Add pointer to AuthorizationManager to AuthzSessionExternalState

author: Spencer T Brody <spencer@10gen.com> 2013-05-31 14:45:59 -0400
committer: Spencer T Brody <spencer@10gen.com> 2013-06-03 17:11:32 -0400
commit: e2bc8d7824b1304dd8c4bc8d30e615432e60c08a (patch)
tree: 8c4e8447c47713db30dc2d245fa4597b5abb0841 /src/mongo
parent: 5dd87637236aeed5d05222835231ea7ee8dd1b4c (diff)
download: mongo-e2bc8d7824b1304dd8c4bc8d30e615432e60c08a.tar.gz
18 files changed, 157 insertions, 55 deletions
diff --git a/src/mongo/db/auth/authorization_manager.cpp b/src/mongo/db/auth/authorization_manager.cpp
index 5ab155ebb17..f7f6209330f 100644
--- a/src/mongo/db/auth/authorization_manager.cpp
+++ b/src/mongo/db/auth/authorization_manager.cpp
@@ -34,11 +34,11 @@ namespace mongo {
     bool AuthorizationManager::_doesSupportOldStylePrivileges = true;
     bool AuthorizationManager::_authEnabled = false;
 
-    AuthorizationManager::AuthorizationManager(AuthzManagerExternalState* globalExternalState) :
-            _globalExternalState(globalExternalState) {}
+    AuthorizationManager::AuthorizationManager(AuthzManagerExternalState* externalState) :
+            _externalState(externalState) {}
 
     AuthzManagerExternalState* AuthorizationManager::getExternalState() const {
-        return _globalExternalState.get();
+        return _externalState.get();
     }
 
     void AuthorizationManager::setSupportOldStylePrivilegeDocuments(bool enabled) {
@@ -57,4 +57,14 @@ namespace mongo {
         return _authEnabled;
     }
 
+    Status AuthorizationManager::getPrivilegeDocument(const std::string& dbname,
+                                                      const UserName& userName,
+                                                      BSONObj* result) {
+        return _externalState->getPrivilegeDocument(dbname, userName, result);
+    }
+
+    bool AuthorizationManager::hasPrivilegeDocument(const std::string& dbname) const {
+        return _externalState->hasPrivilegeDocument(dbname);
+    }
+
 } // namespace mongo
diff --git a/src/mongo/db/auth/authorization_manager.h b/src/mongo/db/auth/authorization_manager.h
index eea50c699ce..68d148cdb48 100644
--- a/src/mongo/db/auth/authorization_manager.h
+++ b/src/mongo/db/auth/authorization_manager.h
@@ -20,7 +20,10 @@
 #include <string>
 
 #include "mongo/base/disallow_copying.h"
+#include "mongo/base/status.h"
 #include "mongo/db/auth/authz_manager_external_state.h"
+#include "mongo/db/auth/user_name.h"
+#include "mongo/db/jsobj.h"
 
 namespace mongo {
 
@@ -76,6 +79,17 @@ namespace mongo {
 
         AuthzManagerExternalState* getExternalState() const;
 
+        // Gets the privilege information document for "userName" on "dbname".
+        //
+        // On success, returns Status::OK() and stores a shared-ownership copy of the document into
+        // "result".
+        Status getPrivilegeDocument(const std::string& dbname,
+                                    const UserName& userName,
+                                    BSONObj* result);
+
+        // Returns true if there exists at least one privilege document in the given database.
+        bool hasPrivilegeDocument(const std::string& dbname) const;
+
     private:
 
         static bool _doesSupportOldStylePrivileges;
@@ -85,7 +99,7 @@ namespace mongo {
         // This is a config setting, set at startup and not changing after initialization.
         static bool _authEnabled;
 
-        scoped_ptr<AuthzManagerExternalState> _globalExternalState;
+        scoped_ptr<AuthzManagerExternalState> _externalState;
     };
 
 } // namespace mongo
diff --git a/src/mongo/db/auth/authorization_session_test.cpp b/src/mongo/db/auth/authorization_session_test.cpp
index aa741523bdb..d1532de0d87 100644
--- a/src/mongo/db/auth/authorization_session_test.cpp
+++ b/src/mongo/db/auth/authorization_session_test.cpp
@@ -19,6 +19,7 @@
 
 #include "mongo/base/status.h"
 #include "mongo/db/auth/authz_session_external_state_mock.h"
+#include "mongo/db/auth/authz_manager_external_state_mock.h"
 #include "mongo/db/auth/authorization_manager.h"
 #include "mongo/db/auth/authorization_session.h"
 #include "mongo/db/jsobj.h"
@@ -38,13 +39,16 @@ namespace {
         actions.addAction(ActionType::insert);
         Privilege writePrivilege("test", actions);
         Privilege allDBsWritePrivilege("*", actions);
-        AuthzSessionExternalStateMock* externalState = new AuthzSessionExternalStateMock();
-        AuthorizationSession authzSession(externalState);
+        AuthzManagerExternalStateMock* managerExternalState = new AuthzManagerExternalStateMock();
+        AuthorizationManager authManager(managerExternalState);
+        AuthzSessionExternalStateMock* sessionExternalState = new AuthzSessionExternalStateMock(
+                &authManager);
+        AuthorizationSession authzSession(sessionExternalState);
 
         ASSERT_FALSE(authzSession.checkAuthorization("test", ActionType::insert));
-        externalState->setReturnValueForShouldIgnoreAuthChecks(true);
+        sessionExternalState->setReturnValueForShouldIgnoreAuthChecks(true);
         ASSERT_TRUE(authzSession.checkAuthorization("test", ActionType::insert));
-        externalState->setReturnValueForShouldIgnoreAuthChecks(false);
+        sessionExternalState->setReturnValueForShouldIgnoreAuthChecks(false);
         ASSERT_FALSE(authzSession.checkAuthorization("test", ActionType::insert));
 
         ASSERT_EQUALS(ErrorCodes::UserNotFound,
@@ -502,6 +506,9 @@ namespace {
 
     class AuthExternalStateImplictPriv : public AuthzSessionExternalStateMock {
     public:
+        AuthExternalStateImplictPriv(AuthorizationManager* authzManager) :
+            AuthzSessionExternalStateMock(authzManager) {}
+
         virtual bool _findUser(const string& usersNamespace,
                                const BSONObj& query,
                                BSONObj* result) const {
@@ -537,11 +544,13 @@ namespace {
     class ImplicitPriviligesTest : public ::mongo::unittest::Test {
     public:
         AuthExternalStateImplictPriv* state;
-        scoped_ptr<AuthorizationSession> authman;
+        scoped_ptr<AuthorizationSession> authzSession;
+        scoped_ptr<AuthorizationManager> authzManager;
 
         void setUp() {
-            state = new AuthExternalStateImplictPriv;
-            authman.reset(new AuthorizationSession(state));
+            authzManager.reset(new AuthorizationManager(new AuthzManagerExternalStateMock()));
+            state = new AuthExternalStateImplictPriv(authzManager.get());
+            authzSession.reset(new AuthorizationSession(state));
         }
     };
 
@@ -560,37 +569,37 @@ namespace {
                                          "roles" << BSON_ARRAY("clusterAdmin") <<
                                          "otherDBRoles" << BSON("test3" << BSON_ARRAY("dbAdmin"))));
 
-        ASSERT(!authman->checkAuthorization("test.foo", ActionType::find));
-        ASSERT(!authman->checkAuthorization("test.foo", ActionType::insert));
-        ASSERT(!authman->checkAuthorization("test.foo", ActionType::collMod));
-        ASSERT(!authman->checkAuthorization("test2.foo", ActionType::find));
-        ASSERT(!authman->checkAuthorization("test2.foo", ActionType::insert));
-        ASSERT(!authman->checkAuthorization("test2.foo", ActionType::collMod));
-        ASSERT(!authman->checkAuthorization("test3.foo", ActionType::find));
-        ASSERT(!authman->checkAuthorization("test3.foo", ActionType::insert));
-        ASSERT(!authman->checkAuthorization("test3.foo", ActionType::collMod));
-        ASSERT(!authman->checkAuthorization("admin.foo", ActionType::find));
-        ASSERT(!authman->checkAuthorization("admin.foo", ActionType::insert));
-        ASSERT(!authman->checkAuthorization("admin.foo", ActionType::collMod));
-        ASSERT(!authman->checkAuthorization("$SERVER", ActionType::shutdown));
+        ASSERT(!authzSession->checkAuthorization("test.foo", ActionType::find));
+        ASSERT(!authzSession->checkAuthorization("test.foo", ActionType::insert));
+        ASSERT(!authzSession->checkAuthorization("test.foo", ActionType::collMod));
+        ASSERT(!authzSession->checkAuthorization("test2.foo", ActionType::find));
+        ASSERT(!authzSession->checkAuthorization("test2.foo", ActionType::insert));
+        ASSERT(!authzSession->checkAuthorization("test2.foo", ActionType::collMod));
+        ASSERT(!authzSession->checkAuthorization("test3.foo", ActionType::find));
+        ASSERT(!authzSession->checkAuthorization("test3.foo", ActionType::insert));
+        ASSERT(!authzSession->checkAuthorization("test3.foo", ActionType::collMod));
+        ASSERT(!authzSession->checkAuthorization("admin.foo", ActionType::find));
+        ASSERT(!authzSession->checkAuthorization("admin.foo", ActionType::insert));
+        ASSERT(!authzSession->checkAuthorization("admin.foo", ActionType::collMod));
+        ASSERT(!authzSession->checkAuthorization("$SERVER", ActionType::shutdown));
 
         Principal* principal = new Principal(UserName("andy", "test"));
         principal->setImplicitPrivilegeAcquisition(true);
-        authman->addAuthorizedPrincipal(principal);
-
-        ASSERT(authman->checkAuthorization("test.foo", ActionType::find));
-        ASSERT(authman->checkAuthorization("test.foo", ActionType::insert));
-        ASSERT(!authman->checkAuthorization("test.foo", ActionType::collMod));
-        ASSERT(authman->checkAuthorization("test2.foo", ActionType::find));
-        ASSERT(!authman->checkAuthorization("test2.foo", ActionType::insert));
-        ASSERT(!authman->checkAuthorization("test2.foo", ActionType::collMod));
-        ASSERT(!authman->checkAuthorization("test3.foo", ActionType::find));
-        ASSERT(!authman->checkAuthorization("test3.foo", ActionType::insert));
-        ASSERT(authman->checkAuthorization("test3.foo", ActionType::collMod));
-        ASSERT(!authman->checkAuthorization("admin.foo", ActionType::find));
-        ASSERT(!authman->checkAuthorization("admin.foo", ActionType::insert));
-        ASSERT(!authman->checkAuthorization("admin.foo", ActionType::collMod));
-        ASSERT(authman->checkAuthorization("$SERVER", ActionType::shutdown));
+        authzSession->addAuthorizedPrincipal(principal);
+
+        ASSERT(authzSession->checkAuthorization("test.foo", ActionType::find));
+        ASSERT(authzSession->checkAuthorization("test.foo", ActionType::insert));
+        ASSERT(!authzSession->checkAuthorization("test.foo", ActionType::collMod));
+        ASSERT(authzSession->checkAuthorization("test2.foo", ActionType::find));
+        ASSERT(!authzSession->checkAuthorization("test2.foo", ActionType::insert));
+        ASSERT(!authzSession->checkAuthorization("test2.foo", ActionType::collMod));
+        ASSERT(!authzSession->checkAuthorization("test3.foo", ActionType::find));
+        ASSERT(!authzSession->checkAuthorization("test3.foo", ActionType::insert));
+        ASSERT(authzSession->checkAuthorization("test3.foo", ActionType::collMod));
+        ASSERT(!authzSession->checkAuthorization("admin.foo", ActionType::find));
+        ASSERT(!authzSession->checkAuthorization("admin.foo", ActionType::insert));
+        ASSERT(!authzSession->checkAuthorization("admin.foo", ActionType::collMod));
+        ASSERT(authzSession->checkAuthorization("$SERVER", ActionType::shutdown));
     }
 
 }  // namespace
diff --git a/src/mongo/db/auth/authz_manager_external_state.cpp b/src/mongo/db/auth/authz_manager_external_state.cpp
index cf63a4d1e14..ebc448757f7 100644
--- a/src/mongo/db/auth/authz_manager_external_state.cpp
+++ b/src/mongo/db/auth/authz_manager_external_state.cpp
@@ -83,7 +83,7 @@ namespace mongo {
         return Status::OK();
     }
 
-    bool AuthzManagerExternalState::_hasPrivilegeDocument(const std::string& dbname) const {
+    bool AuthzManagerExternalState::hasPrivilegeDocument(const std::string& dbname) const {
         std::string usersNamespace = dbname + ".system.users";
 
         BSONObj userBSONObj;
diff --git a/src/mongo/db/auth/authz_manager_external_state.h b/src/mongo/db/auth/authz_manager_external_state.h
index 39a9b27e91b..83a07bd7944 100644
--- a/src/mongo/db/auth/authz_manager_external_state.h
+++ b/src/mongo/db/auth/authz_manager_external_state.h
@@ -45,6 +45,10 @@ namespace mongo {
                                     const UserName& userName,
                                     BSONObj* result);
 
+
+        // Returns true if there exists at least one privilege document in the given database.
+        bool hasPrivilegeDocument(const std::string& dbname) const;
+
     protected:
         AuthzManagerExternalState(); // This class should never be instantiated directly.
 
@@ -54,8 +58,6 @@ namespace mongo {
                                const BSONObj& query,
                                BSONObj* result) const = 0;
 
-        // Returns true if there exists at least one privilege document in the given database.
-        bool _hasPrivilegeDocument(const std::string& dbname) const;
     };
 
 } // namespace mongo
diff --git a/src/mongo/db/auth/authz_manager_external_state_mock.h b/src/mongo/db/auth/authz_manager_external_state_mock.h
new file mode 100644
index 00000000000..eb0640dff37
--- /dev/null
+++ b/src/mongo/db/auth/authz_manager_external_state_mock.h
@@ -0,0 +1,44 @@
+/*
+*    Copyright (C) 2012 10gen Inc.
+*
+*    This program is free software: you can redistribute it and/or  modify
+*    it under the terms of the GNU Affero General Public License, version 3,
+*    as published by the Free Software Foundation.
+*
+*    This program is distributed in the hope that it will be useful,
+*    but WITHOUT ANY WARRANTY; without even the implied warranty of
+*    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*    GNU Affero General Public License for more details.
+*
+*    You should have received a copy of the GNU Affero General Public License
+*    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#pragma once
+
+#include <string>
+
+#include "mongo/base/disallow_copying.h"
+#include "mongo/db/auth/authz_manager_external_state.h"
+#include "mongo/db/jsobj.h"
+
+namespace mongo {
+
+    /**
+     * Mock of the AuthzManagerExternalState class used only for testing.
+     */
+    class AuthzManagerExternalStateMock : public AuthzManagerExternalState {
+        MONGO_DISALLOW_COPYING(AuthzManagerExternalStateMock);
+
+    public:
+
+        AuthzManagerExternalStateMock() {};
+
+        virtual bool _findUser(const std::string& usersNamespace,
+                               const BSONObj& query,
+                               BSONObj* result) const {
+            return false;
+        }
+    };
+
+} // namespace mongo
diff --git a/src/mongo/db/auth/authz_session_external_state.cpp b/src/mongo/db/auth/authz_session_external_state.cpp
index e887cec0a72..040fbfd1561 100644
--- a/src/mongo/db/auth/authz_session_external_state.cpp
+++ b/src/mongo/db/auth/authz_session_external_state.cpp
@@ -23,7 +23,8 @@
 
 namespace mongo {
 
-    AuthzSessionExternalState::AuthzSessionExternalState() {}
+    AuthzSessionExternalState::AuthzSessionExternalState(AuthorizationManager* authzManager) :
+        _authzManager(authzManager) {}
     AuthzSessionExternalState::~AuthzSessionExternalState() {}
 
     Status AuthzSessionExternalState::getPrivilegeDocument(const std::string& dbname,
diff --git a/src/mongo/db/auth/authz_session_external_state.h b/src/mongo/db/auth/authz_session_external_state.h
index d3e7f10b3af..bc6768eb8a6 100644
--- a/src/mongo/db/auth/authz_session_external_state.h
+++ b/src/mongo/db/auth/authz_session_external_state.h
@@ -21,6 +21,7 @@
 #include "mongo/base/disallow_copying.h"
 #include "mongo/base/status.h"
 #include "mongo/client/dbclientinterface.h"
+#include "mongo/db/auth/authorization_manager.h"
 #include "mongo/db/auth/user_name.h"
 
 namespace mongo {
@@ -69,7 +70,8 @@ namespace mongo {
         virtual void onLogoutDatabase(const std::string& dbname) = 0;
 
     protected:
-        AuthzSessionExternalState(); // This class should never be instantiated directly.
+        // This class should never be instantiated directly.
+        AuthzSessionExternalState(AuthorizationManager* authzManager);
 
         // Queries the userNamespace with the given query and returns the privilegeDocument found
         // in *result.  Returns true if it finds a document matching the query, or false if not.
@@ -81,6 +83,8 @@ namespace mongo {
         // Returns true if there exists at least one privilege document in the given database.
         // TODO: remove this in favor of using the AuthzManagerExternalState
         bool _hasPrivilegeDocument(const std::string& dbname) const;
+
+        AuthorizationManager* _authzManager;
     };
 
 } // namespace mongo
diff --git a/src/mongo/db/auth/authz_session_external_state_d.cpp b/src/mongo/db/auth/authz_session_external_state_d.cpp
index e53270508df..4046140ea8a 100644
--- a/src/mongo/db/auth/authz_session_external_state_d.cpp
+++ b/src/mongo/db/auth/authz_session_external_state_d.cpp
@@ -18,6 +18,7 @@
 
 #include "mongo/base/status.h"
 #include "mongo/client/dbclientinterface.h"
+#include "mongo/db/auth/authorization_manager.h"
 #include "mongo/db/client.h"
 #include "mongo/db/dbhelpers.h"
 #include "mongo/db/d_concurrency.h"
@@ -27,7 +28,9 @@
 
 namespace mongo {
 
-    AuthzSessionExternalStateMongod::AuthzSessionExternalStateMongod() {}
+    AuthzSessionExternalStateMongod::AuthzSessionExternalStateMongod(
+            AuthorizationManager* authzManager) :
+                AuthzSessionExternalStateServerCommon(authzManager) {}
     AuthzSessionExternalStateMongod::~AuthzSessionExternalStateMongod() {}
 
     void AuthzSessionExternalStateMongod::startRequest() {
diff --git a/src/mongo/db/auth/authz_session_external_state_d.h b/src/mongo/db/auth/authz_session_external_state_d.h
index ee5295f5c80..2872a2725e3 100644
--- a/src/mongo/db/auth/authz_session_external_state_d.h
+++ b/src/mongo/db/auth/authz_session_external_state_d.h
@@ -18,6 +18,7 @@
 
 #include "mongo/base/disallow_copying.h"
 #include "mongo/base/status.h"
+#include "mongo/db/auth/authorization_manager.h"
 #include "mongo/db/auth/authz_session_external_state_server_common.h"
 
 namespace mongo {
@@ -29,7 +30,7 @@ namespace mongo {
         MONGO_DISALLOW_COPYING(AuthzSessionExternalStateMongod);
 
     public:
-        AuthzSessionExternalStateMongod();
+        AuthzSessionExternalStateMongod(AuthorizationManager* authzManager);
         virtual ~AuthzSessionExternalStateMongod();
 
         virtual bool shouldIgnoreAuthChecks() const;
diff --git a/src/mongo/db/auth/authz_session_external_state_mock.h b/src/mongo/db/auth/authz_session_external_state_mock.h
index a081eab45bd..2fe79a4f258 100644
--- a/src/mongo/db/auth/authz_session_external_state_mock.h
+++ b/src/mongo/db/auth/authz_session_external_state_mock.h
@@ -18,6 +18,7 @@
 
 #include "mongo/base/disallow_copying.h"
 #include "mongo/base/status.h"
+#include "mongo/db/auth/authorization_manager.h"
 #include "mongo/db/auth/authz_session_external_state.h"
 
 namespace mongo {
@@ -29,7 +30,8 @@ namespace mongo {
         MONGO_DISALLOW_COPYING(AuthzSessionExternalStateMock);
 
     public:
-        AuthzSessionExternalStateMock() : _returnValue(false) {}
+        AuthzSessionExternalStateMock(AuthorizationManager* authzManager) :
+            AuthzSessionExternalState(authzManager), _returnValue(false) {}
 
         virtual bool shouldIgnoreAuthChecks() const {
             return _returnValue;
diff --git a/src/mongo/db/auth/authz_session_external_state_s.cpp b/src/mongo/db/auth/authz_session_external_state_s.cpp
index 25caed2667f..1ddaca5914f 100644
--- a/src/mongo/db/auth/authz_session_external_state_s.cpp
+++ b/src/mongo/db/auth/authz_session_external_state_s.cpp
@@ -20,12 +20,15 @@
 
 #include "mongo/base/status.h"
 #include "mongo/client/dbclientinterface.h"
+#include "mongo/db/auth/authorization_manager.h"
 #include "mongo/db/jsobj.h"
 #include "mongo/s/grid.h"
 
 namespace mongo {
 
-    AuthzSessionExternalStateMongos::AuthzSessionExternalStateMongos() {}
+    AuthzSessionExternalStateMongos::AuthzSessionExternalStateMongos(
+            AuthorizationManager* authzManager) :
+                    AuthzSessionExternalStateServerCommon(authzManager) {}
     AuthzSessionExternalStateMongos::~AuthzSessionExternalStateMongos() {}
 
     void AuthzSessionExternalStateMongos::onAddAuthorizedPrincipal(Principal*) { }
diff --git a/src/mongo/db/auth/authz_session_external_state_s.h b/src/mongo/db/auth/authz_session_external_state_s.h
index bbddf9d5e51..0daaaf92c58 100644
--- a/src/mongo/db/auth/authz_session_external_state_s.h
+++ b/src/mongo/db/auth/authz_session_external_state_s.h
@@ -18,6 +18,7 @@
 
 #include "mongo/base/disallow_copying.h"
 #include "mongo/base/status.h"
+#include "mongo/db/auth/authorization_manager.h"
 #include "mongo/db/auth/authz_session_external_state_server_common.h"
 
 namespace mongo {
@@ -29,7 +30,7 @@ namespace mongo {
         MONGO_DISALLOW_COPYING(AuthzSessionExternalStateMongos);
 
     public:
-        AuthzSessionExternalStateMongos();
+        AuthzSessionExternalStateMongos(AuthorizationManager* authzManager);
         virtual ~AuthzSessionExternalStateMongos();
 
         virtual void startRequest();
diff --git a/src/mongo/db/auth/authz_session_external_state_server_common.cpp b/src/mongo/db/auth/authz_session_external_state_server_common.cpp
index 200eeb6f0e5..7f75bae23aa 100644
--- a/src/mongo/db/auth/authz_session_external_state_server_common.cpp
+++ b/src/mongo/db/auth/authz_session_external_state_server_common.cpp
@@ -31,8 +31,10 @@ namespace {
     // NOTE: we default _allowLocalhost to true under the assumption that _checkShouldAllowLocalhost
     // will always be called before any calls to shouldIgnoreAuthChecks.  If this is not the case,
     // it could cause a security hole.
-    AuthzSessionExternalStateServerCommon::AuthzSessionExternalStateServerCommon() :
-            _allowLocalhost(true) {}
+    AuthzSessionExternalStateServerCommon::AuthzSessionExternalStateServerCommon(
+            AuthorizationManager* authzManager) :
+                    AuthzSessionExternalState(authzManager),
+                    _allowLocalhost(true) {}
     AuthzSessionExternalStateServerCommon::~AuthzSessionExternalStateServerCommon() {}
 
     void AuthzSessionExternalStateServerCommon::_checkShouldAllowLocalhost() {
diff --git a/src/mongo/db/auth/authz_session_external_state_server_common.h b/src/mongo/db/auth/authz_session_external_state_server_common.h
index cde8d3f1919..794024eeb78 100644
--- a/src/mongo/db/auth/authz_session_external_state_server_common.h
+++ b/src/mongo/db/auth/authz_session_external_state_server_common.h
@@ -18,6 +18,7 @@
 
 #include "mongo/base/disallow_copying.h"
 #include "mongo/base/status.h"
+#include "mongo/db/auth/authorization_manager.h"
 #include "mongo/db/auth/authz_session_external_state.h"
 
 namespace mongo {
@@ -34,7 +35,7 @@ namespace mongo {
         virtual bool shouldIgnoreAuthChecks() const;
 
     protected:
-        AuthzSessionExternalStateServerCommon();
+        AuthzSessionExternalStateServerCommon(AuthorizationManager* authzManager);
 
         // Checks whether or not localhost connections should be given full access and stores the
         // result in _allowLocalhost.  Currently localhost connections are only given full access
diff --git a/src/mongo/db/client.cpp b/src/mongo/db/client.cpp
index 79d5a9992b5..e64c2cf5088 100644
--- a/src/mongo/db/client.cpp
+++ b/src/mongo/db/client.cpp
@@ -30,6 +30,7 @@
 #include "mongo/base/status.h"
 #include "mongo/db/auth/action_set.h"
 #include "mongo/db/auth/action_type.h"
+#include "mongo/db/auth/authorization_manager_global.h"
 #include "mongo/db/auth/authorization_session.h"
 #include "mongo/db/auth/authz_session_external_state_d.h"
 #include "mongo/db/auth/privilege.h"
@@ -132,7 +133,8 @@ namespace mongo {
         Client *c = new Client( fullDesc, mp );
         currentClient.reset(c);
         mongo::lastError.initThread();
-        c->setAuthorizationSession(new AuthorizationSession(new AuthzSessionExternalStateMongod()));
+        c->setAuthorizationSession(new AuthorizationSession(new AuthzSessionExternalStateMongod(
+                getGlobalAuthorizationManager())));
         return *c;
     }
 
diff --git a/src/mongo/s/client_info.cpp b/src/mongo/s/client_info.cpp
index 837266a59aa..4d2f4a55c25 100644
--- a/src/mongo/s/client_info.cpp
+++ b/src/mongo/s/client_info.cpp
@@ -18,6 +18,7 @@
 
 #include "pch.h"
 
+#include "mongo/db/auth/authorization_manager_global.h"
 #include "mongo/db/auth/authorization_session.h"
 #include "mongo/db/auth/authz_session_external_state_s.h"
 #include "server.h"
@@ -85,7 +86,7 @@ namespace mongo {
         massert(16472, "A ClientInfo already exists for this thread", !info);
         info = new ClientInfo(messagingPort);
         info->setAuthorizationSession(new AuthorizationSession(
-                new AuthzSessionExternalStateMongos()));
+                new AuthzSessionExternalStateMongos(getGlobalAuthorizationManager())));
         _tlInfo.reset( info );
         info->newRequest();
         return info;
diff --git a/src/mongo/s/s_only.cpp b/src/mongo/s/s_only.cpp
index 93d82d07c12..644938256f1 100644
--- a/src/mongo/s/s_only.cpp
+++ b/src/mongo/s/s_only.cpp
@@ -19,6 +19,7 @@
 
 #include "mongo/client/connpool.h"
 #include "mongo/db/auth/authorization_manager.h"
+#include "mongo/db/auth/authorization_manager_global.h"
 #include "mongo/db/auth/authorization_session.h"
 #include "mongo/db/auth/authz_session_external_state_s.h"
 #include "mongo/s/shard.h"
@@ -77,7 +78,8 @@ namespace mongo {
         Client *c = new Client( fullDesc, mp );
         currentClient.reset(c);
         mongo::lastError.initThread();
-        c->setAuthorizationSession(new AuthorizationSession(new AuthzSessionExternalStateMongos()));
+        c->setAuthorizationSession(new AuthorizationSession(new AuthzSessionExternalStateMongos(
+                getGlobalAuthorizationManager())));
         return *c;
     }
author	Spencer T Brody <spencer@10gen.com>	2013-05-31 14:45:59 -0400
committer	Spencer T Brody <spencer@10gen.com>	2013-06-03 17:11:32 -0400
commit	e2bc8d7824b1304dd8c4bc8d30e615432e60c08a (patch)
tree	8c4e8447c47713db30dc2d245fa4597b5abb0841 /src/mongo
parent	5dd87637236aeed5d05222835231ea7ee8dd1b4c (diff)
download	mongo-e2bc8d7824b1304dd8c4bc8d30e615432e60c08a.tar.gz