1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
// Test for auth counters using MONGODB-X509.
(function() {
'use strict';
const mongod = MongoRunner.runMongod({
auth: '',
tlsMode: 'requireTLS',
tlsCertificateKeyFile: 'jstests/libs/server.pem',
tlsCAFile: 'jstests/libs/ca.pem',
});
const admin = mongod.getDB('admin');
const external = mongod.getDB('$external');
admin.createUser({user: 'admin', pwd: 'pwd', roles: ['root']});
admin.auth('admin', 'pwd');
const X509USER = 'CN=client,OU=KernelUser,O=MongoDB,L=New York City,ST=New York,C=US';
external.createUser({user: X509USER, roles: []});
// This test ignores counters for SCRAM-SHA-*.
// For those, see jstests/auth/auth-counters.js
const expected = {
received: 0,
successful: 0
};
function assertStats() {
const mechStats = assert.commandWorked(admin.runCommand({serverStatus: 1}))
.security.authentication.mechanisms['MONGODB-X509']
.authenticate;
assert.eq(mechStats.received, expected.received);
assert.eq(mechStats.successful, expected.successful);
}
function assertSuccess(creds) {
assert.eq(external.auth(creds), true);
external.logout();
++expected.received;
++expected.successful;
assertStats();
}
function assertFailure(creds) {
assert.eq(external.auth(creds), false);
++expected.received;
assertStats();
}
// User from certificate should work.
assertSuccess({mechanism: 'MONGODB-X509'});
// Explicitly named user.
assertSuccess({user: X509USER, mechanism: 'MONGODB-X509'});
// Fails once the user no longer exists.
external.dropUser(X509USER);
assertFailure({mechanism: 'MONGODB-X509'});
const finalStats =
assert.commandWorked(admin.runCommand({serverStatus: 1})).security.authentication.mechanisms;
MongoRunner.stopMongod(mongod);
printjson(finalStats);
})();
|
