The affected tests depended on a behavior of mongodump and mongorestore in 2.2 and prior, whereby the tools would attempt authentication via the users' credentials against several databases, until one matched. This behavior is risky, because it could leave the tool authenticating as a user with insufficient privilege to do its task, and it is inconsistent with other tools. The tool behavior in 2.4 is to authenticate against the target database if one is supplied, or admin if none is supplied, unless the user overrides this behavior by passing --authenticationDatabase=dbname to the tool.
41 lines
1.3 KiB
JavaScript
41 lines
1.3 KiB
JavaScript
// dumpauth.js
|
|
// test mongodump with authentication
|
|
port = allocatePorts( 1 )[ 0 ];
|
|
baseName = "tool_dumpauth";
|
|
|
|
m = startMongod( "--auth", "--port", port, "--dbpath", "/data/db/" + baseName, "--nohttpinterface", "--bind_ip", "127.0.0.1" );
|
|
db = m.getDB( "admin" );
|
|
|
|
t = db[ baseName ];
|
|
t.drop();
|
|
|
|
for(var i = 0; i < 100; i++) {
|
|
t["testcol"].save({ "x": i });
|
|
}
|
|
|
|
users = db.getCollection( "system.users" );
|
|
|
|
db.addUser( "testuser" , "testuser" );
|
|
|
|
assert( db.auth( "testuser" , "testuser" ) , "auth failed" );
|
|
|
|
x = runMongoProgram( "mongodump",
|
|
"--db", baseName,
|
|
"--authenticationDatabase=admin",
|
|
"-u", "testuser",
|
|
"-p", "testuser",
|
|
"-h", "127.0.0.1:"+port,
|
|
"--collection", "testcol" );
|
|
assert.eq(x, 0, "mongodump should succeed with authentication");
|
|
|
|
// SERVER-5233: mongodump with authentication breaks when using "--out -"
|
|
x = runMongoProgram( "mongodump",
|
|
"--db", baseName,
|
|
"--authenticationDatabase=admin",
|
|
"-u", "testuser",
|
|
"-p", "testuser",
|
|
"-h", "127.0.0.1:"+port,
|
|
"--collection", "testcol",
|
|
"--out", "-" );
|
|
assert.eq(x, 0, "mongodump should succeed with authentication while using '--out'");
|