auth: extend crypto API to support multiple usages per key

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit 0876f64ea7da4e77e0f3bd9fbcafb260ccf23329)
(cherry picked from commit b0d2f120243d459905b635047c84f95630cab323)

mgr/cephadm: rotate keyring for core ceph daemons during upgrade

Specifically, this causes us to rotate the mgr, mon, OSD,
and mds keyrings. The mgr and mon keyring are done as soon
as we see all the mons have been upgraded and OSD/mds happens
when we reach them in the upgrade order.

NOTE: This patch alone is not enough to get this working
for encrypted OSDs

Signed-off-by: Adam King <adking@redhat.com>
(cherry picked from commit 22cd38708fb4e5812c70fd928b909edccd783abc)

auth: remove superfluous error log message

It's also possible that _refresh_config can be called multiple times before the
keyring config has been set (by an arg/env for instance). This would pollute
the log with erroneous error warnings.

MonClient::authenticate already warns about this.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit b2f3b7bc84509ba1a0cf832a5f410f9cb44cb4e2)

mon/MonClient: add assertions for monc lock in MonConnection

When handling auth, we want to be sure these methods hold the monc_lock
which protects, in particular, the client authorizer.

Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
(cherry picked from commit 1d55434d26da93346fc0e982923ba7d9b5f5de0d)

auth: add debugging for client cephx methods

In particular, to see when an auth helper is created/destroyed.

Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
(cherry picked from commit 23f0345b73093593aa5d5672b7d2b6b9f1b2f8ea)

auth: add debugging for keyring methods

In particular, to see when a rotating key ring is created/destroyed.

Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
(cherry picked from commit 503c8a10a19146fde6b6486d023259dd90ffd24e)

auth: use explicit default destructor

Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
(cherry picked from commit 83f769d6e9eccbfe51512b692fa01686b8c49c6a)

msg/async: move v1 member init to header

Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
(cherry picked from commit 624c848eeea6ad01bc94fe92b25a9789993c92d1)

msg: use MessageRef to manage pointer lifetime

To simplify reasoning about upcoming changes to incoming/pending
messages.

Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
(cherry picked from commit e9a2116c867912230ee1269b0b77ceaf718b89bc)

msg/DispatchQueue: add debugging for queue discard

Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
(cherry picked from commit cf07b2a93882d4ec26ac0d2021c8649f169dbf1e)

msg/Connection: move destructor to object file

To ensure vtable is embedded in Connection object file.

Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
(cherry picked from commit 090f5226176c372261023c91b9ace1fe76e94b9d)

mds: move messages to be sent

Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
(cherry picked from commit 138120a3aaafec11e83358ed0d82b80ada925ebb)

PendingReleaseNotes: add note for cephx upgrade

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit af2ab5810c7336dc9a35bba06e256b90982d7f7d)

doc: update cephx details for upgrade procedure

And add miscellaneous clarity / wording improvements.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 3420d1e827e209850319268a510e5b3dc6aa4179)
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
Conflicts:
doc/architecture.rst: minor doc differences

auth/AuthRegistry: refresh config on startup

I don't think this makes a functional difference but these configs should be
loaded at startup otherwise it relies on obs startup to load them.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 36d940fcdc28be8d40811a5b1f8310560c0a56f7)

common/options: remove auth_supported

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 822fd6f281a172208c6130a239639144629bc420)

Conflicts:
src/common/options/global.yaml.in: doc change

qa: check health warnings in cephx upgrade

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 1090d43c025e669b9c65a044140b0e8392dc6b65)

qa/tasks/ceph: allow configuring key settings for initial monmap

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 85915403f428e9c844faa3f448b68ead9916441c)

qa/tasks/ceph.key_rotate: provide mechanism to rotate client keys

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 1de9241a4b3c6e6836689f19960ca41136873f6f)

qa/tasks/ceph.healthy: indicate expected failing checks

We will want to confirm the cluster is healthy despite some checks that we
expect to be failing.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit d78eeb3311650bcde207cab55413421b7028c3c7)

qa/tasks/ceph: add key pruning task

To remove keys we don't care about and will raise warnings if left behind.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 70c0e678072519cd4d5a4e9f2c6d80d94e12de19)

msg: constify getter

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 8549152449cd71c01d71e66329c61f8ccaac3c1a)

auth/cephx: do not special case caps for mons

Yes, the mons always fill in the caps with what is in its KeyServer but it's
confusing to see this special case.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 4f41063c291838487bbee230efa642784db284cf)

tools/monmaptool: enable configuring monmap ciphers

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 95f475795acf0373744fda020af80d7449004c7c)

mon: provide emergency mechanism to rescue allowed_ciphers

If the administrator accidentally revokes auth to client.admin, they cannot fix
it because the setting is stored in the monmap. Provide a config to restore
access in such an emergency.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 5f125fba84bc863d5b7a6e6b1cdb28969a1d40d7)

mon: convert auth configs to monmap settings

This serves a few purposes:

- Makes sure mons agreen on these settings (cannot have differing configs)
- Allows us to set secure defaults for a brand new cluster.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 01e20e0f5ab57b6c41c9d854ada3ce97267eff87)

 Conflicts:
src/auth/cephx/CephxKeyServer.h: include changes
src/mon/Monitor.cc: command switch differences

doc: add new cephx health warnings

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 6757da5c018a69a2a7385fc076dee261b17860f0)

qa: add upgrade suite for cephx

To test upgrade paths for "aes" key type to "aes256k" including the expected
flows for service key updates and entity rotation.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 5c64a4ba22f7a9118136bf5487067961ee5d48a0)

qa/tasks/ceph: add task to rotate entity keys

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit b51b7781441a6529ebe75dc16f239f553c29fb39)

qa/tasks/ceph: allow cluster to be brought up with particular cephx key type

For testing cephx upgrades from older key types.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 31888061940ad04822e5fab8a3269af4d4e7ab37)

qa/tasks/radosbench: add extra_args conf

So we can easily add extra debug flags or whatever.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 1e2dc29f89da5f28f7ab65a39ae36f0d8b326846)

qa/tasks/radosbench: add auth_exit_on_failure arg

To cause `rados bench` to exit immediately when an auth failure occurs.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 2f5a990c0c359a5160fb464aacfb40ed592b6784)

qa: add sequential_yield task

This is identical to the sequential task except it yields after entering each
sub-task.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 6ae41427d6dc33448f5a6de1e1b10727b4ef48bd)

auth/Crypto: update type to entity_type_t

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit b2b01c87ef200112dbd722e2ae9d287d4615ad7a)

include/encoding: add encoder helpers for sized ints

When the raw type may not match the required encoded size, this helper makes
intent clear and avoids a common verbose pattern:

    intX_t t = val;
    encode(t, bl);

and

    intX_t t;
    decode(t, p);
    val = t;

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 143825e2efea71361f80ba9830ef689ce27fa084)

mon: add health checks for insecure keys

This commit prompted the previous refactor as it was inconvenient to check for
health warnings as part of AuthMonitor::tick and then pass those up via
PaxosService::encode_health.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit c391dd8a16124879586ec4eebdd7286118ecc1de)

mon: cleanup for loop

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 8c73055cb43aadebe1e69ff1e02d72306315eedb)

mon/HealthMonitor: refactor quorum_checks/leader_checks as PaxosMap

To codify protocol and catch bugs.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit dc5d8338b97a48b794a1609b7d33079174e063e6)

mon: refactor health check map through PaxosMap

This was motivated by confusing persistence of some health warnings during
testing of health warnings for cephx upgrades. Some services are only doing
health checks during ::encode_pending and others during ::tick. Make it
consistent.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 5e0c2b7aa74e378dadbaccb3584f750485b17e44)

mon/PaxosMap: add map template for managing Paxos structures

To protect access and codify protocol. Based loosely on PaxosFSMap which can be
refactored to use this later.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit eed2c1cb205180c3769c69179b7167f65fd320d7)

auth: improve programmability of key dumps

Notably:

- improve names (avoid repeated "keys")
- output type_str

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit dbb848dcc3ea2286845c6daa670dc9a5ea8abe06)

common/entity_name: dump type name as string

For easier selection without hard-coded constants.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 68f49f498ceefcbe85a8d4cdbcb953e66fe9f704)

common/entity_name: remove dead method

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit f617e49bf36273648da60c45fbeabeb75c024845)

common/entity_name: cleanup entity_name::type

This should use the entity_type_t from the msg headers. The only awkwardness is
that the encode/decode of the type needs to continue using a uint32_t.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 835749e1791ecdb0ba1d4ae1686a4f9aed52c772)

Conflicts:
src/common/entity_name.cc: header changes
src/common/entity_name.h: header changes

cephx: add note to address technical debt

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit ccbb69e085e40692610da2b09675f1669fc54deb)

auth: check service key is valid before decryption

CryptoKey::empty is the correct mechanism to check for an invalid key (and this
is codified elsewhere, fixed in this commit). Decryption would fail with an
abort if the key handler was unset. This would happen after rotating the "mon."
key and then restarting one of the mons.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit ece656cf6703b2aca03c186a74901add49316d1b)

auth: add more debugging for service tickets

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit db73ba2fad354ccc7d83b942a3581feae6ad3beb)

auth/cephx: set error message when decryption fails

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 703a8acbf8de5096821ae56965850d8b8ed5a218)

auth/cephx: provide more debugging when sig checks fail

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit eac0dfeb06960ba41e85493807e6d05814a02e64)

mon: provide emergency mechanism to use mon keyring

If they key is lost for the `mon.` credential, it's very inconvenient to get it
out of the "auth" database in the mon store. So, allow the operator to create a
new keyring for the mons and use it instead to get mons in quorum again.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 027609a59a77aae7dbdb0a854032e4a78e29eab5)

mon: cycle through keyring or key_server for auth with mons

After commit `mon: use key_server for looking up mon key`, the mons will now
use the key_server to lookup the `mon.` key when a mon connects.  We need to
make the mons prefer using that key with authenticating during probing other
mons. However, the protocol doesn't allow falling back to another key. This is
necessary if what's in the key_server database is out-of-date due to an earlier
loss of quorum. In that case, the operator should update the local keyring file
and the mon should give that a try if auth fails.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 827e87d99c9c111574ca05dbcd865e7c9cc98205)

mon: use key_server for looking up mon key

Note: the key_server is already configured to fallback (via
KeyServerData::extra_secrets) to the Monitor::keyring which is sourced from the
mon's keyring file.

Using the Monitor::key_server allows us to maintain the mon's secret in the
auth database alongside all other secrets. This makes rotating the mons' keys
the same as all other entities in Ceph. Before this, to rotate the mons' key
you would need to turn off all montitors and then rotate the key files
manually. This is obviously disruptive since it's not a rolling upgrade.

If the key is sourced from the Monitor::key_server, then the key can be rotated
and all mons are aware of the new key. The mons can then proceed to restart as
needed in a non-disruptive fashion.

A followup commit will cleanup the monitor to try either its local keyring key
or the key in the key_server (if present) when authenticating with other mons.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit cf8b4cf49b7f02f8fcedf8fe184ce0be594d4478)

mon: dout chosen addrs after startup

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit f927da886829eb1e4874c677810013a528d25d1b)

mon/MonClient: improve error message when failing to auth

Currently you just see:

    2025-05-14T23:07:37.244+0000 7f00dedd1640 -1 monclient(hunting): handle_auth_bad_method server allowed_methods [2] but i only support [2]

which is terrible at communicating the problem.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 9a3787545f5d2113fcde28ed8c16e44e6990c1ce)

auth,mon: add _exit config when auth fails

This is largely for testing: we want a client to exit immediately if auth
failures occur. Presently, those clients will try to reconnect forever.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 354f304c0b14c14fe258ac807fa430c1e453d8a8)

tools/ceph_authtool: allow configuring a preferred cipher

This makes testing easier as we can configure all keys in the cluster to be the
given "old" type without modifying each location that ceph-authtool is used.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 4c450c920e94af177d9b3c57c5ae26df556512fc)

mon/AuthMonitor: shutdown session connection on auth failure

Currently the mons will allow the session to persist even though an auth
failure has occurred, probably while trying to obtain new tickets.

A sequence to easily trigger this:

    ceph auth rotate osd.0
    ceph auth wipe-rotating-service-keys

The osd.0 will continue interacting with the mons until restart or a network
interruption occurs.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 02f2c1c66d117a66018bd72c0e1792f32528f057)

msg: add interface to shutdown Connection

Unfortunately this doesn't work as-is because I couldn't find primitives to
flush the out_queue. It's left as a to-do for now.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 05e3b36fa2d877b2d7451ccda9ce6da73690ba50)

crimson/mon/MonClient: call _wipe_secrets_and_tickets when needed

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 1ebde3b87d83ac9f4895074d0b5fc1d1e44c5bd6)

crimson/mon/MonClient: refacor Client::handle_monmap

Use coroutines, should help with future changes.

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit cbadee607f9c53459b962df99e2c19b646313505)

crimson/mon/MonClient: introduce handle_auth_failure

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 166cb98567619edbee1ddac9c4961fff4703920a)

crimson/mon/MonClient: add asock TODO comment

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit bfe2294cc838f9a875c2f7ea534196d4c5bf1b80)

crimson/osd/MonClient: Introduce Client::_wipe_secrets_and_tickets())

Similar to MonClient::_wipe_secrets_and_tickets())

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 74d1ea4ed05a601c35bfb4af3d6ab14eb866427a)

crimson/mon/MonClient: imitate Classic's _check_auth_tickets

Imitating this interface from Classicals MonClient::_check_auth_tickets()
should make it easier to understand Crimson's counterpart.

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 51fd62a5d6f40fb9f02530d1ee3304085d9942c0)

crimson/mon/MonClient: cleanup redundant private

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 493aa16dc21671633f8c4ddf00134d1cba68584a)

mon/MonClient: wipe secrets and invalidate tickets on auth epoch change

* This causes service daemons to drop all known service tickets and request new
  ones from the auth server.

* This causes the clients (and service daemons) to request new tickets from the
  auth server which will include tickets signed with the new service keys.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit bca0d66c5e7ac98006b3658b53a9e83faca7c70f)

mon/AuthMonitor: bump auth epoch when wiping service keys

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 77293673ccd2266967e519857d3d9c8d83ca94dc)

mon/MonmapMonitor: wire up interface to bump auth epoch

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit b6a8822f9e50cbf0713a8b747a65d75e12d86b2e)

mon/MonMap: add auth epoch

This will be used to indicate to clients / service daemons that the auth
service keys have been rotated. Clients and service daemons are expected to
invalidate their tickets and reauth. Service daemons should wipe their service
keys.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit b8e422127b95748860c7b7a670c6c8f12ce14618)

mon/AuthMonitor: add dump-keys and wipe-rotating-service-keys

`auth dump-keys` allows examining the key types for each entity and also the
rotating session keys. This lets us confirm key upgrades are done as expected.

`wipe-rotating-service-keys` clears out existing non-auth service keys so that we do not
need to wait for the rotating key expiration. It is not disruptive so long as clients
renew their tickets when prompted by the auth epoch change.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit f7b15b982a96a25a98e7b47755d4317723c4aa8d)

mon/AuthMonitor: add key-type switch

So it's possible to test with various key-types.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit e8ce247d9267d2a453865c4b3d9692852d979b2a)

common/cmdparse: add another template cmd_getval_or helper

To mimic the conventional signature where you pass the lvalue you want to set.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit ba57b3b5479dc238b4d041a6f82eaf2c38a97ea1)

mon/Monitor: perfect forward universal ref of lambda

This method doesn't currently work for std::move of a lambda.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit ff90e0e41784a99579dd12385db7fc0ccf5545a2)

mon/Monitor: add debugging for monmap handling

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 098e028b8762a6b18173f69224cbbfe3eef8798d)

mon: notify_new_monmap via MonmapMonitor::init

Otherwise, configurations are not updated during startup.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 51a2bab8ed48b2dc698ac4eeede48d94175b1851)

doc/man: document new --key-type option for ceph-authtool

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit a9f33559d69cff2d33d3d4c8ac4014fb77b5d665)

tools/ceph_authtool: add help message for key-type switch

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 47dfe121cfdf557b7a0eaa7d7d9478d5da3719e6)

common/buffer: accept "-" as stdin

These methods are used for reading files from tools like "authtool". Read from
stdin if the conventional "-" filename is passed.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 37441c753da3925c874a94ee3ff862bb725babb8)

auth/cephx: make some parameters const

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 755d5245566be43ce020daf8fb80ba3ec774dff5)

auth: cleanup error message formatting

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 5df283a98114024d852422b43624810bcf5fe8cb)

auth,mon: lookup ticket ttl at runtime

and improve debugging.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 338acf28ece964a859cf2f44bc29a84f36cd9510)

auth: add API to invalidate all tickets

This will prompt the client to request new ones from the auth server.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 9b3e4ee1fe7e3d1e6ea2c00376986bbfc17f73f4)

auth: add API to wipe rotating secrets

This is for the service daemon's store of rotating service secrets.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 6ecbb1c7d5878cc61156f0f79398437f1de3ca84)

auth/cephx: enforce sorted config keys

Makes future additions avoid conflicts.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 6ca5288570a8e6f4edb7b4f7ca0c47b9c4f0d212)

auth/cephx: update get_tracked_keys signature

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit b90b0c3c51f2ed16952509cac41b16eff27009a5)

auth: fix return type

key type is an unsigned.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 3665599fe6a8003be8b88116f7c484bef6aba83b)

common: break print template into separate header

To avoid pulling in all the debug includes for some primitive headers.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit d702f8e19f2ce72dc1fc8a7b029f792ec9d23075)

common: remove dead option

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit af409f19c9104301feb7e4620138f9de46434cc8)

test: fix compiler error

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 4dc7b06e4eb2071afa2847e8930d0e30ab532da6)

auth,*: remove conflicting fwd declarations

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
(cherry picked from commit c2d8e7127efd4391f64e19cd76e0f1b701289412)

Conflicts:
src/auth/Auth.h: include movement

include/common_fwd: Include Crypto classes

CryptoManager::cct is now used in CephContext ctor. To provide this
defintion
any ceph_context.cc target must also include Crypto.cc.

crimson-alien-common library which only had ceph_context.cc must now
also include Crypto.cc.
However, the fact that crimson-common also includes Crypto.cc would
cause multiple defintions
to any Crypto classes methods.

To resolve this, let's wrap all Crypto classes with TOPNSPC::common that
would be forwarded using common_fwd logic.

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
(cherry picked from commit 0e3e34565f5730f8baefecde9be592587129ba9d)

cephx: sign messages using hmac_sha256

if key type is newer than the original AES, calculate message
hash by using HMAC-SHA256.
We cannot use plain aes256k like we do with the aes key because
of the confounder. The other option would be to inject a
confounder, but that would weaken the cipher.

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit ba6bb55c7c977e9858e242e74d848273617c221b)

auth: create slice api for calculating hmac_sha256

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit dfffd730268e35bd357277963a0dc98ceae947f5)

test/auth: more aes256krb5 tests

 - DecryptNoBl
 - multiple test vectos per each test

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit f8cfded7e2e3ec857ad18cbe492f5d81fa7eb4d0)

auth: test slice interface for aes256k

AES256KRB5 uses the default slice encryption implementation, testing that
it works correctly.

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit 96a5909ae5e4512c0f94661e207ce6289e05ec5f)

test/crypto: more aes256krb5 tests

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit dca778213b45d3bc912d4fdc0f94f55fa2740e7b)

auth: add usage param to crypto handler

Allow different usage for crypto handler users. Currently being used
in the crypto unitest to match the test vectors.

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit 1330335661604e50468c8a0adc8fc73a2ab79b49)

auth: aes256krb5: add confounder config for unitests

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit 1232144f933b015759cb39f218157b92f57b6a4b)

cephx: add configurable to set allowed ciphers

cephx allowed ciphers: a list of ciphers that  sets what type
of keys are allowed to be used to authenticate

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit 0d4c67f2fd03aea9f65ade736e60f807d9da832e)

Conflicts:
src/auth/cephx/CephxServiceHandler.cc: header include movement

auth: remove unused code

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
(cherry picked from commit 334c6e66714a3e4f2e41790ee4d21f3a3ee92d5e)