summaryrefslogtreecommitdiff
path: root/jstests/auth/renameRestrictedCollections.js
diff options
context:
space:
mode:
Diffstat (limited to 'jstests/auth/renameRestrictedCollections.js')
-rw-r--r--jstests/auth/renameRestrictedCollections.js218
1 files changed, 111 insertions, 107 deletions
diff --git a/jstests/auth/renameRestrictedCollections.js b/jstests/auth/renameRestrictedCollections.js
index 1105da4eb3d..40169bef2d6 100644
--- a/jstests/auth/renameRestrictedCollections.js
+++ b/jstests/auth/renameRestrictedCollections.js
@@ -1,109 +1,113 @@
(function() {
- 'use strict';
-
- // SERVER-8623: Test that renameCollection can't be used to bypass auth checks on system
- // namespaces
- const conn = MongoRunner.runMongod({auth: ""});
-
- const adminDB = conn.getDB("admin");
- const configDB = conn.getDB("config");
- const localDB = conn.getDB("local");
- const CodeUnauthorized = 13;
-
- const backdoorUserDoc = {user: 'backdoor', db: 'admin', pwd: 'hashed', roles: ['root']};
-
- adminDB.createUser({user: 'userAdmin', pwd: 'password', roles: ['userAdminAnyDatabase']});
-
- adminDB.auth('userAdmin', 'password');
- adminDB.createUser({user: 'readWriteAdmin', pwd: 'password', roles: ['readWriteAnyDatabase']});
- adminDB.createUser({
- user: 'readWriteAndUserAdmin',
- pwd: 'password',
- roles: ['readWriteAnyDatabase', 'userAdminAnyDatabase']
- });
- adminDB.createUser({user: 'root', pwd: 'password', roles: ['root']});
- adminDB.createUser({user: 'rootier', pwd: 'password', roles: ['__system']});
- adminDB.logout();
-
- jsTestLog("Test that a readWrite user can't rename system.profile to something they can read");
- adminDB.auth('readWriteAdmin', 'password');
- var res = adminDB.system.profile.renameCollection("profile");
- assert.eq(0, res.ok);
- assert.eq(CodeUnauthorized, res.code);
-
- jsTestLog("Test that a readWrite user can't rename system.users to something they can read");
- res = adminDB.system.users.renameCollection("users");
- assert.eq(0, res.ok);
- assert.eq(CodeUnauthorized, res.code);
- assert.eq(0, adminDB.users.count());
-
- jsTestLog("Test that a readWrite user can't use renameCollection to override system.users");
- adminDB.users.insert(backdoorUserDoc);
- res = adminDB.users.renameCollection("system.users", true);
- assert.eq(0, res.ok);
- assert.eq(CodeUnauthorized, res.code);
- adminDB.users.drop();
-
- jsTestLog("Test that a userAdmin can't rename system.users without readWrite");
- adminDB.logout();
- adminDB.auth('userAdmin', 'password');
- res = adminDB.system.users.renameCollection("users");
- assert.eq(0, res.ok);
- assert.eq(CodeUnauthorized, res.code);
- assert.eq(5, adminDB.system.users.count());
-
- adminDB.auth('readWriteAndUserAdmin', 'password');
- assert.eq(0, adminDB.users.count());
-
- jsTestLog("Test that even with userAdmin AND dbAdmin you CANNOT rename to/from system.users");
- res = adminDB.system.users.renameCollection("users");
- assert.eq(0, res.ok);
- assert.eq(CodeUnauthorized, res.code);
- assert.eq(5, adminDB.system.users.count());
-
- adminDB.users.drop();
- adminDB.users.insert(backdoorUserDoc);
- res = adminDB.users.renameCollection("system.users");
- assert.eq(0, res.ok);
- assert.eq(CodeUnauthorized, res.code);
-
- assert.eq(null, adminDB.system.users.findOne({user: backdoorUserDoc.user}));
- assert.neq(null, adminDB.system.users.findOne({user: 'userAdmin'}));
-
- adminDB.auth('rootier', 'password');
-
- jsTestLog("Test that with __system you CAN rename to/from system.users");
- res = adminDB.system.users.renameCollection("users", true);
- assert.eq(1, res.ok, tojson(res));
-
- // Test permissions against the configDB and localDB
-
- // Start with test against inserting to and renaming collections in config and local
- // as userAdminAnyDatabase.
- assert.writeOK(configDB.test.insert({'a': 1}));
- assert.commandWorked(configDB.test.renameCollection('test2'));
-
- assert.writeOK(localDB.test.insert({'a': 1}));
- assert.commandWorked(localDB.test.renameCollection('test2'));
- adminDB.logout();
-
- // Test renaming collection in config with readWriteAnyDatabase
- assert(adminDB.auth('readWriteAdmin', 'password'));
- res = configDB.test2.insert({'b': 2});
- assert.writeError(res, 13, "not authorized on config to execute command");
- res = configDB.test2.renameCollection('test');
- assert.eq(0, res.ok);
- assert.eq(CodeUnauthorized, res.code);
-
- // Test renaming collection in local with readWriteAnyDatabase
- res = localDB.test2.insert({'b': 2});
- assert.writeError(res, 13, "not authorized on config to execute command");
- res = localDB.test2.renameCollection('test');
- assert.eq(0, res.ok);
- assert.eq(CodeUnauthorized, res.code);
-
- // At this point, all the user documents are gone, so further activity may be unauthorized,
- // depending on cluster configuration. So, this is the end of the test.
- MongoRunner.stopMongod(conn, {user: 'userAdmin', pwd: 'password'});
-
+'use strict';
+
+// SERVER-8623: Test that renameCollection can't be used to bypass auth checks on system
+// namespaces
+const conn = MongoRunner.runMongod({auth: ""});
+
+const adminDB = conn.getDB("admin");
+const configDB = conn.getDB("config");
+const localDB = conn.getDB("local");
+const CodeUnauthorized = 13;
+
+const backdoorUserDoc = {
+ user: 'backdoor',
+ db: 'admin',
+ pwd: 'hashed',
+ roles: ['root']
+};
+
+adminDB.createUser({user: 'userAdmin', pwd: 'password', roles: ['userAdminAnyDatabase']});
+
+adminDB.auth('userAdmin', 'password');
+adminDB.createUser({user: 'readWriteAdmin', pwd: 'password', roles: ['readWriteAnyDatabase']});
+adminDB.createUser({
+ user: 'readWriteAndUserAdmin',
+ pwd: 'password',
+ roles: ['readWriteAnyDatabase', 'userAdminAnyDatabase']
+});
+adminDB.createUser({user: 'root', pwd: 'password', roles: ['root']});
+adminDB.createUser({user: 'rootier', pwd: 'password', roles: ['__system']});
+adminDB.logout();
+
+jsTestLog("Test that a readWrite user can't rename system.profile to something they can read");
+adminDB.auth('readWriteAdmin', 'password');
+var res = adminDB.system.profile.renameCollection("profile");
+assert.eq(0, res.ok);
+assert.eq(CodeUnauthorized, res.code);
+
+jsTestLog("Test that a readWrite user can't rename system.users to something they can read");
+res = adminDB.system.users.renameCollection("users");
+assert.eq(0, res.ok);
+assert.eq(CodeUnauthorized, res.code);
+assert.eq(0, adminDB.users.count());
+
+jsTestLog("Test that a readWrite user can't use renameCollection to override system.users");
+adminDB.users.insert(backdoorUserDoc);
+res = adminDB.users.renameCollection("system.users", true);
+assert.eq(0, res.ok);
+assert.eq(CodeUnauthorized, res.code);
+adminDB.users.drop();
+
+jsTestLog("Test that a userAdmin can't rename system.users without readWrite");
+adminDB.logout();
+adminDB.auth('userAdmin', 'password');
+res = adminDB.system.users.renameCollection("users");
+assert.eq(0, res.ok);
+assert.eq(CodeUnauthorized, res.code);
+assert.eq(5, adminDB.system.users.count());
+
+adminDB.auth('readWriteAndUserAdmin', 'password');
+assert.eq(0, adminDB.users.count());
+
+jsTestLog("Test that even with userAdmin AND dbAdmin you CANNOT rename to/from system.users");
+res = adminDB.system.users.renameCollection("users");
+assert.eq(0, res.ok);
+assert.eq(CodeUnauthorized, res.code);
+assert.eq(5, adminDB.system.users.count());
+
+adminDB.users.drop();
+adminDB.users.insert(backdoorUserDoc);
+res = adminDB.users.renameCollection("system.users");
+assert.eq(0, res.ok);
+assert.eq(CodeUnauthorized, res.code);
+
+assert.eq(null, adminDB.system.users.findOne({user: backdoorUserDoc.user}));
+assert.neq(null, adminDB.system.users.findOne({user: 'userAdmin'}));
+
+adminDB.auth('rootier', 'password');
+
+jsTestLog("Test that with __system you CAN rename to/from system.users");
+res = adminDB.system.users.renameCollection("users", true);
+assert.eq(1, res.ok, tojson(res));
+
+// Test permissions against the configDB and localDB
+
+// Start with test against inserting to and renaming collections in config and local
+// as userAdminAnyDatabase.
+assert.writeOK(configDB.test.insert({'a': 1}));
+assert.commandWorked(configDB.test.renameCollection('test2'));
+
+assert.writeOK(localDB.test.insert({'a': 1}));
+assert.commandWorked(localDB.test.renameCollection('test2'));
+adminDB.logout();
+
+// Test renaming collection in config with readWriteAnyDatabase
+assert(adminDB.auth('readWriteAdmin', 'password'));
+res = configDB.test2.insert({'b': 2});
+assert.writeError(res, 13, "not authorized on config to execute command");
+res = configDB.test2.renameCollection('test');
+assert.eq(0, res.ok);
+assert.eq(CodeUnauthorized, res.code);
+
+// Test renaming collection in local with readWriteAnyDatabase
+res = localDB.test2.insert({'b': 2});
+assert.writeError(res, 13, "not authorized on config to execute command");
+res = localDB.test2.renameCollection('test');
+assert.eq(0, res.ok);
+assert.eq(CodeUnauthorized, res.code);
+
+// At this point, all the user documents are gone, so further activity may be unauthorized,
+// depending on cluster configuration. So, this is the end of the test.
+MongoRunner.stopMongod(conn, {user: 'userAdmin', pwd: 'password'});
})(); \ No newline at end of file
View Lorry Controller Status