qa/tasks/ceph: add key pruning task

To remove keys we don't care about and will raise warnings if left behind.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 70c0e678072519cd4d5a4e9f2c6d80d94e12de19)

msg: constify getter

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 8549152449cd71c01d71e66329c61f8ccaac3c1a)

auth/cephx: do not special case caps for mons

Yes, the mons always fill in the caps with what is in its KeyServer but it's
confusing to see this special case.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 4f41063c291838487bbee230efa642784db284cf)

tools/monmaptool: enable configuring monmap ciphers

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 95f475795acf0373744fda020af80d7449004c7c)

mon: provide emergency mechanism to rescue allowed_ciphers

If the administrator accidentally revokes auth to client.admin, they cannot fix
it because the setting is stored in the monmap. Provide a config to restore
access in such an emergency.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 5f125fba84bc863d5b7a6e6b1cdb28969a1d40d7)

mon: convert auth configs to monmap settings

This serves a few purposes:

- Makes sure mons agreen on these settings (cannot have differing configs)
- Allows us to set secure defaults for a brand new cluster.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 01e20e0f5ab57b6c41c9d854ada3ce97267eff87)

 Conflicts:
src/auth/cephx/CephxKeyServer.h: include changes
src/mon/Monitor.cc: command switch differences

doc: add new cephx health warnings

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 6757da5c018a69a2a7385fc076dee261b17860f0)

qa: add upgrade suite for cephx

To test upgrade paths for "aes" key type to "aes256k" including the expected
flows for service key updates and entity rotation.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 5c64a4ba22f7a9118136bf5487067961ee5d48a0)

qa/tasks/ceph: add task to rotate entity keys

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit b51b7781441a6529ebe75dc16f239f553c29fb39)

qa/tasks/ceph: allow cluster to be brought up with particular cephx key type

For testing cephx upgrades from older key types.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 31888061940ad04822e5fab8a3269af4d4e7ab37)

qa/tasks/radosbench: add extra_args conf

So we can easily add extra debug flags or whatever.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 1e2dc29f89da5f28f7ab65a39ae36f0d8b326846)

qa/tasks/radosbench: add auth_exit_on_failure arg

To cause `rados bench` to exit immediately when an auth failure occurs.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 2f5a990c0c359a5160fb464aacfb40ed592b6784)

qa: add sequential_yield task

This is identical to the sequential task except it yields after entering each
sub-task.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 6ae41427d6dc33448f5a6de1e1b10727b4ef48bd)

auth/Crypto: update type to entity_type_t

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit b2b01c87ef200112dbd722e2ae9d287d4615ad7a)

include/encoding: add encoder helpers for sized ints

When the raw type may not match the required encoded size, this helper makes
intent clear and avoids a common verbose pattern:

    intX_t t = val;
    encode(t, bl);

and

    intX_t t;
    decode(t, p);
    val = t;

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 143825e2efea71361f80ba9830ef689ce27fa084)

mon: add health checks for insecure keys

This commit prompted the previous refactor as it was inconvenient to check for
health warnings as part of AuthMonitor::tick and then pass those up via
PaxosService::encode_health.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit c391dd8a16124879586ec4eebdd7286118ecc1de)

mon: cleanup for loop

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 8c73055cb43aadebe1e69ff1e02d72306315eedb)

mon/HealthMonitor: refactor quorum_checks/leader_checks as PaxosMap

To codify protocol and catch bugs.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit dc5d8338b97a48b794a1609b7d33079174e063e6)

mon: refactor health check map through PaxosMap

This was motivated by confusing persistence of some health warnings during
testing of health warnings for cephx upgrades. Some services are only doing
health checks during ::encode_pending and others during ::tick. Make it
consistent.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 5e0c2b7aa74e378dadbaccb3584f750485b17e44)

mon/PaxosMap: add map template for managing Paxos structures

To protect access and codify protocol. Based loosely on PaxosFSMap which can be
refactored to use this later.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit eed2c1cb205180c3769c69179b7167f65fd320d7)

auth: improve programmability of key dumps

Notably:

- improve names (avoid repeated "keys")
- output type_str

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit dbb848dcc3ea2286845c6daa670dc9a5ea8abe06)

common/entity_name: dump type name as string

For easier selection without hard-coded constants.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 68f49f498ceefcbe85a8d4cdbcb953e66fe9f704)

common/entity_name: remove dead method

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit f617e49bf36273648da60c45fbeabeb75c024845)

common/entity_name: cleanup entity_name::type

This should use the entity_type_t from the msg headers. The only awkwardness is
that the encode/decode of the type needs to continue using a uint32_t.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 835749e1791ecdb0ba1d4ae1686a4f9aed52c772)

Conflicts:
src/common/entity_name.cc: header changes
src/common/entity_name.h: header changes

cephx: add note to address technical debt

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit ccbb69e085e40692610da2b09675f1669fc54deb)

auth: check service key is valid before decryption

CryptoKey::empty is the correct mechanism to check for an invalid key (and this
is codified elsewhere, fixed in this commit). Decryption would fail with an
abort if the key handler was unset. This would happen after rotating the "mon."
key and then restarting one of the mons.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit ece656cf6703b2aca03c186a74901add49316d1b)

auth: add more debugging for service tickets

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit db73ba2fad354ccc7d83b942a3581feae6ad3beb)

auth/cephx: set error message when decryption fails

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 703a8acbf8de5096821ae56965850d8b8ed5a218)

auth/cephx: provide more debugging when sig checks fail

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit eac0dfeb06960ba41e85493807e6d05814a02e64)

mon: provide emergency mechanism to use mon keyring

If they key is lost for the `mon.` credential, it's very inconvenient to get it
out of the "auth" database in the mon store. So, allow the operator to create a
new keyring for the mons and use it instead to get mons in quorum again.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 027609a59a77aae7dbdb0a854032e4a78e29eab5)

mon: cycle through keyring or key_server for auth with mons

After commit `mon: use key_server for looking up mon key`, the mons will now
use the key_server to lookup the `mon.` key when a mon connects.  We need to
make the mons prefer using that key with authenticating during probing other
mons. However, the protocol doesn't allow falling back to another key. This is
necessary if what's in the key_server database is out-of-date due to an earlier
loss of quorum. In that case, the operator should update the local keyring file
and the mon should give that a try if auth fails.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 827e87d99c9c111574ca05dbcd865e7c9cc98205)

mon: use key_server for looking up mon key

Note: the key_server is already configured to fallback (via
KeyServerData::extra_secrets) to the Monitor::keyring which is sourced from the
mon's keyring file.

Using the Monitor::key_server allows us to maintain the mon's secret in the
auth database alongside all other secrets. This makes rotating the mons' keys
the same as all other entities in Ceph. Before this, to rotate the mons' key
you would need to turn off all montitors and then rotate the key files
manually. This is obviously disruptive since it's not a rolling upgrade.

If the key is sourced from the Monitor::key_server, then the key can be rotated
and all mons are aware of the new key. The mons can then proceed to restart as
needed in a non-disruptive fashion.

A followup commit will cleanup the monitor to try either its local keyring key
or the key in the key_server (if present) when authenticating with other mons.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit cf8b4cf49b7f02f8fcedf8fe184ce0be594d4478)

mon: dout chosen addrs after startup

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit f927da886829eb1e4874c677810013a528d25d1b)

mon/MonClient: improve error message when failing to auth

Currently you just see:

    2025-05-14T23:07:37.244+0000 7f00dedd1640 -1 monclient(hunting): handle_auth_bad_method server allowed_methods [2] but i only support [2]

which is terrible at communicating the problem.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 9a3787545f5d2113fcde28ed8c16e44e6990c1ce)

auth,mon: add _exit config when auth fails

This is largely for testing: we want a client to exit immediately if auth
failures occur. Presently, those clients will try to reconnect forever.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 354f304c0b14c14fe258ac807fa430c1e453d8a8)

tools/ceph_authtool: allow configuring a preferred cipher

This makes testing easier as we can configure all keys in the cluster to be the
given "old" type without modifying each location that ceph-authtool is used.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 4c450c920e94af177d9b3c57c5ae26df556512fc)

mon/AuthMonitor: shutdown session connection on auth failure

Currently the mons will allow the session to persist even though an auth
failure has occurred, probably while trying to obtain new tickets.

A sequence to easily trigger this:

    ceph auth rotate osd.0
    ceph auth wipe-rotating-service-keys

The osd.0 will continue interacting with the mons until restart or a network
interruption occurs.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 02f2c1c66d117a66018bd72c0e1792f32528f057)

msg: add interface to shutdown Connection

Unfortunately this doesn't work as-is because I couldn't find primitives to
flush the out_queue. It's left as a to-do for now.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 05e3b36fa2d877b2d7451ccda9ce6da73690ba50)

crimson/mon/MonClient: call _wipe_secrets_and_tickets when needed

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 1ebde3b87d83ac9f4895074d0b5fc1d1e44c5bd6)

crimson/mon/MonClient: refacor Client::handle_monmap

Use coroutines, should help with future changes.

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit cbadee607f9c53459b962df99e2c19b646313505)

crimson/mon/MonClient: introduce handle_auth_failure

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 166cb98567619edbee1ddac9c4961fff4703920a)

crimson/mon/MonClient: add asock TODO comment

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit bfe2294cc838f9a875c2f7ea534196d4c5bf1b80)

crimson/osd/MonClient: Introduce Client::_wipe_secrets_and_tickets())

Similar to MonClient::_wipe_secrets_and_tickets())

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 74d1ea4ed05a601c35bfb4af3d6ab14eb866427a)

crimson/mon/MonClient: imitate Classic's _check_auth_tickets

Imitating this interface from Classicals MonClient::_check_auth_tickets()
should make it easier to understand Crimson's counterpart.

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 51fd62a5d6f40fb9f02530d1ee3304085d9942c0)

crimson/mon/MonClient: cleanup redundant private

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 493aa16dc21671633f8c4ddf00134d1cba68584a)

mon/MonClient: wipe secrets and invalidate tickets on auth epoch change

* This causes service daemons to drop all known service tickets and request new
  ones from the auth server.

* This causes the clients (and service daemons) to request new tickets from the
  auth server which will include tickets signed with the new service keys.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit bca0d66c5e7ac98006b3658b53a9e83faca7c70f)

mon/AuthMonitor: bump auth epoch when wiping service keys

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 77293673ccd2266967e519857d3d9c8d83ca94dc)

mon/MonmapMonitor: wire up interface to bump auth epoch

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit b6a8822f9e50cbf0713a8b747a65d75e12d86b2e)

mon/MonMap: add auth epoch

This will be used to indicate to clients / service daemons that the auth
service keys have been rotated. Clients and service daemons are expected to
invalidate their tickets and reauth. Service daemons should wipe their service
keys.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit b8e422127b95748860c7b7a670c6c8f12ce14618)

mon/AuthMonitor: add dump-keys and wipe-rotating-service-keys

`auth dump-keys` allows examining the key types for each entity and also the
rotating session keys. This lets us confirm key upgrades are done as expected.

`wipe-rotating-service-keys` clears out existing non-auth service keys so that we do not
need to wait for the rotating key expiration. It is not disruptive so long as clients
renew their tickets when prompted by the auth epoch change.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit f7b15b982a96a25a98e7b47755d4317723c4aa8d)

mon/AuthMonitor: add key-type switch

So it's possible to test with various key-types.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit e8ce247d9267d2a453865c4b3d9692852d979b2a)

common/cmdparse: add another template cmd_getval_or helper

To mimic the conventional signature where you pass the lvalue you want to set.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit ba57b3b5479dc238b4d041a6f82eaf2c38a97ea1)

mon/Monitor: perfect forward universal ref of lambda

This method doesn't currently work for std::move of a lambda.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit ff90e0e41784a99579dd12385db7fc0ccf5545a2)

mon/Monitor: add debugging for monmap handling

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 098e028b8762a6b18173f69224cbbfe3eef8798d)

mon: notify_new_monmap via MonmapMonitor::init

Otherwise, configurations are not updated during startup.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 51a2bab8ed48b2dc698ac4eeede48d94175b1851)

doc/man: document new --key-type option for ceph-authtool

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit a9f33559d69cff2d33d3d4c8ac4014fb77b5d665)

tools/ceph_authtool: add help message for key-type switch

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 47dfe121cfdf557b7a0eaa7d7d9478d5da3719e6)

common/buffer: accept "-" as stdin

These methods are used for reading files from tools like "authtool". Read from
stdin if the conventional "-" filename is passed.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 37441c753da3925c874a94ee3ff862bb725babb8)

auth/cephx: make some parameters const

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 755d5245566be43ce020daf8fb80ba3ec774dff5)

auth: cleanup error message formatting

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 5df283a98114024d852422b43624810bcf5fe8cb)

auth,mon: lookup ticket ttl at runtime

and improve debugging.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 338acf28ece964a859cf2f44bc29a84f36cd9510)

auth: add API to invalidate all tickets

This will prompt the client to request new ones from the auth server.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 9b3e4ee1fe7e3d1e6ea2c00376986bbfc17f73f4)

auth: add API to wipe rotating secrets

This is for the service daemon's store of rotating service secrets.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 6ecbb1c7d5878cc61156f0f79398437f1de3ca84)

auth/cephx: enforce sorted config keys

Makes future additions avoid conflicts.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 6ca5288570a8e6f4edb7b4f7ca0c47b9c4f0d212)

auth/cephx: update get_tracked_keys signature

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit b90b0c3c51f2ed16952509cac41b16eff27009a5)

auth: fix return type

key type is an unsigned.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 3665599fe6a8003be8b88116f7c484bef6aba83b)

common: break print template into separate header

To avoid pulling in all the debug includes for some primitive headers.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit d702f8e19f2ce72dc1fc8a7b029f792ec9d23075)

common: remove dead option

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit af409f19c9104301feb7e4620138f9de46434cc8)

test: fix compiler error

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 4dc7b06e4eb2071afa2847e8930d0e30ab532da6)

auth,*: remove conflicting fwd declarations

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
(cherry picked from commit c2d8e7127efd4391f64e19cd76e0f1b701289412)

Conflicts:
src/auth/Auth.h: include movement

include/common_fwd: Include Crypto classes

CryptoManager::cct is now used in CephContext ctor. To provide this
defintion
any ceph_context.cc target must also include Crypto.cc.

crimson-alien-common library which only had ceph_context.cc must now
also include Crypto.cc.
However, the fact that crimson-common also includes Crypto.cc would
cause multiple defintions
to any Crypto classes methods.

To resolve this, let's wrap all Crypto classes with TOPNSPC::common that
would be forwarded using common_fwd logic.

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
(cherry picked from commit 0e3e34565f5730f8baefecde9be592587129ba9d)

cephx: sign messages using hmac_sha256

if key type is newer than the original AES, calculate message
hash by using HMAC-SHA256.
We cannot use plain aes256k like we do with the aes key because
of the confounder. The other option would be to inject a
confounder, but that would weaken the cipher.

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit ba6bb55c7c977e9858e242e74d848273617c221b)

auth: create slice api for calculating hmac_sha256

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit dfffd730268e35bd357277963a0dc98ceae947f5)

test/auth: more aes256krb5 tests

 - DecryptNoBl
 - multiple test vectos per each test

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit f8cfded7e2e3ec857ad18cbe492f5d81fa7eb4d0)

auth: test slice interface for aes256k

AES256KRB5 uses the default slice encryption implementation, testing that
it works correctly.

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit 96a5909ae5e4512c0f94661e207ce6289e05ec5f)

test/crypto: more aes256krb5 tests

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit dca778213b45d3bc912d4fdc0f94f55fa2740e7b)

auth: add usage param to crypto handler

Allow different usage for crypto handler users. Currently being used
in the crypto unitest to match the test vectors.

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit 1330335661604e50468c8a0adc8fc73a2ab79b49)

auth: aes256krb5: add confounder config for unitests

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit 1232144f933b015759cb39f218157b92f57b6a4b)

cephx: add configurable to set allowed ciphers

cephx allowed ciphers: a list of ciphers that  sets what type
of keys are allowed to be used to authenticate

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit 0d4c67f2fd03aea9f65ade736e60f807d9da832e)

Conflicts:
src/auth/cephx/CephxServiceHandler.cc: header include movement

auth: remove unused code

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit 334c6e66714a3e4f2e41790ee4d21f3a3ee92d5e)

auth: add a configurable to control rotating keys cipher type

auth_service_cipher: a mon configurable that determines what type of cipher
the rotating keys are using. The configurable can change at runtime. Note
that the change does not invalidate existing keys, these would expire
based on their ttl.

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit c37d1f44b64e0079c5c71232b6472a7841768d40)

auth/cephx: session key type is set to client key type

This ensures that the client supports the specific key type.

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit 36345741b1dee9482e40aa9db847375dacc73107)

auth/cephx: switch default cipher to AES256KRB5

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit 2af51362afdd1da9f1195f3394716d09383a0c88)

auth/cephx: modify client + server challenges hashing

This applies when using ciphers that are not the original
AES-128 one. Use the hmac-sha256 hash now. With AES256KRB5
the original method of encrypting the combined challenges
doesn't work as the confounder randomizes the result.

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit 31c07fbbf3b8c911a51b41791d6b6265923acda2)

ceph-authtool: support --key-type param

Also move the encryption handlers out of the ceph_context.
Handlers are now returned as a shared_ptr, to support the
creation of new handlers with different params (such as
the usage param).

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit 3085da064b838b52c638a9121187d1341b591066)

auth/crypto: add support for aes256-hmac384-192

Using the encryption standard set in RFC 8009. This is the
encryption that is used in Kerberos 5, so naming this variation
as AES256KRB5.

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit c259448c46b5235f0aa220cddb5d7e14f469b147)

auth: propagate ceph context to encrypt/decrypt

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit c73c75d34051cef09e9695dcf85a24a4d024faaf)

Merge pull request #65617 from spuiuk/tentacle-doc-provider

tentacle: doc/mgr/smb: document the 'provider' option for smb share

Merge pull request #65259 from joscollin/wip-72284-tentacle

tentacle:  mds: wrong snap check for directory with parent snaps

Reviewed-by: Patrick Donnelly <pdonnell@ibm.com>

Merge pull request #64885 from vshankar/wip-72391-tentacle

tentacle: mds/MDSDaemon: unlock `mds_lock` while shutting down Beacon and others

Merge pull request #64888 from vshankar/wip-72285-tentacle

tentacle: qa/suites/upgrade: add "Replacing daemon mds" to ignorelist

Merge pull request #64953 from batrick/wip-72514-tentacle

tentacle: mds: skip charmap handler check for MDS requests

Merge pull request #65132 from chrisphoffman/wip-72644-tentacle

tentacle: client: use path supplied in statfs

Merge pull request #65163 from joscollin/wip-72153-tentacle

tentacle: mds: dump export_ephemeral_random_pin as double

Merge pull request #64650 from rishabh-d-dave/wip-72201-tentacle

tentacle: mgr/vol: keep and show clone source info

Merge pull request #65346 from joscollin/wip-72803-tentacle

tentacle: mds: Fix readdir when osd is full.

Reviewed-by: Kotresh HR <khiremat@redhat.com>

doc/mgr/smb: document the 'provider' option for smb share

Signed-off-by: Sachin Prabhu <sp@spui.uk>
(cherry picked from commit 742659b18a21cd8ccc36a0f0a53bea265a13a541)
Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>

Merge pull request #65564 from xhernandez/wip-73075-tentacle

tentacle: Add normalization and casesensitive options to the subvolume group creation command

Reviewed-by: Venky Shankar <vshankar@redhat.com>
Reviewed-by: Anthony D'Atri <anthony.datri@gmail.com>

Merge pull request #65262 from joscollin/wip-71831-tentacle

tentacle: mgr/volumes: Keep mon caps if auth key has remaining mds/osd caps

Reviewed-by: Kotresh HR <khiremat@redhat.com>

Merge pull request #65540 from NitzanMordhai/wip-72996-tentacle

tentacle: qa/workunits/rados: remove cache tier test