auth/cephx: ignore CEPH_ENTITY_TYPE_AUTH in requested keys
When handling CEPHX_GET_AUTH_SESSION_KEY requests from nautilus+
clients, ignore CEPH_ENTITY_TYPE_AUTH in CephXAuthenticate::other_keys.
Similarly, when handling CEPHX_GET_PRINCIPAL_SESSION_KEY requests,
ignore CEPH_ENTITY_TYPE_AUTH in CephXServiceTicketRequest::keys.
These fields are intended for requesting service tickets, the auth
ticket (which is really a ticket granting ticket) must not be shared
this way.
Otherwise we end up sharing an auth ticket that a) isn't encrypted
with the old session key even if needed (should_enc_ticket == true)
and b) has the wrong validity, namely auth_service_ticket_ttl instead
of auth_mon_ticket_ttl. In the CEPHX_GET_AUTH_SESSION_KEY case, this
undue ticket immediately supersedes the actual auth ticket already
encoded in the same reply (the reply frame ends up containing two auth
tickets).
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit
05772ab6127bdd9ed2f63fceef840f197ecd9ea8)
This only applies part of the patch, as the
CephXAuthenticate::other_keys handling isn't present in this version.
Origin: upstream, https://github.com/ceph/ceph/commit/
05b3b6a305ddbb56cc53bbeadf5866db4d785f49
Gbp-Pq: Name CVE-2021-20288.patch
projects / ceph.git / commit