SERVER-35463 Mark listCommands as pre-auth

2024-12-01 09:32:32 +01:00 · 2018-06-06 17:33:47 -04:00 · 2018-06-06 17:33:47 -04:00 · aa14a86962
commit aa14a86962
parent 8d2ff6ae7c
2 changed files with 41 additions and 0 deletions
--- a/jstests/auth/listcommands_preauth.js
+++ b/jstests/auth/listcommands_preauth.js
@ -0,0 +1,38 @@
+// Make sure that listCommands doesn't require authentication.
+
+(function() {
+    'use strict';
+
+    function runTest(conn) {
+        const admin = conn.getDB('admin');
+
+        // Commands should succeed in auth-bypass mode regardless of requiresAuth().
+        assert.commandWorked(admin.runCommand({listDatabases: 1}),
+                             "listDatabases shouldn't work pre-auth");
+        assert.commandWorked(admin.runCommand({listCommands: 1}),
+                             "listCommands should work pre-auth");
+
+        admin.createUser({user: 'admin', pwd: 'pass', roles: jsTest.adminUserRoles});
+
+        // listDatabases should now fail, because auth bypass is no longer valid.
+        assert.commandFailed(admin.runCommand({listDatabases: 1}),
+                             "listDatabases shouldn't work pre-auth");
+        // listCommands should STILL work, because it does not require auth.
+        assert.commandWorked(admin.runCommand({listCommands: 1}),
+                             "listCommands should work pre-auth");
+    }
+
+    const mongod = MongoRunner.runMongod({auth: ""});
+    runTest(mongod);
+    MongoRunner.stopMongod(mongod);
+
+    // TODO: Remove 'shardAsReplicaSet: false' when SERVER-32672 is fixed.
+    const st = new ShardingTest({
+        shards: 1,
+        mongos: 1,
+        config: 1,
+        other: {keyFile: 'jstests/libs/key1', shardAsReplicaSet: false}
+    });
+    runTest(st.s0);
+    st.stop();
+})();
--- a/src/mongo/db/commands/generic.cpp
+++ b/src/mongo/db/commands/generic.cpp
@ -143,6 +143,9 @@ public:
    virtual void addRequiredPrivileges(const std::string& dbname,
                                       const BSONObj& cmdObj,
                                       std::vector<Privilege>* out) const {}  // No auth required
+    bool requiresAuth() const final {
+        return false;
+    }
    virtual bool run(OperationContext* opCtx,
                     const string& ns,
                     const BSONObj& cmdObj,