SERVER-7982 Export some useful constants on AuthorizationManager.

3 files changed, 20 insertions, 17 deletions

diff --git a/src/mongo/db/auth/auth_external_state.cpp b/src/mongo/db/auth/auth_external_state.cpp
index 2a4434f250a..59b1eb7cd77 100644
--- a/src/mongo/db/auth/auth_external_state.cpp
+++ b/src/mongo/db/auth/auth_external_state.cpp
@@ -22,10 +22,6 @@
 
 namespace mongo {
 
-    static const char USER_FIELD[] = "user";
-    static const char USER_SOURCE_FIELD[] = "userSource";
-    static const char PASSWORD_FIELD[] = "pwd";
-
     AuthExternalState::AuthExternalState() {}
     AuthExternalState::~AuthExternalState() {}
 
@@ -38,8 +34,10 @@ namespace mongo {
                               "key file must be used to log in with internal user",
                               15889);
             }
-            *result = BSON(USER_FIELD << internalSecurity.user <<
-                           PASSWORD_FIELD << internalSecurity.pwd).getOwned();
+            *result = BSON(AuthorizationManager::USER_NAME_FIELD_NAME <<
+                           internalSecurity.user <<
+                           AuthorizationManager::PASSWORD_FIELD_NAME <<
+                           internalSecurity.pwd).getOwned();
             return Status::OK();
         }
 
@@ -47,12 +45,13 @@ namespace mongo {
 
         BSONObj userBSONObj;
         BSONObjBuilder queryBuilder;
-        queryBuilder.append(USER_FIELD, principalName.getUser());
+        queryBuilder.append(AuthorizationManager::USER_NAME_FIELD_NAME, principalName.getUser());
         if (principalName.getDB() == dbname) {
-            queryBuilder.appendNull(USER_SOURCE_FIELD);
+            queryBuilder.appendNull(AuthorizationManager::USER_SOURCE_FIELD_NAME);
         }
         else {
-            queryBuilder.append(USER_SOURCE_FIELD, principalName.getDB());
+            queryBuilder.append(AuthorizationManager::USER_SOURCE_FIELD_NAME,
+                                principalName.getDB());
         }
 
         bool found = _findUser(usersNamespace, queryBuilder.obj(), &userBSONObj);
diff --git a/src/mongo/db/auth/authorization_manager.cpp b/src/mongo/db/auth/authorization_manager.cpp
index 36a2b0909cd..2f60a066148 100644
--- a/src/mongo/db/auth/authorization_manager.cpp
+++ b/src/mongo/db/auth/authorization_manager.cpp
@@ -46,6 +46,9 @@ namespace mongo {
 
     const std::string AuthorizationManager::SERVER_RESOURCE_NAME = "$SERVER";
     const std::string AuthorizationManager::CLUSTER_RESOURCE_NAME = "$CLUSTER";
+    const std::string AuthorizationManager::USER_NAME_FIELD_NAME = "user";
+    const std::string AuthorizationManager::USER_SOURCE_FIELD_NAME = "userSource";
+    const std::string AuthorizationManager::PASSWORD_FIELD_NAME = "pwd";
 
 namespace {
     const std::string ADMIN_DBNAME = "admin";
@@ -54,9 +57,6 @@ namespace {
     const std::string ROLES_FIELD_NAME = "roles";
     const std::string OTHER_DB_ROLES_FIELD_NAME = "otherDBRoles";
     const std::string READONLY_FIELD_NAME = "readOnly";
-    const std::string USERNAME_FIELD_NAME = "user";
-    const std::string USERSOURCE_FIELD_NAME = "userSource";
-    const std::string PASSWORD_FIELD_NAME = "pwd";
 
     const std::string SYSTEM_ROLE_READ = "read";
     const std::string SYSTEM_ROLE_READ_WRITE = "readWrite";
@@ -247,8 +247,8 @@ namespace {
 
     Status AuthorizationManager::checkValidPrivilegeDocument(const StringData& dbname,
                                                              const BSONObj& doc) {
-        BSONElement userElement = doc[USERNAME_FIELD_NAME];
-        BSONElement userSourceElement = doc[USERSOURCE_FIELD_NAME];
+        BSONElement userElement = doc[USER_NAME_FIELD_NAME];
+        BSONElement userSourceElement = doc[USER_SOURCE_FIELD_NAME];
         BSONElement passwordElement = doc[PASSWORD_FIELD_NAME];
         BSONElement rolesElement = doc[ROLES_FIELD_NAME];
         BSONElement otherDBRolesElement = doc[OTHER_DB_ROLES_FIELD_NAME];
@@ -474,7 +474,7 @@ namespace {
             const PrincipalName& principal,
             const BSONObj& privilegeDocument,
             PrivilegeSet* result) {
-        if (!(privilegeDocument.hasField(USERNAME_FIELD_NAME) &&
+        if (!(privilegeDocument.hasField(USER_NAME_FIELD_NAME) &&
               privilegeDocument.hasField(PASSWORD_FIELD_NAME))) {
 
             return Status(ErrorCodes::UnsupportedFormat,
@@ -483,10 +483,10 @@ namespace {
                                    << privilegeDocument,
                           0);
         }
-        if (privilegeDocument[USERNAME_FIELD_NAME].str() != principal.getUser()) {
+        if (privilegeDocument[USER_NAME_FIELD_NAME].str() != principal.getUser()) {
             return Status(ErrorCodes::BadValue,
                           mongoutils::str::stream() << "Principal name from privilege document \""
-                                  << privilegeDocument[USERNAME_FIELD_NAME].str()
+                                  << privilegeDocument[USER_NAME_FIELD_NAME].str()
                                   << "\" doesn't match name of provided Principal \""
                                   << principal.getUser()
                                   << "\"",
diff --git a/src/mongo/db/auth/authorization_manager.h b/src/mongo/db/auth/authorization_manager.h
index e9a5ede6f8e..0a801252356 100644
--- a/src/mongo/db/auth/authorization_manager.h
+++ b/src/mongo/db/auth/authorization_manager.h
@@ -59,6 +59,10 @@ namespace mongo {
         static const std::string SERVER_RESOURCE_NAME;
         static const std::string CLUSTER_RESOURCE_NAME;
 
+        static const std::string USER_NAME_FIELD_NAME;
+        static const std::string USER_SOURCE_FIELD_NAME;
+        static const std::string PASSWORD_FIELD_NAME;
+
         // Checks to see if "doc" is a valid privilege document, assuming it is stored in the
         // "system.users" collection of database "dbname".
         //