git.apps.os.sepia.ceph.com Git

author	Joao Eduardo Luis <joao@redhat.com>
	Wed, 11 Feb 2015 23:36:01 +0000 (23:36 +0000)
committer	Joao Eduardo Luis <jecluis@gmail.com>
	Thu, 12 Feb 2015 14:33:19 +0000 (14:33 +0000)
commit	87544f68b88fb3dd17c519de3119a9ad9ab21dfb
tree	cfe16c9247f4c005845492732c8ae45bfe7f2bb1	tree \| snapshot
parent	1914b90a8a47ba36cc12cac7825f62557f67bba7	commit \| diff

mon: MonCap: take EntityName instead when expanding profiles

entity_name_t is tightly coupled to the messenger, while EntityName is
tied to auth.  When expanding profiles we want to tie the profile
expansion to the entity that was authenticated.  Otherwise we may incur
in weird behavior such as having caps validation failing because a given
client messenger inst does not match the auth entity it used.

e.g., running

ceph --name osd.0 config-key exists foo daemon-private/osd.X/foo

has entity_name_t 'client.12345' and EntityName 'osd.0'.  Using
entity_name_t during profile expansion would not allow the client access
to daemon-private/osd.X/foo (client.12345 != osd.X).

Fixes: #10844
Backport: firefly,giant

Signed-off-by: Joao Eduardo Luis <joao@redhat.com>

src/mon/MonCap.cc		diff \| blob \| history
src/mon/MonCap.h		diff \| blob \| history
src/mon/Monitor.cc		diff \| blob \| history
src/mon/Session.h		diff \| blob \| history
src/test/mon/moncap.cc		diff \| blob \| history