Hostbased ssh authentication fails if session ID contains a '/'

Resolves: rhbz#1963058
This commit is contained in:
Dmitry Belyavskiy 2021-05-21 14:41:01 +02:00
parent c3e6e4a2e6
commit d0754b1a8d
2 changed files with 15 additions and 12 deletions

View File

@ -179,10 +179,10 @@ diff -up openssh/misc.c.role-mls openssh/misc.c
} }
return NULL; return NULL;
} }
diff -up openssh/monitor.c.role-mls openssh/monitor.c diff -up openssh-8.6p1/monitor.c.role-mls openssh-8.6p1/monitor.c
--- openssh/monitor.c.role-mls 2018-08-20 07:57:29.000000000 +0200 --- openssh-8.6p1/monitor.c.role-mls 2021-04-16 05:55:25.000000000 +0200
+++ openssh/monitor.c 2018-08-22 11:19:56.006844867 +0200 +++ openssh-8.6p1/monitor.c 2021-05-21 14:21:56.719414087 +0200
@@ -115,6 +115,9 @@ int mm_answer_sign(int, struct sshbuf *) @@ -117,6 +117,9 @@ int mm_answer_sign(struct ssh *, int, st
int mm_answer_pwnamallow(struct ssh *, int, struct sshbuf *); int mm_answer_pwnamallow(struct ssh *, int, struct sshbuf *);
int mm_answer_auth2_read_banner(struct ssh *, int, struct sshbuf *); int mm_answer_auth2_read_banner(struct ssh *, int, struct sshbuf *);
int mm_answer_authserv(struct ssh *, int, struct sshbuf *); int mm_answer_authserv(struct ssh *, int, struct sshbuf *);
@ -192,7 +192,7 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c
int mm_answer_authpassword(struct ssh *, int, struct sshbuf *); int mm_answer_authpassword(struct ssh *, int, struct sshbuf *);
int mm_answer_bsdauthquery(struct ssh *, int, struct sshbuf *); int mm_answer_bsdauthquery(struct ssh *, int, struct sshbuf *);
int mm_answer_bsdauthrespond(struct ssh *, int, struct sshbuf *); int mm_answer_bsdauthrespond(struct ssh *, int, struct sshbuf *);
@@ -189,6 +192,9 @@ struct mon_table mon_dispatch_proto20[] @@ -195,6 +198,9 @@ struct mon_table mon_dispatch_proto20[]
{MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
{MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
{MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@ -202,7 +202,7 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c
{MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
#ifdef USE_PAM #ifdef USE_PAM
@@ -796,6 +802,9 @@ mm_answer_pwnamallow(int sock, struct ss @@ -803,6 +809,9 @@ mm_answer_pwnamallow(struct ssh *ssh, in
/* Allow service/style information on the auth context */ /* Allow service/style information on the auth context */
monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
@ -212,7 +212,7 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c
monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
#ifdef USE_PAM #ifdef USE_PAM
@@ -842,6 +851,26 @@ mm_answer_authserv(int sock, struct sshb @@ -877,6 +886,26 @@ key_base_type_match(const char *method,
return found; return found;
} }
@ -239,7 +239,7 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c
int int
mm_answer_authpassword(struct ssh *ssh, int sock, struct sshbuf *m) mm_answer_authpassword(struct ssh *ssh, int sock, struct sshbuf *m)
{ {
@@ -1218,7 +1247,7 @@ monitor_valid_userblob(u_char *data, u_i @@ -1251,7 +1280,7 @@ monitor_valid_userblob(struct ssh *ssh,
{ {
struct sshbuf *b; struct sshbuf *b;
const u_char *p; const u_char *p;
@ -248,7 +248,7 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c
size_t len; size_t len;
u_char type; u_char type;
int r, fail = 0; int r, fail = 0;
@@ -1251,6 +1280,8 @@ monitor_valid_userblob(u_char *data, u_i @@ -1282,6 +1311,8 @@ monitor_valid_userblob(struct ssh *ssh,
fail++; fail++;
if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0) if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
fatal_fr(r, "parse userstyle"); fatal_fr(r, "parse userstyle");
@ -257,7 +257,7 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c
xasprintf(&userstyle, "%s%s%s", authctxt->user, xasprintf(&userstyle, "%s%s%s", authctxt->user,
authctxt->style ? ":" : "", authctxt->style ? ":" : "",
authctxt->style ? authctxt->style : ""); authctxt->style ? authctxt->style : "");
@@ -1286,7 +1317,7 @@ monitor_valid_hostbasedblob(u_char *data @@ -1317,7 +1348,7 @@ monitor_valid_hostbasedblob(const u_char
{ {
struct sshbuf *b; struct sshbuf *b;
const u_char *p; const u_char *p;
@ -266,11 +266,11 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c
size_t len; size_t len;
int r, fail = 0; int r, fail = 0;
u_char type; u_char type;
@@ -1308,6 +1339,8 @@ monitor_valid_hostbasedblob(u_char *data @@ -1338,6 +1370,8 @@ monitor_valid_hostbasedblob(const u_char
fail++; fail++;
if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0) if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
fatal_fr(r, "parse userstyle"); fatal_fr(r, "parse userstyle");
+ if ((s = strchr(p, '/')) != NULL) + if ((s = strchr(cp, '/')) != NULL)
+ *s = '\0'; + *s = '\0';
xasprintf(&userstyle, "%s%s%s", authctxt->user, xasprintf(&userstyle, "%s%s%s", authctxt->user,
authctxt->style ? ":" : "", authctxt->style ? ":" : "",

View File

@ -659,6 +659,9 @@ test -f %{sysconfig_anaconda} && \
%endif %endif
%changelog %changelog
* Fri May 21 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.6p1-3
- Hostbased ssh authentication fails if session ID contains a '/' (#1963058)
* Mon May 10 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.6p1-2 * Mon May 10 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.6p1-2
- rebuilt - rebuilt