mirrors/mongodb
mirrors/mongodb
0
0
Fork 0
mirror of https://github.com/mongodb/mongo.git synced 2024-12-01 09:32:32 +01:00
Code Issues Releases Activity
48432412d7
mongodb/jstests/replsets/localhostAuthBypass.js
Jonathan d5522fbaa3 SERVER-14652 update tests for localhost exception 
Closes #721

Signed-off-by: Benety Goh <benety@mongodb.com>
2014-07-25 00:43:55 -04:00

220 lines
6.5 KiB
JavaScript
Raw Blame History

//SERVER-6591: Localhost authentication exception doesn't work right on sharded cluster
//
//This test is to ensure that localhost authentication works correctly against a replica set
//whether they are hosted with "localhost" or a hostname.
var replSetName = "replsets_server-6591";
var keyfile = "jstests/libs/key1";
var username = "foo";
var password = "bar";
load("jstests/libs/host_ipaddr.js");
var createUser = function(mongo) {
print("============ adding a user.");
mongo.getDB("admin").createUser({user: username, pwd: password, roles: jsTest.adminUserRoles});
};
var assertCannotRunCommands = function(mongo, isPrimary) {
print("============ ensuring that commands cannot be run.");
var test = mongo.getDB("test");
assert.throws( function() { test.system.users.findOne(); });
assert.throws( function() { test.foo.findOne({ _id: 0 }); });
if (isPrimary) {
assert.writeError(test.foo.save({ _id: 0 }));
assert.writeError(test.foo.update({ _id: 0 }, { $set: { x: 20 }}));
assert.writeError(test.foo.remove({ _id: 0 }));
}
assert.throws(function() {
test.foo.mapReduce(
function() { emit(1, 1); },
function(id, count) { return Array.sum(count); },
{ out: "other" });
});
// DB operations
var authorizeErrorCode = 13;
assert.commandFailedWithCode(mongo.getDB("test").copyDatabase("admin", "admin2"),
authorizeErrorCode, "copyDatabase");
// Create collection
assert.commandFailedWithCode(mongo.getDB("test").createCollection(
"log", { capped: true, size: 5242880, max: 5000 } ),
authorizeErrorCode, "createCollection");
// Set/Get system parameters
var params = [{ param: "journalCommitInterval", val: 200 },
{ param: "logLevel", val: 2 },
{ param: "logUserIds", val: 1 },
{ param: "notablescan", val: 1 },
{ param: "quiet", val: 1 },
{ param: "replApplyBatchSize", val: 10 },
{ param: "replIndexPrefetch", val: "none" },
{ param: "syncdelay", val: 30 },
{ param: "traceExceptions", val: true },
{ param: "sslMode", val: "preferSSL" },
{ param: "clusterAuthMode", val: "sendX509" },
{ param: "userCacheInvalidationIntervalSecs", val: 300 }
];
params.forEach(function(p) {
var cmd = { setParameter: 1 };
cmd[p.param] = p.val;
assert.commandFailedWithCode(mongo.getDB("admin").runCommand(cmd),
authorizeErrorCode, "setParameter: "+p.param);
});
params.forEach(function(p) {
var cmd = { getParameter: 1 };
cmd[p.param] = 1;
assert.commandFailedWithCode(mongo.getDB("admin").runCommand(cmd),
authorizeErrorCode, "getParameter: "+p.param);
});
};
var assertCanRunCommands = function(mongo) {
print("============ ensuring that commands can be run.");
var test = mongo.getDB("test");
// will throw on failure
test.system.users.findOne();
assert.writeOK(test.foo.save({_id: 0 }));
assert.writeOK(test.foo.update({ _id: 0 }, { $set: { x: 20 }}));
assert.writeOK(test.foo.remove({ _id: 0 }));
test.foo.mapReduce(
function() { emit(1, 1); },
function(id, count) { return Array.sum(count); },
{ out: "other" }
);
assert.commandWorked(mongo.getDB("admin").runCommand({replSetGetStatus: 1}));
};
var authenticate = function(mongo) {
print("============ authenticating user.");
mongo.getDB("admin").auth(username, password);
};
var start = function(useHostName) {
var rs = new ReplSetTest({name: replSetName,
nodes : 3,
keyFile : keyfile,
auth: "",
useHostName: useHostName});
rs.startSet();
rs.initiate();
return rs;
};
var shutdown = function(rs) {
print("============ shutting down.");
rs.stopSet(/*signal*/false,
/*forRestart*/false,
{ auth: { user: username, pwd: password}});
};
var runTest = function(useHostName) {
print("=====================");
print("starting replica set: useHostName=" + useHostName);
print("=====================");
var rs = start(useHostName);
var port = rs.getPort(rs.getPrimary());
var host = "localhost:" + port;
var secHosts = [];
rs.getSecondaries().forEach(function(sec) {
secHosts.push("localhost:" + rs.getPort(sec));
});
var mongo = new Mongo(host);
assertCannotRunCommands(mongo, true);
// Test localhost access on secondaries
var mongoSecs = [];
secHosts.forEach(function(h) {
mongoSecs.push(new Mongo(h));
});
mongoSecs.forEach(function(m) {
assertCannotRunCommands(m, false);
});
createUser(mongo);
assertCannotRunCommands(mongo, true);
authenticate(mongo);
assertCanRunCommands(mongo, true);
// Test localhost access on secondaries on exsiting connection
mongoSecs.forEach(function(m) {
assertCannotRunCommands(m, false);
authenticate(m);
});
print("===============================");
print("reconnecting with a new client.");
print("===============================");
mongo = new Mongo(host);
assertCannotRunCommands(mongo, true);
authenticate(mongo);
assertCanRunCommands(mongo, true);
// Test localhost access on secondaries on new connection
secHosts.forEach(function(h) {
var m = new Mongo(h);
assertCannotRunCommands(m, false);
authenticate(m);
});
shutdown(rs);
}
var runNonlocalTest = function(ipAddr) {
print("==========================");
print("starting mongod: non-local host access "+ipAddr);
print("==========================");
var rs = start(false);
var port = rs.getPort(rs.getPrimary());
var host = ipAddr + ":" + port;
var secHosts = [];
rs.getSecondaries().forEach(function(sec) {
secHosts.push(ipAddr + ":" + rs.getPort(sec));
});
var mongo = new Mongo(host);
assertCannotRunCommands(mongo, true);
// Test localhost access on secondaries
var mongoSecs = [];
secHosts.forEach(function(h) {
mongoSecs.push(new Mongo(h));
});
mongoSecs.forEach(function(m) {
assertCannotRunCommands(m, false);
});
assert.throws(function() { mongo.getDB("admin").createUser
({ user:username, pwd: password, roles: jsTest.adminUserRoles }); });
shutdown(rs);
};
runTest(false);
runTest(true);
runNonlocalTest(get_ipaddr());
View Git Blame Copy Permalink