From patchwork Wed Aug 1 19:03:43 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilya Dryomov X-Patchwork-Id: 10552825 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CCD5E174A for ; Wed, 1 Aug 2018 19:04:20 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CB07C2BACC for ; Wed, 1 Aug 2018 19:04:20 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BF7B82BAD6; Wed, 1 Aug 2018 19:04:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.8 required=2.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AFF992BACC for ; Wed, 1 Aug 2018 19:04:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387496AbeHAUv3 (ORCPT ); Wed, 1 Aug 2018 16:51:29 -0400 Received: from mail-wr1-f66.google.com ([209.85.221.66]:35063 "EHLO mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732033AbeHAUv3 (ORCPT ); Wed, 1 Aug 2018 16:51:29 -0400 Received: by mail-wr1-f66.google.com with SMTP id a3-v6so21140922wrt.2 for ; Wed, 01 Aug 2018 12:04:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=lBeVjYjQ2C39rIHLnnW0oF4VTicOZP9lUD3hTVIATMY=; b=mSJr/XntKvZcdVFFqfdxhlax80x7TxPJVEKr6rROaJbgSNR7bo2lRpZHDj5NuZ7Uq6 K5I9bJ02CXjagi2u0vjeHdceyMGHFXl5H9HXLiAAgxH7OUFspjVQB6kJphphUzyGl/Bp DiflRGuygYOMbA+1R6Z1scMhKuCYbkgrnfrZ0RrAlE9p22FibUL94GR2K3lxkFqTtCUG NfNqn2W4x2yrlmlI5TbG9n/zlr/zt0Gw0y+Z3p0ywVKCJAF0B6PJq9oxuHe47xcP8XLc o8nn9sqoHwwfO1RCJqDTgb+ETq2L87hfvPvR5tSL4d4w8thSpHmhrez7e1FUHTBMmu+p Zxvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=lBeVjYjQ2C39rIHLnnW0oF4VTicOZP9lUD3hTVIATMY=; b=KZCtS0xRMb1LkEjHBbOBeyRm9kdnFbbNoGz0rYosHvmQ9W8/o3Dq3ymTchV4E59QBz rWuUSVQO05cnHXzm1lmEG8JAhF+BKnSHrmRrQ2mljoPns/Np0d9U83H/eCdP8AveK3yU ZzfF58c4x6vO28qBX+sgO6Ft/RAplRh7aZxgkNDroW3YBJRMCgEyb3jEuCoIerfqwdYQ aQNXeq2QNrJ/D8eESOjVB3i/au5uF05GSaaWwETInpIOuFb9S8Q2GPmUtBqJvBAE5olm Yo6TIzeu9vFnmDWetp90CKefaAsME5X8U9cSm0HYuCd6eLdXEPtuWylVqBhawxmASu4u ionQ== X-Gm-Message-State: AOUpUlFFH52xkeBVXWEG+fVKV+XSwrgndq+4pbkCpovfG2ALb+KaIhWx P3vTkp//piwqYMqQVw7sQ6Fgc22i X-Google-Smtp-Source: AAOMgpfOoZDiRsPhZmuGloNzJarcq3D/+a9ROB8NyP+1K1Q4dUmTqex267pipPGgEVky8l5bxXHXDg== X-Received: by 2002:adf:92c3:: with SMTP id 61-v6mr26296409wrn.231.1533150255889; Wed, 01 Aug 2018 12:04:15 -0700 (PDT) Received: from orange.redhat.com ([213.175.37.12]) by smtp.gmail.com with ESMTPSA id r17-v6sm15401322wrt.44.2018.08.01.12.04.15 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 01 Aug 2018 12:04:15 -0700 (PDT) From: Ilya Dryomov To: ceph-devel@vger.kernel.org Subject: [PATCH 1/8] libceph: store ceph_auth_handshake pointer in ceph_connection Date: Wed, 1 Aug 2018 21:03:43 +0200 Message-Id: <20180801190350.857-2-idryomov@gmail.com> X-Mailer: git-send-email 2.14.4 In-Reply-To: <20180801190350.857-1-idryomov@gmail.com> References: <20180801190350.857-1-idryomov@gmail.com> Sender: ceph-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP We already copy authorizer_reply_buf and authorizer_reply_buf_len into ceph_connection. Factoring out __prepare_write_connect() requires two more: authorizer_buf and authorizer_buf_len. Store the pointer to the handshake in con->auth rather than piling on. Signed-off-by: Ilya Dryomov --- include/linux/ceph/messenger.h | 3 +-- net/ceph/messenger.c | 54 ++++++++++++++++++++---------------------- 2 files changed, 27 insertions(+), 30 deletions(-) diff --git a/include/linux/ceph/messenger.h b/include/linux/ceph/messenger.h index a718b877c597..021718570b50 100644 --- a/include/linux/ceph/messenger.h +++ b/include/linux/ceph/messenger.h @@ -286,9 +286,8 @@ struct ceph_connection { attempt for this connection, client */ u32 peer_global_seq; /* peer's global seq for this connection */ + struct ceph_auth_handshake *auth; int auth_retry; /* true if we need a newer authorizer */ - void *auth_reply_buf; /* where to put the authorizer reply */ - int auth_reply_buf_len; struct mutex mutex; diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c index 3f6336248509..b6ebd2cc16a1 100644 --- a/net/ceph/messenger.c +++ b/net/ceph/messenger.c @@ -1434,24 +1434,26 @@ static void prepare_write_keepalive(struct ceph_connection *con) * Connection negotiation. */ -static struct ceph_auth_handshake *get_connect_authorizer(struct ceph_connection *con, - int *auth_proto) +static int get_connect_authorizer(struct ceph_connection *con) { struct ceph_auth_handshake *auth; + int auth_proto; if (!con->ops->get_authorizer) { + con->auth = NULL; con->out_connect.authorizer_protocol = CEPH_AUTH_UNKNOWN; con->out_connect.authorizer_len = 0; - return NULL; + return 0; } - auth = con->ops->get_authorizer(con, auth_proto, con->auth_retry); + auth = con->ops->get_authorizer(con, &auth_proto, con->auth_retry); if (IS_ERR(auth)) - return auth; + return PTR_ERR(auth); - con->auth_reply_buf = auth->authorizer_reply_buf; - con->auth_reply_buf_len = auth->authorizer_reply_buf_len; - return auth; + con->auth = auth; + con->out_connect.authorizer_protocol = cpu_to_le32(auth_proto); + con->out_connect.authorizer_len = cpu_to_le32(auth->authorizer_buf_len); + return 0; } /* @@ -1471,8 +1473,7 @@ static int prepare_write_connect(struct ceph_connection *con) { unsigned int global_seq = get_global_seq(con->msgr, 0); int proto; - int auth_proto; - struct ceph_auth_handshake *auth; + int ret; switch (con->peer_name.type) { case CEPH_ENTITY_TYPE_MON: @@ -1499,20 +1500,15 @@ static int prepare_write_connect(struct ceph_connection *con) con->out_connect.protocol_version = cpu_to_le32(proto); con->out_connect.flags = 0; - auth_proto = CEPH_AUTH_UNKNOWN; - auth = get_connect_authorizer(con, &auth_proto); - if (IS_ERR(auth)) - return PTR_ERR(auth); - - con->out_connect.authorizer_protocol = cpu_to_le32(auth_proto); - con->out_connect.authorizer_len = auth ? - cpu_to_le32(auth->authorizer_buf_len) : 0; + ret = get_connect_authorizer(con); + if (ret) + return ret; con_out_kvec_add(con, sizeof (con->out_connect), &con->out_connect); - if (auth && auth->authorizer_buf_len) - con_out_kvec_add(con, auth->authorizer_buf_len, - auth->authorizer_buf); + if (con->auth) + con_out_kvec_add(con, con->auth->authorizer_buf_len, + con->auth->authorizer_buf); con->out_more = 0; con_flag_set(con, CON_FLAG_WRITE_PENDING); @@ -1781,11 +1777,14 @@ static int read_partial_connect(struct ceph_connection *con) if (ret <= 0) goto out; - size = le32_to_cpu(con->in_reply.authorizer_len); - end += size; - ret = read_partial(con, end, size, con->auth_reply_buf); - if (ret <= 0) - goto out; + if (con->auth) { + size = le32_to_cpu(con->in_reply.authorizer_len); + end += size; + ret = read_partial(con, end, size, + con->auth->authorizer_reply_buf); + if (ret <= 0) + goto out; + } dout("read_partial_connect %p tag %d, con_seq = %u, g_seq = %u\n", con, (int)con->in_reply.tag, @@ -1793,7 +1792,6 @@ static int read_partial_connect(struct ceph_connection *con) le32_to_cpu(con->in_reply.global_seq)); out: return ret; - } /* @@ -2076,7 +2074,7 @@ static int process_connect(struct ceph_connection *con) dout("process_connect on %p tag %d\n", con, (int)con->in_tag); - if (con->auth_reply_buf) { + if (con->auth) { /* * Any connection that defines ->get_authorizer() * should also define ->verify_authorizer_reply(). From patchwork Wed Aug 1 19:03:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilya Dryomov X-Patchwork-Id: 10552827 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E6052A748 for ; Wed, 1 Aug 2018 19:04:20 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E59BC2BA07 for ; Wed, 1 Aug 2018 19:04:20 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DA1182BAC7; Wed, 1 Aug 2018 19:04:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.8 required=2.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2F65C2BAD0 for ; Wed, 1 Aug 2018 19:04:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387519AbeHAUva (ORCPT ); Wed, 1 Aug 2018 16:51:30 -0400 Received: from mail-wr1-f66.google.com ([209.85.221.66]:40188 "EHLO mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731900AbeHAUv3 (ORCPT ); Wed, 1 Aug 2018 16:51:29 -0400 Received: by mail-wr1-f66.google.com with SMTP id h15-v6so21136718wrs.7 for ; Wed, 01 Aug 2018 12:04:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=TlkA72TOYOK++NwCO2uxxQK158WF78YEqAwbyTTfVU8=; b=uCyctozKaNkhNYDIu1JCKoiT8JACkDEgGal/+AInbsDBrvbpXIwuFLq1LqL63KQn5H +z1j66N+ThRv/BgtoU2Erzu+KzRGwOeXayzi3I85yQcSuAl5wkSlJVHHjJzzlciF1moe 3sXdG5pVoMHYubGDhCTwFwOCq6QFrYdOAjQPT27QMQJsKII6/fizDClLZuBWBltqxJe4 2dSFS7kRcC0jzyoAdDD8feFTP3+tMZxOY00VYiQFl3iVZ4r0fFwOVBZqT/s08sD4Q2Sa Y1haAsk7dM3Mb7e2EBnvfQqJOGXceT8Qsy6rvXZ0VIYbC0aw9G8ezUg+H286ox+jNr+u 6Pcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=TlkA72TOYOK++NwCO2uxxQK158WF78YEqAwbyTTfVU8=; b=SXiKKo0ro78u/KmSSTgN0nKQltcrUhzrH1VlEmC3NRSj64qGLTdFVa3rN+cFOG5BDa rK93rRkiOH1r7mjmttPFi+Wq1EUq1KwJWP0S+XmZO55pAHY9W5+kCB7QyH1nZYfAUDJU F2iO79yGsvYnNO2O3Sz0tbUrBQtR/3eHz/RuWBORTkaIsHXLzG6k5Dt7MYLsIT3AF8JC O7ffuxNKLg5Tp2E5yTkBTJ7Qh/K/L97eM4thX9eTnEhgN/e4u/acB8VBlPmDHh3/XQj8 3/8SRJc15fHXJLhsM/lYx5pE9Xzk+PCpc0n2HZJvV4MqSNWgaMOV+PU5NzYbSAjeQdzo 8mQg== X-Gm-Message-State: AOUpUlGRZaTzV9XIlo5Qrh7/K024fp7Tdu/rkmiKGCLLWmDc8wZxCc+3 JTjUQw+YHuR5OGnpv9HY8pqFJAUk X-Google-Smtp-Source: AAOMgpc2yITOJLZpu1UCq7SIexYjFv+qF4EinPHjWLQNv16IMUnejROhTdtFpCHbli2lPQbYrK8YvA== X-Received: by 2002:adf:90e9:: with SMTP id i96-v6mr26287726wri.146.1533150256968; Wed, 01 Aug 2018 12:04:16 -0700 (PDT) Received: from orange.redhat.com ([213.175.37.12]) by smtp.gmail.com with ESMTPSA id r17-v6sm15401322wrt.44.2018.08.01.12.04.15 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 01 Aug 2018 12:04:16 -0700 (PDT) From: Ilya Dryomov To: ceph-devel@vger.kernel.org Subject: [PATCH 2/8] libceph: factor out __prepare_write_connect() Date: Wed, 1 Aug 2018 21:03:44 +0200 Message-Id: <20180801190350.857-3-idryomov@gmail.com> X-Mailer: git-send-email 2.14.4 In-Reply-To: <20180801190350.857-1-idryomov@gmail.com> References: <20180801190350.857-1-idryomov@gmail.com> Sender: ceph-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Will be used for sending ceph_msg_connect with an updated authorizer, after the server challenges the initial authorizer. Signed-off-by: Ilya Dryomov --- net/ceph/messenger.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c index b6ebd2cc16a1..500cc3da586f 100644 --- a/net/ceph/messenger.c +++ b/net/ceph/messenger.c @@ -1469,6 +1469,17 @@ static void prepare_write_banner(struct ceph_connection *con) con_flag_set(con, CON_FLAG_WRITE_PENDING); } +static void __prepare_write_connect(struct ceph_connection *con) +{ + con_out_kvec_add(con, sizeof(con->out_connect), &con->out_connect); + if (con->auth) + con_out_kvec_add(con, con->auth->authorizer_buf_len, + con->auth->authorizer_buf); + + con->out_more = 0; + con_flag_set(con, CON_FLAG_WRITE_PENDING); +} + static int prepare_write_connect(struct ceph_connection *con) { unsigned int global_seq = get_global_seq(con->msgr, 0); @@ -1504,15 +1515,7 @@ static int prepare_write_connect(struct ceph_connection *con) if (ret) return ret; - con_out_kvec_add(con, sizeof (con->out_connect), - &con->out_connect); - if (con->auth) - con_out_kvec_add(con, con->auth->authorizer_buf_len, - con->auth->authorizer_buf); - - con->out_more = 0; - con_flag_set(con, CON_FLAG_WRITE_PENDING); - + __prepare_write_connect(con); return 0; } From patchwork Wed Aug 1 19:03:45 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilya Dryomov X-Patchwork-Id: 10552829 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C224413BF for ; Wed, 1 Aug 2018 19:04:21 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BFA342BA07 for ; Wed, 1 Aug 2018 19:04:21 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B46C22BACC; Wed, 1 Aug 2018 19:04:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.8 required=2.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 619E52BA07 for ; Wed, 1 Aug 2018 19:04:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387533AbeHAUvb (ORCPT ); Wed, 1 Aug 2018 16:51:31 -0400 Received: from mail-wr1-f66.google.com ([209.85.221.66]:40190 "EHLO mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387497AbeHAUvb (ORCPT ); Wed, 1 Aug 2018 16:51:31 -0400 Received: by mail-wr1-f66.google.com with SMTP id h15-v6so21136752wrs.7 for ; Wed, 01 Aug 2018 12:04:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=3137mms/Plyl10HoDXmTqiY3RzOTjJPcBWfQWdqcupA=; b=WvcZ0FbV7r0qI/jzgehngOIciELrkf4WF4K7ish4PNwGKL9mBOwyRlnP5RQqf4DmFL 0Ccw30EEKYrRkB2mPrJDA0zKkWVhLprZFZQCrwtsmvfTHEAV8vuq+fhuhsSet8pUie8P VCQna39vWi8m0Eb6DmyiSyzYTR863tLFHjPegkhhXJ5ZAMk8es6LRSn/ofNVxa/kTX5Z Zh03JOv6aUfhVEx+6Zh/bPHGyVle5xWiP+/fhG/eBkIAxEKvvW8SC5qC5tLb6AvXL9sY fvRhP7+vQ3iU6dZZWINhNorIJ84TrtYVr7Qk4ztkF3UMDHLtX36tgGtV6eLp517tAy2p zsAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=3137mms/Plyl10HoDXmTqiY3RzOTjJPcBWfQWdqcupA=; b=BqF8b7z5Wfiyez9JKQTU2HAhOx4VPo+in+wsHJPxbihbuf2YcOcCfnjJ0619xFqkrp TAvJu76M8yHtmafQaizDai0slB/oAatHyW9AVQ/HFKIGPG6Jh3JjkqK4IQK3gEnXLVRD EHzpyEsN+XxBJzH74iOiKtarMbi2QUm1ULd7Q/QJkDG/mWYh6h9Ky6BMEtbqR8cQpmRf VR/V1D3IgOAKQwdKWnwah/+FpDmj5ekSADzZ+OggMOyBjQ6DJmFbFUv6aSS5/J8QzTj5 1hhk+zMa2rFbP1FZRI5kxLmNR7uwZOWDPdxdGarOIof9E/lhFw0jkcERy39k2C0XPS7g C2gw== X-Gm-Message-State: AOUpUlHnOF9rjBlOV0hu3P0dL8A7JfggPK1hFiIBdlqmCs55Nup1qT4I +TLTdhtFdFce+nLa+QJMshIbCPv5 X-Google-Smtp-Source: AAOMgpd7rXxbGP0rk8v+X1tMeAOQo4WAGkwSxXJanSGj0+8UGTdSik1NTAX6qkw/kXOwwpv02QVVkA== X-Received: by 2002:adf:f342:: with SMTP id e2-v6mr24860510wrp.161.1533150257825; Wed, 01 Aug 2018 12:04:17 -0700 (PDT) Received: from orange.redhat.com ([213.175.37.12]) by smtp.gmail.com with ESMTPSA id r17-v6sm15401322wrt.44.2018.08.01.12.04.16 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 01 Aug 2018 12:04:17 -0700 (PDT) From: Ilya Dryomov To: ceph-devel@vger.kernel.org Subject: [PATCH 3/8] libceph: factor out __ceph_x_decrypt() Date: Wed, 1 Aug 2018 21:03:45 +0200 Message-Id: <20180801190350.857-4-idryomov@gmail.com> X-Mailer: git-send-email 2.14.4 In-Reply-To: <20180801190350.857-1-idryomov@gmail.com> References: <20180801190350.857-1-idryomov@gmail.com> Sender: ceph-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Will be used for decrypting the server challenge which is only preceded by ceph_x_encrypt_header. Signed-off-by: Ilya Dryomov --- net/ceph/auth_x.c | 33 ++++++++++++++++++++++++--------- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c index 6caac27fca85..cd1118d106a5 100644 --- a/net/ceph/auth_x.c +++ b/net/ceph/auth_x.c @@ -70,25 +70,40 @@ static int ceph_x_encrypt(struct ceph_crypto_key *secret, void *buf, return sizeof(u32) + ciphertext_len; } +static int __ceph_x_decrypt(struct ceph_crypto_key *secret, void *p, + int ciphertext_len) +{ + struct ceph_x_encrypt_header *hdr = p; + int plaintext_len; + int ret; + + ret = ceph_crypt(secret, false, p, ciphertext_len, ciphertext_len, + &plaintext_len); + if (ret) + return ret; + + if (le64_to_cpu(hdr->magic) != CEPHX_ENC_MAGIC) { + pr_err("%s bad magic\n", __func__); + return -EINVAL; + } + + return plaintext_len - sizeof(*hdr); +} + static int ceph_x_decrypt(struct ceph_crypto_key *secret, void **p, void *end) { - struct ceph_x_encrypt_header *hdr = *p + sizeof(u32); - int ciphertext_len, plaintext_len; + int ciphertext_len; int ret; ceph_decode_32_safe(p, end, ciphertext_len, e_inval); ceph_decode_need(p, end, ciphertext_len, e_inval); - ret = ceph_crypt(secret, false, *p, end - *p, ciphertext_len, - &plaintext_len); - if (ret) + ret = __ceph_x_decrypt(secret, *p, ciphertext_len); + if (ret < 0) return ret; - if (hdr->struct_v != 1 || le64_to_cpu(hdr->magic) != CEPHX_ENC_MAGIC) - return -EPERM; - *p += ciphertext_len; - return plaintext_len - sizeof(struct ceph_x_encrypt_header); + return ret; e_inval: return -EINVAL; From patchwork Wed Aug 1 19:03:46 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilya Dryomov X-Patchwork-Id: 10552831 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5AD3713BF for ; Wed, 1 Aug 2018 19:04:23 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 59E442BA07 for ; Wed, 1 Aug 2018 19:04:23 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4E3D22BACC; Wed, 1 Aug 2018 19:04:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.8 required=2.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E42D32BA07 for ; Wed, 1 Aug 2018 19:04:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387542AbeHAUvd (ORCPT ); Wed, 1 Aug 2018 16:51:33 -0400 Received: from mail-wm0-f67.google.com ([74.125.82.67]:39620 "EHLO mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387528AbeHAUvc (ORCPT ); Wed, 1 Aug 2018 16:51:32 -0400 Received: by mail-wm0-f67.google.com with SMTP id q8-v6so153995wmq.4 for ; Wed, 01 Aug 2018 12:04:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=NvEOnXdSkKLj0Litiek/bSZ/qYubTvSJpSdSrsXB4rE=; b=CYEQHudhQGHDa27+AV97MK5Yl8TML/MpeWM2ot6+r2Mb4fZRR7T3Tem1ws/UyoG1kP rGCIuDRNwCepDpfkmYjyVngWc1HLgyUc9KCRVNGTpUduEhUNF7V7OP97HP6Tf4uiByQC fN05E4C/0rmpdxkev8rS4FdJrnRsz9wBQfeRZctQc2NTPa963jerDCFgaJ9I/Ko+9DGG VNGF3BNMFt4anfvp8xmPT+CLVOmkUWIRHxAnRt55rOCx5lynNeuVlWL93X4xzSbZc0G9 CVaF4F6VPW4oIEXSELQbfR54f+Pcgjx4RpvY/UJQbd9zk+K1zFK6M/z7qXn8lWsIWyj8 YMNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=NvEOnXdSkKLj0Litiek/bSZ/qYubTvSJpSdSrsXB4rE=; b=OOqP69MPUcYHsXi9c4/X8OyCs/++BpGMXTSE01lt1pOBFPHbDeZ7umg/MViU/FcA1W cm7hSU3fmjQZwd5BtwsDPQHQWM/I6kPQDke8bCHqqhlRXy4SDVEGnsewnZ+rmYOF3fXT 9tSmMJxPuIxKGC00YiaCwUMb/nKgoYpmDU4c4X5JVEyZFxIR9Rc8KaSA1z6VALCyjXJa m+x0BguyGxlAOmJNc5z46UGgJwtKJxfEp9549jwlj5I62OUHllOeJU7ehV0JZOTOajMV ECRN4rUfWkBA1NW3p5el4oCMCJibeLoMDgkRVhshTVbpYgF92ty2/jffD7SH3Wna7iWS iKVQ== X-Gm-Message-State: AOUpUlGQApe3m2mf8vnRj2x3rZfPl6jYExpl55HClquShm0vKrE6dVnU BFXt/reKUziRsV54+1/xxo/teZDX X-Google-Smtp-Source: AAOMgpeUtBJQAPX0eg5pbOK+4ApxTzv9zvcTxDw+qYD79GlX573kD9jKbv4jXfg29Zg5Gm6c6jfAEw== X-Received: by 2002:a1c:6e07:: with SMTP id j7-v6mr81161wmc.126.1533150258912; Wed, 01 Aug 2018 12:04:18 -0700 (PDT) Received: from orange.redhat.com ([213.175.37.12]) by smtp.gmail.com with ESMTPSA id r17-v6sm15401322wrt.44.2018.08.01.12.04.17 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 01 Aug 2018 12:04:18 -0700 (PDT) From: Ilya Dryomov To: ceph-devel@vger.kernel.org Subject: [PATCH 4/8] libceph: factor out encrypt_authorizer() Date: Wed, 1 Aug 2018 21:03:46 +0200 Message-Id: <20180801190350.857-5-idryomov@gmail.com> X-Mailer: git-send-email 2.14.4 In-Reply-To: <20180801190350.857-1-idryomov@gmail.com> References: <20180801190350.857-1-idryomov@gmail.com> Sender: ceph-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Will be used for encrypting both the initial and updated authorizers. Signed-off-by: Ilya Dryomov --- net/ceph/auth_x.c | 49 ++++++++++++++++++++++++++++++++++++------------- 1 file changed, 36 insertions(+), 13 deletions(-) diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c index cd1118d106a5..61cccb93f653 100644 --- a/net/ceph/auth_x.c +++ b/net/ceph/auth_x.c @@ -290,6 +290,38 @@ static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac, return -EINVAL; } +/* + * Encode and encrypt the second part (ceph_x_authorize_b) of the + * authorizer. The first part (ceph_x_authorize_a) should already be + * encoded. + */ +static int encrypt_authorizer(struct ceph_x_authorizer *au) +{ + struct ceph_x_authorize_a *msg_a; + struct ceph_x_authorize_b *msg_b; + void *p, *end; + int ret; + + msg_a = au->buf->vec.iov_base; + WARN_ON(msg_a->ticket_blob.secret_id != cpu_to_le64(au->secret_id)); + p = (void *)(msg_a + 1) + le32_to_cpu(msg_a->ticket_blob.blob_len); + end = au->buf->vec.iov_base + au->buf->vec.iov_len; + + msg_b = p + ceph_x_encrypt_offset(); + msg_b->struct_v = 1; + msg_b->nonce = cpu_to_le64(au->nonce); + + ret = ceph_x_encrypt(&au->session_key, p, end - p, sizeof(*msg_b)); + if (ret < 0) + return ret; + + p += ret; + WARN_ON(p > end); + au->buf->vec.iov_len = p - au->buf->vec.iov_base; + + return 0; +} + static void ceph_x_authorizer_cleanup(struct ceph_x_authorizer *au) { ceph_crypto_key_destroy(&au->session_key); @@ -306,7 +338,6 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac, int maxlen; struct ceph_x_authorize_a *msg_a; struct ceph_x_authorize_b *msg_b; - void *p, *end; int ret; int ticket_blob_len = (th->ticket_blob ? th->ticket_blob->vec.iov_len : 0); @@ -350,21 +381,13 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac, dout(" th %p secret_id %lld %lld\n", th, th->secret_id, le64_to_cpu(msg_a->ticket_blob.secret_id)); - p = msg_a + 1; - p += ticket_blob_len; - end = au->buf->vec.iov_base + au->buf->vec.iov_len; - - msg_b = p + ceph_x_encrypt_offset(); - msg_b->struct_v = 1; get_random_bytes(&au->nonce, sizeof(au->nonce)); - msg_b->nonce = cpu_to_le64(au->nonce); - ret = ceph_x_encrypt(&au->session_key, p, end - p, sizeof(*msg_b)); - if (ret < 0) + ret = encrypt_authorizer(au); + if (ret) { + pr_err("failed to encrypt authorizer: %d", ret); goto out_au; + } - p += ret; - WARN_ON(p > end); - au->buf->vec.iov_len = p - au->buf->vec.iov_base; dout(" built authorizer nonce %llx len %d\n", au->nonce, (int)au->buf->vec.iov_len); return 0; From patchwork Wed Aug 1 19:03:47 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilya Dryomov X-Patchwork-Id: 10552839 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6EBD513BF for ; Wed, 1 Aug 2018 19:04:29 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6BB012BA07 for ; Wed, 1 Aug 2018 19:04:29 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5EAA02BACC; Wed, 1 Aug 2018 19:04:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.8 required=2.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7FB482BA07 for ; Wed, 1 Aug 2018 19:04:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387628AbeHAUvi (ORCPT ); Wed, 1 Aug 2018 16:51:38 -0400 Received: from mail-wm0-f45.google.com ([74.125.82.45]:52699 "EHLO mail-wm0-f45.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387497AbeHAUvd (ORCPT ); Wed, 1 Aug 2018 16:51:33 -0400 Received: by mail-wm0-f45.google.com with SMTP id o11-v6so165765wmh.2 for ; Wed, 01 Aug 2018 12:04:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=kHXtkQdeBeWXv1ZIhvz6aytTbxMv+7jHwUhYPXoW5o0=; b=spXztJwIfb5/MsFUFKxUY0lMgvDtIIwHdi8PZ+cG3DeXHkDJSXOcOE+itzju71PLSo SVOrFeuomHy+NWiQMUyvynAemT5QZlzZTBnKiYY9uAOnspmTPVxu/8q7kaoFHGJ378t/ cCYsBfUtTEVOBH8F+l2O1A/rDajn9YpQ5aTV8NgktEuB6WqmcuUcFLniTt84VrF5QoSZ 72/0n8au4wgj15XcT3JKQYO+UlIXePpMMJ2dkcl0W/Y+Ii0HBRjQPBMLkEaQ5zd2cwd9 hlTIHeGMSzPMYIitt84jUZoH90/QV8m2r9vsHhsp8VtonMbIamXNIDQVyOsR1Q1UBSsL 4cdA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=kHXtkQdeBeWXv1ZIhvz6aytTbxMv+7jHwUhYPXoW5o0=; b=N/S2pH4wHV9UziWu7QdENDze2ZVsst7sihslTcYEuBvJOCkL5pckcxfAddE+E4x4B/ RQf4u4uFFLk3477kgBRgtYTOmL8ug2xKcnsli1QJmVAIvGGu/rib3F0ANrrjJgvkYLyR Lb7WHQUNm+ikosX0QKXnGOirMZajCtBdgOiKQDtuUrBZ/cZHSyd4zBrIY5QRY7Etcsvx UEUlZyLyck/agULoaT0kDnF+/ayfk+vE72mhyTvBE6d3eiBUrz9JnXVp1qpJpENkadvK 8om3+u7gRdVF2jDT3yZGcwyLQyarbrh2WmEMDMdyHKOBcy99nPPizjZJ/QyZUjU9MKJN LgKw== X-Gm-Message-State: AOUpUlGg5PAayL7RZ2Q/4ka3W0NG69PYanKutch88U+VJ0kCeFg+pjAq FujAc9wFeUpjRZZOuD569NIjvHBb X-Google-Smtp-Source: AAOMgpeRz6JRYMs/6CJtXalfwpMIQDq9kEQe1UgY4tehDTbDtM++gwvxzdHe56wtfoRarq2vTGl1yA== X-Received: by 2002:a1c:2d54:: with SMTP id t81-v6mr71681wmt.31.1533150259727; Wed, 01 Aug 2018 12:04:19 -0700 (PDT) Received: from orange.redhat.com ([213.175.37.12]) by smtp.gmail.com with ESMTPSA id r17-v6sm15401322wrt.44.2018.08.01.12.04.18 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 01 Aug 2018 12:04:19 -0700 (PDT) From: Ilya Dryomov To: ceph-devel@vger.kernel.org Subject: [PATCH 5/8] libceph: add authorizer challenge Date: Wed, 1 Aug 2018 21:03:47 +0200 Message-Id: <20180801190350.857-6-idryomov@gmail.com> X-Mailer: git-send-email 2.14.4 In-Reply-To: <20180801190350.857-1-idryomov@gmail.com> References: <20180801190350.857-1-idryomov@gmail.com> Sender: ceph-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP When a client authenticates with a service, an authorizer is sent with a nonce to the service (ceph_x_authorize_[ab]) and the service responds with a mutation of that nonce (ceph_x_authorize_reply). This lets the client verify the service is who it says it is but it doesn't protect against a replay: someone can trivially capture the exchange and reuse the same authorizer to authenticate themselves. Allow the service to reject an initial authorizer with a random challenge (ceph_x_authorize_challenge). The client then has to respond with an updated authorizer proving they are able to decrypt the service's challenge and that the new authorizer was produced for this specific connection instance. The accepting side requires this challenge and response unconditionally if the client side advertises they have CEPHX_V2 feature bit. This addresses CVE-2018-1128. Link: http://tracker.ceph.com/issues/24836 Signed-off-by: Ilya Dryomov --- fs/ceph/mds_client.c | 11 +++++++ include/linux/ceph/auth.h | 8 +++++ include/linux/ceph/messenger.h | 3 ++ include/linux/ceph/msgr.h | 2 +- net/ceph/auth.c | 16 ++++++++++ net/ceph/auth_x.c | 72 +++++++++++++++++++++++++++++++++++++++--- net/ceph/auth_x_protocol.h | 7 ++++ net/ceph/messenger.c | 17 +++++++++- net/ceph/osd_client.c | 11 +++++++ 9 files changed, 140 insertions(+), 7 deletions(-) diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c index c65192102381..68de9de7085c 100644 --- a/fs/ceph/mds_client.c +++ b/fs/ceph/mds_client.c @@ -4186,6 +4186,16 @@ static struct ceph_auth_handshake *get_authorizer(struct ceph_connection *con, return auth; } +static int add_authorizer_challenge(struct ceph_connection *con, + void *challenge_buf, int challenge_buf_len) +{ + struct ceph_mds_session *s = con->private; + struct ceph_mds_client *mdsc = s->s_mdsc; + struct ceph_auth_client *ac = mdsc->fsc->client->monc.auth; + + return ceph_auth_add_authorizer_challenge(ac, s->s_auth.authorizer, + challenge_buf, challenge_buf_len); +} static int verify_authorizer_reply(struct ceph_connection *con) { @@ -4249,6 +4259,7 @@ static const struct ceph_connection_operations mds_con_ops = { .put = con_put, .dispatch = dispatch, .get_authorizer = get_authorizer, + .add_authorizer_challenge = add_authorizer_challenge, .verify_authorizer_reply = verify_authorizer_reply, .invalidate_authorizer = invalidate_authorizer, .peer_reset = peer_reset, diff --git a/include/linux/ceph/auth.h b/include/linux/ceph/auth.h index e931da8424a4..6728c2ee0205 100644 --- a/include/linux/ceph/auth.h +++ b/include/linux/ceph/auth.h @@ -64,6 +64,10 @@ struct ceph_auth_client_ops { /* ensure that an existing authorizer is up to date */ int (*update_authorizer)(struct ceph_auth_client *ac, int peer_type, struct ceph_auth_handshake *auth); + int (*add_authorizer_challenge)(struct ceph_auth_client *ac, + struct ceph_authorizer *a, + void *challenge_buf, + int challenge_buf_len); int (*verify_authorizer_reply)(struct ceph_auth_client *ac, struct ceph_authorizer *a); void (*invalidate_authorizer)(struct ceph_auth_client *ac, @@ -118,6 +122,10 @@ void ceph_auth_destroy_authorizer(struct ceph_authorizer *a); extern int ceph_auth_update_authorizer(struct ceph_auth_client *ac, int peer_type, struct ceph_auth_handshake *a); +int ceph_auth_add_authorizer_challenge(struct ceph_auth_client *ac, + struct ceph_authorizer *a, + void *challenge_buf, + int challenge_buf_len); extern int ceph_auth_verify_authorizer_reply(struct ceph_auth_client *ac, struct ceph_authorizer *a); extern void ceph_auth_invalidate_authorizer(struct ceph_auth_client *ac, diff --git a/include/linux/ceph/messenger.h b/include/linux/ceph/messenger.h index 021718570b50..fc2b4491ee0a 100644 --- a/include/linux/ceph/messenger.h +++ b/include/linux/ceph/messenger.h @@ -31,6 +31,9 @@ struct ceph_connection_operations { struct ceph_auth_handshake *(*get_authorizer) ( struct ceph_connection *con, int *proto, int force_new); + int (*add_authorizer_challenge)(struct ceph_connection *con, + void *challenge_buf, + int challenge_buf_len); int (*verify_authorizer_reply) (struct ceph_connection *con); int (*invalidate_authorizer)(struct ceph_connection *con); diff --git a/include/linux/ceph/msgr.h b/include/linux/ceph/msgr.h index 73ae2a926548..9e50aede46c8 100644 --- a/include/linux/ceph/msgr.h +++ b/include/linux/ceph/msgr.h @@ -91,7 +91,7 @@ struct ceph_entity_inst { #define CEPH_MSGR_TAG_SEQ 13 /* 64-bit int follows with seen seq number */ #define CEPH_MSGR_TAG_KEEPALIVE2 14 /* keepalive2 byte + ceph_timespec */ #define CEPH_MSGR_TAG_KEEPALIVE2_ACK 15 /* keepalive2 reply */ - +#define CEPH_MSGR_TAG_CHALLENGE_AUTHORIZER 16 /* cephx v2 doing server challenge */ /* * connection negotiation diff --git a/net/ceph/auth.c b/net/ceph/auth.c index dbde2b3c3c15..fbeee068ea14 100644 --- a/net/ceph/auth.c +++ b/net/ceph/auth.c @@ -315,6 +315,22 @@ int ceph_auth_update_authorizer(struct ceph_auth_client *ac, } EXPORT_SYMBOL(ceph_auth_update_authorizer); +int ceph_auth_add_authorizer_challenge(struct ceph_auth_client *ac, + struct ceph_authorizer *a, + void *challenge_buf, + int challenge_buf_len) +{ + int ret = 0; + + mutex_lock(&ac->mutex); + if (ac->ops && ac->ops->add_authorizer_challenge) + ret = ac->ops->add_authorizer_challenge(ac, a, challenge_buf, + challenge_buf_len); + mutex_unlock(&ac->mutex); + return ret; +} +EXPORT_SYMBOL(ceph_auth_add_authorizer_challenge); + int ceph_auth_verify_authorizer_reply(struct ceph_auth_client *ac, struct ceph_authorizer *a) { diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c index 61cccb93f653..512eed4291fe 100644 --- a/net/ceph/auth_x.c +++ b/net/ceph/auth_x.c @@ -295,7 +295,8 @@ static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac, * authorizer. The first part (ceph_x_authorize_a) should already be * encoded. */ -static int encrypt_authorizer(struct ceph_x_authorizer *au) +static int encrypt_authorizer(struct ceph_x_authorizer *au, + u64 *server_challenge) { struct ceph_x_authorize_a *msg_a; struct ceph_x_authorize_b *msg_b; @@ -308,16 +309,28 @@ static int encrypt_authorizer(struct ceph_x_authorizer *au) end = au->buf->vec.iov_base + au->buf->vec.iov_len; msg_b = p + ceph_x_encrypt_offset(); - msg_b->struct_v = 1; + msg_b->struct_v = 2; msg_b->nonce = cpu_to_le64(au->nonce); + if (server_challenge) { + msg_b->have_challenge = 1; + msg_b->server_challenge_plus_one = + cpu_to_le64(*server_challenge + 1); + } else { + msg_b->have_challenge = 0; + msg_b->server_challenge_plus_one = 0; + } ret = ceph_x_encrypt(&au->session_key, p, end - p, sizeof(*msg_b)); if (ret < 0) return ret; p += ret; - WARN_ON(p > end); - au->buf->vec.iov_len = p - au->buf->vec.iov_base; + if (server_challenge) { + WARN_ON(p != end); + } else { + WARN_ON(p > end); + au->buf->vec.iov_len = p - au->buf->vec.iov_base; + } return 0; } @@ -382,7 +395,7 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac, le64_to_cpu(msg_a->ticket_blob.secret_id)); get_random_bytes(&au->nonce, sizeof(au->nonce)); - ret = encrypt_authorizer(au); + ret = encrypt_authorizer(au, NULL); if (ret) { pr_err("failed to encrypt authorizer: %d", ret); goto out_au; @@ -664,6 +677,54 @@ static int ceph_x_update_authorizer( return 0; } +static int decrypt_authorize_challenge(struct ceph_x_authorizer *au, + void *challenge_buf, + int challenge_buf_len, + u64 *server_challenge) +{ + struct ceph_x_authorize_challenge *ch = + challenge_buf + sizeof(struct ceph_x_encrypt_header); + int ret; + + /* no leading len */ + ret = __ceph_x_decrypt(&au->session_key, challenge_buf, + challenge_buf_len); + if (ret < 0) + return ret; + if (ret < sizeof(*ch)) { + pr_err("bad size %d for ceph_x_authorize_challenge\n", ret); + return -EINVAL; + } + + *server_challenge = le64_to_cpu(ch->server_challenge); + return 0; +} + +static int ceph_x_add_authorizer_challenge(struct ceph_auth_client *ac, + struct ceph_authorizer *a, + void *challenge_buf, + int challenge_buf_len) +{ + struct ceph_x_authorizer *au = (void *)a; + u64 server_challenge; + int ret; + + ret = decrypt_authorize_challenge(au, challenge_buf, challenge_buf_len, + &server_challenge); + if (ret) { + pr_err("failed to decrypt authorize challenge: %d", ret); + return ret; + } + + ret = encrypt_authorizer(au, &server_challenge); + if (ret) { + pr_err("failed to encrypt authorizer w/ challenge: %d", ret); + return ret; + } + + return 0; +} + static int ceph_x_verify_authorizer_reply(struct ceph_auth_client *ac, struct ceph_authorizer *a) { @@ -816,6 +877,7 @@ static const struct ceph_auth_client_ops ceph_x_ops = { .handle_reply = ceph_x_handle_reply, .create_authorizer = ceph_x_create_authorizer, .update_authorizer = ceph_x_update_authorizer, + .add_authorizer_challenge = ceph_x_add_authorizer_challenge, .verify_authorizer_reply = ceph_x_verify_authorizer_reply, .invalidate_authorizer = ceph_x_invalidate_authorizer, .reset = ceph_x_reset, diff --git a/net/ceph/auth_x_protocol.h b/net/ceph/auth_x_protocol.h index 32c13d763b9a..24b0b74564d0 100644 --- a/net/ceph/auth_x_protocol.h +++ b/net/ceph/auth_x_protocol.h @@ -70,6 +70,13 @@ struct ceph_x_authorize_a { struct ceph_x_authorize_b { __u8 struct_v; __le64 nonce; + __u8 have_challenge; + __le64 server_challenge_plus_one; +} __attribute__ ((packed)); + +struct ceph_x_authorize_challenge { + __u8 struct_v; + __le64 server_challenge; } __attribute__ ((packed)); struct ceph_x_authorize_reply { diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c index 500cc3da586f..e915c8bce117 100644 --- a/net/ceph/messenger.c +++ b/net/ceph/messenger.c @@ -2080,9 +2080,24 @@ static int process_connect(struct ceph_connection *con) if (con->auth) { /* * Any connection that defines ->get_authorizer() - * should also define ->verify_authorizer_reply(). + * should also define ->add_authorizer_challenge() and + * ->verify_authorizer_reply(). + * * See get_connect_authorizer(). */ + if (con->in_reply.tag == CEPH_MSGR_TAG_CHALLENGE_AUTHORIZER) { + ret = con->ops->add_authorizer_challenge( + con, con->auth->authorizer_reply_buf, + le32_to_cpu(con->in_reply.authorizer_len)); + if (ret < 0) + return ret; + + con_out_kvec_reset(con); + __prepare_write_connect(con); + prepare_read_connect(con); + return 0; + } + ret = con->ops->verify_authorizer_reply(con); if (ret < 0) { con->error_msg = "bad authorize reply"; diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c index 8002b8e9ce24..60934bd8796c 100644 --- a/net/ceph/osd_client.c +++ b/net/ceph/osd_client.c @@ -5393,6 +5393,16 @@ static struct ceph_auth_handshake *get_authorizer(struct ceph_connection *con, return auth; } +static int add_authorizer_challenge(struct ceph_connection *con, + void *challenge_buf, int challenge_buf_len) +{ + struct ceph_osd *o = con->private; + struct ceph_osd_client *osdc = o->o_osdc; + struct ceph_auth_client *ac = osdc->client->monc.auth; + + return ceph_auth_add_authorizer_challenge(ac, o->o_auth.authorizer, + challenge_buf, challenge_buf_len); +} static int verify_authorizer_reply(struct ceph_connection *con) { @@ -5442,6 +5452,7 @@ static const struct ceph_connection_operations osd_con_ops = { .put = put_osd_con, .dispatch = dispatch, .get_authorizer = get_authorizer, + .add_authorizer_challenge = add_authorizer_challenge, .verify_authorizer_reply = verify_authorizer_reply, .invalidate_authorizer = invalidate_authorizer, .alloc_msg = alloc_msg, From patchwork Wed Aug 1 19:03:48 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilya Dryomov X-Patchwork-Id: 10552833 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2DE9F13BF for ; Wed, 1 Aug 2018 19:04:25 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2BBAE2BA07 for ; Wed, 1 Aug 2018 19:04:25 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1E6D32BAD0; Wed, 1 Aug 2018 19:04:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.8 required=2.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 83B412BA07 for ; Wed, 1 Aug 2018 19:04:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387584AbeHAUve (ORCPT ); Wed, 1 Aug 2018 16:51:34 -0400 Received: from mail-wm0-f66.google.com ([74.125.82.66]:35901 "EHLO mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387539AbeHAUve (ORCPT ); Wed, 1 Aug 2018 16:51:34 -0400 Received: by mail-wm0-f66.google.com with SMTP id w24-v6so172767wmc.1 for ; Wed, 01 Aug 2018 12:04:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=0lflr4TmgI5gbqGqrKWfGWBAgdTBWuuIL4eGJXvOhhQ=; b=d7iwZ3n66GV7xv00qZRL9VzjTDJR/ixQGoclbHE3CNmCyUaXOSrAc/YlKJTwxTLgG1 7H/DAwDXneIzlJGFFCfr00dTu81j6anx4oC4EYQZMhIEr7Tic8BLLk7DC5TfC74/LEQr eE4IfY40cmJzmLW/14eCrVthUnfYyxblgAS7QCMo1PL4bYlpaYsVU7YXUBcmtd+u+NsR bpjQkVUQcYX7CWF0FBEUeBT+axVWCIKV97nnCcqkYMYQSIhOuvsf4f4yw1Ogi+N7ds7x sjzAUZygIVX7L0wJ9MqcZelQnBhEQQ+IYn1TAEGMNb0tS6ugbsL79+R5XZ8howPaKG74 pRvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=0lflr4TmgI5gbqGqrKWfGWBAgdTBWuuIL4eGJXvOhhQ=; b=GQ9m6ngCM/Rh6uHBCKcvJRVzaluZA6N/W0GfuTHa1mAprgpVlD14ZAnUxKh4TW137b OsGMxACY1/e6JqcAzX4OX1g3ZpSH30J3ZxMzIObtylUy0XIZoMlC3v8X/ZpqXZ2LT7Pl hwA4TUpG1s5HU+Eg/2YeWdXkBBRjf5XYWPJx2P9uFct6qnyT8POSlXFStcNDWUCl0Oy2 ggPQqP1X7K04TsdNwg0jEtL/wohGxSCi0mZ+Ag/1+FWK0MU1HYQc1d9AZ+1zfQCZqlS/ O3VDGw/ZWNokFQFUidW5kidLd2CF1z6yNRzl8vr6xhwNwGLN0QEeCf1PVJQeFLNk4Gjo 8F2Q== X-Gm-Message-State: AOUpUlHUCBoswgrIfxldMzx2tDzuez6MPkdfuiHTu5ja6mVYkX9qDMxR SBUITpTNRqZZ1oByxm1bDaWnxpFG X-Google-Smtp-Source: AAOMgpdnYO3psqQv+eMqfHlkvtSOdpFZUK5ER2ilZfCliNu/TyX+zwfb/3acjqygqe4fRrdWitIc/g== X-Received: by 2002:a1c:adca:: with SMTP id w193-v6mr50661wme.147.1533150260543; Wed, 01 Aug 2018 12:04:20 -0700 (PDT) Received: from orange.redhat.com ([213.175.37.12]) by smtp.gmail.com with ESMTPSA id r17-v6sm15401322wrt.44.2018.08.01.12.04.19 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 01 Aug 2018 12:04:20 -0700 (PDT) From: Ilya Dryomov To: ceph-devel@vger.kernel.org Subject: [PATCH 6/8] libceph: implement CEPHX_V2 calculation mode Date: Wed, 1 Aug 2018 21:03:48 +0200 Message-Id: <20180801190350.857-7-idryomov@gmail.com> X-Mailer: git-send-email 2.14.4 In-Reply-To: <20180801190350.857-1-idryomov@gmail.com> References: <20180801190350.857-1-idryomov@gmail.com> Sender: ceph-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Derive the signature from the entire buffer (both AES cipher blocks) instead of using just the first half of the first block, leaving out data_crc entirely. This addresses CVE-2018-1129. Link: http://tracker.ceph.com/issues/24837 Signed-off-by: Ilya Dryomov --- include/linux/ceph/ceph_features.h | 7 ++-- net/ceph/auth_x.c | 73 +++++++++++++++++++++++++++++--------- 2 files changed, 60 insertions(+), 20 deletions(-) diff --git a/include/linux/ceph/ceph_features.h b/include/linux/ceph/ceph_features.h index 3901927cf6a0..6b92b3395fa9 100644 --- a/include/linux/ceph/ceph_features.h +++ b/include/linux/ceph/ceph_features.h @@ -165,9 +165,9 @@ DEFINE_CEPH_FEATURE(58, 1, FS_FILE_LAYOUT_V2) // overlap DEFINE_CEPH_FEATURE(59, 1, FS_BTIME) DEFINE_CEPH_FEATURE(59, 1, FS_CHANGE_ATTR) // overlap DEFINE_CEPH_FEATURE(59, 1, MSG_ADDR2) // overlap -DEFINE_CEPH_FEATURE(60, 1, BLKIN_TRACING) // *do not share this bit* +DEFINE_CEPH_FEATURE(60, 1, OSD_RECOVERY_DELETES) // *do not share this bit* +DEFINE_CEPH_FEATURE(61, 1, CEPHX_V2) // *do not share this bit* -DEFINE_CEPH_FEATURE(61, 1, RESERVED2) // unused, but slow down! DEFINE_CEPH_FEATURE(62, 1, RESERVED) // do not use; used as a sentinal DEFINE_CEPH_FEATURE_DEPRECATED(63, 1, RESERVED_BROKEN, LUMINOUS) // client-facing @@ -210,7 +210,8 @@ DEFINE_CEPH_FEATURE_DEPRECATED(63, 1, RESERVED_BROKEN, LUMINOUS) // client-facin CEPH_FEATURE_SERVER_JEWEL | \ CEPH_FEATURE_MON_STATEFUL_SUB | \ CEPH_FEATURE_CRUSH_TUNABLES5 | \ - CEPH_FEATURE_NEW_OSDOPREPLY_ENCODING) + CEPH_FEATURE_NEW_OSDOPREPLY_ENCODING | \ + CEPH_FEATURE_CEPHX_V2) #define CEPH_FEATURES_REQUIRED_DEFAULT \ (CEPH_FEATURE_NOSRCADDR | \ diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c index 512eed4291fe..462786f571e7 100644 --- a/net/ceph/auth_x.c +++ b/net/ceph/auth_x.c @@ -9,6 +9,7 @@ #include #include +#include #include #include @@ -803,26 +804,64 @@ static int calc_signature(struct ceph_x_authorizer *au, struct ceph_msg *msg, __le64 *psig) { void *enc_buf = au->enc_buf; - struct { - __le32 len; - __le32 header_crc; - __le32 front_crc; - __le32 middle_crc; - __le32 data_crc; - } __packed *sigblock = enc_buf + ceph_x_encrypt_offset(); int ret; - sigblock->len = cpu_to_le32(4*sizeof(u32)); - sigblock->header_crc = msg->hdr.crc; - sigblock->front_crc = msg->footer.front_crc; - sigblock->middle_crc = msg->footer.middle_crc; - sigblock->data_crc = msg->footer.data_crc; - ret = ceph_x_encrypt(&au->session_key, enc_buf, CEPHX_AU_ENC_BUF_LEN, - sizeof(*sigblock)); - if (ret < 0) - return ret; + if (!CEPH_HAVE_FEATURE(msg->con->peer_features, CEPHX_V2)) { + struct { + __le32 len; + __le32 header_crc; + __le32 front_crc; + __le32 middle_crc; + __le32 data_crc; + } __packed *sigblock = enc_buf + ceph_x_encrypt_offset(); + + sigblock->len = cpu_to_le32(4*sizeof(u32)); + sigblock->header_crc = msg->hdr.crc; + sigblock->front_crc = msg->footer.front_crc; + sigblock->middle_crc = msg->footer.middle_crc; + sigblock->data_crc = msg->footer.data_crc; + + ret = ceph_x_encrypt(&au->session_key, enc_buf, + CEPHX_AU_ENC_BUF_LEN, sizeof(*sigblock)); + if (ret < 0) + return ret; + + *psig = *(__le64 *)(enc_buf + sizeof(u32)); + } else { + struct { + __le32 header_crc; + __le32 front_crc; + __le32 front_len; + __le32 middle_crc; + __le32 middle_len; + __le32 data_crc; + __le32 data_len; + __le32 seq_lower_word; + } __packed *sigblock = enc_buf; + struct { + __le64 a, b, c, d; + } __packed *penc = enc_buf; + int ciphertext_len; + + sigblock->header_crc = msg->hdr.crc; + sigblock->front_crc = msg->footer.front_crc; + sigblock->front_len = msg->hdr.front_len; + sigblock->middle_crc = msg->footer.middle_crc; + sigblock->middle_len = msg->hdr.middle_len; + sigblock->data_crc = msg->footer.data_crc; + sigblock->data_len = msg->hdr.data_len; + sigblock->seq_lower_word = *(__le32 *)&msg->hdr.seq; + + /* no leading len, no ceph_x_encrypt_header */ + ret = ceph_crypt(&au->session_key, true, enc_buf, + CEPHX_AU_ENC_BUF_LEN, sizeof(*sigblock), + &ciphertext_len); + if (ret) + return ret; + + *psig = penc->a ^ penc->b ^ penc->c ^ penc->d; + } - *psig = *(__le64 *)(enc_buf + sizeof(u32)); return 0; } From patchwork Wed Aug 1 19:03:49 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilya Dryomov X-Patchwork-Id: 10552835 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6793D15E2 for ; Wed, 1 Aug 2018 19:04:25 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6482A2BA07 for ; Wed, 1 Aug 2018 19:04:25 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 591CB2BACC; Wed, 1 Aug 2018 19:04:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.8 required=2.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 06F892BAC7 for ; Wed, 1 Aug 2018 19:04:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387611AbeHAUvf (ORCPT ); Wed, 1 Aug 2018 16:51:35 -0400 Received: from mail-wm0-f67.google.com ([74.125.82.67]:51307 "EHLO mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387528AbeHAUve (ORCPT ); Wed, 1 Aug 2018 16:51:34 -0400 Received: by mail-wm0-f67.google.com with SMTP id y2-v6so172389wma.1 for ; Wed, 01 Aug 2018 12:04:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=pBaih0sE8ym1oJPYkBsRFm6iuu54DeB++aLB8sH2Sw4=; b=bIiwwM1Eqr7eNfQzUsFFHca56xdZaFM7sUgrHth95lNtzRxclj1qxLKcm1CylbFkLy weWDkOpWA3gXpIV/fnDtQJuK8NzaGNV8T2vASauOnFUDxeZZZ8uioPudFBcA1XSdO3dm nplo/Gfyjrk80N0kiy50pZBrs8w5w0azzyS+Bz6tesN4Um57OwRa8ye4PyvMKB9+cIvb AmOJ9gC9pnwo+Qh0zQuupZuphX+Vn/GiksWRUHuioLVnCCFfGP+DioasBot/K47C9go2 mOQ89N+4SAZrlqO2iJFrlBYXBnNj0wGZetLZgWdjIvOSA5aYqHPjSvD2GzuRzeHDg5v/ EHCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=pBaih0sE8ym1oJPYkBsRFm6iuu54DeB++aLB8sH2Sw4=; b=shhZyz8Mr8MNBKEk5g0B/WTC6K24zYpixmuYatLbwNWfjgx3Dpi7TlNWuHXnKgokrb ZwT0gvIrq5DTs4L1xxEJvRDxo70X9OSxdbGD+CvezKqKuuNl/XlhaW2CUOOrxgy2ScP0 zoxDsi1Gp39hySXP5bHhvYzNOv6r0y//xtr4/hqIRozXCptL5Ga6SVovpPKQDUpICi2t gvfbt11KQV2rn1fdQF0IFCA6JtkI46S0WUWLeGLAw+/yhJm4nDZ0VJHrXJCUleb2AmQ5 BHtxzT5heoROOV15lcARqnpLv8TtoQtPH1zTFM/8z2INquPxBlLqeBhE4mhZDp+l6Ecz 6oMg== X-Gm-Message-State: AOUpUlHevPef3QLZmhftQQXSeMdP9ZR3ELArBq1kDzu5CdwpyN5NSZsZ RCz7kpZcb4yafUkE+jpdMZ1Ivhp7 X-Google-Smtp-Source: AAOMgpcbDAaNao1KatAHdkmucr6yQPfDwH5OJhpEyuH8hZQohosB54rUYL6hOtio0eJJi31y2DJwyA== X-Received: by 2002:a1c:a8d6:: with SMTP id r205-v6mr91732wme.6.1533150261477; Wed, 01 Aug 2018 12:04:21 -0700 (PDT) Received: from orange.redhat.com ([213.175.37.12]) by smtp.gmail.com with ESMTPSA id r17-v6sm15401322wrt.44.2018.08.01.12.04.20 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 01 Aug 2018 12:04:20 -0700 (PDT) From: Ilya Dryomov To: ceph-devel@vger.kernel.org Subject: [PATCH 7/8] libceph: check authorizer reply/challenge length before reading Date: Wed, 1 Aug 2018 21:03:49 +0200 Message-Id: <20180801190350.857-8-idryomov@gmail.com> X-Mailer: git-send-email 2.14.4 In-Reply-To: <20180801190350.857-1-idryomov@gmail.com> References: <20180801190350.857-1-idryomov@gmail.com> Sender: ceph-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Avoid scribbling over memory if the received reply/challenge is larger than the buffer supplied with the authorizer. Signed-off-by: Ilya Dryomov --- net/ceph/messenger.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c index e915c8bce117..0a187196aeed 100644 --- a/net/ceph/messenger.c +++ b/net/ceph/messenger.c @@ -1782,6 +1782,13 @@ static int read_partial_connect(struct ceph_connection *con) if (con->auth) { size = le32_to_cpu(con->in_reply.authorizer_len); + if (size > con->auth->authorizer_reply_buf_len) { + pr_err("authorizer reply too big: %d > %zu\n", size, + con->auth->authorizer_reply_buf_len); + ret = -EINVAL; + goto out; + } + end += size; ret = read_partial(con, end, size, con->auth->authorizer_reply_buf); From patchwork Wed Aug 1 19:03:50 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilya Dryomov X-Patchwork-Id: 10552837 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A90B013BF for ; Wed, 1 Aug 2018 19:04:26 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A91ED2BA07 for ; Wed, 1 Aug 2018 19:04:26 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9D8392BACC; Wed, 1 Aug 2018 19:04:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.8 required=2.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 568832BA07 for ; Wed, 1 Aug 2018 19:04:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387612AbeHAUvg (ORCPT ); Wed, 1 Aug 2018 16:51:36 -0400 Received: from mail-wr1-f67.google.com ([209.85.221.67]:41252 "EHLO mail-wr1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387539AbeHAUvg (ORCPT ); Wed, 1 Aug 2018 16:51:36 -0400 Received: by mail-wr1-f67.google.com with SMTP id j5-v6so21177529wrr.8 for ; Wed, 01 Aug 2018 12:04:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=TkERmVhayifiXR4zhpqepbdDezOAJwv9sGrmXt9SeDA=; b=jHPHIhop/bH6XXIRWl8cydK/eeo9KA/i/m/RtBuv17haJl2hTaWp19mTRwG/BxSmUb MfudVPNphJzMSLpsAQoA0z3f/6yhcnZAin0JyrhOLtsK2mfOg1kMBqbgNa/I1PVtCVLD EaVv9l+AOAh3NsCV6jXSQzXvtVgl1uPMaBTTrVaDbsN2CfHXZTl9OrpRCjSg2CeuGwWb JB+9ZyXec4OoUcX9W0SF8pVP5mIxHXLPwXFIaMUAiQ5jKkP8RvIPVJDeUNv/71ElqbCg HE//nvN10RgOgLDliKMd31Z/sFcKkTJFdwXAVCe/rnNTch8iTwNNQFK1juYqgx76FnEq IDIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=TkERmVhayifiXR4zhpqepbdDezOAJwv9sGrmXt9SeDA=; b=el/qL7cZB6nKQfPz7MKXssA+ANhFyyl756N2j8O8netmtGGzOlANW1gwjYQzk+FKsU CUeGK6MS+FBYrN7Ex/3d9aFPro5xnaSwynRtUroc77RJrdRv4iwNaeSU7RR7+VepyBJQ 2dxc6s0JOMrCTBJa1QQcUfA9Qs8vcoZ+K+86Jme0c+orQuImx10ttoUa6pKpxNtPGelO wGqUo0PGWDJtGlq9eMSbgbhpazvCYyjBaFxdGUbpPqSeZe9NcOBHA+rehWrZwZirQISA 8izezHNlQdCcSNHER9McUlTNARlvtfaR8/rbJColLdnm3YUoMSyQgdQAEfoEw8s6O+W7 bi2Q== X-Gm-Message-State: AOUpUlF3Xvv/j6gbiEAa4+wP0UuW+P1Z8NtrWs5zBSlSC1mxi3ortbRZ cQP+kbaSaUOjAiTNtaGYulwuEpNG X-Google-Smtp-Source: AAOMgpc23lOsm7m2bfSjbqwwDK6PWq8OcjBdWmxxC46QyrAWi6NOb7/Q8X22OoJDERJmoWx/HVeUvQ== X-Received: by 2002:adf:a541:: with SMTP id j1-v6mr26695023wrb.155.1533150262597; Wed, 01 Aug 2018 12:04:22 -0700 (PDT) Received: from orange.redhat.com ([213.175.37.12]) by smtp.gmail.com with ESMTPSA id r17-v6sm15401322wrt.44.2018.08.01.12.04.21 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 01 Aug 2018 12:04:22 -0700 (PDT) From: Ilya Dryomov To: ceph-devel@vger.kernel.org Subject: [PATCH 8/8] libceph: weaken sizeof check in ceph_x_verify_authorizer_reply() Date: Wed, 1 Aug 2018 21:03:50 +0200 Message-Id: <20180801190350.857-9-idryomov@gmail.com> X-Mailer: git-send-email 2.14.4 In-Reply-To: <20180801190350.857-1-idryomov@gmail.com> References: <20180801190350.857-1-idryomov@gmail.com> Sender: ceph-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Allow for extending ceph_x_authorize_reply in the future. Signed-off-by: Ilya Dryomov --- net/ceph/auth_x.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c index 462786f571e7..b52732337ca6 100644 --- a/net/ceph/auth_x.c +++ b/net/ceph/auth_x.c @@ -737,8 +737,10 @@ static int ceph_x_verify_authorizer_reply(struct ceph_auth_client *ac, ret = ceph_x_decrypt(&au->session_key, &p, p + CEPHX_AU_ENC_BUF_LEN); if (ret < 0) return ret; - if (ret != sizeof(*reply)) - return -EPERM; + if (ret < sizeof(*reply)) { + pr_err("bad size %d for ceph_x_authorize_reply\n", ret); + return -EINVAL; + } if (au->nonce + 1 != le64_to_cpu(reply->nonce_plus_one)) ret = -EPERM;