summaryrefslogtreecommitdiff
path: root/jstests
diff options
context:
space:
mode:
Diffstat (limited to 'jstests')
-rw-r--r--jstests/auth/localhostAuthBypass.js24
1 files changed, 24 insertions, 0 deletions
diff --git a/jstests/auth/localhostAuthBypass.js b/jstests/auth/localhostAuthBypass.js
index fdaf4386794..6cb315650ef 100644
--- a/jstests/auth/localhostAuthBypass.js
+++ b/jstests/auth/localhostAuthBypass.js
@@ -15,6 +15,12 @@ var createUser = function(mongo) {
mongo.getDB("admin").createUser({user: username, pwd: password, roles: jsTest.adminUserRoles});
};
+var createRole = function(mongo) {
+ print("============ adding a role.");
+ mongo.getDB("admin").createRole(
+ {role: "roleAdministrator", roles: [{role: "userAdmin", db: "admin"}], privileges: []});
+};
+
var assertCannotRunCommands = function(mongo) {
print("============ ensuring that commands cannot be run.");
@@ -171,7 +177,25 @@ var runNonlocalTest = function(host) {
shutdown(conn);
};
+// Per SERVER-23503, the existence of roles in the admin database should disable the localhost
+// exception.
+// Start the server without auth. Create a role. Restart the server with auth. The exception is
+// now enabled.
+var runRoleTest = function() {
+ var conn = MongoRunner.runMongod({dbpath: dbpath});
+ var mongo = new Mongo("localhost:" + conn.port);
+ assertCanRunCommands(mongo);
+ createRole(mongo);
+ assertCanRunCommands(mongo);
+ MongoRunner.stopMongod(conn);
+ conn = MongoRunner.runMongod({auth: '', dbpath: dbpath, restart: true, cleanData: false});
+ mongo = new Mongo("localhost:" + conn.port);
+ assertCannotRunCommands(mongo);
+};
+
runTest(false);
runTest(true);
runNonlocalTest(get_ipaddr());
+
+runRoleTest();