1
// SERVER-8623: Test that renameCollection can't be used to bypass auth checks on system namespaces
2
var conn = MongoRunner.runMongod({auth : ""});
4
var adminDB = conn.getDB("admin");
5
var testDB = conn.getDB("testdb");
6
var testDB2 = conn.getDB("testdb2");
8
testDB.addUser({user:'spencer',
10
roles:['readWrite']});
12
adminDB.addUser({user:'userAdmin',
14
roles:['userAdminAnyDatabase']});
16
var userAdminConn = new Mongo(conn.host);
17
userAdminConn.getDB('admin').auth('userAdmin', 'password');
18
userAdminConn.getDB('admin').addUser({user:'readWriteAdmin',
20
roles:['readWriteAnyDatabase']});
23
// Test that a readWrite user can't rename system.profile to something they can read.
24
testDB.auth('spencer', 'password');
25
res = testDB.system.profile.renameCollection("profile");
27
assert.eq("unauthorized", res.errmsg);
30
// Test that a readWrite user can't rename system.users to something they can read.
31
var res = testDB.system.users.renameCollection("users");
33
assert.eq("unauthorized", res.errmsg);
34
assert.eq(0, testDB.users.count());
37
// Test that a readWrite user can't use renameCollection to override system.users
38
testDB.users.insert({user:'backdoor',
41
res = testDB.users.renameCollection("system.users", true);
43
assert.eq("unauthorized", res.errmsg);
44
assert.eq(null, userAdminConn.getDB('testdb').system.users.findOne({user:'backdoor'}));
47
// Test that a readWrite user can't create system.users using renameCollection
48
adminDB.auth('readWriteAdmin', 'password');
49
testDB2.users.insert({user:'backdoor',
52
res = testDB2.users.renameCollection("system.users");
54
assert.eq("unauthorized", res.errmsg);
55
assert.eq(0, userAdminConn.getDB('testdb2').system.users.count());
58
// Test that you can't rename system.users across databases
60
var res = adminDB.runCommand({renameCollection:'testdb.system.users', to:'testdb2.users'});
62
assert.eq("unauthorized", res.errmsg);
63
assert.eq(0, testDB2.users.count());
66
// Test that a userAdmin can't rename system.users without readWrite
68
var res = userAdminConn.getDB('testdb').system.users.renameCollection("users");
70
assert.eq("unauthorized", res.errmsg);
71
assert.eq(0, testDB.users.count());
74
// Test that with userAdmin AND dbAdmin you CAN rename to/from system.users
75
adminDB.auth('userAdmin', 'password');
76
var res = testDB.system.users.renameCollection("users");
78
assert.eq(1, testDB.users.count());
81
testDB.users.insert({user:'newUser',
83
roles:['readWrite']});
84
var res = testDB.users.renameCollection("system.users");
86
assert.neq(null, testDB.system.users.findOne({user:'newUser'}));
87
assert.eq(null, testDB.system.users.findOne({user:'spencer'}));