rpms/openssh
7
0
Fork 1
Code Issues Pull Requests Releases Activity

sshd doesn't propose to enter password again when a non-existing user is specified

Browse Source 
Resolves: RHEL-11981
This commit is contained in:
Dmitry Belyavskiy 2024-08-05 13:03:20 +02:00
parent a26f247c4f
commit ce2e80c1d0
2 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
openssh-8.0p1-preserve-pam-errors.patch
View File

@ -27,16 +27,15 @@ diff -up openssh-8.0p1/auth-pam.c.preserve-pam-errors openssh-8.0p1/auth-pam.c
else if (sshpam_maxtries_reached) else if (sshpam_maxtries_reached)
ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, buffer); ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, buffer);
else else
@@ -856,10 +862,12 @@ sshpam_query(void *ctx, char **name, cha @@ -856,9 +862,11 @@ sshpam_query(void *ctx, char **name, cha
plen++;
free(msg); free(msg);
break; break;
+ case PAM_USER_UNKNOWN:
+ case PAM_PERM_DENIED:
case PAM_ACCT_EXPIRED: case PAM_ACCT_EXPIRED:
+ sshpam_account_status = 0; + sshpam_account_status = 0;
+ /* FALLTHROUGH */ + /* FALLTHROUGH */
case PAM_MAXTRIES: case PAM_MAXTRIES:
+ case PAM_USER_UNKNOWN:
+ case PAM_PERM_DENIED:
- if (type == PAM_ACCT_EXPIRED) - if (type == PAM_ACCT_EXPIRED)
- sshpam_account_status = 0; - sshpam_account_status = 0;
if (type == PAM_MAXTRIES) if (type == PAM_MAXTRIES)

8
openssh.spec
View File

@ -39,12 +39,12 @@
%{?static_openssl:%global static_libcrypto 1} %{?static_openssl:%global static_libcrypto 1}
%global openssh_ver 9.8p1 %global openssh_ver 9.8p1
%global openssh_rel 2 %global openssh_rel 3
Summary: An open source implementation of SSH protocol version 2 Summary: An open source implementation of SSH protocol version 2
Name: openssh Name: openssh
Version: %{openssh_ver} Version: %{openssh_ver}
Release: %{openssh_rel}%{?dist}.0 Release: %{openssh_rel}%{?dist}
URL: http://www.openssh.com/portable.html URL: http://www.openssh.com/portable.html
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
@ -653,6 +653,10 @@ test -f %{sysconfig_anaconda} && \
%attr(0755,root,root) %{_libdir}/sshtest/sk-dummy.so %attr(0755,root,root) %{_libdir}/sshtest/sk-dummy.so
%changelog %changelog
* Mon Aug 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.8p1-3
- sshd doesn't propose to enter password again when a non-existing user is specified
Resolves: RHEL-11981
* Fri Jul 26 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.8p1-2.0 * Fri Jul 26 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.8p1-2.0
- Temporary disabling self-test - Temporary disabling self-test
Related: RHEL-42635 Related: RHEL-42635