renegade-project/linux-next
2
0
Fork 0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-15 16:53:54 +08:00
Code
7807dafda2
linux-next/net/ceph
History
Ilya Dryomov 7807dafda2 libceph: bump CephXAuthenticate encoding version 
A dummy v3 encoding (exactly the same as v2) was introduced so that
the monitors can distinguish broken clients that may not include their
auth ticket in CEPHX_GET_AUTH_SESSION_KEY request on reconnects, thus
failing to prove previous possession of their global_id (one part of
CVE-2021-20288).

The kernel client has always included its auth ticket, so it is
compatible with enforcing mode as is.  However we want to bump the
encoding version to avoid having to authenticate twice on the initial
connect -- all legacy (CephXAuthenticate < v3) are now forced do so in
order to expose insecure global_id reclaim.

Marking for stable since at least for 5.11 and 5.12 it is trivial
(v2 -> v3).

Cc: stable@vger.kernel.org # 5.11+
URL: https://tracker.ceph.com/issues/50452
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
2021-04-27 23:52:24 +02:00
..
crush treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
armor.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
auth_none.c libceph: drop ac->ops->name field 2020-12-14 23:21:50 +01:00
auth_none.h ceph: fix whitespace 2018-08-02 21:33:21 +02:00
auth_x_protocol.h libceph, ceph: incorporate nautilus cephx changes 2020-12-14 23:21:50 +01:00
auth_x.c libceph: bump CephXAuthenticate encoding version 2021-04-27 23:52:24 +02:00
auth_x.h ceph: fix whitespace 2018-08-02 21:33:21 +02:00
auth.c libceph: drop ceph_auth_{create,update}_authorizer() 2020-12-14 23:21:50 +01:00
buffer.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ceph_common.c libceph: remove osdtimeout option entirely 2021-02-16 12:09:52 +01:00
ceph_hash.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
ceph_strings.c libceph: introduce connection modes and ms_mode option 2020-12-14 23:21:50 +01:00
cls_lock_client.c rbd: support for object-map and fast-diff 2019-07-08 14:01:45 +02:00
crypto.c libceph: zero out session key and connection secret 2021-01-04 17:31:32 +01:00
crypto.h libceph, ceph: incorporate nautilus cephx changes 2020-12-14 23:21:50 +01:00
debugfs.c libceph: dump class and method names on method calls 2020-08-03 11:03:01 +02:00
decode.c libceph, ceph: implement msgr2.1 protocol (crc and secure modes) 2020-12-14 23:21:50 +01:00
Kconfig libceph, ceph: implement msgr2.1 protocol (crc and secure modes) 2020-12-14 23:21:50 +01:00
Makefile libceph, ceph: implement msgr2.1 protocol (crc and secure modes) 2020-12-14 23:21:50 +01:00
messenger_v1.c libceph: fix "Boolean result is used in bitwise operation" warning 2021-01-21 16:49:59 +01:00
messenger_v2.c libceph: zero out session key and connection secret 2021-01-04 17:31:32 +01:00
messenger.c libceph, ceph: implement msgr2.1 protocol (crc and secure modes) 2020-12-14 23:21:50 +01:00
mon_client.c libceph, ceph: disambiguate ceph_connection_operations handlers 2021-01-04 17:31:32 +01:00
msgpool.c libceph: preallocate message data items 2018-10-22 10:28:22 +02:00
osd_client.c libceph, ceph: disambiguate ceph_connection_operations handlers 2021-01-04 17:31:32 +01:00
osdmap.c libceph, ceph: get and handle cluster maps with addrvecs 2020-12-14 23:21:50 +01:00
pagelist.c libceph: introduce ceph_pagelist_alloc() 2018-10-22 10:28:21 +02:00
pagevec.c libceph: remove ceph_get_direct_page_vector() 2019-07-08 14:01:40 +02:00
snapshot.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 268 2019-06-05 17:30:29 +02:00
string_table.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
striper.c rbd: support for object-map and fast-diff 2019-07-08 14:01:45 +02:00