Fix gssapi authentication failures

Resolves: rhbz#2091023

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
This commit is contained in:
Zoltan Fridrich 2022-07-11 15:34:23 +02:00
parent 585620b0f1
commit 9bf7b4f39d
2 changed files with 27 additions and 0 deletions

View File

@ -0,0 +1,20 @@
diff --color -rup a/monitor.c b/monitor.c
--- a/monitor.c 2022-07-11 15:11:28.146863144 +0200
+++ b/monitor.c 2022-07-11 15:15:35.726655877 +0200
@@ -376,8 +376,15 @@ monitor_child_preauth(struct ssh *ssh, s
if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
auth_log(ssh, authenticated, partial,
auth_method, auth_submethod);
- if (!partial && !authenticated)
+ if (!partial && !authenticated) {
+#ifdef GSSAPI
+ /* If gssapi-with-mic failed, MONITOR_REQ_GSSCHECKMIC is disabled.
+ * We have to reenable it to try again for gssapi-keyex */
+ if (strcmp(auth_method, "gssapi-with-mic") == 0 && options.gss_keyex)
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
+#endif
authctxt->failures++;
+ }
if (authenticated || partial) {
auth2_update_session_info(authctxt,
auth_method, auth_submethod);

View File

@ -236,6 +236,10 @@ Patch1002: openssh-8.7p1-ssh-manpage.patch
# 6c31ba10e97b6953c4f325f526f3e846dfea647a # 6c31ba10e97b6953c4f325f526f3e846dfea647a
# 322964f8f2e9c321e77ebae1e4d2cd0ccc5c5a0b # 322964f8f2e9c321e77ebae1e4d2cd0ccc5c5a0b
Patch1003: openssh-8.7p1-mem-leak.patch Patch1003: openssh-8.7p1-mem-leak.patch
# Reenable MONITOR_REQ_GSSCHECKMIC after gssapi-with-mic failures
# upstream MR:
# https://github.com/openssh-gsskex/openssh-gsskex/pull/21
Patch1004: openssh-8.7p1-gssapi-auth.patch
License: BSD License: BSD
Requires: /sbin/nologin Requires: /sbin/nologin
@ -428,6 +432,7 @@ popd
%patch1001 -p1 -b .scp-clears-file %patch1001 -p1 -b .scp-clears-file
%patch1002 -p1 -b .ssh-manpage %patch1002 -p1 -b .ssh-manpage
%patch1003 -p1 -b .mem-leak %patch1003 -p1 -b .mem-leak
%patch1004 -p1 -b .gssapi-auth
%patch100 -p1 -b .coverity %patch100 -p1 -b .coverity
@ -715,6 +720,8 @@ test -f %{sysconfig_anaconda} && \
Resolves: rhbz#2033372 Resolves: rhbz#2033372
- Fix several memory leaks - Fix several memory leaks
Related: rhbz#2068423 Related: rhbz#2068423
- Fix gssapi authentication failures
Resolves: rhbz#2091023
* Wed Jun 29 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-10 * Wed Jun 29 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-10
- Set minimal value of RSA key length via configuration option - Set minimal value of RSA key length via configuration option