summaryrefslogtreecommitdiffstats
path: root/net/ceph/messenger.c
diff options
context:
space:
mode:
authorIlya Dryomov <idryomov@gmail.com>2018-07-27 19:18:34 +0200
committerIlya Dryomov <idryomov@gmail.com>2018-08-02 21:33:24 +0200
commit6daca13d2e72bedaaacfc08f873114c9307d5aea (patch)
tree97278ec273414431dd2fab13ccbc3a5d98140cec /net/ceph/messenger.c
parent149cac4a50b0b4081b38b2f38de6ef71c27eaa85 (diff)
downloadlinux-stable-6daca13d2e72bedaaacfc08f873114c9307d5aea.tar.gz
linux-stable-6daca13d2e72bedaaacfc08f873114c9307d5aea.tar.bz2
linux-stable-6daca13d2e72bedaaacfc08f873114c9307d5aea.zip
libceph: add authorizer challenge
When a client authenticates with a service, an authorizer is sent with a nonce to the service (ceph_x_authorize_[ab]) and the service responds with a mutation of that nonce (ceph_x_authorize_reply). This lets the client verify the service is who it says it is but it doesn't protect against a replay: someone can trivially capture the exchange and reuse the same authorizer to authenticate themselves. Allow the service to reject an initial authorizer with a random challenge (ceph_x_authorize_challenge). The client then has to respond with an updated authorizer proving they are able to decrypt the service's challenge and that the new authorizer was produced for this specific connection instance. The accepting side requires this challenge and response unconditionally if the client side advertises they have CEPHX_V2 feature bit. This addresses CVE-2018-1128. Link: http://tracker.ceph.com/issues/24836 Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Sage Weil <sage@redhat.com>
Diffstat (limited to 'net/ceph/messenger.c')
-rw-r--r--net/ceph/messenger.c17
1 files changed, 16 insertions, 1 deletions
diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
index 500cc3da586f..e915c8bce117 100644
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -2080,9 +2080,24 @@ static int process_connect(struct ceph_connection *con)
if (con->auth) {
/*
* Any connection that defines ->get_authorizer()
- * should also define ->verify_authorizer_reply().
+ * should also define ->add_authorizer_challenge() and
+ * ->verify_authorizer_reply().
+ *
* See get_connect_authorizer().
*/
+ if (con->in_reply.tag == CEPH_MSGR_TAG_CHALLENGE_AUTHORIZER) {
+ ret = con->ops->add_authorizer_challenge(
+ con, con->auth->authorizer_reply_buf,
+ le32_to_cpu(con->in_reply.authorizer_len));
+ if (ret < 0)
+ return ret;
+
+ con_out_kvec_reset(con);
+ __prepare_write_connect(con);
+ prepare_read_connect(con);
+ return 0;
+ }
+
ret = con->ops->verify_authorizer_reply(con);
if (ret < 0) {
con->error_msg = "bad authorize reply";