Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 06e925920d4de3da2114876bc607447e929604af^! / . / net / ceph / osd_client.c
commit06e925920d4de3da2114876bc607447e929604af[log] [tgz]
authorIlya Dryomov <idryomov@gmail.com>Fri Jul 27 19:18:34 2018 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Sat Dec 08 13:05:10 2018 +0100
tree351d4ecfe78e58b464ee897e2e6315250f45d62e
parent2e901ea8b448a7f5899104a3917ecca2a5e8ab7f [diff] [blame]
libceph: add authorizer challenge

commit 6daca13d2e72bedaaacfc08f873114c9307d5aea upstream.

When a client authenticates with a service, an authorizer is sent with
a nonce to the service (ceph_x_authorize_[ab]) and the service responds
with a mutation of that nonce (ceph_x_authorize_reply).  This lets the
client verify the service is who it says it is but it doesn't protect
against a replay: someone can trivially capture the exchange and reuse
the same authorizer to authenticate themselves.

Allow the service to reject an initial authorizer with a random
challenge (ceph_x_authorize_challenge).  The client then has to respond
with an updated authorizer proving they are able to decrypt the
service's challenge and that the new authorizer was produced for this
specific connection instance.

The accepting side requires this challenge and response unconditionally
if the client side advertises they have CEPHX_V2 feature bit.

This addresses CVE-2018-1128.

Link: http://tracker.ceph.com/issues/24836
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c
index 13110fa..70ccb07 100644
--- a/net/ceph/osd_client.c
+++ b/net/ceph/osd_client.c

@@ -4478,6 +4478,16 @@
 	return auth;
 }
 
+static int add_authorizer_challenge(struct ceph_connection *con,
+				    void *challenge_buf, int challenge_buf_len)
+{
+	struct ceph_osd *o = con->private;
+	struct ceph_osd_client *osdc = o->o_osdc;
+	struct ceph_auth_client *ac = osdc->client->monc.auth;
+
+	return ceph_auth_add_authorizer_challenge(ac, o->o_auth.authorizer,
+					    challenge_buf, challenge_buf_len);
+}
 
 static int verify_authorizer_reply(struct ceph_connection *con)
 {
@@ -4519,6 +4529,7 @@
 	.put = put_osd_con,
 	.dispatch = dispatch,
 	.get_authorizer = get_authorizer,
+	.add_authorizer_challenge = add_authorizer_challenge,
 	.verify_authorizer_reply = verify_authorizer_reply,
 	.invalidate_authorizer = invalidate_authorizer,
 	.alloc_msg = alloc_msg,