sshd doesn't propose to enter password again when a non-existing user is specified

Resolves: RHEL-11981
2024-08-05 13:03:20 +02:00 · 2024-08-05 13:03:20 +02:00 · ce2e80c1d0
commit ce2e80c1d0
parent a26f247c4f
2 changed files with 9 additions and 6 deletions
--- a/openssh-8.0p1-preserve-pam-errors.patch
+++ b/openssh-8.0p1-preserve-pam-errors.patch
@ -27,16 +27,15 @@ diff -up openssh-8.0p1/auth-pam.c.preserve-pam-errors openssh-8.0p1/auth-pam.c
 	else if (sshpam_maxtries_reached)
 		ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, buffer);
 	else
-@@ -856,10 +862,12 @@ sshpam_query(void *ctx, char **name, cha
- 			plen++;
+@@ -856,9 +862,11 @@ sshpam_query(void *ctx, char **name, cha
 			free(msg);
 			break;
-+		case PAM_USER_UNKNOWN:
-+		case PAM_PERM_DENIED:
 		case PAM_ACCT_EXPIRED:
 +			sshpam_account_status = 0;
 +			/* FALLTHROUGH */
 		case PAM_MAXTRIES:
+		case PAM_USER_UNKNOWN:
+		case PAM_PERM_DENIED:
 -			if (type == PAM_ACCT_EXPIRED)
 -				sshpam_account_status = 0;
 			if (type == PAM_MAXTRIES)
--- a/openssh.spec
+++ b/openssh.spec
@ -39,12 +39,12 @@
 %{?static_openssl:%global static_libcrypto 1}

 %global openssh_ver 9.8p1
-%global openssh_rel 2
+%global openssh_rel 3

 Summary: An open source implementation of SSH protocol version 2
 Name: openssh
 Version: %{openssh_ver}
-Release: %{openssh_rel}%{?dist}.0
+Release: %{openssh_rel}%{?dist}
 URL: http://www.openssh.com/portable.html
 Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
 Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
@ -653,6 +653,10 @@ test -f %{sysconfig_anaconda} && \
 %attr(0755,root,root) %{_libdir}/sshtest/sk-dummy.so

 %changelog
+* Mon Aug 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.8p1-3
+- sshd doesn't propose to enter password again when a non-existing user is specified
+  Resolves: RHEL-11981
+
 * Fri Jul 26 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.8p1-2.0
 - Temporary disabling self-test
  Related: RHEL-42635