• Ilya Dryomov's avatar
    libceph: add authorizer challenge · 6daca13d
    Ilya Dryomov authored
    When a client authenticates with a service, an authorizer is sent with
    a nonce to the service (ceph_x_authorize_[ab]) and the service responds
    with a mutation of that nonce (ceph_x_authorize_reply).  This lets the
    client verify the service is who it says it is but it doesn't protect
    against a replay: someone can trivially capture the exchange and reuse
    the same authorizer to authenticate themselves.
    
    Allow the service to reject an initial authorizer with a random
    challenge (ceph_x_authorize_challenge).  The client then has to respond
    with an updated authorizer proving they are able to decrypt the
    service's challenge and that the new authorizer was produced for this
    specific connection instance.
    
    The accepting side requires this challenge and response unconditionally
    if the client side advertises they have CEPHX_V2 feature bit.
    
    This addresses CVE-2018-1128.
    
    Link: http://tracker.ceph.com/issues/24836Signed-off-by: default avatarIlya Dryomov <idryomov@gmail.com>
    Reviewed-by: default avatarSage Weil <sage@redhat.com>
    6daca13d
auth.c 7.87 KB