From 376416da9bca6296d15971a45bdcf169c82fe9d9 Mon Sep 17 00:00:00 2001
From: liuxinhao <liuxinhao@kylinsec.com.cn>
Date: Mon, 14 Nov 2022 16:59:31 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E9=97=AE=E9=A2=98:=E5=B7=B2?=
 =?UTF-8?q?=E7=BB=8F=E8=BF=87=E6=9C=9F=E7=9A=84=E8=B4=A6=E6=88=B7=E6=8C=81?=
 =?UTF-8?q?=E6=9C=89=E5=87=AD=E8=AF=81=E4=BB=8D=E7=84=B6=E8=83=BD=E7=99=BB?=
 =?UTF-8?q?=E5=BD=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...orization-bypass-due-to-incorrect-us.patch | 40 +++++++++++++++++++
 kiran-session-guard.spec                      |  7 +++-
 2 files changed, 45 insertions(+), 2 deletions(-)
 create mode 100644 0001-fix-CVE-PAM-authorization-bypass-due-to-incorrect-us.patch

diff --git a/0001-fix-CVE-PAM-authorization-bypass-due-to-incorrect-us.patch b/0001-fix-CVE-PAM-authorization-bypass-due-to-incorrect-us.patch
new file mode 100644
index 0000000..401ee06
--- /dev/null
+++ b/0001-fix-CVE-PAM-authorization-bypass-due-to-incorrect-us.patch
@@ -0,0 +1,40 @@
+From 308c40306db937dda0ed99c7a426c7730c3d326c Mon Sep 17 00:00:00 2001
+From: liuxinhao <liuxinhao@kylinsec.com.cn>
+Date: Mon, 14 Nov 2022 16:50:36 +0800
+Subject: [PATCH] fix(CVE): PAM authorization bypass due to incorrect usage
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+- 修复问题: 已经过期的账户持有凭证仍然能登录
+---
+ libexec/session-guard-checkpass/main.cpp | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/libexec/session-guard-checkpass/main.cpp b/libexec/session-guard-checkpass/main.cpp
+index e667bde..4606411 100644
+--- a/libexec/session-guard-checkpass/main.cpp
++++ b/libexec/session-guard-checkpass/main.cpp
+@@ -203,7 +203,6 @@ int main(int argc, char *argv[])
+ 
+     int authRes = PAM_SUCCESS;
+     authRes = pam_authenticate(pamh, 0);
+-
+     const char *newUserName;
+     if (pam_get_item(pamh, PAM_USER, (const void **)&newUserName) != PAM_SUCCESS)
+     {
+@@ -211,6 +210,11 @@ int main(int argc, char *argv[])
+         return EXIT_FAILURE;
+     }
+ 
++    if( authRes == PAM_SUCCESS )
++    {
++        authRes = pam_acct_mgmt(pamh, 0);
++    }
++
+     const char *authResultString = pam_strerror(pamh, authRes);
+     CompleteEvent event(true, authRes == PAM_SUCCESS, QString(authResultString));
+     kiran_pam_message_send_event(CHANNEL_WRITE, &event);
+-- 
+2.33.0
+
diff --git a/kiran-session-guard.spec b/kiran-session-guard.spec
index 50adaed..30985fb 100644
--- a/kiran-session-guard.spec
+++ b/kiran-session-guard.spec
@@ -1,12 +1,12 @@
 Name: kiran-session-guard
 Version: 2.4.0
-Release: 1
+Release: 2
 Summary: Kiran desktop environment login and lock screen dialog
 Summary(zh_CN): Kiran桌面环境登录和解锁框
 
 License: MulanPSL-2.0
 Source0: %{name}-%{version}.tar.gz
-
+Patch01: 0001-fix-CVE-PAM-authorization-bypass-due-to-incorrect-us.patch
 
 %define SHOW_VIRTUAL_KEYBOARD 0
 
@@ -134,6 +134,9 @@ gtk-update-icon-cache -f /usr/share/icons/hicolor/
 rm -rf %{buildroot}
 
 %changelog
+* Mon Nov 14 2022 liuxinhao <liuxinhao@kylinsec.com.cn> - 2.4.0-2
+- KYOS-F: fix PAM authorization bypass due to incorrect usage
+
 * Fri Nov 04 2022 liuxinhao <liuxinhao@kylinsec.com.cn> - 2.4.0-1
 - KYOS-F: release 2.4, kiran-control-panel greeter plugin support color block