diff options
Diffstat (limited to 'jstests')
-rw-r--r-- | jstests/auth/localhostAuthBypass.js | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/jstests/auth/localhostAuthBypass.js b/jstests/auth/localhostAuthBypass.js index fdaf4386794..6cb315650ef 100644 --- a/jstests/auth/localhostAuthBypass.js +++ b/jstests/auth/localhostAuthBypass.js @@ -15,6 +15,12 @@ var createUser = function(mongo) { mongo.getDB("admin").createUser({user: username, pwd: password, roles: jsTest.adminUserRoles}); }; +var createRole = function(mongo) { + print("============ adding a role."); + mongo.getDB("admin").createRole( + {role: "roleAdministrator", roles: [{role: "userAdmin", db: "admin"}], privileges: []}); +}; + var assertCannotRunCommands = function(mongo) { print("============ ensuring that commands cannot be run."); @@ -171,7 +177,25 @@ var runNonlocalTest = function(host) { shutdown(conn); }; +// Per SERVER-23503, the existence of roles in the admin database should disable the localhost +// exception. +// Start the server without auth. Create a role. Restart the server with auth. The exception is +// now enabled. +var runRoleTest = function() { + var conn = MongoRunner.runMongod({dbpath: dbpath}); + var mongo = new Mongo("localhost:" + conn.port); + assertCanRunCommands(mongo); + createRole(mongo); + assertCanRunCommands(mongo); + MongoRunner.stopMongod(conn); + conn = MongoRunner.runMongod({auth: '', dbpath: dbpath, restart: true, cleanData: false}); + mongo = new Mongo("localhost:" + conn.port); + assertCannotRunCommands(mongo); +}; + runTest(false); runTest(true); runNonlocalTest(get_ipaddr()); + +runRoleTest(); |