git.baikalelectronics.ru Git - kernel.git/commit

author	Ilya Dryomov <idryomov@gmail.com>
	Fri, 27 Jul 2018 17:18:34 +0000 (19:18 +0200)
committer	Ilya Dryomov <idryomov@gmail.com>
	Thu, 2 Aug 2018 19:33:24 +0000 (21:33 +0200)
commit	58384510e8bd4ef926eb8e6c7831bb7e210133e7
tree	97278ec273414431dd2fab13ccbc3a5d98140cec	tree \| snapshot
parent	12869c3163d19159defeda51a62c77c45205ac96	commit \| diff

libceph: add authorizer challenge

When a client authenticates with a service, an authorizer is sent with
a nonce to the service (ceph_x_authorize_[ab]) and the service responds
with a mutation of that nonce (ceph_x_authorize_reply). This lets the
client verify the service is who it says it is but it doesn't protect
against a replay: someone can trivially capture the exchange and reuse
the same authorizer to authenticate themselves.

Allow the service to reject an initial authorizer with a random
challenge (ceph_x_authorize_challenge). The client then has to respond
with an updated authorizer proving they are able to decrypt the
service's challenge and that the new authorizer was produced for this
specific connection instance.

The accepting side requires this challenge and response unconditionally
if the client side advertises they have CEPHX_V2 feature bit.

This addresses CVE-2018-1128.

Link: http://tracker.ceph.com/issues/24836
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>

fs/ceph/mds_client.c		diff \| blob \| history
include/linux/ceph/auth.h		diff \| blob \| history
include/linux/ceph/messenger.h		diff \| blob \| history
include/linux/ceph/msgr.h		diff \| blob \| history
net/ceph/auth.c		diff \| blob \| history
net/ceph/auth_x.c		diff \| blob \| history
net/ceph/auth_x_protocol.h		diff \| blob \| history
net/ceph/messenger.c		diff \| blob \| history
net/ceph/osd_client.c		diff \| blob \| history