Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-35301

Cannot insert into system.js collections with bypassDocumentValidation:true

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Works as Designed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
      None
    • Operating System:
      ALL

      Description

      $ mogno 'mongodb://user:password@localhost:27017/?authSource=admin'
      MongoDB shell version v3.6.3
      connecting to: mongodb://localhost:27017/?authSource=admin
      MongoDB server version: 3.6.3
      MongoDB Enterprise 9be5809a-ea19-4dfd-b276-de020c05d333:PRIMARY> use test
      switched to db test
      MongoDB Enterprise 9be5809a-ea19-4dfd-b276-de020c05d333:PRIMARY> db.runCommand({connectionStatus: 1, showPrivileges: false})
      {
      	"authInfo" : {
      		"authenticatedUsers" : [
      			{
      				"user" : "user",
      				"db" : "admin"
      			}
      		],
      		"authenticatedUserRoles" : [
      			{
      				"role" : "readWriteAnyDatabase",
      				"db" : "admin"
      			},
      			{
      				"role" : "dbAdminAnyDatabase",
      				"db" : "admin"
      			},
      			{
      				"role" : "clusterAdmin",
      				"db" : "admin"
      			},
      			{
      				"role" : "userAdminAnyDatabase",
      				"db" : "admin"
      			}
      		]
      	},
      	"ok" : 1,
      	"operationTime" : Timestamp(1527724978, 1),
      	"$clusterTime" : {
      		"clusterTime" : Timestamp(1527724978, 1),
      		"signature" : {
      			"hash" : BinData(0,"bS8d9oGZjPnm4m82HzJu4fj9YjA="),
      			"keyId" : NumberLong("6561523985954111489")
      		}
      	}
      }
      MongoDB Enterprise 9be5809a-ea19-4dfd-b276-de020c05d333:PRIMARY> db.runCommand({insert:"system.js", documents:[{_id:"func", value:function(k){return k;}}], bypassDocumentValidation: false})
      {
      	"n" : 1,
      	"opTime" : {
      		"ts" : Timestamp(1527724994, 1),
      		"t" : NumberLong(2)
      	},
      	"electionId" : ObjectId("7fffffff0000000000000002"),
      	"ok" : 1,
      	"operationTime" : Timestamp(1527724994, 1),
      	"$clusterTime" : {
      		"clusterTime" : Timestamp(1527724994, 1),
      		"signature" : {
      			"hash" : BinData(0,"or3MniluGCizPnkeVRkbQg/31Bo="),
      			"keyId" : NumberLong("6561523985954111489")
      		}
      	}
      }
      MongoDB Enterprise 9be5809a-ea19-4dfd-b276-de020c05d333:PRIMARY> db.runCommand({insert:"system.js", documents:[{_id:"func2", value:function(k){return k;}}], bypassDocumentValidation: true})
      {
      	"operationTime" : Timestamp(1527724994, 1),
      	"ok" : 0,
      	"errmsg" : "not authorized on test to execute command { insert: \"system.js\", bypassDocumentValidation: true, $clusterTime: { clusterTime: Timestamp(1527724994, 1), signature: { hash: BinData(0, A2BDCC9E296E1828B33E791E55191B420FF7D41A), keyId: 6561523985954111489 } }, $db: \"test\" }",
      	"code" : 13,
      	"codeName" : "Unauthorized",
      	"$clusterTime" : {
      		"clusterTime" : Timestamp(1527724994, 1),
      		"signature" : {
      			"hash" : BinData(0,"or3MniluGCizPnkeVRkbQg/31Bo="),
      			"keyId" : NumberLong("6561523985954111489")
      		}
      	}
      }
      

      I'd expect this to work since the user has the bypassDocumentValidation privilege (provided by dbAdminAnyDatabase).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              asya Asya Kamsky
              Reporter:
              shane.harvey Shane Harvey
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: