diff options
Diffstat (limited to 'jstests/auth/renameRestrictedCollections.js')
-rw-r--r-- | jstests/auth/renameRestrictedCollections.js | 218 |
1 files changed, 111 insertions, 107 deletions
diff --git a/jstests/auth/renameRestrictedCollections.js b/jstests/auth/renameRestrictedCollections.js index 1105da4eb3d..40169bef2d6 100644 --- a/jstests/auth/renameRestrictedCollections.js +++ b/jstests/auth/renameRestrictedCollections.js @@ -1,109 +1,113 @@ (function() { - 'use strict'; - - // SERVER-8623: Test that renameCollection can't be used to bypass auth checks on system - // namespaces - const conn = MongoRunner.runMongod({auth: ""}); - - const adminDB = conn.getDB("admin"); - const configDB = conn.getDB("config"); - const localDB = conn.getDB("local"); - const CodeUnauthorized = 13; - - const backdoorUserDoc = {user: 'backdoor', db: 'admin', pwd: 'hashed', roles: ['root']}; - - adminDB.createUser({user: 'userAdmin', pwd: 'password', roles: ['userAdminAnyDatabase']}); - - adminDB.auth('userAdmin', 'password'); - adminDB.createUser({user: 'readWriteAdmin', pwd: 'password', roles: ['readWriteAnyDatabase']}); - adminDB.createUser({ - user: 'readWriteAndUserAdmin', - pwd: 'password', - roles: ['readWriteAnyDatabase', 'userAdminAnyDatabase'] - }); - adminDB.createUser({user: 'root', pwd: 'password', roles: ['root']}); - adminDB.createUser({user: 'rootier', pwd: 'password', roles: ['__system']}); - adminDB.logout(); - - jsTestLog("Test that a readWrite user can't rename system.profile to something they can read"); - adminDB.auth('readWriteAdmin', 'password'); - var res = adminDB.system.profile.renameCollection("profile"); - assert.eq(0, res.ok); - assert.eq(CodeUnauthorized, res.code); - - jsTestLog("Test that a readWrite user can't rename system.users to something they can read"); - res = adminDB.system.users.renameCollection("users"); - assert.eq(0, res.ok); - assert.eq(CodeUnauthorized, res.code); - assert.eq(0, adminDB.users.count()); - - jsTestLog("Test that a readWrite user can't use renameCollection to override system.users"); - adminDB.users.insert(backdoorUserDoc); - res = adminDB.users.renameCollection("system.users", true); - assert.eq(0, res.ok); - assert.eq(CodeUnauthorized, res.code); - adminDB.users.drop(); - - jsTestLog("Test that a userAdmin can't rename system.users without readWrite"); - adminDB.logout(); - adminDB.auth('userAdmin', 'password'); - res = adminDB.system.users.renameCollection("users"); - assert.eq(0, res.ok); - assert.eq(CodeUnauthorized, res.code); - assert.eq(5, adminDB.system.users.count()); - - adminDB.auth('readWriteAndUserAdmin', 'password'); - assert.eq(0, adminDB.users.count()); - - jsTestLog("Test that even with userAdmin AND dbAdmin you CANNOT rename to/from system.users"); - res = adminDB.system.users.renameCollection("users"); - assert.eq(0, res.ok); - assert.eq(CodeUnauthorized, res.code); - assert.eq(5, adminDB.system.users.count()); - - adminDB.users.drop(); - adminDB.users.insert(backdoorUserDoc); - res = adminDB.users.renameCollection("system.users"); - assert.eq(0, res.ok); - assert.eq(CodeUnauthorized, res.code); - - assert.eq(null, adminDB.system.users.findOne({user: backdoorUserDoc.user})); - assert.neq(null, adminDB.system.users.findOne({user: 'userAdmin'})); - - adminDB.auth('rootier', 'password'); - - jsTestLog("Test that with __system you CAN rename to/from system.users"); - res = adminDB.system.users.renameCollection("users", true); - assert.eq(1, res.ok, tojson(res)); - - // Test permissions against the configDB and localDB - - // Start with test against inserting to and renaming collections in config and local - // as userAdminAnyDatabase. - assert.writeOK(configDB.test.insert({'a': 1})); - assert.commandWorked(configDB.test.renameCollection('test2')); - - assert.writeOK(localDB.test.insert({'a': 1})); - assert.commandWorked(localDB.test.renameCollection('test2')); - adminDB.logout(); - - // Test renaming collection in config with readWriteAnyDatabase - assert(adminDB.auth('readWriteAdmin', 'password')); - res = configDB.test2.insert({'b': 2}); - assert.writeError(res, 13, "not authorized on config to execute command"); - res = configDB.test2.renameCollection('test'); - assert.eq(0, res.ok); - assert.eq(CodeUnauthorized, res.code); - - // Test renaming collection in local with readWriteAnyDatabase - res = localDB.test2.insert({'b': 2}); - assert.writeError(res, 13, "not authorized on config to execute command"); - res = localDB.test2.renameCollection('test'); - assert.eq(0, res.ok); - assert.eq(CodeUnauthorized, res.code); - - // At this point, all the user documents are gone, so further activity may be unauthorized, - // depending on cluster configuration. So, this is the end of the test. - MongoRunner.stopMongod(conn, {user: 'userAdmin', pwd: 'password'}); - +'use strict'; + +// SERVER-8623: Test that renameCollection can't be used to bypass auth checks on system +// namespaces +const conn = MongoRunner.runMongod({auth: ""}); + +const adminDB = conn.getDB("admin"); +const configDB = conn.getDB("config"); +const localDB = conn.getDB("local"); +const CodeUnauthorized = 13; + +const backdoorUserDoc = { + user: 'backdoor', + db: 'admin', + pwd: 'hashed', + roles: ['root'] +}; + +adminDB.createUser({user: 'userAdmin', pwd: 'password', roles: ['userAdminAnyDatabase']}); + +adminDB.auth('userAdmin', 'password'); +adminDB.createUser({user: 'readWriteAdmin', pwd: 'password', roles: ['readWriteAnyDatabase']}); +adminDB.createUser({ + user: 'readWriteAndUserAdmin', + pwd: 'password', + roles: ['readWriteAnyDatabase', 'userAdminAnyDatabase'] +}); +adminDB.createUser({user: 'root', pwd: 'password', roles: ['root']}); +adminDB.createUser({user: 'rootier', pwd: 'password', roles: ['__system']}); +adminDB.logout(); + +jsTestLog("Test that a readWrite user can't rename system.profile to something they can read"); +adminDB.auth('readWriteAdmin', 'password'); +var res = adminDB.system.profile.renameCollection("profile"); +assert.eq(0, res.ok); +assert.eq(CodeUnauthorized, res.code); + +jsTestLog("Test that a readWrite user can't rename system.users to something they can read"); +res = adminDB.system.users.renameCollection("users"); +assert.eq(0, res.ok); +assert.eq(CodeUnauthorized, res.code); +assert.eq(0, adminDB.users.count()); + +jsTestLog("Test that a readWrite user can't use renameCollection to override system.users"); +adminDB.users.insert(backdoorUserDoc); +res = adminDB.users.renameCollection("system.users", true); +assert.eq(0, res.ok); +assert.eq(CodeUnauthorized, res.code); +adminDB.users.drop(); + +jsTestLog("Test that a userAdmin can't rename system.users without readWrite"); +adminDB.logout(); +adminDB.auth('userAdmin', 'password'); +res = adminDB.system.users.renameCollection("users"); +assert.eq(0, res.ok); +assert.eq(CodeUnauthorized, res.code); +assert.eq(5, adminDB.system.users.count()); + +adminDB.auth('readWriteAndUserAdmin', 'password'); +assert.eq(0, adminDB.users.count()); + +jsTestLog("Test that even with userAdmin AND dbAdmin you CANNOT rename to/from system.users"); +res = adminDB.system.users.renameCollection("users"); +assert.eq(0, res.ok); +assert.eq(CodeUnauthorized, res.code); +assert.eq(5, adminDB.system.users.count()); + +adminDB.users.drop(); +adminDB.users.insert(backdoorUserDoc); +res = adminDB.users.renameCollection("system.users"); +assert.eq(0, res.ok); +assert.eq(CodeUnauthorized, res.code); + +assert.eq(null, adminDB.system.users.findOne({user: backdoorUserDoc.user})); +assert.neq(null, adminDB.system.users.findOne({user: 'userAdmin'})); + +adminDB.auth('rootier', 'password'); + +jsTestLog("Test that with __system you CAN rename to/from system.users"); +res = adminDB.system.users.renameCollection("users", true); +assert.eq(1, res.ok, tojson(res)); + +// Test permissions against the configDB and localDB + +// Start with test against inserting to and renaming collections in config and local +// as userAdminAnyDatabase. +assert.writeOK(configDB.test.insert({'a': 1})); +assert.commandWorked(configDB.test.renameCollection('test2')); + +assert.writeOK(localDB.test.insert({'a': 1})); +assert.commandWorked(localDB.test.renameCollection('test2')); +adminDB.logout(); + +// Test renaming collection in config with readWriteAnyDatabase +assert(adminDB.auth('readWriteAdmin', 'password')); +res = configDB.test2.insert({'b': 2}); +assert.writeError(res, 13, "not authorized on config to execute command"); +res = configDB.test2.renameCollection('test'); +assert.eq(0, res.ok); +assert.eq(CodeUnauthorized, res.code); + +// Test renaming collection in local with readWriteAnyDatabase +res = localDB.test2.insert({'b': 2}); +assert.writeError(res, 13, "not authorized on config to execute command"); +res = localDB.test2.renameCollection('test'); +assert.eq(0, res.ok); +assert.eq(CodeUnauthorized, res.code); + +// At this point, all the user documents are gone, so further activity may be unauthorized, +// depending on cluster configuration. So, this is the end of the test. +MongoRunner.stopMongod(conn, {user: 'userAdmin', pwd: 'password'}); })();
\ No newline at end of file |