forked from rpms/openssh
FIX pam_ssh_agent_auth auth for RSA keys
Related: rhbz#2070113
This commit is contained in:
parent
9697eecfeb
commit
9591af3b1d
11
openssh.spec
11
openssh.spec
@ -51,9 +51,9 @@
|
||||
|
||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||
%global openssh_ver 8.7p1
|
||||
%global openssh_rel 18
|
||||
%global openssh_rel 19
|
||||
%global pam_ssh_agent_ver 0.10.4
|
||||
%global pam_ssh_agent_rel 4
|
||||
%global pam_ssh_agent_rel 5
|
||||
|
||||
Summary: An open source implementation of SSH protocol version 2
|
||||
Name: openssh
|
||||
@ -102,6 +102,8 @@ Patch306: pam_ssh_agent_auth-0.10.2-compat.patch
|
||||
# Fix NULL dereference from getpwuid() return value
|
||||
# https://sourceforge.net/p/pamsshagentauth/bugs/22/
|
||||
Patch307: pam_ssh_agent_auth-0.10.2-dereference.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2070113
|
||||
Patch308: pam_ssh_agent_auth-0.10.4-rsasha2.patch
|
||||
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
|
||||
Patch400: openssh-7.8p1-role-mls.patch
|
||||
@ -377,6 +379,7 @@ pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
|
||||
%patch306 -p2 -b .psaa-compat
|
||||
%patch305 -p2 -b .psaa-agent
|
||||
%patch307 -p2 -b .psaa-deref
|
||||
%patch308 -p2 -b .rsasha2
|
||||
# Remove duplicate headers and library files
|
||||
rm -f $(cat %{SOURCE5})
|
||||
popd
|
||||
@ -725,6 +728,10 @@ test -f %{sysconfig_anaconda} && \
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Jul 15 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-19 + 0.10.4-5
|
||||
- FIX pam_ssh_agent_auth auth for RSA keys
|
||||
Related: rhbz#2070113
|
||||
|
||||
* Thu Jul 14 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-18
|
||||
- Fix new coverity issues
|
||||
Related: rhbz#2068423
|
||||
|
19
pam_ssh_agent_auth-0.10.4-rsasha2.patch
Normal file
19
pam_ssh_agent_auth-0.10.4-rsasha2.patch
Normal file
@ -0,0 +1,19 @@
|
||||
diff -up openssh-8.7p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c.rsasha2 openssh-8.7p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c
|
||||
--- openssh-8.7p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c.rsasha2 2022-07-15 15:08:12.865585410 +0200
|
||||
+++ openssh-8.7p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c 2022-07-15 15:16:25.164282372 +0200
|
||||
@@ -87,8 +87,13 @@ userauth_pubkey_from_id(const char *ruse
|
||||
(r = sshbuf_put_string(b, pkblob, blen)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
|
||||
- if (ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0) != 0)
|
||||
- goto user_auth_clean_exit;
|
||||
+ if (sshkey_type_plain(id->key->type) == KEY_RSA
|
||||
+ && ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b), "rsa-sha2-256", 0) == 0) {
|
||||
+ /* Do nothing */
|
||||
+ } else {
|
||||
+ if (ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0) != 0)
|
||||
+ goto user_auth_clean_exit;
|
||||
+ }
|
||||
|
||||
/* test for correct signature */
|
||||
if (sshkey_verify(id->key, sig, slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0, NULL) == 0)
|
Loading…
Reference in New Issue
Block a user