diff --git a/0032-curl-7.76.1-password-when-keyboard-interactive-fails.patch b/0032-curl-7.76.1-password-when-keyboard-interactive-fails.patch new file mode 100644 index 0000000..e2b4ac1 --- /dev/null +++ b/0032-curl-7.76.1-password-when-keyboard-interactive-fails.patch @@ -0,0 +1,169 @@ +From be17dc9d31e805c03372b690dde67838b3bfc12d Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Wed, 24 May 2023 16:34:11 +0200 +Subject: [PATCH] libssh: when keyboard-interactive auth fails, try password +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The state machine had a mistake in that it would not carry on to that +next step. + +This also adds a verbose output what methods that are available from the +server and renames the macros that change to the next auth methods to +try. + +Reported-by: 左潇峰 +Fixes #11196 +Closes #11197 +--- + lib/vssh/libssh.c | 43 +++++++++++++++++++++++++++---------------- + 1 file changed, 27 insertions(+), 16 deletions(-) + +diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c +index 7ebe61321419f..1cecb649cb623 100644 +--- a/lib/vssh/libssh.c ++++ b/lib/vssh/libssh.c +@@ -565,7 +565,7 @@ static int myssh_is_known(struct Curl_easy *data) + break; \ + } + +-#define MOVE_TO_LAST_AUTH \ ++#define MOVE_TO_PASSWD_AUTH \ + if(sshc->auth_methods & SSH_AUTH_METHOD_PASSWORD) { \ + rc = SSH_OK; \ + state(data, SSH_AUTH_PASS_INIT); \ +@@ -575,25 +575,25 @@ static int myssh_is_known(struct Curl_easy *data) + MOVE_TO_ERROR_STATE(CURLE_LOGIN_DENIED); \ + } + +-#define MOVE_TO_TERTIARY_AUTH \ ++#define MOVE_TO_KEY_AUTH \ + if(sshc->auth_methods & SSH_AUTH_METHOD_INTERACTIVE) { \ + rc = SSH_OK; \ + state(data, SSH_AUTH_KEY_INIT); \ + break; \ + } \ + else { \ +- MOVE_TO_LAST_AUTH; \ ++ MOVE_TO_PASSWD_AUTH; \ + } + +-#define MOVE_TO_SECONDARY_AUTH \ ++#define MOVE_TO_GSSAPI_AUTH \ + if(sshc->auth_methods & SSH_AUTH_METHOD_GSSAPI_MIC) { \ + rc = SSH_OK; \ + state(data, SSH_AUTH_GSSAPI); \ + break; \ + } \ + else { \ +- MOVE_TO_TERTIARY_AUTH; \ ++ MOVE_TO_KEY_AUTH; \ + } + + static + int myssh_auth_interactive(struct connectdata *conn) +@@ -740,6 +740,16 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) + } + + sshc->auth_methods = ssh_userauth_list(sshc->ssh_session, NULL); ++ if(sshc->auth_methods) ++ infof(data, "SSH authentication methods available: %s%s%s%s", ++ sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY ? ++ "public key, ": "", ++ sshc->auth_methods & SSH_AUTH_METHOD_GSSAPI_MIC ? ++ "GSSAPI, " : "", ++ sshc->auth_methods & SSH_AUTH_METHOD_INTERACTIVE ? ++ "keyboard-interactive, " : "", ++ sshc->auth_methods & SSH_AUTH_METHOD_PASSWORD ? ++ "password": ""); + if(sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) { + state(data, SSH_AUTH_PKEY_INIT); + infof(data, "Authentication using SSH public key file\n"); +@@ -761,8 +761,8 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) + } + case SSH_AUTH_PKEY_INIT: + if(!(data->set.ssh_auth_types & CURLSSH_AUTH_PUBLICKEY)) { +- MOVE_TO_SECONDARY_AUTH; ++ MOVE_TO_GSSAPI_AUTH; + } + + /* Two choices, (1) private key was given on CMD, + * (2) use the "default" keys. */ +@@ -776,7 +776,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) + } + + if(rc != SSH_OK) { +- MOVE_TO_SECONDARY_AUTH; ++ MOVE_TO_GSSAPI_AUTH; + } + } + +@@ -826,7 +836,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) + break; + } + +- MOVE_TO_SECONDARY_AUTH; ++ MOVE_TO_GSSAPI_AUTH; + } + break; + case SSH_AUTH_PKEY: +@@ -828,13 +828,13 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) + } + else { + infof(data, "Failed public key authentication (rc: %d)\n", rc); +- MOVE_TO_SECONDARY_AUTH; ++ MOVE_TO_GSSAPI_AUTH; + } + break; + + case SSH_AUTH_GSSAPI: + if(!(data->set.ssh_auth_types & CURLSSH_AUTH_GSSAPI)) { +- MOVE_TO_TERTIARY_AUTH; ++ MOVE_TO_KEY_AUTH; + } + + rc = ssh_userauth_gssapi(sshc->ssh_session); +@@ -851,7 +851,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) + break; + } + +- MOVE_TO_TERTIARY_AUTH; ++ MOVE_TO_KEY_AUTH; + break; + + case SSH_AUTH_KEY_INIT: +@@ -859,13 +859,12 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) + state(data, SSH_AUTH_KEY); + } + else { +- MOVE_TO_LAST_AUTH; ++ MOVE_TO_PASSWD_AUTH; + } + break; + + case SSH_AUTH_KEY: +- +- /* Authentication failed. Continue with keyboard-interactive now. */ ++ /* keyboard-interactive authentication */ + rc = myssh_auth_interactive(conn); + if(rc == SSH_AGAIN) { + break; +@@ -873,13 +873,15 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) + if(rc == SSH_OK) { + sshc->authed = TRUE; + infof(data, "completed keyboard interactive authentication\n"); ++ state(data, SSH_AUTH_DONE); ++ } ++ else { ++ MOVE_TO_PASSWD_AUTH; + } +- state(data, SSH_AUTH_DONE); + break; + + case SSH_AUTH_PASS_INIT: + if(!(data->set.ssh_auth_types & CURLSSH_AUTH_PASSWORD)) { +- /* Host key authentication is intentionally not implemented */ + MOVE_TO_ERROR_STATE(CURLE_LOGIN_DENIED); + } + state(data, SSH_AUTH_PASS); diff --git a/curl.spec b/curl.spec index 7d29f90..33c86f0 100644 --- a/curl.spec +++ b/curl.spec @@ -1,7 +1,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 7.76.1 -Release: 26%{?dist} +Release: 27%{?dist} License: MIT Source: https://curl.se/download/%{name}-%{version}.tar.xz @@ -95,6 +95,9 @@ Patch30: 0030-curl-7.76.1-CVE-2023-28322.patch # fix host name wildcard checking Patch31: 0031-curl-7.76.1-CVE-2023-28321.patch +# when keyboard-interactive auth fails, try password +Patch32: 0032-curl-7.76.1-password-when-keyboard-interactive-fails.patch + # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -300,6 +303,7 @@ be installed. %patch29 -p1 %patch30 -p1 %patch31 -p1 +%patch32 -p1 # Fedora patches %patch101 -p1 @@ -525,6 +529,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Tue Sep 12 2023 Jacek Migacz - 7.76.1-27 +- when keyboard-interactive auth fails, try password (#2229800) + * Mon Jun 12 2023 Jacek Migacz - 7.76.1-26 - unify the upload/method handling (CVE-2023-28322) - fix host name wildcard checking (CVE-2023-28321)