From d0754b1a8d7fda4bbb2b9a482ee840b8b706d433 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Fri, 21 May 2021 14:41:01 +0200 Subject: [PATCH] Hostbased ssh authentication fails if session ID contains a '/' Resolves: rhbz#1963058 --- openssh-7.8p1-role-mls.patch | 24 ++++++++++++------------ openssh.spec | 3 +++ 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/openssh-7.8p1-role-mls.patch b/openssh-7.8p1-role-mls.patch index a6c3bae..145eac0 100644 --- a/openssh-7.8p1-role-mls.patch +++ b/openssh-7.8p1-role-mls.patch @@ -179,10 +179,10 @@ diff -up openssh/misc.c.role-mls openssh/misc.c } return NULL; } -diff -up openssh/monitor.c.role-mls openssh/monitor.c ---- openssh/monitor.c.role-mls 2018-08-20 07:57:29.000000000 +0200 -+++ openssh/monitor.c 2018-08-22 11:19:56.006844867 +0200 -@@ -115,6 +115,9 @@ int mm_answer_sign(int, struct sshbuf *) +diff -up openssh-8.6p1/monitor.c.role-mls openssh-8.6p1/monitor.c +--- openssh-8.6p1/monitor.c.role-mls 2021-04-16 05:55:25.000000000 +0200 ++++ openssh-8.6p1/monitor.c 2021-05-21 14:21:56.719414087 +0200 +@@ -117,6 +117,9 @@ int mm_answer_sign(struct ssh *, int, st int mm_answer_pwnamallow(struct ssh *, int, struct sshbuf *); int mm_answer_auth2_read_banner(struct ssh *, int, struct sshbuf *); int mm_answer_authserv(struct ssh *, int, struct sshbuf *); @@ -192,7 +192,7 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c int mm_answer_authpassword(struct ssh *, int, struct sshbuf *); int mm_answer_bsdauthquery(struct ssh *, int, struct sshbuf *); int mm_answer_bsdauthrespond(struct ssh *, int, struct sshbuf *); -@@ -189,6 +192,9 @@ struct mon_table mon_dispatch_proto20[] +@@ -195,6 +198,9 @@ struct mon_table mon_dispatch_proto20[] {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, @@ -202,7 +202,7 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, #ifdef USE_PAM -@@ -796,6 +802,9 @@ mm_answer_pwnamallow(int sock, struct ss +@@ -803,6 +809,9 @@ mm_answer_pwnamallow(struct ssh *ssh, in /* Allow service/style information on the auth context */ monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); @@ -212,7 +212,7 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); #ifdef USE_PAM -@@ -842,6 +851,26 @@ mm_answer_authserv(int sock, struct sshb +@@ -877,6 +886,26 @@ key_base_type_match(const char *method, return found; } @@ -239,7 +239,7 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c int mm_answer_authpassword(struct ssh *ssh, int sock, struct sshbuf *m) { -@@ -1218,7 +1247,7 @@ monitor_valid_userblob(u_char *data, u_i +@@ -1251,7 +1280,7 @@ monitor_valid_userblob(struct ssh *ssh, { struct sshbuf *b; const u_char *p; @@ -248,7 +248,7 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c size_t len; u_char type; int r, fail = 0; -@@ -1251,6 +1280,8 @@ monitor_valid_userblob(u_char *data, u_i +@@ -1282,6 +1311,8 @@ monitor_valid_userblob(struct ssh *ssh, fail++; if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0) fatal_fr(r, "parse userstyle"); @@ -257,7 +257,7 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c xasprintf(&userstyle, "%s%s%s", authctxt->user, authctxt->style ? ":" : "", authctxt->style ? authctxt->style : ""); -@@ -1286,7 +1317,7 @@ monitor_valid_hostbasedblob(u_char *data +@@ -1317,7 +1348,7 @@ monitor_valid_hostbasedblob(const u_char { struct sshbuf *b; const u_char *p; @@ -266,11 +266,11 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c size_t len; int r, fail = 0; u_char type; -@@ -1308,6 +1339,8 @@ monitor_valid_hostbasedblob(u_char *data +@@ -1338,6 +1370,8 @@ monitor_valid_hostbasedblob(const u_char fail++; if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0) fatal_fr(r, "parse userstyle"); -+ if ((s = strchr(p, '/')) != NULL) ++ if ((s = strchr(cp, '/')) != NULL) + *s = '\0'; xasprintf(&userstyle, "%s%s%s", authctxt->user, authctxt->style ? ":" : "", diff --git a/openssh.spec b/openssh.spec index f5ef3df..75d68b7 100644 --- a/openssh.spec +++ b/openssh.spec @@ -659,6 +659,9 @@ test -f %{sysconfig_anaconda} && \ %endif %changelog +* Fri May 21 2021 Dmitry Belyavskiy - 8.6p1-3 +- Hostbased ssh authentication fails if session ID contains a '/' (#1963058) + * Mon May 10 2021 Dmitry Belyavskiy - 8.6p1-2 - rebuilt