auth/cephx: do not special case caps for mons

Yes, the mons always fill in the caps with what is in its KeyServer but it's
confusing to see this special case.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

diff --git a/src/auth/cephx/CephxKeyServer.cc b/src/auth/cephx/CephxKeyServer.cc
index 2070d7eb6f4726c4daaf763b6cd32b55c6643dba..2d6aa8765ed7c59b2b86952f8c21b81d41e7210f 100644 (file)
--- a/src/auth/cephx/CephxKeyServer.cc
+++ b/src/auth/cephx/CephxKeyServer.cc
@@ -485,12 +485,15 @@ int KeyServer::_build_session_auth_info(uint32_t service_id,
 
   generate_secret(info.session_key, key_type);
 
-  // mon keys are stored externally.  and the caps are blank anyway.
-  if (service_id != CEPH_ENTITY_TYPE_MON) {
-    string s = ceph_entity_type_name(service_id);
-    if (!data.get_caps(cct, info.ticket.name, s, info.ticket.caps)) {
-      return -EINVAL;
-    }
+  /* N.B.: the Monitor special cases cap retrieval via a call to
+   * CephxServiceHandler::handle_request which fills in the
+   * Connection::peer_caps_info. This lets the Monitor always use the latest
+   * up-to-date mon caps for the entity but it's an unfortunate divergence in
+   * behavior.
+   */
+  string s = ceph_entity_type_name(service_id);
+  if (!data.get_caps(cct, info.ticket.name, s, info.ticket.caps)) {
+    return -EINVAL;
   }
   return 0;
 }