From 679af84d99b518987e999e12826301deb9313fc9 Mon Sep 17 00:00:00 2001 From: Patrick Donnelly Date: Mon, 21 Jul 2025 22:50:01 -0400 Subject: [PATCH] auth/cephx: do not special case caps for mons Yes, the mons always fill in the caps with what is in its KeyServer but it's confusing to see this special case. Signed-off-by: Patrick Donnelly --- src/auth/cephx/CephxKeyServer.cc | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/auth/cephx/CephxKeyServer.cc b/src/auth/cephx/CephxKeyServer.cc index 2070d7eb6f4..2d6aa8765ed 100644 --- a/src/auth/cephx/CephxKeyServer.cc +++ b/src/auth/cephx/CephxKeyServer.cc @@ -485,12 +485,15 @@ int KeyServer::_build_session_auth_info(uint32_t service_id, generate_secret(info.session_key, key_type); - // mon keys are stored externally. and the caps are blank anyway. - if (service_id != CEPH_ENTITY_TYPE_MON) { - string s = ceph_entity_type_name(service_id); - if (!data.get_caps(cct, info.ticket.name, s, info.ticket.caps)) { - return -EINVAL; - } + /* N.B.: the Monitor special cases cap retrieval via a call to + * CephxServiceHandler::handle_request which fills in the + * Connection::peer_caps_info. This lets the Monitor always use the latest + * up-to-date mon caps for the entity but it's an unfortunate divergence in + * behavior. + */ + string s = ceph_entity_type_name(service_id); + if (!data.get_caps(cct, info.ticket.name, s, info.ticket.caps)) { + return -EINVAL; } return 0; } -- 2.47.3