auth: remove auid member from EntityAuth

Note that for the keyring we still accept (but ignore) auid lines so that
we can parse old keyrings that have them.

Signed-off-by: Sage Weil <sage@redhat.com>

diff --git a/doc/rados/operations/user-management.rst b/doc/rados/operations/user-management.rst
index dac87d397a9066c02670fcab1c46663f333e96f1..b190c29b77687286457a74adff39b356c67c307f 100644 (file)
--- a/doc/rados/operations/user-management.rst
+++ b/doc/rados/operations/user-management.rst
@@ -356,8 +356,7 @@ save the output to a file. Developers may also execute the following::
 
        ceph auth export {TYPE.ID}
 
-The ``auth export`` command is identical to ``auth get``, but also prints
-out the internal ``auid``, which is not relevant to end users.
+The ``auth export`` command is identical to ``auth get``.
 
 
 

diff --git a/src/auth/Auth.h b/src/auth/Auth.h
index 672f0fda1e45be80a459250943cf955f0a4b47f0..db1980a3ca683b9cfda2a74faac049517d056eae 100644 (file)
--- a/src/auth/Auth.h
+++ b/src/auth/Auth.h
@@ -21,17 +21,14 @@
 class Cond;
 
 struct EntityAuth {
-  uint64_t auid;
   CryptoKey key;
   map<string, bufferlist> caps;
 
-  EntityAuth() : auid(CEPH_AUTH_UID_DEFAULT) {}
-
   void encode(bufferlist& bl) const {
     __u8 struct_v = 2;
     using ceph::encode;
     encode(struct_v, bl);
-    encode(auid, bl);
+    encode((uint64_t)CEPH_AUTH_UID_DEFAULT, bl);
     encode(key, bl);
     encode(caps, bl);
   }
@@ -39,9 +36,10 @@ struct EntityAuth {
     using ceph::decode;
     __u8 struct_v;
     decode(struct_v, bl);
-    if (struct_v >= 2)
-      decode(auid, bl);
-    else auid = CEPH_AUTH_UID_DEFAULT;
+    if (struct_v >= 2) {
+      uint64_t old_auid;
+      decode(old_auid, bl);
+    }
     decode(key, bl);
     decode(caps, bl);
   }
@@ -49,7 +47,7 @@ struct EntityAuth {
 WRITE_CLASS_ENCODER(EntityAuth)
 
 static inline ostream& operator<<(ostream& out, const EntityAuth& a) {
-  return out << "auth(auid = " << a.auid << " key=" << a.key << " with " << a.caps.size() << " caps)";
+  return out << "auth(key=" << a.key << " with " << a.caps.size() << " caps)";
 }
 
 struct AuthCapsInfo {
@@ -86,12 +84,11 @@ WRITE_CLASS_ENCODER(AuthCapsInfo)
 struct AuthTicket {
   EntityName name;
   uint64_t global_id; /* global instance id */
-  uint64_t auid;
   utime_t created, renew_after, expires;
   AuthCapsInfo caps;
   __u32 flags;
 
-  AuthTicket() : global_id(0), auid(CEPH_AUTH_UID_DEFAULT), flags(0){}
+  AuthTicket() : global_id(0), flags(0){}
 
   void init_timestamps(utime_t now, double ttl) {
     created = now;
@@ -107,7 +104,7 @@ struct AuthTicket {
     encode(struct_v, bl);
     encode(name, bl);
     encode(global_id, bl);
-    encode(auid, bl);
+    encode((uint64_t)CEPH_AUTH_UID_DEFAULT, bl);
     encode(created, bl);
     encode(expires, bl);
     encode(caps, bl);
@@ -119,9 +116,10 @@ struct AuthTicket {
     decode(struct_v, bl);
     decode(name, bl);
     decode(global_id, bl);
-    if (struct_v >= 2)
-      decode(auid, bl);
-    else auid = CEPH_AUTH_UID_DEFAULT;
+    if (struct_v >= 2) {
+      uint64_t old_auid;
+      decode(old_auid, bl);
+    }
     decode(created, bl);
     decode(expires, bl);
     decode(caps, bl);

diff --git a/src/auth/KeyRing.cc b/src/auth/KeyRing.cc
index 387738c87583a5e7eb8d5e888b7f80d532b0c7fb..7f207d8fa538ed229e31ec7daa7012bcb78be58e 100644 (file)
--- a/src/auth/KeyRing.cc
+++ b/src/auth/KeyRing.cc
@@ -87,7 +87,10 @@ KeyRing *KeyRing::create_empty()
   return new KeyRing();
 }
 
-int KeyRing::set_modifier(const char *type, const char *val, EntityName& name, map<string, bufferlist>& caps)
+int KeyRing::set_modifier(const char *type,
+                         const char *val,
+                         EntityName& name,
+                         map<string, bufferlist>& caps)
 {
   if (!val)
     return -EINVAL;
@@ -111,8 +114,7 @@ int KeyRing::set_modifier(const char *type, const char *val, EntityName& name, m
     caps[caps_entity] = bl;
     set_caps(name, caps);
   } else if (strcmp(type, "auid") == 0) {
-    uint64_t auid = strtoull(val, NULL, 0);
-    set_uid(name, auid);
+    // just ignore it so we can still decode "old" keyrings that have an auid
   } else
     return -EINVAL;
 
@@ -139,8 +141,6 @@ void KeyRing::encode_formatted(string label, Formatter *f, bufferlist& bl)
     std::ostringstream keyss;
     keyss << p->second.key;
     f->dump_string("key", keyss.str());
-    if (p->second.auid != CEPH_AUTH_UID_DEFAULT)
-      f->dump_int("auid", p->second.auid);
     f->open_object_section("caps");
     for (map<string, bufferlist>::iterator q = p->second.caps.begin();
         q != p->second.caps.end();
@@ -247,8 +247,6 @@ void KeyRing::print(ostream& out)
        ++p) {
     out << "[" << p->first << "]" << std::endl;
     out << "\tkey = " << p->second.key << std::endl;
-    if (p->second.auid != CEPH_AUTH_UID_DEFAULT)
-      out << "\tauid = " << p->second.auid << std::endl;
 
     for (map<string, bufferlist>::iterator q = p->second.caps.begin();
         q != p->second.caps.end();

diff --git a/src/auth/KeyRing.h b/src/auth/KeyRing.h
index 5970ca8520fcbf1faf2885c75fd201bc79ab4e22..df5ebecf66e081c8b418b67fb8b2c23858f12f6c 100644 (file)
--- a/src/auth/KeyRing.h
+++ b/src/auth/KeyRing.h
@@ -90,9 +90,6 @@ public:
   void set_caps(EntityName& name, map<string, bufferlist>& caps) {
     keys[name].caps = caps;
   }
-  void set_uid(EntityName& ename, uint64_t auid) {
-    keys[ename].auid = auid;
-  }
   void set_key(EntityName& ename, CryptoKey& key) {
     keys[ename].key = key;
   }

diff --git a/src/auth/cephx/CephxKeyServer.cc b/src/auth/cephx/CephxKeyServer.cc
index 8d294ddbcd3499e0ddb560c71a5eb527b849af3e..51b7b24b7e21c0e4fe3478d5ab307083894dc854 100644 (file)
--- a/src/auth/cephx/CephxKeyServer.cc
+++ b/src/auth/cephx/CephxKeyServer.cc
@@ -310,15 +310,11 @@ int KeyServer::encode_secrets(Formatter *f, stringstream *ds) const
     if (ds) {
       *ds << name.to_str() << std::endl;
       *ds << "\tkey: " << mapiter->second.key << std::endl;
-      if (mapiter->second.auid != CEPH_AUTH_UID_DEFAULT)
-       *ds << "\tauid: " << mapiter->second.auid << std::endl;
     }
     if (f) {
       f->open_object_section("auth_entities");
       f->dump_string("entity", name.to_str());
       f->dump_stream("key") << mapiter->second.key;
-      if (mapiter->second.auid != CEPH_AUTH_UID_DEFAULT)
-       f->dump_int("auid", mapiter->second.auid);
       f->open_object_section("caps");
     }
 

diff --git a/src/auth/cephx/CephxServiceHandler.cc b/src/auth/cephx/CephxServiceHandler.cc
index 07593c4686499c3c02a65dbb1df394539f144495..c7c75a04a6d315dfe5b7ee42316ad4571e4b9e7a 100644 (file)
--- a/src/auth/cephx/CephxServiceHandler.cc
+++ b/src/auth/cephx/CephxServiceHandler.cc
@@ -110,7 +110,6 @@ int CephxServiceHandler::handle_request(bufferlist::const_iterator& indata, buff
       info.ticket.init_timestamps(ceph_clock_now(), cct->_conf->auth_mon_ticket_ttl);
       info.ticket.name = entity_name;
       info.ticket.global_id = global_id;
-      info.ticket.auid = eauth.auid;
       info.validity += cct->_conf->auth_mon_ticket_ttl;
 
       key_server->generate_secret(session_key);

diff --git a/src/test/cli/ceph-authtool/add-key.t b/src/test/cli/ceph-authtool/add-key.t
index d99eb5aa94f021aaf43e1a489e47124de07bdb9b..6d9b1680efe5f85a2854f0993aef48f4df8c6f99 100644 (file)
--- a/src/test/cli/ceph-authtool/add-key.t
+++ b/src/test/cli/ceph-authtool/add-key.t
@@ -2,7 +2,7 @@
   creating kring
 
   $ ceph-authtool kring --add-key 'AQAK7yxNeF+nHBAA0SgSdbs8IkJrxroDeJ6SwQ== 18446744073709551615'
-  added entity client.admin auth auth(auid = 18446744073709551615 key=AQAK7yxNeF+nHBAA0SgSdbs8IkJrxroDeJ6SwQ== with 0 caps)
+  added entity client.admin auth auth(key=AQAK7yxNeF+nHBAA0SgSdbs8IkJrxroDeJ6SwQ== with 0 caps)
 
 # cram makes matching escape-containing lines with regexps a bit ugly
   $ ceph-authtool kring --list