git-server-git.apps.pok.os.sepia.ceph.com Git

author	Joao Eduardo Luis <joao@redhat.com>
	Wed, 11 Feb 2015 23:36:01 +0000 (23:36 +0000)
committer	Loic Dachary <ldachary@redhat.com>
	Wed, 18 Mar 2015 20:05:48 +0000 (21:05 +0100)
commit	4427358bb556d902b01df27fd097cc3eefa561da
tree	60f4e42604ab6085f80614ca8240723b2fffb0c3	tree \| snapshot
parent	8902279dd4b52516d59db712bd59e8d9372611a6	commit \| diff

mon: MonCap: take EntityName instead when expanding profiles

entity_name_t is tightly coupled to the messenger, while EntityName is
tied to auth.  When expanding profiles we want to tie the profile
expansion to the entity that was authenticated.  Otherwise we may incur
in weird behavior such as having caps validation failing because a given
client messenger inst does not match the auth entity it used.

e.g., running

ceph --name osd.0 config-key exists foo daemon-private/osd.X/foo

has entity_name_t 'client.12345' and EntityName 'osd.0'.  Using
entity_name_t during profile expansion would not allow the client access
to daemon-private/osd.X/foo (client.12345 != osd.X).

Fixes: #10844
Backport: firefly,giant

Signed-off-by: Joao Eduardo Luis <joao@redhat.com>
(cherry picked from commit 87544f68b88fb3dd17c519de3119a9ad9ab21dfb)

src/mon/MonCap.cc		diff \| blob \| history
src/mon/MonCap.h		diff \| blob \| history
src/mon/Monitor.cc		diff \| blob \| history
src/mon/Session.h		diff \| blob \| history
src/test/mon/moncap.cc		diff \| blob \| history