Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / 6daca13d2e72bedaaacfc08f873114c9307d5aea^! / . / include / linux / ceph / auth.h
commit6daca13d2e72bedaaacfc08f873114c9307d5aea[log] [tgz]
authorIlya Dryomov <idryomov@gmail.com>Fri Jul 27 19:18:34 2018 +0200
committerIlya Dryomov <idryomov@gmail.com>Thu Aug 02 21:33:24 2018 +0200
tree97278ec273414431dd2fab13ccbc3a5d98140cec
parent149cac4a50b0b4081b38b2f38de6ef71c27eaa85 [diff] [blame]
libceph: add authorizer challenge

When a client authenticates with a service, an authorizer is sent with
a nonce to the service (ceph_x_authorize_[ab]) and the service responds
with a mutation of that nonce (ceph_x_authorize_reply).  This lets the
client verify the service is who it says it is but it doesn't protect
against a replay: someone can trivially capture the exchange and reuse
the same authorizer to authenticate themselves.

Allow the service to reject an initial authorizer with a random
challenge (ceph_x_authorize_challenge).  The client then has to respond
with an updated authorizer proving they are able to decrypt the
service's challenge and that the new authorizer was produced for this
specific connection instance.

The accepting side requires this challenge and response unconditionally
if the client side advertises they have CEPHX_V2 feature bit.

This addresses CVE-2018-1128.

Link: http://tracker.ceph.com/issues/24836
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>

diff --git a/include/linux/ceph/auth.h b/include/linux/ceph/auth.h
index e931da8..6728c2e 100644
--- a/include/linux/ceph/auth.h
+++ b/include/linux/ceph/auth.h

@@ -64,6 +64,10 @@
 	/* ensure that an existing authorizer is up to date */
 	int (*update_authorizer)(struct ceph_auth_client *ac, int peer_type,
 				 struct ceph_auth_handshake *auth);
+	int (*add_authorizer_challenge)(struct ceph_auth_client *ac,
+					struct ceph_authorizer *a,
+					void *challenge_buf,
+					int challenge_buf_len);
 	int (*verify_authorizer_reply)(struct ceph_auth_client *ac,
 				       struct ceph_authorizer *a);
 	void (*invalidate_authorizer)(struct ceph_auth_client *ac,
@@ -118,6 +122,10 @@
 extern int ceph_auth_update_authorizer(struct ceph_auth_client *ac,
 				       int peer_type,
 				       struct ceph_auth_handshake *a);
+int ceph_auth_add_authorizer_challenge(struct ceph_auth_client *ac,
+				       struct ceph_authorizer *a,
+				       void *challenge_buf,
+				       int challenge_buf_len);
 extern int ceph_auth_verify_authorizer_reply(struct ceph_auth_client *ac,
 					     struct ceph_authorizer *a);
 extern void ceph_auth_invalidate_authorizer(struct ceph_auth_client *ac,