Merge PR #30859 into master

* refs/pull/30859/head:
	auth: EACCES, not EPERM
	mon: shunt old tell commands from cli interface to asok
	mon: allow mgr to tell mon.foo smart
	mon: include quorum features in quorum_status
	qa/workunits/mon/caps.sh: fix test
	ceph_test_rados_api_cmd: fix MonDescribe test
	Merge branch 'vstart-fs-auth' of git://github.com/batrick/ceph into wip-cleanup-mon-asok
	test/pybind/test_ceph_argparse: fix tests
	vstart: add volume client keys to keyring
	vstart: use fs authorize to create master client key
	vstart: redirect some output to stderr
	vstart: output command strings to stderr
	qa/workunits/cephtool/test.sh: fix 'quorum enter' caller
	qa: change mon_status calls to quorum_status or tell commands
	mon: fix 'heap ...' command
	mon: consolidate 'sync force' commands
	mon: allow asok commands to return an error code
	mon: move 'quorum enter|exit' and 'mon_status' to asok
	mon: fix 'smart' asok command
	mon: remove old 'config set' and 'injectargs'

Reviewed-by: Josh Durgin <jdurgin@redhat.com>

5 files changed, 14 insertions, 14 deletions

diff --git a/src/auth/cephx/CephxClientHandler.cc b/src/auth/cephx/CephxClientHandler.cc
index abdb2f2cc47..a5365d344d1 100644
--- a/src/auth/cephx/CephxClientHandler.cc
+++ b/src/auth/cephx/CephxClientHandler.cc
@@ -166,7 +166,7 @@ int CephxClientHandler::handle_response(
 	
       if (!tickets.verify_service_ticket_reply(secret, indata)) {
 	ldout(cct, 0) << "could not verify service_ticket reply" << dendl;
-	return -EPERM;
+	return -EACCES;
       }
       ldout(cct, 10) << " want=" << want << " need=" << need << " have=" << have << dendl;
       if (!indata.end()) {
@@ -226,7 +226,7 @@ int CephxClientHandler::handle_response(
   
       if (!tickets.verify_service_ticket_reply(ticket_handler.session_key, indata)) {
         ldout(cct, 0) << "could not verify service_ticket reply" << dendl;
-        return -EPERM;
+        return -EACCES;
       }
       validate_tickets();
       if (!_need_tickets()) {
diff --git a/src/auth/cephx/CephxKeyServer.cc b/src/auth/cephx/CephxKeyServer.cc
index ec9fe990382..d6ba3fea15a 100644
--- a/src/auth/cephx/CephxKeyServer.cc
+++ b/src/auth/cephx/CephxKeyServer.cc
@@ -436,7 +436,7 @@ int KeyServer::build_session_auth_info(uint32_t service_id,
 				       CephXSessionAuthInfo& info)
 {
   if (!get_service_secret(service_id, info.service_secret, info.secret_id)) {
-    return -EPERM;
+    return -EACCES;
   }
 
   std::scoped_lock l{lock};
diff --git a/src/auth/cephx/CephxServiceHandler.cc b/src/auth/cephx/CephxServiceHandler.cc
index 27c3e9f8f44..867621a861a 100644
--- a/src/auth/cephx/CephxServiceHandler.cc
+++ b/src/auth/cephx/CephxServiceHandler.cc
@@ -88,12 +88,12 @@ int CephxServiceHandler::handle_request(
       CryptoKey secret;
       if (!key_server->get_secret(entity_name, secret)) {
         ldout(cct, 0) << "couldn't find entity name: " << entity_name << dendl;
-	ret = -EPERM;
+	ret = -EACCES;
 	break;
       }
 
       if (!server_challenge) {
-	ret = -EPERM;
+	ret = -EACCES;
 	break;
       }      
 
@@ -103,7 +103,7 @@ int CephxServiceHandler::handle_request(
 					 req.client_challenge, &expected_key, error);
       if (!error.empty()) {
 	ldout(cct, 0) << " cephx_calc_client_server_challenge error: " << error << dendl;
-	ret = -EPERM;
+	ret = -EACCES;
 	break;
       }
 
@@ -112,7 +112,7 @@ int CephxServiceHandler::handle_request(
       if (req.key != expected_key) {
         ldout(cct, 0) << " unexpected key: req.key=" << hex << req.key
 		<< " expected_key=" << expected_key << dec << dendl;
-        ret = -EPERM;
+        ret = -EACCES;
 	break;
       }
 
@@ -122,7 +122,7 @@ int CephxServiceHandler::handle_request(
 
       EntityAuth eauth;
       if (! key_server->get_auth(entity_name, eauth)) {
-	ret = -EPERM;
+	ret = -EACCES;
 	break;
       }
       CephXServiceTicketInfo old_ticket_info;
@@ -242,7 +242,7 @@ int CephxServiceHandler::handle_request(
 	    cct, *key_server, indata, 0, auth_ticket_info, nullptr,
 	    nullptr,
 	    &tmp_bl)) {
-        ret = -EPERM;
+        ret = -EACCES;
 	break;
       }
 
@@ -301,7 +301,7 @@ int CephxServiceHandler::handle_request(
 		     << entity_name << dendl;
       build_cephx_response_header(cephx_header.request_type, 0, *result_bl);
       if (!key_server->get_rotating_encrypted(entity_name, *result_bl)) {
-        ret = -EPERM;
+        ret = -EACCES;
         break;
       }
     }
diff --git a/src/auth/krb/KrbClientHandler.cpp b/src/auth/krb/KrbClientHandler.cpp
index e39d074e64d..1f728b4dd6e 100644
--- a/src/auth/krb/KrbClientHandler.cpp
+++ b/src/auth/krb/KrbClientHandler.cpp
@@ -161,7 +161,7 @@ int KrbClientHandler::handle_response(
           << gss_minor_status << " " 
           << status_str 
           << dendl;
-      return (-EPERM);
+      return (-EACCES);
     }
 
     gss_buffer_desc krb_input_name_buff = {0, nullptr};
@@ -244,7 +244,7 @@ int KrbClientHandler::handle_response(
           << gss_minor_status << " " 
           << status_str 
           << dendl;
-      result = (-EPERM);
+      result = (-EACCES);
       break;
   }
 
diff --git a/src/auth/krb/KrbServiceHandler.cpp b/src/auth/krb/KrbServiceHandler.cpp
index d7c0feeb34a..3bd679d0ab5 100644
--- a/src/auth/krb/KrbServiceHandler.cpp
+++ b/src/auth/krb/KrbServiceHandler.cpp
@@ -124,7 +124,7 @@ int KrbServiceHandler::handle_request(
             << gss_minor_status << " " 
             << status_str 
             << dendl;
-        result = (-EPERM);
+        result = (-EACCES);
         break;
       }
   }
@@ -206,7 +206,7 @@ int KrbServiceHandler::start_session(
         << gss_minor_status << " " 
         << status_str 
         << dendl;
-    return (-EPERM);
+    return (-EACCES);
   } else {
     KrbResponse krb_response;
     krb_response.m_response_type =