1
0
mirror of https://github.com/ceph/ceph synced 2025-02-18 16:37:41 +00:00
Commit Graph

683 Commits

Author SHA1 Message Date
Radoslaw Zarzynski
99d3a59d4b auth: refactor KeyServer::get_used_pending_keys().
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
2022-09-12 17:03:32 +00:00
Sage Weil
cb8c7f6ef8 auth: keep track of used pending_keys
Signed-off-by: Sage Weil <sage@newdream.net>
2022-09-12 17:02:59 +00:00
Sage Weil
9ed2162c80 mon/AuthMonitor: 'auth {get-or-create,clear,commit}-pending'
Add commands to create, clear, or commit pending_key.

Signed-off-by: Sage Weil <sage@newdream.net>
2022-09-12 17:02:59 +00:00
Sage Weil
d54c49d561 auth/cephx: authenticate with either key or pending_key
Signed-off-by: Sage Weil <sage@newdream.net>
2022-09-12 17:02:59 +00:00
Sage Weil
6139bb4d86 auth: add PendingKey to EntityAuth
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
2022-09-12 17:02:53 +00:00
Sage Weil
fa8ad5568c auth/Crypto: add clear()
Signed-off-by: Sage Weil <sage@newdream.net>
2022-09-08 16:11:30 -04:00
Radoslaw Zarzynski
74234a14b0 auth/cephx: don't convert from int; use bool in invalidate_ticket()
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
2022-07-26 12:14:40 +00:00
Adam C. Emerson
d5e1fdfc3c build: Silence deprecation warnings from OpenSSL 3
The OpenSSL developers suggest that anyone wishing to continue using
low-level functions may either live with the warnings, silence them,
or switch to high level functions.

As high level functions do their own memory allocation, switching to
them may lead to performance regressions.

We do not wish to have deprecation warnings filling up our compiler
outputs when searching for other messages.

So silencing the warnings, at least for now, seems the least bad option.

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
2022-05-18 18:06:01 -04:00
Radoslaw Zarzynski
a578cedea3 auth: drop unused get_supported_con_modes() from AuthServer.
In 2d53093875 its last user has
been removed.

Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
2021-10-27 16:08:08 +00:00
Kefu Chai
958b22e3ab
Merge pull request from liewegas/debug-51815
mon,auth: fix proposal (and mon db rebuild) of rotating secrets

Reviewed-by: Neha Ojha <nojha@redhat.com>
2021-10-07 06:45:45 +08:00
Sage Weil
18864380cc mon,auth: fix proposal of rotating keys
Instead of updating the live CephxKeyServer's rotating_keys and also
including them in a paxos proposal, propose new keys only in the proposal,
and only make them live once they are committed.  This keeps mons fully in
sync and avoids any inconsistency between the live behavior and committed
state (e.g., stale or divergent keys being applied and passed out to
daemons).

Signed-off-by: Sage Weil <sage@newdream.net>
2021-10-01 14:42:35 -04:00
Sage Weil
4bc8ca2e59 mon,auth: debug missing service secrets
Hunting https://tracker.ceph.com/issues/51815

Signed-off-by: Sage Weil <sage@newdream.net>
2021-10-01 14:42:23 -04:00
Ilya Dryomov
70aa026b09 auth,mon: don't log "unable to find a keyring" error when key is given
This error is logged even if --key or --keyring are specified and
confuses users because the command actually does its job and exits
with success.  This primarily affects "rbd mirror pool peer bootstrap
import" command and rbd-mirror and cephfs-mirror daemons which connect
to the remote cluster with just mon_host and key:

  $ rbd mirror pool peer bootstrap import mypool tokenfile
  ... -1 auth: unable to find a keyring on /etc/ceph/..keyring,/etc/ceph/.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin,: (2) No such file or directory
  ... -1 auth: unable to find a keyring on /etc/ceph/..keyring,/etc/ceph/.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin,: (2) No such file or directory
  ... -1 auth: unable to find a keyring on /etc/ceph/..keyring,/etc/ceph/.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin,: (2) No such file or directory

Local cluster commands are affected too:

  $ rados --no-config-file --mon-host $MON_HOST --key $KEY lspools
  ... -1 auth: unable to find a keyring on /etc/ceph/ceph.client.admin.keyring,/etc/ceph/ceph.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin: (2) No such file or directory
  ... -1 auth: unable to find a keyring on /etc/ceph/ceph.client.admin.keyring,/etc/ceph/ceph.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin: (2) No such file or directory
  ... -1 auth: unable to find a keyring on /etc/ceph/ceph.client.admin.keyring,/etc/ceph/ceph.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin: (2) No such file or directory
  ... -1 auth: unable to find a keyring on /etc/ceph/ceph.client.admin.keyring,/etc/ceph/ceph.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin: (2) No such file or directory
  ... -1 auth: unable to find a keyring on /etc/ceph/ceph.client.admin.keyring,/etc/ceph/ceph.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin: (2) No such file or directory
  ... -1 auth: unable to find a keyring on /etc/ceph/ceph.client.admin.keyring,/etc/ceph/ceph.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin: (2) No such file or directory
  ... -1 auth: unable to find a keyring on /etc/ceph/ceph.client.admin.keyring,/etc/ceph/ceph.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin: (2) No such file or directory
  ... -1 auth: unable to find a keyring on /etc/ceph/ceph.client.admin.keyring,/etc/ceph/ceph.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin: (2) No such file or directory
  ... -1 auth: unable to find a keyring on /etc/ceph/ceph.client.admin.keyring,/etc/ceph/ceph.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin: (2) No such file or directory
  device_health_metrics
  rbd

This was introduced in commit 98a2e5c59d ("rados: translate errno to
str in CLI").

Fixes: https://tracker.ceph.com/issues/51628
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2021-09-19 19:36:01 +02:00
Kefu Chai
baab67ca52 auth: build without "using namespace std"
* add "std::" prefix in headers
* add "using" declarations in .cc files.

so we don't rely on "using namespace std" in one or more included
headers.

Signed-off-by: Kefu Chai <kchai@redhat.com>
2021-08-13 12:23:38 +08:00
Kefu Chai
96948e1798 auth/KeyRing: rename decode_plaintext() to decode()
as the former is just an alias of the latter.

Signed-off-by: Kefu Chai <kchai@redhat.com>
2021-06-02 12:04:32 +08:00
Kefu Chai
594c5dc005 auth/KeyRing: do not decode a copy of bl
i checked all the code paths calling into KeyRing::decode(), none of
them relies on the behavior that the bl is not mutated after the
iterator is decoded.

actually, it is more intuitive to always move the iterator forward when
decoding the encoded keyring in the bufferlist.

Signed-off-by: Kefu Chai <kchai@redhat.com>
2021-06-02 11:59:18 +08:00
Kefu Chai
1bfd785307 auth/KeyRing: always decode keying as plaintext
for three reasons:

* we don't encode binary KeyRing since v0.48: the binary encoder for
  KeyRing was dropped in eaea7aa9b2,
  which was included since v0.48 (argonaut). and we don't encode
  KeyRing in binary manually elsewhere since then.
* we should not use exception in the normal code path. in C++,
  exception is not designed to be efficient or semantically a
  language facility to be part of the normal code path. so, from
  the readability perspective, we should not use exception here.
  as all encoded KeyRings are in plaintext.
* simpler this way.

Signed-off-by: Kefu Chai <kchai@redhat.com>
2021-06-02 11:02:28 +08:00
Sage Weil
4cfc002cb7 Merge PR into master
* refs/pull/40870/head:
	auth/cephx: make KeyServer::build_session_auth_info() less confusing
	auth/cephx: cap ticket validity by expiration of "next" key
	auth/cephx: drop redundant KeyServerData::get_service_secret() overload

Reviewed-by: Sage Weil <sage@redhat.com>
2021-04-16 08:14:28 -04:00
Ilya Dryomov
6f12cd3688 auth/cephx: make KeyServer::build_session_auth_info() less confusing
The second KeyServer::build_session_auth_info() overload is used only
by the monitor, for mon <-> mon authentication.  The monitor passes in
service_secret (mon secret) and secret_id (-1).  The TTL is irrelevant
because there is no rotation.

However the signature doesn't make it obvious.  Clarify that
service_secret and secret_id are input parameters and info is the only
output parameter.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2021-04-15 15:20:59 +02:00
Ilya Dryomov
370c9b1397 auth/cephx: cap ticket validity by expiration of "next" key
If auth_mon_ticket_ttl is increased by several times as done in
commit 522a52e6c2 ("auth/cephx: rotate auth tickets less often"),
active clients eventually get stuck because the monitor sends out an
auth ticket with a bogus validity.  The ticket is secured with the
"current" secret that is scheduled to expire according to the old TTL,
but the validity of the ticket is set to the new TTL.  As a result,
the client simply doesn't attempt to renew, letting the secrets rotate
potentially more than once.  When that happens, the client first hits
auth authorizer errors as it tries to renew service tickets and when
it finally gets to renewing the auth ticket, it hits the insecure
global_id reclaim wall.

Cap TTL by expiration of "next" key -- the "current" key may be
milliseconds away from expiration and still be used, legitimately.
Do it in KeyServerData alongside key rotation code and propagate the
capped TTL to the upper layer.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2021-04-15 11:51:38 +02:00
Ilya Dryomov
3078af7165 auth/cephx: drop redundant KeyServerData::get_service_secret() overload
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2021-04-15 11:18:51 +02:00
Kefu Chai
5505fc0051 common: generate legacy_config_opts.h from .yaml.in files
* add a setting named "with_legacy" to .yaml.in files, so
  each option with a true "with_legacy" will have an entry
  in legacy_config_opts.h.
* preserve the comments from legacy_config_opts.h to .yaml.in,
  some of them are solely for developers, but some of them are
  good reading for users as well. we can use them for "desc"
  field in a follow-up change.
* move common/legacy_config_opts.h to common/options/legacy_config_opts.h
  as legacy_config_opts.h is "closer" to the options directory
  than other sources files under src/common.
* update y2c.py to generate separate .h files which are in turn
  included by legacy_config_opts.h
* add a target named "legacy-option-headers", and let
  some targets depend on it so that these headers generated by
  y2c.py can be generated before the .cc files including them
  are compiled.

Signed-off-by: Kefu Chai <kchai@redhat.com>
2021-04-15 12:37:43 +08:00
Ilya Dryomov
05772ab612 auth/cephx: ignore CEPH_ENTITY_TYPE_AUTH in requested keys
When handling CEPHX_GET_AUTH_SESSION_KEY requests from nautilus+
clients, ignore CEPH_ENTITY_TYPE_AUTH in CephXAuthenticate::other_keys.
Similarly, when handling CEPHX_GET_PRINCIPAL_SESSION_KEY requests,
ignore CEPH_ENTITY_TYPE_AUTH in CephXServiceTicketRequest::keys.
These fields are intended for requesting service tickets, the auth
ticket (which is really a ticket granting ticket) must not be shared
this way.

Otherwise we end up sharing an auth ticket that a) isn't encrypted
with the old session key even if needed (should_enc_ticket == true)
and b) has the wrong validity, namely auth_service_ticket_ttl instead
of auth_mon_ticket_ttl.  In the CEPHX_GET_AUTH_SESSION_KEY case, this
undue ticket immediately supersedes the actual auth ticket already
encoded in the same reply (the reply frame ends up containing two auth
tickets).

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2021-04-06 17:28:55 -04:00
Ilya Dryomov
08766a17ed mon: fail fast when unauthorized global_id (re)use is disallowed
When unauthorized global_id (re)use is disallowed, we don't want to
let unpatched clients in because they wouldn't be able to reestablish
their monitor session later, resulting in subtle hangs and disrupted
user workloads.

Denying the initial connect for all legacy (CephXAuthenticate < v3)
clients is not feasible because a large subset of them never stopped
presenting their ticket on reconnects and are therefore compatible with
enforcing mode: most notably all kernel clients but also pre-luminous
userspace clients.  They don't need to be patched and excluding them
would significantly hamper the adoption of enforcing mode.

Instead, force clients that we are not sure about to reconnect shortly
after they go through authentication and obtain global_id.  This is
done in Monitor::dispatch_op() to capture both msgr1 and msgr2, most
likely instead of dispatching mon_subscribe.

We need to let mon_getmap through for "ceph ping" and "ceph tell" to
work.  This does mean that we share the monmap, which lets the client
return from MonClient::authenticate() considering authentication to be
finished and causing the potential reconnect error to not propagate to
the user -- the client would hang waiting for remaining cluster maps.
For msgr1, this is unavoidable because the monmap is sent immediately
after the final MAuthReply.  But for msgr2 this is rare: most of the
time we get to their mon_subscribe and cut the connection before they
process the monmap!

Regardless, the user doesn't get a chance to start a workload since
there is no proper higher-level session at that point.

To help with identifying clients that need patching, add global_id and
global_id_status to "sessions" output.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2021-04-06 17:28:55 -04:00
Ilya Dryomov
abebd643cc auth/cephx: option to disallow unauthorized global_id (re)use
global_id is a cluster-wide unique id that must remain stable for the
lifetime of the client instance.  The cephx protocol has a facility to
allow clients to preserve their global_id across reconnects:

(1) the client should provide its global_id in the initial handshake
    message/frame and later include its auth ticket proving previous
    possession of that global_id in CEPHX_GET_AUTH_SESSION_KEY request

(2) the monitor should verify that the included auth ticket is valid
    and has the same global_id and, if so, allow the reclaim

(3) if the reclaim is allowed, the new auth ticket should be
    encrypted with the session key of the included auth ticket to
    ensure authenticity of the client performing reclaim.  (The
    included auth ticket could have been snooped when the monitor
    originally shared it with the client or any time the client
    provided it back to the monitor as part of requesting service
    tickets, but only the genuine client would have its session key
    and be able to decrypt.)

Unfortunately, all (1), (2) and (3) have been broken for a while:

- (1) was broken in 2016 by commit a2eb6ae3fb ("mon/monclient:
  hunt for multiple monitor in parallel") and is addressed in patch
  "mon/MonClient: preserve auth state on reconnects"

- it turns out that (2) has never been enforced.  When cephx was
  being designed and implemented in 2009, two changes to the protocol
  raced with each other pulling it in different directions: commits
  0669ca21f4 ("auth: reuse global_id when requesting tickets")
  and fec31964a1 ("auth: when renewing session, encrypt ticket")
  added the reclaim mechanism based strictly on auth tickets, while
  commit 5eeb711b6b ("auth: change server side negotiation a bit")
  allowed the client to provide global_id in the initial handshake.
  These changes didn't get reconciled and as a result a malicious
  client can assign itself any global_id of its choosing by simply
  passing something other than 0 in MAuth message or AUTH_REQUEST
  frame and not even bother supplying any ticket.  This includes
  getting a global_id that is being used by another client.

- (3) was broken in 2019 with addition of support for msgr2, where
  the new auth ticket ends up being shared unencrypted.  However the
  root cause is deeper and a malicious client can coerce msgr1 into
  the same.  This also goes back to 2009 and is addressed in patch
  "auth/cephx: ignore CEPH_ENTITY_TYPE_AUTH in requested keys".

Because (2) has never been enforced, no one noticed when (1) got
broken and we began to rely on this flaw for normal operation in
the face of reconnects due to network hiccups or otherwise.  As of
today, only pre-luminous userspace clients and kernel clients are
not exercising it on a daily basis.

Bump CephXAuthenticate version and use a dummy v3 to distinguish
between legacy clients that don't (may not) include their auth ticket
and new clients.  For new clients, unconditionally disallow claiming
global_id without a corresponding auth ticket.  For legacy clients,
introduce a choice between permissive (current behavior, default for
the foreseeable future) and enforcing mode.

If the reclaim is disallowed, return EACCES.  While MonClient does
have some provision for global_id changes and we could conceivably
implement enforcement by handing out a fresh global_id instead of
the provided one, those code paths have never been tested and there
are too many ways a sudden global_id change could go wrong.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2021-04-06 17:28:55 -04:00
Ilya Dryomov
6b860684c6 auth/cephx: make cephx_decode_ticket() take a const ticket_blob
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2021-04-06 17:28:55 -04:00
Ilya Dryomov
b50b6abd60 auth/AuthServiceHandler: keep track of global_id and whether it is new
AuthServiceHandler already has global_id field, but it is unused.
Revive it and let the handler know whether global_id is newly assigned
by the monitor or provided by the client.

Lift the setting of entity_name into AuthServiceHandler.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2021-04-06 17:28:55 -04:00
Ilya Dryomov
49cba02a75 auth/AuthServiceHandler: build_cephx_response_header() is cephx-specific
Make the one in CephxServiceHandler private and drop the stub in
AuthNoneServiceHandler.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2021-04-06 17:28:54 -04:00
Ilya Dryomov
c151c9659b auth/AuthServiceHandler: drop unused start_session() args
session_key, connection_secret and connection_secret_required_length
aren't material for start_session() across all three implementations.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2021-04-06 17:28:54 -04:00
Ilya Dryomov
236b536b28 mon/MonClient: preserve auth state on reconnects
Commit a2eb6ae3fb ("mon/monclient: hunt for multiple monitor in
parallel") introduced a regression where auth state (global_id and
AuthClientHandler) was no longer preserved on reconnects.  The ensuing
breakage was quickly noticed and prompted a follow-on fix 8bb6193c8f
("mon/MonClient: persist global_id across re-connecting").

However, as evident from the subject, the follow-on fix only took
care of the global_id part.  AuthClientHandler is still destroyed
and all cephx tickets are discarded.  A new from-scratch instance
is created for each MonConnection and CEPHX_GET_AUTH_SESSION_KEY
requests end up with CephXAuthenticate::old_ticket not populated.
The bug is in MonClient, so both msgr1 and msgr2 are affected.

This should have resulted in a similar sort of breakage but didn't
because of a much larger bug.  The monitor should have denied the
attempt to reclaim global_id with no valid ticket proving previous
possession of that global_id presented.  Alas, it appears that this
aspect of the cephx protocol has never been enforced.  This is dealt
with in the next patch.

To fix the issue at hand, clone AuthClientHandler into each
MonConnection so that each respective CEPHX_GET_AUTH_SESSION_KEY
request gets a copy of the current auth ticket.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2021-04-06 17:28:54 -04:00
Ilya Dryomov
707d32a599 auth/CephxClientHandler: explain why skipping extra_tickets is needed
Since nautilus, CEPHX_GET_AUTH_SESSION_KEY shares both the auth ticket
and the service tickets, sparing an extra round-trip to get the service
tickets via CEPHX_GET_PRINCIPAL_SESSION_KEY.  This applies to msgr1 as
well, but we don't take advantage of it on the client side.

However, fixing CephxClientHandler to do the right thing breaks msgr1.
Since msgr1 is on its way out, rather than also fixing MonClient just
document the bug and the current behaviour.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2021-03-29 13:45:10 +02:00
Kefu Chai
5deb55aec0 auth,msg,common: test: use s/init_le*/ceph_le*/
for better readability.

Signed-off-by: Kefu Chai <kchai@redhat.com>
2021-03-10 22:35:25 +08:00
Radoslaw Zarzynski
2f35f7e8f6 auth: drop unnecessary forward declaration from AuthClientHandler.
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
2021-03-01 15:14:25 +00:00
Ilya Dryomov
4a82c72e3b mon/MonClient: bring back CEPHX_V2 authorizer challenges
Commit c58c5754df ("msg/async/ProtocolV1: use AuthServer and
AuthClient") introduced a backwards compatibility issue into msgr1.
To fix it, commit 3215480105 ("mon/MonClient: skip CEPHX_V2
challenge if client doesn't support it") set out to skip authorizer
challenges for peers that don't support CEPHX_V2.  However, it
made it so that authorizer challenges are skipped for all peers in
both msgr1 and msgr2 cases, effectively disabling the protection
against replay attacks that was put in place in commit f80b848d3f
("auth/cephx: add authorizer challenge", CVE-2018-1128).

This is because con->get_features() always returns 0 at that
point.  In msgr1 case, the peer shares its features along with the
authorizer, but while they are available in connect_msg.features they
aren't assigned to con until ProtocolV1::open().  In msgr2 case, the
peer doesn't share its features until much later (in CLIENT_IDENT
frame, i.e. after the authentication phase).  The result is that
!CEPHX_V2 branch is taken in all cases and replay attack protection
is lost.

Only clusters with cephx_service_require_version set to 2 on the
service daemons would not be silently downgraded.  But, since the
default is 1 and there are no reports of looping on BADAUTHORIZER
faults, I'm pretty sure that no one has ever done that.  Note that
cephx_require_version set to 2 would have no effect even though it
is supposed to be stronger than cephx_service_require_version
because MonClient::handle_auth_request() didn't check it.

To fix:

- for msgr1, check connect_msg.features (as was done before commit
  c58c5754df) and challenge if CEPHX_V2 is supported.  Together
  with two preceding patches that resurrect proper cephx_* option
  handling in msgr1, this covers both "I want old clients to work"
  and "I wish to require better authentication" use cases.

- for msgr2, don't check anything and always challenge.  CEPHX_V2
  predates msgr2, anyone speaking msgr2 must support it.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2020-10-17 20:54:18 +02:00
Kefu Chai
9e46dd520f auth/cephx: implement random()->get_bytes() for crimson
instead of using CryptoRandom use the C++ standard library for
generating secret.

Signed-off-by: Kefu Chai <kchai@redhat.com>
2020-07-27 11:29:10 +08:00
Lucian Petrut
4ba0c2fee8 common,msg,kv: Use Windows or portable function alternatives
Some functions are unavailable on Windows. We'll add some platform
checks, using either portable functions, either the Windows specific
ones:

* utimes -> utime
* strerror_r -> strerror_s
* poll -> WSAPoll
* sendmsg -> WSASend
* switch to portable time format specifiers
* fcntl -> ioctlsocket, when setting up non-blocking sockets
* /dev/urandom -> BCryptGenRandom
* sysconf(_SC_PAGESIZE) -> GetSystemInfo()
* define compat_mkdir, handling the fact that mkdir doesn't accept
  the mode argument on Windows

Signed-off-by: Lucian Petrut <lpetrut@cloudbasesolutions.com>
2020-07-08 06:38:39 +00:00
Adam C. Emerson
1e8864092d mon: Build ceph-mon without using namespace declarations in headers
This is part of a series of commits to clean up using namespace at top
level in headers.

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
2020-03-22 00:28:46 -04:00
Kefu Chai
25ac152841
Merge pull request from adamemerson/wip-using-namespace-common
Build the target 'common' without relying on using namespace in headers

Reviewed-by: Kefu Chai <kchai@redhat.com>
2020-03-21 10:33:16 +08:00
Adam C. Emerson
04eb9ddc48 auth: Build target 'common' without using namespace in headers
Part of a changeset to allow building all of 'common' without relying
on 'using namespace std' or 'using namespace ceph' at toplevel in
headers.

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
2020-03-07 04:32:04 -05:00
Yehuda Sadeh
6cc75c636f auth registry: helpers for checking secure method/mode
Signed-off-by: Yehuda Sadeh <yehuda@redhat.com>
2020-03-05 22:17:31 -08:00
Kefu Chai
e50ff2c89f
Merge pull request from liu-chunmei/ceph_seastar_alien_blue_store
crimson:: add alien blue store

Reviewed-by: Samuel Just <sjust@redhat.com>
Reviewed-by: Kefu Chai <kchai@redhat.com>
2020-03-02 18:15:24 +08:00
Sage Weil
d27f512d17 Merge PR into master
* refs/pull/33226/head:
	unittest_auth: update for new ms_*_mode semantics
	auth: treat mgr the same as mon when selecting auth mode

Reviewed-by: Sage Weil <sage@redhat.com>
2020-02-28 03:17:39 -06:00
Chunmei Liu
a54d0a90c0 crimson:common add TOPNSPC namespace for ceph and crimson
some code coexist in crimson seastar environment and posix environment,
so add namespace to avoid same function conflict, for example add namespace
for CephContext, since the new namespace for classic ceph-osd,
need modify all files declare use CephContext by including "common_fwd.h"
which defined the namespace for each environment.

Signed-off-by: Chunmei Liu <chunmei.liu@intel.com>
2020-02-27 19:56:29 -08:00
Lucian Petrut
ddf7de4f35 cmake: Add missing ssl include
A few modules are using ssl headers without having the openssl
include dir set by the cmake files.

This change updates the according cmake files.

Signed-off-by: Lucian Petrut <lpetrut@cloudbasesolutions.com>
2020-02-19 08:24:21 +00:00
Kefu Chai
812f10ffad cmake: compile crimson-auth with crimson::cflags
* move auth related stuff into crimson/CMakeLists.txt, so we can
  link them against crimson::cflags, which populates the necessary
  definitions and other cxx flags when building these source files.
* expose crimson::cflags as a public library of crimson, as
  crimson-osd links against crimson. and the cflags should be populated
  to crimson-osd, otherwise they are compiled with different compiler
  options.

Signed-off-by: Kefu Chai <kchai@redhat.com>
2020-02-14 14:21:32 +08:00
Yehuda Sadeh
dc89461999 auth: treat mgr the same as mon when selecting auth mode
Also use mon_cluster_modes (and not cluster_modes) when peer is mon/mgr.

Signed-off-by: Yehuda Sadeh <yehuda@redhat.com>
2020-02-13 13:49:33 -08:00
Radoslaw Zarzynski
947931db7b auth: audit memset & bzero users for FIPS.
This commit add comments after auditing a subset of
`memset` and `bzero` users found basing on the GCC's
`deprecated` attribute:
https://gist.github.com/rzarzynski/db9b4ca6b3d409d2ab8d38f4d6678063.

Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
2019-11-17 11:55:23 +01:00
Kefu Chai
770b443e74 auth/cephx: always initialize local variables
to silence GCC warnings like:

rc/auth/cephx/CephxProtocol.h:309:5: warning: 'type' may be used uninitialized in this function [-Wmaybe-uninitialized]
     if (i != tickets_map.end())
     ^~

Signed-off-by: Kefu Chai <kchai@redhat.com>
2019-10-25 16:44:53 +08:00
Kefu Chai
4589fff6bf crimson: s/ceph/crimson/ in namespace names
to help differentiate the symbols shared by classic and crimson osd,
after this change, all crimson code will live in "crimson::" namespaces.
and in a follow-up change, all classic code used by crimson will live in
"ceph::" namespaces.

Signed-off-by: Kefu Chai <kchai@redhat.com>
2019-10-24 12:37:30 +08:00
Sage Weil
29c97547a9 Merge PR into master
* refs/pull/30859/head:
	auth: EACCES, not EPERM
	mon: shunt old tell commands from cli interface to asok
	mon: allow mgr to tell mon.foo smart
	mon: include quorum features in quorum_status
	qa/workunits/mon/caps.sh: fix test
	ceph_test_rados_api_cmd: fix MonDescribe test
	Merge branch 'vstart-fs-auth' of git://github.com/batrick/ceph into wip-cleanup-mon-asok
	test/pybind/test_ceph_argparse: fix tests
	vstart: add volume client keys to keyring
	vstart: use fs authorize to create master client key
	vstart: redirect some output to stderr
	vstart: output command strings to stderr
	qa/workunits/cephtool/test.sh: fix 'quorum enter' caller
	qa: change mon_status calls to quorum_status or tell commands
	mon: fix 'heap ...' command
	mon: consolidate 'sync force' commands
	mon: allow asok commands to return an error code
	mon: move 'quorum enter|exit' and 'mon_status' to asok
	mon: fix 'smart' asok command
	mon: remove old 'config set' and 'injectargs'

Reviewed-by: Josh Durgin <jdurgin@redhat.com>
2019-10-23 21:05:42 -05:00