From e2bc8d7824b1304dd8c4bc8d30e615432e60c08a Mon Sep 17 00:00:00 2001 From: Spencer T Brody Date: Fri, 31 May 2013 14:45:59 -0400 Subject: Add pointer to AuthorizationManager to AuthzSessionExternalState --- src/mongo/db/auth/authorization_manager.cpp | 16 ++++- src/mongo/db/auth/authorization_manager.h | 16 ++++- src/mongo/db/auth/authorization_session_test.cpp | 79 ++++++++++++---------- src/mongo/db/auth/authz_manager_external_state.cpp | 2 +- src/mongo/db/auth/authz_manager_external_state.h | 6 +- .../db/auth/authz_manager_external_state_mock.h | 44 ++++++++++++ src/mongo/db/auth/authz_session_external_state.cpp | 3 +- src/mongo/db/auth/authz_session_external_state.h | 6 +- .../db/auth/authz_session_external_state_d.cpp | 5 +- src/mongo/db/auth/authz_session_external_state_d.h | 3 +- .../db/auth/authz_session_external_state_mock.h | 4 +- .../db/auth/authz_session_external_state_s.cpp | 5 +- src/mongo/db/auth/authz_session_external_state_s.h | 3 +- .../authz_session_external_state_server_common.cpp | 6 +- .../authz_session_external_state_server_common.h | 3 +- src/mongo/db/client.cpp | 4 +- src/mongo/s/client_info.cpp | 3 +- src/mongo/s/s_only.cpp | 4 +- 18 files changed, 157 insertions(+), 55 deletions(-) create mode 100644 src/mongo/db/auth/authz_manager_external_state_mock.h (limited to 'src/mongo') diff --git a/src/mongo/db/auth/authorization_manager.cpp b/src/mongo/db/auth/authorization_manager.cpp index 5ab155ebb17..f7f6209330f 100644 --- a/src/mongo/db/auth/authorization_manager.cpp +++ b/src/mongo/db/auth/authorization_manager.cpp @@ -34,11 +34,11 @@ namespace mongo { bool AuthorizationManager::_doesSupportOldStylePrivileges = true; bool AuthorizationManager::_authEnabled = false; - AuthorizationManager::AuthorizationManager(AuthzManagerExternalState* globalExternalState) : - _globalExternalState(globalExternalState) {} + AuthorizationManager::AuthorizationManager(AuthzManagerExternalState* externalState) : + _externalState(externalState) {} AuthzManagerExternalState* AuthorizationManager::getExternalState() const { - return _globalExternalState.get(); + return _externalState.get(); } void AuthorizationManager::setSupportOldStylePrivilegeDocuments(bool enabled) { @@ -57,4 +57,14 @@ namespace mongo { return _authEnabled; } + Status AuthorizationManager::getPrivilegeDocument(const std::string& dbname, + const UserName& userName, + BSONObj* result) { + return _externalState->getPrivilegeDocument(dbname, userName, result); + } + + bool AuthorizationManager::hasPrivilegeDocument(const std::string& dbname) const { + return _externalState->hasPrivilegeDocument(dbname); + } + } // namespace mongo diff --git a/src/mongo/db/auth/authorization_manager.h b/src/mongo/db/auth/authorization_manager.h index eea50c699ce..68d148cdb48 100644 --- a/src/mongo/db/auth/authorization_manager.h +++ b/src/mongo/db/auth/authorization_manager.h @@ -20,7 +20,10 @@ #include #include "mongo/base/disallow_copying.h" +#include "mongo/base/status.h" #include "mongo/db/auth/authz_manager_external_state.h" +#include "mongo/db/auth/user_name.h" +#include "mongo/db/jsobj.h" namespace mongo { @@ -76,6 +79,17 @@ namespace mongo { AuthzManagerExternalState* getExternalState() const; + // Gets the privilege information document for "userName" on "dbname". + // + // On success, returns Status::OK() and stores a shared-ownership copy of the document into + // "result". + Status getPrivilegeDocument(const std::string& dbname, + const UserName& userName, + BSONObj* result); + + // Returns true if there exists at least one privilege document in the given database. + bool hasPrivilegeDocument(const std::string& dbname) const; + private: static bool _doesSupportOldStylePrivileges; @@ -85,7 +99,7 @@ namespace mongo { // This is a config setting, set at startup and not changing after initialization. static bool _authEnabled; - scoped_ptr _globalExternalState; + scoped_ptr _externalState; }; } // namespace mongo diff --git a/src/mongo/db/auth/authorization_session_test.cpp b/src/mongo/db/auth/authorization_session_test.cpp index aa741523bdb..d1532de0d87 100644 --- a/src/mongo/db/auth/authorization_session_test.cpp +++ b/src/mongo/db/auth/authorization_session_test.cpp @@ -19,6 +19,7 @@ #include "mongo/base/status.h" #include "mongo/db/auth/authz_session_external_state_mock.h" +#include "mongo/db/auth/authz_manager_external_state_mock.h" #include "mongo/db/auth/authorization_manager.h" #include "mongo/db/auth/authorization_session.h" #include "mongo/db/jsobj.h" @@ -38,13 +39,16 @@ namespace { actions.addAction(ActionType::insert); Privilege writePrivilege("test", actions); Privilege allDBsWritePrivilege("*", actions); - AuthzSessionExternalStateMock* externalState = new AuthzSessionExternalStateMock(); - AuthorizationSession authzSession(externalState); + AuthzManagerExternalStateMock* managerExternalState = new AuthzManagerExternalStateMock(); + AuthorizationManager authManager(managerExternalState); + AuthzSessionExternalStateMock* sessionExternalState = new AuthzSessionExternalStateMock( + &authManager); + AuthorizationSession authzSession(sessionExternalState); ASSERT_FALSE(authzSession.checkAuthorization("test", ActionType::insert)); - externalState->setReturnValueForShouldIgnoreAuthChecks(true); + sessionExternalState->setReturnValueForShouldIgnoreAuthChecks(true); ASSERT_TRUE(authzSession.checkAuthorization("test", ActionType::insert)); - externalState->setReturnValueForShouldIgnoreAuthChecks(false); + sessionExternalState->setReturnValueForShouldIgnoreAuthChecks(false); ASSERT_FALSE(authzSession.checkAuthorization("test", ActionType::insert)); ASSERT_EQUALS(ErrorCodes::UserNotFound, @@ -502,6 +506,9 @@ namespace { class AuthExternalStateImplictPriv : public AuthzSessionExternalStateMock { public: + AuthExternalStateImplictPriv(AuthorizationManager* authzManager) : + AuthzSessionExternalStateMock(authzManager) {} + virtual bool _findUser(const string& usersNamespace, const BSONObj& query, BSONObj* result) const { @@ -537,11 +544,13 @@ namespace { class ImplicitPriviligesTest : public ::mongo::unittest::Test { public: AuthExternalStateImplictPriv* state; - scoped_ptr authman; + scoped_ptr authzSession; + scoped_ptr authzManager; void setUp() { - state = new AuthExternalStateImplictPriv; - authman.reset(new AuthorizationSession(state)); + authzManager.reset(new AuthorizationManager(new AuthzManagerExternalStateMock())); + state = new AuthExternalStateImplictPriv(authzManager.get()); + authzSession.reset(new AuthorizationSession(state)); } }; @@ -560,37 +569,37 @@ namespace { "roles" << BSON_ARRAY("clusterAdmin") << "otherDBRoles" << BSON("test3" << BSON_ARRAY("dbAdmin")))); - ASSERT(!authman->checkAuthorization("test.foo", ActionType::find)); - ASSERT(!authman->checkAuthorization("test.foo", ActionType::insert)); - ASSERT(!authman->checkAuthorization("test.foo", ActionType::collMod)); - ASSERT(!authman->checkAuthorization("test2.foo", ActionType::find)); - ASSERT(!authman->checkAuthorization("test2.foo", ActionType::insert)); - ASSERT(!authman->checkAuthorization("test2.foo", ActionType::collMod)); - ASSERT(!authman->checkAuthorization("test3.foo", ActionType::find)); - ASSERT(!authman->checkAuthorization("test3.foo", ActionType::insert)); - ASSERT(!authman->checkAuthorization("test3.foo", ActionType::collMod)); - ASSERT(!authman->checkAuthorization("admin.foo", ActionType::find)); - ASSERT(!authman->checkAuthorization("admin.foo", ActionType::insert)); - ASSERT(!authman->checkAuthorization("admin.foo", ActionType::collMod)); - ASSERT(!authman->checkAuthorization("$SERVER", ActionType::shutdown)); + ASSERT(!authzSession->checkAuthorization("test.foo", ActionType::find)); + ASSERT(!authzSession->checkAuthorization("test.foo", ActionType::insert)); + ASSERT(!authzSession->checkAuthorization("test.foo", ActionType::collMod)); + ASSERT(!authzSession->checkAuthorization("test2.foo", ActionType::find)); + ASSERT(!authzSession->checkAuthorization("test2.foo", ActionType::insert)); + ASSERT(!authzSession->checkAuthorization("test2.foo", ActionType::collMod)); + ASSERT(!authzSession->checkAuthorization("test3.foo", ActionType::find)); + ASSERT(!authzSession->checkAuthorization("test3.foo", ActionType::insert)); + ASSERT(!authzSession->checkAuthorization("test3.foo", ActionType::collMod)); + ASSERT(!authzSession->checkAuthorization("admin.foo", ActionType::find)); + ASSERT(!authzSession->checkAuthorization("admin.foo", ActionType::insert)); + ASSERT(!authzSession->checkAuthorization("admin.foo", ActionType::collMod)); + ASSERT(!authzSession->checkAuthorization("$SERVER", ActionType::shutdown)); Principal* principal = new Principal(UserName("andy", "test")); principal->setImplicitPrivilegeAcquisition(true); - authman->addAuthorizedPrincipal(principal); - - ASSERT(authman->checkAuthorization("test.foo", ActionType::find)); - ASSERT(authman->checkAuthorization("test.foo", ActionType::insert)); - ASSERT(!authman->checkAuthorization("test.foo", ActionType::collMod)); - ASSERT(authman->checkAuthorization("test2.foo", ActionType::find)); - ASSERT(!authman->checkAuthorization("test2.foo", ActionType::insert)); - ASSERT(!authman->checkAuthorization("test2.foo", ActionType::collMod)); - ASSERT(!authman->checkAuthorization("test3.foo", ActionType::find)); - ASSERT(!authman->checkAuthorization("test3.foo", ActionType::insert)); - ASSERT(authman->checkAuthorization("test3.foo", ActionType::collMod)); - ASSERT(!authman->checkAuthorization("admin.foo", ActionType::find)); - ASSERT(!authman->checkAuthorization("admin.foo", ActionType::insert)); - ASSERT(!authman->checkAuthorization("admin.foo", ActionType::collMod)); - ASSERT(authman->checkAuthorization("$SERVER", ActionType::shutdown)); + authzSession->addAuthorizedPrincipal(principal); + + ASSERT(authzSession->checkAuthorization("test.foo", ActionType::find)); + ASSERT(authzSession->checkAuthorization("test.foo", ActionType::insert)); + ASSERT(!authzSession->checkAuthorization("test.foo", ActionType::collMod)); + ASSERT(authzSession->checkAuthorization("test2.foo", ActionType::find)); + ASSERT(!authzSession->checkAuthorization("test2.foo", ActionType::insert)); + ASSERT(!authzSession->checkAuthorization("test2.foo", ActionType::collMod)); + ASSERT(!authzSession->checkAuthorization("test3.foo", ActionType::find)); + ASSERT(!authzSession->checkAuthorization("test3.foo", ActionType::insert)); + ASSERT(authzSession->checkAuthorization("test3.foo", ActionType::collMod)); + ASSERT(!authzSession->checkAuthorization("admin.foo", ActionType::find)); + ASSERT(!authzSession->checkAuthorization("admin.foo", ActionType::insert)); + ASSERT(!authzSession->checkAuthorization("admin.foo", ActionType::collMod)); + ASSERT(authzSession->checkAuthorization("$SERVER", ActionType::shutdown)); } } // namespace diff --git a/src/mongo/db/auth/authz_manager_external_state.cpp b/src/mongo/db/auth/authz_manager_external_state.cpp index cf63a4d1e14..ebc448757f7 100644 --- a/src/mongo/db/auth/authz_manager_external_state.cpp +++ b/src/mongo/db/auth/authz_manager_external_state.cpp @@ -83,7 +83,7 @@ namespace mongo { return Status::OK(); } - bool AuthzManagerExternalState::_hasPrivilegeDocument(const std::string& dbname) const { + bool AuthzManagerExternalState::hasPrivilegeDocument(const std::string& dbname) const { std::string usersNamespace = dbname + ".system.users"; BSONObj userBSONObj; diff --git a/src/mongo/db/auth/authz_manager_external_state.h b/src/mongo/db/auth/authz_manager_external_state.h index 39a9b27e91b..83a07bd7944 100644 --- a/src/mongo/db/auth/authz_manager_external_state.h +++ b/src/mongo/db/auth/authz_manager_external_state.h @@ -45,6 +45,10 @@ namespace mongo { const UserName& userName, BSONObj* result); + + // Returns true if there exists at least one privilege document in the given database. + bool hasPrivilegeDocument(const std::string& dbname) const; + protected: AuthzManagerExternalState(); // This class should never be instantiated directly. @@ -54,8 +58,6 @@ namespace mongo { const BSONObj& query, BSONObj* result) const = 0; - // Returns true if there exists at least one privilege document in the given database. - bool _hasPrivilegeDocument(const std::string& dbname) const; }; } // namespace mongo diff --git a/src/mongo/db/auth/authz_manager_external_state_mock.h b/src/mongo/db/auth/authz_manager_external_state_mock.h new file mode 100644 index 00000000000..eb0640dff37 --- /dev/null +++ b/src/mongo/db/auth/authz_manager_external_state_mock.h @@ -0,0 +1,44 @@ +/* +* Copyright (C) 2012 10gen Inc. +* +* This program is free software: you can redistribute it and/or modify +* it under the terms of the GNU Affero General Public License, version 3, +* as published by the Free Software Foundation. +* +* This program is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU Affero General Public License for more details. +* +* You should have received a copy of the GNU Affero General Public License +* along with this program. If not, see . +*/ + +#pragma once + +#include + +#include "mongo/base/disallow_copying.h" +#include "mongo/db/auth/authz_manager_external_state.h" +#include "mongo/db/jsobj.h" + +namespace mongo { + + /** + * Mock of the AuthzManagerExternalState class used only for testing. + */ + class AuthzManagerExternalStateMock : public AuthzManagerExternalState { + MONGO_DISALLOW_COPYING(AuthzManagerExternalStateMock); + + public: + + AuthzManagerExternalStateMock() {}; + + virtual bool _findUser(const std::string& usersNamespace, + const BSONObj& query, + BSONObj* result) const { + return false; + } + }; + +} // namespace mongo diff --git a/src/mongo/db/auth/authz_session_external_state.cpp b/src/mongo/db/auth/authz_session_external_state.cpp index e887cec0a72..040fbfd1561 100644 --- a/src/mongo/db/auth/authz_session_external_state.cpp +++ b/src/mongo/db/auth/authz_session_external_state.cpp @@ -23,7 +23,8 @@ namespace mongo { - AuthzSessionExternalState::AuthzSessionExternalState() {} + AuthzSessionExternalState::AuthzSessionExternalState(AuthorizationManager* authzManager) : + _authzManager(authzManager) {} AuthzSessionExternalState::~AuthzSessionExternalState() {} Status AuthzSessionExternalState::getPrivilegeDocument(const std::string& dbname, diff --git a/src/mongo/db/auth/authz_session_external_state.h b/src/mongo/db/auth/authz_session_external_state.h index d3e7f10b3af..bc6768eb8a6 100644 --- a/src/mongo/db/auth/authz_session_external_state.h +++ b/src/mongo/db/auth/authz_session_external_state.h @@ -21,6 +21,7 @@ #include "mongo/base/disallow_copying.h" #include "mongo/base/status.h" #include "mongo/client/dbclientinterface.h" +#include "mongo/db/auth/authorization_manager.h" #include "mongo/db/auth/user_name.h" namespace mongo { @@ -69,7 +70,8 @@ namespace mongo { virtual void onLogoutDatabase(const std::string& dbname) = 0; protected: - AuthzSessionExternalState(); // This class should never be instantiated directly. + // This class should never be instantiated directly. + AuthzSessionExternalState(AuthorizationManager* authzManager); // Queries the userNamespace with the given query and returns the privilegeDocument found // in *result. Returns true if it finds a document matching the query, or false if not. @@ -81,6 +83,8 @@ namespace mongo { // Returns true if there exists at least one privilege document in the given database. // TODO: remove this in favor of using the AuthzManagerExternalState bool _hasPrivilegeDocument(const std::string& dbname) const; + + AuthorizationManager* _authzManager; }; } // namespace mongo diff --git a/src/mongo/db/auth/authz_session_external_state_d.cpp b/src/mongo/db/auth/authz_session_external_state_d.cpp index e53270508df..4046140ea8a 100644 --- a/src/mongo/db/auth/authz_session_external_state_d.cpp +++ b/src/mongo/db/auth/authz_session_external_state_d.cpp @@ -18,6 +18,7 @@ #include "mongo/base/status.h" #include "mongo/client/dbclientinterface.h" +#include "mongo/db/auth/authorization_manager.h" #include "mongo/db/client.h" #include "mongo/db/dbhelpers.h" #include "mongo/db/d_concurrency.h" @@ -27,7 +28,9 @@ namespace mongo { - AuthzSessionExternalStateMongod::AuthzSessionExternalStateMongod() {} + AuthzSessionExternalStateMongod::AuthzSessionExternalStateMongod( + AuthorizationManager* authzManager) : + AuthzSessionExternalStateServerCommon(authzManager) {} AuthzSessionExternalStateMongod::~AuthzSessionExternalStateMongod() {} void AuthzSessionExternalStateMongod::startRequest() { diff --git a/src/mongo/db/auth/authz_session_external_state_d.h b/src/mongo/db/auth/authz_session_external_state_d.h index ee5295f5c80..2872a2725e3 100644 --- a/src/mongo/db/auth/authz_session_external_state_d.h +++ b/src/mongo/db/auth/authz_session_external_state_d.h @@ -18,6 +18,7 @@ #include "mongo/base/disallow_copying.h" #include "mongo/base/status.h" +#include "mongo/db/auth/authorization_manager.h" #include "mongo/db/auth/authz_session_external_state_server_common.h" namespace mongo { @@ -29,7 +30,7 @@ namespace mongo { MONGO_DISALLOW_COPYING(AuthzSessionExternalStateMongod); public: - AuthzSessionExternalStateMongod(); + AuthzSessionExternalStateMongod(AuthorizationManager* authzManager); virtual ~AuthzSessionExternalStateMongod(); virtual bool shouldIgnoreAuthChecks() const; diff --git a/src/mongo/db/auth/authz_session_external_state_mock.h b/src/mongo/db/auth/authz_session_external_state_mock.h index a081eab45bd..2fe79a4f258 100644 --- a/src/mongo/db/auth/authz_session_external_state_mock.h +++ b/src/mongo/db/auth/authz_session_external_state_mock.h @@ -18,6 +18,7 @@ #include "mongo/base/disallow_copying.h" #include "mongo/base/status.h" +#include "mongo/db/auth/authorization_manager.h" #include "mongo/db/auth/authz_session_external_state.h" namespace mongo { @@ -29,7 +30,8 @@ namespace mongo { MONGO_DISALLOW_COPYING(AuthzSessionExternalStateMock); public: - AuthzSessionExternalStateMock() : _returnValue(false) {} + AuthzSessionExternalStateMock(AuthorizationManager* authzManager) : + AuthzSessionExternalState(authzManager), _returnValue(false) {} virtual bool shouldIgnoreAuthChecks() const { return _returnValue; diff --git a/src/mongo/db/auth/authz_session_external_state_s.cpp b/src/mongo/db/auth/authz_session_external_state_s.cpp index 25caed2667f..1ddaca5914f 100644 --- a/src/mongo/db/auth/authz_session_external_state_s.cpp +++ b/src/mongo/db/auth/authz_session_external_state_s.cpp @@ -20,12 +20,15 @@ #include "mongo/base/status.h" #include "mongo/client/dbclientinterface.h" +#include "mongo/db/auth/authorization_manager.h" #include "mongo/db/jsobj.h" #include "mongo/s/grid.h" namespace mongo { - AuthzSessionExternalStateMongos::AuthzSessionExternalStateMongos() {} + AuthzSessionExternalStateMongos::AuthzSessionExternalStateMongos( + AuthorizationManager* authzManager) : + AuthzSessionExternalStateServerCommon(authzManager) {} AuthzSessionExternalStateMongos::~AuthzSessionExternalStateMongos() {} void AuthzSessionExternalStateMongos::onAddAuthorizedPrincipal(Principal*) { } diff --git a/src/mongo/db/auth/authz_session_external_state_s.h b/src/mongo/db/auth/authz_session_external_state_s.h index bbddf9d5e51..0daaaf92c58 100644 --- a/src/mongo/db/auth/authz_session_external_state_s.h +++ b/src/mongo/db/auth/authz_session_external_state_s.h @@ -18,6 +18,7 @@ #include "mongo/base/disallow_copying.h" #include "mongo/base/status.h" +#include "mongo/db/auth/authorization_manager.h" #include "mongo/db/auth/authz_session_external_state_server_common.h" namespace mongo { @@ -29,7 +30,7 @@ namespace mongo { MONGO_DISALLOW_COPYING(AuthzSessionExternalStateMongos); public: - AuthzSessionExternalStateMongos(); + AuthzSessionExternalStateMongos(AuthorizationManager* authzManager); virtual ~AuthzSessionExternalStateMongos(); virtual void startRequest(); diff --git a/src/mongo/db/auth/authz_session_external_state_server_common.cpp b/src/mongo/db/auth/authz_session_external_state_server_common.cpp index 200eeb6f0e5..7f75bae23aa 100644 --- a/src/mongo/db/auth/authz_session_external_state_server_common.cpp +++ b/src/mongo/db/auth/authz_session_external_state_server_common.cpp @@ -31,8 +31,10 @@ namespace { // NOTE: we default _allowLocalhost to true under the assumption that _checkShouldAllowLocalhost // will always be called before any calls to shouldIgnoreAuthChecks. If this is not the case, // it could cause a security hole. - AuthzSessionExternalStateServerCommon::AuthzSessionExternalStateServerCommon() : - _allowLocalhost(true) {} + AuthzSessionExternalStateServerCommon::AuthzSessionExternalStateServerCommon( + AuthorizationManager* authzManager) : + AuthzSessionExternalState(authzManager), + _allowLocalhost(true) {} AuthzSessionExternalStateServerCommon::~AuthzSessionExternalStateServerCommon() {} void AuthzSessionExternalStateServerCommon::_checkShouldAllowLocalhost() { diff --git a/src/mongo/db/auth/authz_session_external_state_server_common.h b/src/mongo/db/auth/authz_session_external_state_server_common.h index cde8d3f1919..794024eeb78 100644 --- a/src/mongo/db/auth/authz_session_external_state_server_common.h +++ b/src/mongo/db/auth/authz_session_external_state_server_common.h @@ -18,6 +18,7 @@ #include "mongo/base/disallow_copying.h" #include "mongo/base/status.h" +#include "mongo/db/auth/authorization_manager.h" #include "mongo/db/auth/authz_session_external_state.h" namespace mongo { @@ -34,7 +35,7 @@ namespace mongo { virtual bool shouldIgnoreAuthChecks() const; protected: - AuthzSessionExternalStateServerCommon(); + AuthzSessionExternalStateServerCommon(AuthorizationManager* authzManager); // Checks whether or not localhost connections should be given full access and stores the // result in _allowLocalhost. Currently localhost connections are only given full access diff --git a/src/mongo/db/client.cpp b/src/mongo/db/client.cpp index 79d5a9992b5..e64c2cf5088 100644 --- a/src/mongo/db/client.cpp +++ b/src/mongo/db/client.cpp @@ -30,6 +30,7 @@ #include "mongo/base/status.h" #include "mongo/db/auth/action_set.h" #include "mongo/db/auth/action_type.h" +#include "mongo/db/auth/authorization_manager_global.h" #include "mongo/db/auth/authorization_session.h" #include "mongo/db/auth/authz_session_external_state_d.h" #include "mongo/db/auth/privilege.h" @@ -132,7 +133,8 @@ namespace mongo { Client *c = new Client( fullDesc, mp ); currentClient.reset(c); mongo::lastError.initThread(); - c->setAuthorizationSession(new AuthorizationSession(new AuthzSessionExternalStateMongod())); + c->setAuthorizationSession(new AuthorizationSession(new AuthzSessionExternalStateMongod( + getGlobalAuthorizationManager()))); return *c; } diff --git a/src/mongo/s/client_info.cpp b/src/mongo/s/client_info.cpp index 837266a59aa..4d2f4a55c25 100644 --- a/src/mongo/s/client_info.cpp +++ b/src/mongo/s/client_info.cpp @@ -18,6 +18,7 @@ #include "pch.h" +#include "mongo/db/auth/authorization_manager_global.h" #include "mongo/db/auth/authorization_session.h" #include "mongo/db/auth/authz_session_external_state_s.h" #include "server.h" @@ -85,7 +86,7 @@ namespace mongo { massert(16472, "A ClientInfo already exists for this thread", !info); info = new ClientInfo(messagingPort); info->setAuthorizationSession(new AuthorizationSession( - new AuthzSessionExternalStateMongos())); + new AuthzSessionExternalStateMongos(getGlobalAuthorizationManager()))); _tlInfo.reset( info ); info->newRequest(); return info; diff --git a/src/mongo/s/s_only.cpp b/src/mongo/s/s_only.cpp index 93d82d07c12..644938256f1 100644 --- a/src/mongo/s/s_only.cpp +++ b/src/mongo/s/s_only.cpp @@ -19,6 +19,7 @@ #include "mongo/client/connpool.h" #include "mongo/db/auth/authorization_manager.h" +#include "mongo/db/auth/authorization_manager_global.h" #include "mongo/db/auth/authorization_session.h" #include "mongo/db/auth/authz_session_external_state_s.h" #include "mongo/s/shard.h" @@ -77,7 +78,8 @@ namespace mongo { Client *c = new Client( fullDesc, mp ); currentClient.reset(c); mongo::lastError.initThread(); - c->setAuthorizationSession(new AuthorizationSession(new AuthzSessionExternalStateMongos())); + c->setAuthorizationSession(new AuthorizationSession(new AuthzSessionExternalStateMongos( + getGlobalAuthorizationManager()))); return *c; } -- cgit v1.2.1