/*
 * Regression test for SECURITY-27.
 *
 * Verifies that creating a user named "__system" in any database does not get internal system
 * privileges.
 *
 * Operates by creating an "admin" user for set-up, then creating __system users in the "test",
 * "admin" and "local" databases.  Then, it verifies that the __system@local user is shadowed for
 * password and privilege purposes by the keyfile.  It then procedes to verify that the
 * __system@test and __system@admin users are _not_ shadowed in any way by the keyfile user.
 */

(function() {

"use strict";

// Runs the "count" command on a database in a way that returns the result document, for easier
// inspection of the errmsg.
function runCountCommand(conn, dbName, collectionName) {
    return conn.getDB(dbName).runCommand({count: collectionName});
}

// Asserts that on the given "conn", "dbName"."collectionName".count() fails as unauthorized.
function assertCountUnauthorized(conn, dbName, collectionName) {
    assert.eq(runCountCommand(conn, dbName, collectionName).code,
              13,
              "On " + dbName + "." + collectionName);
}

var conn = MongoRunner.runMongod({auth: ""});

var admin = conn.getDB('admin');
var test = conn.getDB('test');
var local = conn.getDB('local');

//
// Preliminary set up.
//
admin.createUser({user: 'admin', pwd: 'a', roles: jsTest.adminUserRoles});
admin.auth('admin', 'a');

//
// Add users named "__system" with no privileges on "test" and "admin", and make sure you can't
// add one on "local"
//

test.createUser({user: '__system', pwd: 'a', roles: []});
admin.createUser({user: '__system', pwd: 'a', roles: []});
assert.throws(function() {
    local.createUser({user: '__system', pwd: 'a', roles: []});
});

//
// Add some data to count.
//

admin.foo.insert({_id: 1});
test.foo.insert({_id: 2});
local.foo.insert({_id: 3});

admin.logout();
assertCountUnauthorized(conn, "admin", "foo");
assertCountUnauthorized(conn, "local", "foo");
assertCountUnauthorized(conn, "test", "foo");

//
// Validate that you cannot even log in as __system@local with the supplied password; you _must_
// use the password from the keyfile.
//
assert(!local.auth('__system', 'a'));
assertCountUnauthorized(conn, "admin", "foo");
assertCountUnauthorized(conn, "local", "foo");
assertCountUnauthorized(conn, "test", "foo");

//
// Validate that __system@test is not shadowed by the keyfile __system user.
//
test.auth('__system', 'a');
assertCountUnauthorized(conn, "admin", "foo");
assertCountUnauthorized(conn, "local", "foo");
assertCountUnauthorized(conn, "test", "foo");

test.logout();
assertCountUnauthorized(conn, "admin", "foo");
assertCountUnauthorized(conn, "local", "foo");
assertCountUnauthorized(conn, "test", "foo");

//
// Validate that __system@admin is not shadowed by the keyfile __system user.
//
admin.auth('__system', 'a');
assertCountUnauthorized(conn, "admin", "foo");
assertCountUnauthorized(conn, "local", "foo");
assertCountUnauthorized(conn, "test", "foo");

admin.logout();
assertCountUnauthorized(conn, "admin", "foo");
assertCountUnauthorized(conn, "local", "foo");
assertCountUnauthorized(conn, "test", "foo");

MongoRunner.stopMongod(conn, null, {user: 'admin', pwd: 'a'});
})();