5 files changed, 22 insertions, 9 deletions

diff --git a/src/mongo/db/auth/authorization_session.cpp b/src/mongo/db/auth/authorization_session.cpp
index 1e22641708b..259c5c31cb4 100644
--- a/src/mongo/db/auth/authorization_session.cpp
+++ b/src/mongo/db/auth/authorization_session.cpp
@@ -56,7 +56,7 @@ namespace {
         _externalState->startRequest();
     }
 
-    void AuthorizationSession::addAuthorizedPrincipal(Principal* principal) {
+    void AuthorizationSession::addAndAuthorizePrincipal(Principal* principal) {
 
         // Log out any already-logged-in user on the same database as "principal".
         logoutDatabase(principal->getName().getDB().toString());  // See SERVER-8144.
@@ -81,6 +81,14 @@ namespace {
         _externalState->onAddAuthorizedPrincipal(principal);
     }
 
+    void AuthorizationSession::addPrincipal(Principal* principal) {
+
+        // Log out any already-logged-in user on the same database as "principal".
+        logoutDatabase(principal->getName().getDB().toString());  // See SERVER-8144.
+        _authenticatedPrincipals.add(principal);
+        _externalState->onAddAuthorizedPrincipal(principal);
+    }
+
     void AuthorizationSession::_acquirePrivilegesForPrincipalFromDatabase(
             const std::string& dbname, const UserName& user) {
 
@@ -133,7 +141,7 @@ namespace {
         ActionSet actions;
         actions.addAllActions();
 
-        addAuthorizedPrincipal(principal);
+        addPrincipal(principal);
         fassert(16581, acquirePrivilege(Privilege(PrivilegeSet::WILDCARD_RESOURCE, actions),
                                     principal->getName()).isOK());
     }
diff --git a/src/mongo/db/auth/authorization_session.h b/src/mongo/db/auth/authorization_session.h
index d83a7cba220..be5c11b7478 100644
--- a/src/mongo/db/auth/authorization_session.h
+++ b/src/mongo/db/auth/authorization_session.h
@@ -55,8 +55,13 @@ namespace mongo {
         // TODO: try to eliminate the need for this call.
         void startRequest();
 
-        // Adds "principal" to the authorization manager, and takes ownership of it.
-        void addAuthorizedPrincipal(Principal* principal);
+        // Adds "principal" to the authorization session, acquiring privileges for that principal,
+        // and takes ownership of it.
+        void addAndAuthorizePrincipal(Principal* principal);
+
+        // Adds "principal" to the authorization session and takes ownership of it, without
+        // acquiring privileges for it.
+        void addPrincipal(Principal* principal);
 
         // Returns the authenticated principal with the given name.  Returns NULL
         // if no such user is found.
diff --git a/src/mongo/db/auth/authorization_session_test.cpp b/src/mongo/db/auth/authorization_session_test.cpp
index 7eccb421116..ece33afba02 100644
--- a/src/mongo/db/auth/authorization_session_test.cpp
+++ b/src/mongo/db/auth/authorization_session_test.cpp
@@ -53,7 +53,7 @@ namespace {
 
         ASSERT_EQUALS(ErrorCodes::UserNotFound,
                       authzSession.acquirePrivilege(writePrivilege, principal->getName()));
-        authzSession.addAuthorizedPrincipal(principal);
+        authzSession.addAndAuthorizePrincipal(principal);
         ASSERT_OK(authzSession.acquirePrivilege(writePrivilege, principal->getName()));
         ASSERT_TRUE(authzSession.checkAuthorization("test", ActionType::insert));
 
@@ -168,7 +168,7 @@ namespace {
         ASSERT(!authzSession->checkAuthorization("$SERVER", ActionType::shutdown));
 
         Principal* principal = new Principal(UserName("andy", "test"));
-        authzSession->addAuthorizedPrincipal(principal);
+        authzSession->addAndAuthorizePrincipal(principal);
 
         ASSERT(authzSession->checkAuthorization("test.foo", ActionType::find));
         ASSERT(authzSession->checkAuthorization("test.foo", ActionType::insert));
diff --git a/src/mongo/db/commands/authentication_commands.cpp b/src/mongo/db/commands/authentication_commands.cpp
index b81119cf4bd..23de85888e3 100644
--- a/src/mongo/db/commands/authentication_commands.cpp
+++ b/src/mongo/db/commands/authentication_commands.cpp
@@ -211,7 +211,7 @@ namespace mongo {
         AuthorizationSession* authorizationSession =
             ClientBasic::getCurrent()->getAuthorizationSession();
         Principal* principal = new Principal(user);
-        authorizationSession->addAuthorizedPrincipal(principal);
+        authorizationSession->addAndAuthorizePrincipal(principal);
 
         return Status::OK();
     }
@@ -248,7 +248,7 @@ namespace mongo {
             else {
                 Principal* principal = new Principal(user);
                 principal->setImplicitPrivilegeAcquisition(true);
-                authorizationSession->addAuthorizedPrincipal(principal);
+                authorizationSession->addAndAuthorizePrincipal(principal);
             }
             return Status::OK();
         }
diff --git a/src/mongo/db/dbwebserver.cpp b/src/mongo/db/dbwebserver.cpp
index 506945575fe..4a159b4fe3e 100644
--- a/src/mongo/db/dbwebserver.cpp
+++ b/src/mongo/db/dbwebserver.cpp
@@ -85,7 +85,7 @@ namespace mongo {
                     "admin", readOnly);
 
             AuthorizationSession* authorizationSession = cc().getAuthorizationSession();
-            authorizationSession->addAuthorizedPrincipal(principal);
+            authorizationSession->addPrincipal(principal);
             Status status = authorizationSession->acquirePrivilege(
                     Privilege(PrivilegeSet::WILDCARD_RESOURCE, actions), principal->getName());
             verify (status == Status::OK());