Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

SERVER-9983 Test verifying that internal user privileges do not mask …

…those of similarly named users.
  • Loading branch information...
commit 6ad56b63d33987ed153ba757e9f8169ef670f58e 1 parent 23344f8
@andy10gen andy10gen authored
Showing with 101 additions and 0 deletions.
  1. +101 −0 jstests/auth/system_user_privileges.js
View
101 jstests/auth/system_user_privileges.js
@@ -0,0 +1,101 @@
+/*
+ * Regression test for SECURITY-27.
+ *
+ * Verifies that creating a user named "__system" in any database does not get internal system
+ * privileges.
+ *
+ * Operates by creating an "admin" user for set-up, then creating __system users in the "test",
+ * "admin" and "local" databases. Then, it verifies that the __system@local user is shadowed for
+ * password and privilege purposes by the keyfile. It then procedes to verify that the
+ * __system@test and __system@admin users are _not_ shadowed in any way by the keyfile user.
+ */
+
+(function() {
+
+ "use strict";
+
+ // Runs the "count" command on a database in a way that returns the result document, for easier
+ // inspection of the errmsg.
+ function runCountCommand(conn, dbName, collectionName) {
+ return conn.getDB(dbName).runCommand({ count: collectionName });
+ }
+
+ // Asserts that on the given "conn", "dbName"."collectionName".count() fails as unauthorized.
+ function assertCountUnauthorized(conn, dbName, collectionName) {
+ assert.eq(runCountCommand(conn, dbName, collectionName).errmsg,
+ "unauthorized",
+ "On " + dbName + "." + collectionName);
+ }
+
+ var conn = MongoRunner.runMongod({ smallfiles: "", auth: "" });
+
+ var admin = conn.getDB('admin');
+ var test = conn.getDB('test');
+ var local = conn.getDB('local');
+
+ //
+ // Preliminary set up.
+ //
+ admin.addUser('admin', 'a');
+ admin.auth('admin', 'a');
+
+ //
+ // Add users named "__system" with no privileges on "test", "admin" and "local". The one in
+ // "local" is shadowed by the keyfile.
+ //
+
+ test.addUser({user: '__system', pwd: 'a', roles: []});
+ admin.addUser({user: '__system', pwd: 'a', roles: []});
+ local.addUser({user: '__system', pwd: 'a', roles: []});
+
+ //
+ // Add some data to count.
+ //
+
+ admin.foo.insert({_id: 1});
+ test.foo.insert({_id: 2});
+ local.foo.insert({_id: 3});
+
+
+ admin.logout();
+ assertCountUnauthorized(conn, "admin", "foo");
+ assertCountUnauthorized(conn, "local", "foo");
+ assertCountUnauthorized(conn, "test", "foo");
+
+ //
+ // Validate that you cannot even log in as __system@local with the supplied password; you _must_
+ // use the password from the keyfile.
+ //
+ assert(!local.auth('__system', 'a'))
+ assertCountUnauthorized(conn, "admin", "foo");
+ assertCountUnauthorized(conn, "local", "foo");
+ assertCountUnauthorized(conn, "test", "foo");
+
+ //
+ // Validate that __system@test is not shadowed by the keyfile __system user.
+ //
+ test.auth('__system', 'a');
+ assertCountUnauthorized(conn, "admin", "foo");
+ assertCountUnauthorized(conn, "local", "foo");
+ assertCountUnauthorized(conn, "test", "foo");
+
+ test.logout();
+ assertCountUnauthorized(conn, "admin", "foo");
+ assertCountUnauthorized(conn, "local", "foo");
+ assertCountUnauthorized(conn, "test", "foo");
+
+ //
+ // Validate that __system@test is not shadowed by the keyfile __system user.
+ //
+ admin.auth('__system', 'a');
+ assertCountUnauthorized(conn, "admin", "foo");
+ assertCountUnauthorized(conn, "local", "foo");
+ assertCountUnauthorized(conn, "test", "foo");
+
+ admin.logout();
+ assertCountUnauthorized(conn, "admin", "foo");
+ assertCountUnauthorized(conn, "local", "foo");
+ assertCountUnauthorized(conn, "test", "foo");
+
+})();
+
Please sign in to comment.
Something went wrong with that request. Please try again.