mirror of https://github.com/mongodb/mongo
96 lines
3.1 KiB
JavaScript
96 lines
3.1 KiB
JavaScript
/*
|
|
* Regression test for SECURITY-27.
|
|
*
|
|
* Verifies that creating a user named "__system" in any database does not get internal system
|
|
* privileges.
|
|
*
|
|
* Operates by creating an "admin" user for set-up, then creating __system users in the "test",
|
|
* "admin" and "local" databases. Then, it verifies that the __system@local user is shadowed for
|
|
* password and privilege purposes by the keyfile. It then procedes to verify that the
|
|
* __system@test and __system@admin users are _not_ shadowed in any way by the keyfile user.
|
|
*/
|
|
|
|
// Runs the "count" command on a database in a way that returns the result document, for easier
|
|
// inspection of the errmsg.
|
|
function runCountCommand(conn, dbName, collectionName) {
|
|
return conn.getDB(dbName).runCommand({count: collectionName});
|
|
}
|
|
|
|
// Asserts that on the given "conn", "dbName"."collectionName".count() fails as unauthorized.
|
|
function assertCountUnauthorized(conn, dbName, collectionName) {
|
|
assert.eq(runCountCommand(conn, dbName, collectionName).code, 13, "On " + dbName + "." + collectionName);
|
|
}
|
|
|
|
let conn = MongoRunner.runMongod({auth: ""});
|
|
|
|
let admin = conn.getDB("admin");
|
|
let test = conn.getDB("test");
|
|
let local = conn.getDB("local");
|
|
|
|
//
|
|
// Preliminary set up.
|
|
//
|
|
admin.createUser({user: "admin", pwd: "a", roles: jsTest.adminUserRoles});
|
|
admin.auth("admin", "a");
|
|
|
|
//
|
|
// Add users named "__system" with no privileges on "test" and "admin", and make sure you can't
|
|
// add one on "local"
|
|
//
|
|
|
|
test.createUser({user: "__system", pwd: "a", roles: []});
|
|
admin.createUser({user: "__system", pwd: "a", roles: []});
|
|
assert.throws(function () {
|
|
local.createUser({user: "__system", pwd: "a", roles: []});
|
|
});
|
|
|
|
//
|
|
// Add some data to count.
|
|
//
|
|
|
|
admin.foo.insert({_id: 1});
|
|
test.foo.insert({_id: 2});
|
|
local.foo.insert({_id: 3});
|
|
|
|
admin.logout();
|
|
assertCountUnauthorized(conn, "admin", "foo");
|
|
assertCountUnauthorized(conn, "local", "foo");
|
|
assertCountUnauthorized(conn, "test", "foo");
|
|
|
|
//
|
|
// Validate that you cannot even log in as __system@local with the supplied password; you _must_
|
|
// use the password from the keyfile.
|
|
//
|
|
assert(!local.auth("__system", "a"));
|
|
assertCountUnauthorized(conn, "admin", "foo");
|
|
assertCountUnauthorized(conn, "local", "foo");
|
|
assertCountUnauthorized(conn, "test", "foo");
|
|
|
|
//
|
|
// Validate that __system@test is not shadowed by the keyfile __system user.
|
|
//
|
|
test.auth("__system", "a");
|
|
assertCountUnauthorized(conn, "admin", "foo");
|
|
assertCountUnauthorized(conn, "local", "foo");
|
|
assertCountUnauthorized(conn, "test", "foo");
|
|
|
|
test.logout();
|
|
assertCountUnauthorized(conn, "admin", "foo");
|
|
assertCountUnauthorized(conn, "local", "foo");
|
|
assertCountUnauthorized(conn, "test", "foo");
|
|
|
|
//
|
|
// Validate that __system@admin is not shadowed by the keyfile __system user.
|
|
//
|
|
admin.auth("__system", "a");
|
|
assertCountUnauthorized(conn, "admin", "foo");
|
|
assertCountUnauthorized(conn, "local", "foo");
|
|
assertCountUnauthorized(conn, "test", "foo");
|
|
|
|
admin.logout();
|
|
assertCountUnauthorized(conn, "admin", "foo");
|
|
assertCountUnauthorized(conn, "local", "foo");
|
|
assertCountUnauthorized(conn, "test", "foo");
|
|
|
|
MongoRunner.stopMongod(conn, null, {user: "admin", pwd: "a"});
|