issued for invalid SCRAM-SHA-1 credendials doc", 30 * 1000, 5 * 1000);
+    }
+
+    const mongod = MongoRunner.runMongod({auth: "", useLogFiles: true});
+    runTest(mongod);
+    MongoRunner.stopMongod(mongod);
+})();
author	Sara Golemon <sara.golemon@mongodb.com>	2017-12-19 14:17:37 -0500
committer	Sara Golemon <sara.golemon@mongodb.com>	2018-01-12 11:50:57 -0500
commit	385ed430991ed698ea4de674caddf526715f5f0d (patch)
tree	8a1442478314431ec6ecd4c208d1e68f91123316 /jstests
parent	0f8edc6e87fc4eb2242207932ff22961d31cf9b9 (diff)
download	mongo-385ed430991ed698ea4de674caddf526715f5f0d.tar.gz