diff options
Diffstat (limited to 'src/mongo/db/auth/authorization_session_test.cpp')
| -rw-r--r-- | src/mongo/db/auth/authorization_session_test.cpp | 121 |
1 files changed, 80 insertions, 41 deletions
diff --git a/src/mongo/db/auth/authorization_session_test.cpp b/src/mongo/db/auth/authorization_session_test.cpp index d6cd4d686fe..9cdbe4aa730 100644 --- a/src/mongo/db/auth/authorization_session_test.cpp +++ b/src/mongo/db/auth/authorization_session_test.cpp @@ -734,6 +734,8 @@ TEST_F(AuthorizationSessionTest, AcquireUserObtainsAndValidatesAuthenticationRes } TEST_F(AuthorizationSessionTest, CheckAuthForAggregateFailsIfPipelineIsNotAnArray) { + authzSession->assumePrivilegesForDB(Privilege(testFooCollResource, {ActionType::find})); + BSONObj cmdObjIntPipeline = BSON("aggregate" << testFooNss.coll() << "pipeline" << 7); ASSERT_EQ(ErrorCodes::TypeMismatch, authzSession->checkAuthForAggregate(testFooNss, cmdObjIntPipeline, false)); @@ -748,6 +750,8 @@ TEST_F(AuthorizationSessionTest, CheckAuthForAggregateFailsIfPipelineIsNotAnArra } TEST_F(AuthorizationSessionTest, CheckAuthForAggregateFailsIfPipelineFirstStageIsNotAnObject) { + authzSession->assumePrivilegesForDB(Privilege(testFooCollResource, {ActionType::find})); + BSONObj cmdObjFirstStageInt = BSON("aggregate" << testFooNss.coll() << "pipeline" << BSON_ARRAY(7)); ASSERT_EQ(ErrorCodes::TypeMismatch, @@ -760,7 +764,8 @@ TEST_F(AuthorizationSessionTest, CheckAuthForAggregateFailsIfPipelineFirstStageI } TEST_F(AuthorizationSessionTest, CannotAggregateEmptyPipelineWithoutFindAction) { - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << BSONArray()); + BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << BSONArray() << "cursor" + << BSONObj()); ASSERT_EQ(ErrorCodes::Unauthorized, authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); } @@ -768,7 +773,8 @@ TEST_F(AuthorizationSessionTest, CannotAggregateEmptyPipelineWithoutFindAction) TEST_F(AuthorizationSessionTest, CanAggregateEmptyPipelineWithFindAction) { authzSession->assumePrivilegesForDB(Privilege(testFooCollResource, {ActionType::find})); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << BSONArray()); + BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << BSONArray() << "cursor" + << BSONObj()); ASSERT_OK(authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); } @@ -778,25 +784,28 @@ TEST_F(AuthorizationSessionTest, CannotAggregateWithoutFindActionIfFirstStageNot BSONArray pipeline = BSON_ARRAY(BSON("$limit" << 1) << BSON("$collStats" << BSONObj()) << BSON("$indexStats" << BSONObj())); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); ASSERT_EQ(ErrorCodes::Unauthorized, authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); } -TEST_F(AuthorizationSessionTest, CanAggregateWithFindActionIfFirstStageNotIndexOrCollStats) { +TEST_F(AuthorizationSessionTest, CannotAggregateWithFindActionIfPipelineContainsIndexOrCollStats) { authzSession->assumePrivilegesForDB(Privilege(testFooCollResource, {ActionType::find})); - BSONArray pipeline = BSON_ARRAY(BSON("$limit" << 1) << BSON("$collStats" << BSONObj()) << BSON("$indexStats" << BSONObj())); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); - ASSERT_OK(authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); + ASSERT_EQ(ErrorCodes::Unauthorized, + authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); } TEST_F(AuthorizationSessionTest, CannotAggregateCollStatsWithoutCollStatsAction) { authzSession->assumePrivilegesForDB(Privilege(testFooCollResource, {ActionType::find})); BSONArray pipeline = BSON_ARRAY(BSON("$collStats" << BSONObj())); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); ASSERT_EQ(ErrorCodes::Unauthorized, authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); } @@ -805,7 +814,8 @@ TEST_F(AuthorizationSessionTest, CanAggregateCollStatsWithCollStatsAction) { authzSession->assumePrivilegesForDB(Privilege(testFooCollResource, {ActionType::collStats})); BSONArray pipeline = BSON_ARRAY(BSON("$collStats" << BSONObj())); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); ASSERT_OK(authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); } @@ -813,7 +823,8 @@ TEST_F(AuthorizationSessionTest, CannotAggregateIndexStatsWithoutIndexStatsActio authzSession->assumePrivilegesForDB(Privilege(testFooCollResource, {ActionType::find})); BSONArray pipeline = BSON_ARRAY(BSON("$indexStats" << BSONObj())); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); ASSERT_EQ(ErrorCodes::Unauthorized, authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); } @@ -822,7 +833,8 @@ TEST_F(AuthorizationSessionTest, CanAggregateIndexStatsWithIndexStatsAction) { authzSession->assumePrivilegesForDB(Privilege(testFooCollResource, {ActionType::indexStats})); BSONArray pipeline = BSON_ARRAY(BSON("$indexStats" << BSONObj())); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); ASSERT_OK(authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); } @@ -830,7 +842,8 @@ TEST_F(AuthorizationSessionTest, CanAggregateCurrentOpAllUsersFalseWithoutInprog authzSession->assumePrivilegesForDB(Privilege(testFooCollResource, {ActionType::find})); BSONArray pipeline = BSON_ARRAY(BSON("$currentOp" << BSON("allUsers" << false))); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); ASSERT_OK(authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); } @@ -838,14 +851,16 @@ TEST_F(AuthorizationSessionTest, CannotAggregateCurrentOpAllUsersFalseWithoutInp authzSession->assumePrivilegesForDB(Privilege(testFooCollResource, {ActionType::find})); BSONArray pipeline = BSON_ARRAY(BSON("$currentOp" << BSON("allUsers" << false))); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); ASSERT_EQ(ErrorCodes::Unauthorized, authzSession->checkAuthForAggregate(testFooNss, cmdObj, true)); } TEST_F(AuthorizationSessionTest, CannotAggregateCurrentOpAllUsersFalseIfNotAuthenticatedOnMongoD) { BSONArray pipeline = BSON_ARRAY(BSON("$currentOp" << BSON("allUsers" << false))); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); ASSERT_EQ(ErrorCodes::Unauthorized, authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); @@ -853,7 +868,8 @@ TEST_F(AuthorizationSessionTest, CannotAggregateCurrentOpAllUsersFalseIfNotAuthe TEST_F(AuthorizationSessionTest, CannotAggregateCurrentOpAllUsersFalseIfNotAuthenticatedOnMongoS) { BSONArray pipeline = BSON_ARRAY(BSON("$currentOp" << BSON("allUsers" << false))); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); ASSERT_EQ(ErrorCodes::Unauthorized, authzSession->checkAuthForAggregate(testFooNss, cmdObj, true)); @@ -863,7 +879,8 @@ TEST_F(AuthorizationSessionTest, CannotAggregateCurrentOpAllUsersTrueWithoutInpr authzSession->assumePrivilegesForDB(Privilege(testFooCollResource, {ActionType::find})); BSONArray pipeline = BSON_ARRAY(BSON("$currentOp" << BSON("allUsers" << true))); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); ASSERT_EQ(ErrorCodes::Unauthorized, authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); } @@ -872,7 +889,8 @@ TEST_F(AuthorizationSessionTest, CannotAggregateCurrentOpAllUsersTrueWithoutInpr authzSession->assumePrivilegesForDB(Privilege(testFooCollResource, {ActionType::find})); BSONArray pipeline = BSON_ARRAY(BSON("$currentOp" << BSON("allUsers" << true))); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); ASSERT_EQ(ErrorCodes::Unauthorized, authzSession->checkAuthForAggregate(testFooNss, cmdObj, true)); } @@ -882,7 +900,8 @@ TEST_F(AuthorizationSessionTest, CanAggregateCurrentOpAllUsersTrueWithInprogActi Privilege(ResourcePattern::forClusterResource(), {ActionType::inprog})); BSONArray pipeline = BSON_ARRAY(BSON("$currentOp" << BSON("allUsers" << true))); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); ASSERT_OK(authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); } @@ -891,7 +910,8 @@ TEST_F(AuthorizationSessionTest, CanAggregateCurrentOpAllUsersTrueWithInprogActi Privilege(ResourcePattern::forClusterResource(), {ActionType::inprog})); BSONArray pipeline = BSON_ARRAY(BSON("$currentOp" << BSON("allUsers" << true))); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); ASSERT_OK(authzSession->checkAuthForAggregate(testFooNss, cmdObj, true)); } @@ -900,7 +920,8 @@ TEST_F(AuthorizationSessionTest, CannotSpoofAllUsersTrueWithoutInprogActionOnMon BSONArray pipeline = BSON_ARRAY(BSON("$currentOp" << BSON("allUsers" << false << "allUsers" << true))); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); ASSERT_EQ(ErrorCodes::Unauthorized, authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); } @@ -910,7 +931,8 @@ TEST_F(AuthorizationSessionTest, CannotSpoofAllUsersTrueWithoutInprogActionOnMon BSONArray pipeline = BSON_ARRAY(BSON("$currentOp" << BSON("allUsers" << false << "allUsers" << true))); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); ASSERT_EQ(ErrorCodes::Unauthorized, authzSession->checkAuthForAggregate(testFooNss, cmdObj, true)); } @@ -920,9 +942,11 @@ TEST_F(AuthorizationSessionTest, AddPrivilegesForStageFailsIfOutNamespaceIsNotVa BSONArray pipeline = BSON_ARRAY(BSON("$out" << "")); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); - ASSERT_EQ(ErrorCodes::InvalidNamespace, - authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); + ASSERT_THROWS_CODE(authzSession->checkAuthForAggregate(testFooNss, cmdObj, false).ignore(), + UserException, + ErrorCodes::InvalidNamespace); } TEST_F(AuthorizationSessionTest, CannotAggregateOutWithoutInsertAndRemoveOnTargetNamespace) { @@ -930,7 +954,8 @@ TEST_F(AuthorizationSessionTest, CannotAggregateOutWithoutInsertAndRemoveOnTarge authzSession->assumePrivilegesForDB(Privilege(testFooCollResource, {ActionType::find})); BSONArray pipeline = BSON_ARRAY(BSON("$out" << testBarNss.coll())); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); ASSERT_EQ(ErrorCodes::Unauthorized, authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); @@ -953,12 +978,15 @@ TEST_F(AuthorizationSessionTest, CanAggregateOutWithInsertAndRemoveOnTargetNames Privilege(testBarCollResource, {ActionType::insert, ActionType::remove})}); BSONArray pipeline = BSON_ARRAY(BSON("$out" << testBarNss.coll())); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); ASSERT_OK(authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); BSONObj cmdObjNoBypassDocumentValidation = BSON( "aggregate" << testFooNss.coll() << "pipeline" << pipeline << "bypassDocumentValidation" - << false); + << false + << "cursor" + << BSONObj()); ASSERT_OK( authzSession->checkAuthForAggregate(testFooNss, cmdObjNoBypassDocumentValidation, false)); } @@ -970,9 +998,10 @@ TEST_F(AuthorizationSessionTest, Privilege(testBarCollResource, {ActionType::insert, ActionType::remove})}); BSONArray pipeline = BSON_ARRAY(BSON("$out" << testBarNss.coll())); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline - << "bypassDocumentValidation" - << true); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj() + << "bypassDocumentValidation" + << true); ASSERT_EQ(ErrorCodes::Unauthorized, authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); } @@ -986,9 +1015,10 @@ TEST_F(AuthorizationSessionTest, {ActionType::insert, ActionType::remove, ActionType::bypassDocumentValidation})}); BSONArray pipeline = BSON_ARRAY(BSON("$out" << testBarNss.coll())); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline - << "bypassDocumentValidation" - << true); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj() + << "bypassDocumentValidation" + << true); ASSERT_OK(authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); } @@ -996,7 +1026,8 @@ TEST_F(AuthorizationSessionTest, CannotAggregateLookupWithoutFindOnJoinedNamespa authzSession->assumePrivilegesForDB(Privilege(testFooCollResource, {ActionType::find})); BSONArray pipeline = BSON_ARRAY(BSON("$lookup" << BSON("from" << testBarNss.coll()))); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); ASSERT_EQ(ErrorCodes::Unauthorized, authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); } @@ -1006,7 +1037,8 @@ TEST_F(AuthorizationSessionTest, CanAggregateLookupWithFindOnJoinedNamespace) { Privilege(testBarCollResource, {ActionType::find})}); BSONArray pipeline = BSON_ARRAY(BSON("$lookup" << BSON("from" << testBarNss.coll()))); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); ASSERT_OK(authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); } @@ -1018,7 +1050,8 @@ TEST_F(AuthorizationSessionTest, CannotAggregateLookupWithoutFindOnNestedJoinedN BSONArray nestedPipeline = BSON_ARRAY(BSON("$lookup" << BSON("from" << testQuxNss.coll()))); BSONArray pipeline = BSON_ARRAY( BSON("$lookup" << BSON("from" << testBarNss.coll() << "pipeline" << nestedPipeline))); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); ASSERT_EQ(ErrorCodes::Unauthorized, authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); } @@ -1031,7 +1064,8 @@ TEST_F(AuthorizationSessionTest, CanAggregateLookupWithFindOnNestedJoinedNamespa BSONArray nestedPipeline = BSON_ARRAY(BSON("$lookup" << BSON("from" << testQuxNss.coll()))); BSONArray pipeline = BSON_ARRAY( BSON("$lookup" << BSON("from" << testBarNss.coll() << "pipeline" << nestedPipeline))); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); ASSERT_OK(authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); } @@ -1071,6 +1105,7 @@ TEST_F(AuthorizationSessionTest, CheckAuthForAggregateWithDeeplyNestedLookup) { BSONArrayBuilder pipelineBuilder(cmdBuilder.subarrayStart("pipeline")); addNestedPipeline(&pipelineBuilder, maxLookupDepth); pipelineBuilder.doneFast(); + cmdBuilder << "cursor" << BSONObj(); ASSERT_OK(authzSession->checkAuthForAggregate(testFooNss, cmdBuilder.obj(), false)); } @@ -1080,7 +1115,8 @@ TEST_F(AuthorizationSessionTest, CannotAggregateGraphLookupWithoutFindOnJoinedNa authzSession->assumePrivilegesForDB(Privilege(testFooCollResource, {ActionType::find})); BSONArray pipeline = BSON_ARRAY(BSON("$graphLookup" << BSON("from" << testBarNss.coll()))); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); ASSERT_EQ(ErrorCodes::Unauthorized, authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); } @@ -1090,7 +1126,8 @@ TEST_F(AuthorizationSessionTest, CanAggregateGraphLookupWithFindOnJoinedNamespac Privilege(testBarCollResource, {ActionType::find})}); BSONArray pipeline = BSON_ARRAY(BSON("$graphLookup" << BSON("from" << testBarNss.coll()))); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); ASSERT_OK(authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); } @@ -1102,7 +1139,8 @@ TEST_F(AuthorizationSessionTest, BSONArray pipeline = BSON_ARRAY(fromjson("{$facet: {lookup: [{$lookup: {from: 'bar'}}], graphLookup: " "[{$graphLookup: {from: 'qux'}}]}}")); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); ASSERT_EQ(ErrorCodes::Unauthorized, authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); @@ -1128,7 +1166,8 @@ TEST_F(AuthorizationSessionTest, BSONArray pipeline = BSON_ARRAY(fromjson("{$facet: {lookup: [{$lookup: {from: 'bar'}}], graphLookup: " "[{$graphLookup: {from: 'qux'}}]}}")); - BSONObj cmdObj = BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline); + BSONObj cmdObj = + BSON("aggregate" << testFooNss.coll() << "pipeline" << pipeline << "cursor" << BSONObj()); ASSERT_OK(authzSession->checkAuthForAggregate(testFooNss, cmdObj, false)); } |