pcs/0002-FIX-CVE-2022-1049.patch

From 4aaee013a2ad016399bc86d13c50c008214ddea4 Mon Sep 17 00:00:00 2001
From: duyiwei <duyiwei@kylinos.cn>
Date: Fri, 17 Jun 2022 10:00:03 +0800
Subject: [PATCH] CVE-2022-1049

Signed-off-by: duyiwei <duyiwei@kylinos.cn>
---
 CHANGELOG.md       | 4 +++-
 pcs/daemon/auth.py | 3 +++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index feefd72..9e44da5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,6 +17,8 @@
 - Removed unwanted logging to system log (/var/log/messages) ([rhbz#1917286])
 - Fixed rare race condition in `pcs cluster start --wait` ([rhbz#1794062])
 - Better error message when unable to connect to pcsd ([rhbz#1619818])
+- Pcs daemon was allowing expired accounts, and accounts with expired
+  passwords to login when using PAM auth. ([huntr#220307])
 
 ### Deprecated
 - Commands `pcs config import-cman` and `pcs config export
@@ -38,7 +40,7 @@
 [rhbz#1869399]: https://bugzilla.redhat.com/show_bug.cgi?id=1869399
 [rhbz#1885841]: https://bugzilla.redhat.com/show_bug.cgi?id=1885841
 [rhbz#1917286]: https://bugzilla.redhat.com/show_bug.cgi?id=1917286
-
+[huntr#220307]: https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5/
 
 ## [0.10.7] - 2020-09-30
 
diff --git a/pcs/daemon/auth.py b/pcs/daemon/auth.py
index 2c86b17..d99ae2d 100644
--- a/pcs/daemon/auth.py
+++ b/pcs/daemon/auth.py
@@ -52,6 +52,7 @@ libpam = CDLL(find_library("pam"))
 strdup = prep_fn(libc.strdup, POINTER(c_char), [c_char_p])
 calloc = prep_fn(libc.calloc, c_void_p, [c_uint, c_uint])
 pam_authenticate = prep_fn(libpam.pam_authenticate, c_int, [pam_handle, c_int])
+pam_acct_mgmt = prep_fn(libpam.pam_acct_mgmt, c_int, [pam_handle, c_int])
 pam_end = prep_fn(libpam.pam_end, c_int, [pam_handle, c_int])
 pam_start = prep_fn(
     libpam.pam_start,
@@ -90,6 +91,8 @@ def authenticate_by_pam(username, password):
     )
     if returncode == PAM_SUCCESS:
         returncode = pam_authenticate(pamh, 0)
+    if returncode == PAM_SUCCESS:
+        returncode = pam_acct_mgmt(pamh, 0)
     pam_end(pamh, returncode)
     return returncode == PAM_SUCCESS
 
-- 
2.33.0
FIX-CVE-2022-1049 2022-06-17 09:34:17 +08:00			`From 4aaee013a2ad016399bc86d13c50c008214ddea4 Mon Sep 17 00:00:00 2001`
			`From: duyiwei <duyiwei@kylinos.cn>`
			`Date: Fri, 17 Jun 2022 10:00:03 +0800`
			`Subject: [PATCH] CVE-2022-1049`

			`Signed-off-by: duyiwei <duyiwei@kylinos.cn>`
			`---`
			`CHANGELOG.md \| 4 +++-`
			`pcs/daemon/auth.py \| 3 +++`
			`2 files changed, 6 insertions(+), 1 deletion(-)`

			`diff --git a/CHANGELOG.md b/CHANGELOG.md`
			`index feefd72..9e44da5 100644`
			`--- a/CHANGELOG.md`
			`+++ b/CHANGELOG.md`
			`@@ -17,6 +17,8 @@`
			`- Removed unwanted logging to system log (/var/log/messages) ([rhbz#1917286])`
			- Fixed rare race condition in `pcs cluster start --wait` ([rhbz#1794062])
			`- Better error message when unable to connect to pcsd ([rhbz#1619818])`
			`+- Pcs daemon was allowing expired accounts, and accounts with expired`
			`+ passwords to login when using PAM auth. ([huntr#220307])`

			`### Deprecated`
			- Commands `pcs config import-cman` and `pcs config export
			`@@ -38,7 +40,7 @@`
			`[rhbz#1869399]: https://bugzilla.redhat.com/show_bug.cgi?id=1869399`
			`[rhbz#1885841]: https://bugzilla.redhat.com/show_bug.cgi?id=1885841`
			`[rhbz#1917286]: https://bugzilla.redhat.com/show_bug.cgi?id=1917286`
			`-`
			`+[huntr#220307]: https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5/`

			`## [0.10.7] - 2020-09-30`

			`diff --git a/pcs/daemon/auth.py b/pcs/daemon/auth.py`
			`index 2c86b17..d99ae2d 100644`
			`--- a/pcs/daemon/auth.py`
			`+++ b/pcs/daemon/auth.py`
			`@@ -52,6 +52,7 @@ libpam = CDLL(find_library("pam"))`
			`strdup = prep_fn(libc.strdup, POINTER(c_char), [c_char_p])`
			`calloc = prep_fn(libc.calloc, c_void_p, [c_uint, c_uint])`
			`pam_authenticate = prep_fn(libpam.pam_authenticate, c_int, [pam_handle, c_int])`
			`+pam_acct_mgmt = prep_fn(libpam.pam_acct_mgmt, c_int, [pam_handle, c_int])`
			`pam_end = prep_fn(libpam.pam_end, c_int, [pam_handle, c_int])`
			`pam_start = prep_fn(`
			`libpam.pam_start,`
			`@@ -90,6 +91,8 @@ def authenticate_by_pam(username, password):`
			`)`
			`if returncode == PAM_SUCCESS:`
			`returncode = pam_authenticate(pamh, 0)`
			`+ if returncode == PAM_SUCCESS:`
			`+ returncode = pam_acct_mgmt(pamh, 0)`
			`pam_end(pamh, returncode)`
			`return returncode == PAM_SUCCESS`

			`--`
			`2.33.0`