4 files changed, 50 insertions, 125 deletions

diff --git a/jstests/auth/auth-counters.js b/jstests/auth/auth-counters.js
index f3f2af6a758..bbb66a619ae 100644
--- a/jstests/auth/auth-counters.js
+++ b/jstests/auth/auth-counters.js
@@ -3,15 +3,9 @@
 (function() {
 'use strict';
 
-const keyfile = 'jstests/libs/key1';
-const badKeyfile = 'jstests/libs/key2';
-let replTest = new ReplSetTest({nodes: 1, keyFile: keyfile, nodeOptions: {auth: ""}});
-replTest.startSet();
-replTest.initiate();
-let primary = replTest.getPrimary();
-
-const admin = primary.getDB('admin');
-const test = primary.getDB('test');
+const mongod = MongoRunner.runMongod({auth: ''});
+const admin = mongod.getDB('admin');
+const test = mongod.getDB('test');
 
 admin.createUser({user: 'admin', pwd: 'pwd', roles: ['root'], mechanisms: ['SCRAM-SHA-256']});
 admin.auth('admin', 'pwd');
@@ -21,22 +15,21 @@ test.createUser({user: 'user256', pwd: 'pwd', roles: [], mechanisms: ['SCRAM-SHA
 test.createUser(
     {user: 'user', pwd: 'pwd', roles: [], mechanisms: ['SCRAM-SHA-1', 'SCRAM-SHA-256']});
 
-// Count the number of authentications performed during setup
-const expected =
-    assert.commandWorked(admin.runCommand({serverStatus: 1})).security.authentication.mechanisms;
+// admin.auth() above provides an initial count for SCRAM-SHA-256
+const expected = {
+    'SCRAM-SHA-256': {
+        received: 1,
+        successful: 1,
+    },
+};
 
 function assertStats() {
     const mechStats = assert.commandWorked(admin.runCommand({serverStatus: 1}))
                           .security.authentication.mechanisms;
     Object.keys(expected).forEach(function(mech) {
         try {
-            assert.eq(mechStats[mech].authenticate.received, expected[mech].authenticate.received);
-            assert.eq(mechStats[mech].authenticate.successful,
-                      expected[mech].authenticate.successful);
-            assert.eq(mechStats[mech].clusterAuthenticate.received,
-                      expected[mech].clusterAuthenticate.received);
-            assert.eq(mechStats[mech].clusterAuthenticate.successful,
-                      expected[mech].clusterAuthenticate.successful);
+            assert.eq(mechStats[mech].authenticate.received, expected[mech].received);
+            assert.eq(mechStats[mech].authenticate.successful, expected[mech].successful);
         } catch (e) {
             print("Mechanism: " + mech);
             print("mechStats: " + tojson(mechStats));
@@ -46,42 +39,23 @@ function assertStats() {
     });
 }
 
-function assertSuccess(creds, mech, db = test) {
-    assert.eq(db.auth(creds), true);
-    if (db !== admin) {
-        db.logout();
+function assertSuccess(creds, mech) {
+    if (expected[mech] === undefined) {
+        expected[mech] = {received: 0, successful: 0};
     }
-    ++expected[mech].authenticate.received;
-    ++expected[mech].authenticate.successful;
-    assertStats();
-}
-
-function assertFailure(creds, mech, db = test) {
-    assert.eq(db.auth(creds), false);
-    ++expected[mech].authenticate.received;
+    assert.eq(test.auth(creds), true);
+    test.logout();
+    ++expected[mech].received;
+    ++expected[mech].successful;
     assertStats();
 }
 
-function assertSuccessInternal() {
-    const mech = "SCRAM-SHA-1";
-    // asCluster exiting cleanly indicates successful auth
-    assert.eq(authutil.asCluster(replTest.nodes, keyfile, () => true), true);
-    ++expected[mech].authenticate.received;
-    ++expected[mech].authenticate.successful;
-    ++expected[mech].clusterAuthenticate.received;
-    ++expected[mech].clusterAuthenticate.successful;
-    // we have to re-auth as admin to get stats, which are validated at the end of assertSuccess
-    assertSuccess({user: 'admin', pwd: 'pwd'}, 'SCRAM-SHA-256', admin);
-}
-
-function assertFailureInternal() {
-    const mech = "SCRAM-SHA-1";
-    // If asCluster fails, it explodes.
-    assert.throws(authutil.asCluster, [replTest.nodes, badKeyfile, () => true]);
-    ++expected[mech].authenticate.received;
-    ++expected[mech].clusterAuthenticate.received;
-    // we have to re-auth as admin to get stats, which are validated at the end of assertSuccess
-    assertSuccess({user: 'admin', pwd: 'pwd'}, 'SCRAM-SHA-256', admin);
+function assertFailure(creds, mech) {
+    if (expected[mech] === undefined) {
+        expected[mech] = {received: 0, successful: 0};
+    }
+    assert.eq(test.auth(creds), false);
+    ++expected[mech].received;
     assertStats();
 }
 
@@ -112,16 +86,9 @@ assertFailure({user: 'user', pwd: 'haxx', mechanism: 'SCRAM-SHA-1'}, 'SCRAM-SHA-
 assertFailure({user: 'user1', pwd: 'pwd', mechanism: 'SCRAM-SHA-256'}, 'SCRAM-SHA-256');
 assertFailure({user: 'user256', pwd: 'pwd', mechanism: 'SCRAM-SHA-1'}, 'SCRAM-SHA-1');
 
-// Cluster auth counter checks.
-assertSuccessInternal();
-assertFailureInternal();
-
-// Need to auth as admin one more time to get final stats.
-admin.auth('admin', 'pwd');
-
 const finalStats =
     assert.commandWorked(admin.runCommand({serverStatus: 1})).security.authentication.mechanisms;
-replTest.stopSet();
+MongoRunner.stopMongod(mongod);
 
 printjson(finalStats);
 })();
diff --git a/jstests/auth/speculative-auth-replset.js b/jstests/auth/speculative-auth-replset.js
index d6f9a52c03a..dfa985321a3 100644
--- a/jstests/auth/speculative-auth-replset.js
+++ b/jstests/auth/speculative-auth-replset.js
@@ -39,17 +39,14 @@ const mechStats =
 printjson(mechStats);
 assert(mechStats['SCRAM-SHA-256'] !== undefined);
 Object.keys(mechStats).forEach(function(mech) {
-    const specStats = mechStats[mech].speculativeAuthenticate;
-    const clusterStats = mechStats[mech].clusterAuthenticate;
+    const stats = mechStats[mech].speculativeAuthenticate;
 
     if (mech === 'SCRAM-SHA-256') {
-        assert.gte(specStats.received, 2);
-        assert.gte(clusterStats.received, 2);
+        assert.gte(stats.received, 2);
     } else {
-        assert.eq(specStats.received, 0);
+        assert.eq(stats.received, 0);
     }
-    assert.eq(specStats.received, specStats.successful);
-    assert.eq(clusterStats.received, clusterStats.successful);
+    assert.eq(stats.received, stats.successful);
 });
 
 test(baseURI);
diff --git a/jstests/auth/speculative-auth-sharding.js b/jstests/auth/speculative-auth-sharding.js
index d8bcae94ed9..008eafac08d 100644
--- a/jstests/auth/speculative-auth-sharding.js
+++ b/jstests/auth/speculative-auth-sharding.js
@@ -20,37 +20,26 @@ let lastStats =
     assert.commandWorked(admin.runCommand({serverStatus: 1})).security.authentication.mechanisms;
 jsTest.log('Inintial stats: ' + lastStats);
 
-function test(uri, incrMech, isClusterAuth = false) {
+function test(uri, incrMech) {
     jsTest.log('Connecting to: ' + uri);
     assert.eq(runMongoProgram('mongo', uri, '--eval', ';'), 0);
 
     const stats = assert.commandWorked(admin.runCommand({serverStatus: 1}))
                       .security.authentication.mechanisms;
-    try {
-        assert.eq(Object.keys(lastStats).length, Object.keys(stats).length);
-        Object.keys(lastStats).forEach(function(mech) {
-            const inc = (mech === incrMech) ? 1 : 0;
-            const clusterInc = (mech === incrMech && isClusterAuth) ? 1 : 0;
-
-            const specBefore = lastStats[mech].speculativeAuthenticate;
-            const specAfter = stats[mech].speculativeAuthenticate;
-            assert.eq(specAfter.received, specBefore.received + inc);
-            assert.eq(specAfter.successful, specBefore.successful + inc);
-
-            const clusterBefore = lastStats[mech].clusterAuthenticate;
-            const clusterAfter = stats[mech].clusterAuthenticate;
-            assert.eq(clusterAfter.received, clusterBefore.received + clusterInc);
-            assert.eq(clusterAfter.successful, clusterBefore.successful + clusterInc);
-
-            const allBefore = lastStats[mech].authenticate;
-            const allAfter = stats[mech].authenticate;
-            assert.eq(allAfter.received, allBefore.received + inc);
-            assert.eq(allAfter.successful, allBefore.successful + inc);
-        });
-    } catch (e) {
-        print("Stats: " + tojson(stats));
-        throw e;
-    }
+    assert.eq(Object.keys(lastStats).length, Object.keys(stats).length);
+    Object.keys(lastStats).forEach(function(mech) {
+        const inc = (mech == incrMech) ? 1 : 0;
+
+        const specBefore = lastStats[mech].speculativeAuthenticate;
+        const specAfter = stats[mech].speculativeAuthenticate;
+        assert.eq(specAfter.received, specBefore.received + inc);
+        assert.eq(specAfter.successful, specBefore.successful + inc);
+
+        const allBefore = lastStats[mech].authenticate;
+        const allAfter = stats[mech].authenticate;
+        assert.eq(allAfter.received, allBefore.received + inc);
+        assert.eq(allAfter.successful, allBefore.successful + inc);
+    });
     lastStats = stats;
 }
 
@@ -59,10 +48,6 @@ const baseURI = 'mongodb://admin:pwd@' + st.s.host + '/admin';
 test(baseURI, fallbackMech);
 test(baseURI + '?authMechanism=SCRAM-SHA-1', 'SCRAM-SHA-1');
 test(baseURI + '?authMechanism=SCRAM-SHA-256', 'SCRAM-SHA-256');
-const systemPass = cat(keyfile).replace(/\s/g, '');
-test('mongodb://__system:' + systemPass + '@' + st.s.host + '/admin?authMechanisms=SCRAM-SHA-256',
-     'SCRAM-SHA-256',
-     true);
 
 admin.logout();
 st.stop();
diff --git a/jstests/auth/speculative-sasl-start.js b/jstests/auth/speculative-sasl-start.js
index 1518cceeb01..8db5d03dcb7 100644
--- a/jstests/auth/speculative-sasl-start.js
+++ b/jstests/auth/speculative-sasl-start.js
@@ -3,8 +3,7 @@
 (function() {
 'use strict';
 
-const keyFile = 'jstests/libs/key1';
-const mongod = MongoRunner.runMongod({auth: '', keyFile: keyFile});
+const mongod = MongoRunner.runMongod({auth: ''});
 const admin = mongod.getDB('admin');
 
 admin.createUser(
@@ -36,22 +35,10 @@ assertStats(function(mechStats) {
     });
 });
 
-// No "intra-cluster" auth attempts yet.
-assertStats(function(mechStats) {
-    Object.keys(mechStats).forEach(function(mech) {
-        const stats = mechStats[mech].clusterAuthenticate;
-        assert.eq(stats.received, 0);
-        assert.eq(stats.successful, 0);
-    });
-});
-
-function expectN(mechStats, mech, N1, M1, N2 = 0, M2 = 0) {
-    const specStats = mechStats[mech].speculativeAuthenticate;
-    const clusterStats = mechStats[mech].clusterAuthenticate;
-    assert.eq(N1, specStats.received);
-    assert.eq(M1, specStats.successful);
-    assert.eq(N2, clusterStats.received);
-    assert.eq(M2, clusterStats.successful);
+function expectN(mechStats, mech, N, M) {
+    const stats = mechStats[mech].speculativeAuthenticate;
+    assert.eq(N, stats.received);
+    assert.eq(M, stats.successful);
 }
 
 const baseOKURI = 'mongodb://admin:pwd@localhost:' + mongod.port + '/admin';
@@ -110,16 +97,5 @@ mongod.getDB('test').createUser({user: 'alice', pwd: 'secret', roles: []});
 test('mongodb://alice:secret@localhost:' + mongod.port + '/test', true);
 assertStats((s) => expectN(s, 'SCRAM-SHA-256', 7, 3));
 
-// Test "intra-cluster" speculative authentication.
-const systemPass = cat(keyFile).replace(/\s/g, '');
-test('mongodb://__system:' + systemPass + '@localhost:' + mongod.port + '/admin' +
-         '?authMechanism=SCRAM-SHA-256',
-     true);
-assertStats((s) => expectN(s, 'SCRAM-SHA-256', 8, 4, 1, 1));
-test('mongodb://__system:hunter2@localhost:' + mongod.port + '/admin' +
-         '?authMechanism=SCRAM-SHA-256',
-     false);
-assertStats((s) => expectN(s, 'SCRAM-SHA-256', 9, 4, 3, 1));
-
 MongoRunner.stopMongod(mongod);
 })();