git.apps.os.sepia.ceph.com Git

author	Joao Eduardo Luis <joao@redhat.com>
	Wed, 11 Feb 2015 23:36:01 +0000 (23:36 +0000)
committer	Loic Dachary <ldachary@redhat.com>
	Wed, 11 Mar 2015 07:36:00 +0000 (08:36 +0100)
commit	8ef14fcca715a33be8c611a37628c90d7fafca43
tree	e4394bda0bb79a027e2dc81aafe5f739a19c5e0f	tree \| snapshot
parent	370f37f452aff3b48f9ae8a33b7ef26b572b41c8	commit \| diff

mon: MonCap: take EntityName instead when expanding profiles

entity_name_t is tightly coupled to the messenger, while EntityName is
tied to auth.  When expanding profiles we want to tie the profile
expansion to the entity that was authenticated.  Otherwise we may incur
in weird behavior such as having caps validation failing because a given
client messenger inst does not match the auth entity it used.

e.g., running

ceph --name osd.0 config-key exists foo daemon-private/osd.X/foo

has entity_name_t 'client.12345' and EntityName 'osd.0'.  Using
entity_name_t during profile expansion would not allow the client access
to daemon-private/osd.X/foo (client.12345 != osd.X).

Fixes: #10844
Backport: firefly,giant

Signed-off-by: Joao Eduardo Luis <joao@redhat.com>
(cherry picked from commit 87544f68b88fb3dd17c519de3119a9ad9ab21dfb)

src/mon/MonCap.cc		diff \| blob \| history
src/mon/MonCap.h		diff \| blob \| history
src/mon/Monitor.cc		diff \| blob \| history
src/mon/Session.h		diff \| blob \| history
src/test/mon/moncap.cc		diff \| blob \| history