packages/pcs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!13 FIX-CVE-2022-1049

Browse Source 
From: @duyiwei7w 
Reviewed-by: @yangzhao_kl 
Signed-off-by: @yangzhao_kl
This commit is contained in:
openeuler-ci-bot 2022-06-17 05:49:50 +00:00 committed by Gitee
commit 3463efe60f
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 62 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
0002-FIX-CVE-2022-1049.patch Normal file
View File

@ -0,0 +1,57 @@
From 4aaee013a2ad016399bc86d13c50c008214ddea4 Mon Sep 17 00:00:00 2001
From: duyiwei <duyiwei@kylinos.cn>
Date: Fri, 17 Jun 2022 10:00:03 +0800
Subject: [PATCH] CVE-2022-1049
Signed-off-by: duyiwei <duyiwei@kylinos.cn>
---
CHANGELOG.md | 4 +++-
pcs/daemon/auth.py | 3 +++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index feefd72..9e44da5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,6 +17,8 @@
- Removed unwanted logging to system log (/var/log/messages) ([rhbz#1917286])
- Fixed rare race condition in `pcs cluster start --wait` ([rhbz#1794062])
- Better error message when unable to connect to pcsd ([rhbz#1619818])
+- Pcs daemon was allowing expired accounts, and accounts with expired
+ passwords to login when using PAM auth. ([huntr#220307])
### Deprecated
- Commands `pcs config import-cman` and `pcs config export
@@ -38,7 +40,7 @@
[rhbz#1869399]: https://bugzilla.redhat.com/show_bug.cgi?id=1869399
[rhbz#1885841]: https://bugzilla.redhat.com/show_bug.cgi?id=1885841
[rhbz#1917286]: https://bugzilla.redhat.com/show_bug.cgi?id=1917286
-
+[huntr#220307]: https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5/
## [0.10.7] - 2020-09-30
diff --git a/pcs/daemon/auth.py b/pcs/daemon/auth.py
index 2c86b17..d99ae2d 100644
--- a/pcs/daemon/auth.py
+++ b/pcs/daemon/auth.py
@@ -52,6 +52,7 @@ libpam = CDLL(find_library("pam"))
strdup = prep_fn(libc.strdup, POINTER(c_char), [c_char_p])
calloc = prep_fn(libc.calloc, c_void_p, [c_uint, c_uint])
pam_authenticate = prep_fn(libpam.pam_authenticate, c_int, [pam_handle, c_int])
+pam_acct_mgmt = prep_fn(libpam.pam_acct_mgmt, c_int, [pam_handle, c_int])
pam_end = prep_fn(libpam.pam_end, c_int, [pam_handle, c_int])
pam_start = prep_fn(
libpam.pam_start,
@@ -90,6 +91,8 @@ def authenticate_by_pam(username, password):
)
if returncode == PAM_SUCCESS:
returncode = pam_authenticate(pamh, 0)
+ if returncode == PAM_SUCCESS:
+ returncode = pam_acct_mgmt(pamh, 0)
pam_end(pamh, returncode)
return returncode == PAM_SUCCESS
--
2.33.0

6
pcs.spec
View File

@ -1,6 +1,6 @@
Name: pcs Name: pcs
Version: 0.10.8 Version: 0.10.8
Release: 1 Release: 2
License: GPLv2 and BSD-2-Clause and ASL 2.0 and MIT License: GPLv2 and BSD-2-Clause and ASL 2.0 and MIT
URL: https://github.com/ClusterLabs/pcs URL: https://github.com/ClusterLabs/pcs
Summary: Pacemaker Configuration System Summary: Pacemaker Configuration System
@ -42,6 +42,7 @@ Source3: https://github.com/idevat/pcs-web-ui/archive/%{ui_commit}/%{ui_src_name
Source4: https://github.com/idevat/pcs-web-ui/releases/download/%{ui_commit}/pcs-web-ui-node-modules-%{ui_commit}.tar.xz Source4: https://github.com/idevat/pcs-web-ui/releases/download/%{ui_commit}/pcs-web-ui-node-modules-%{ui_commit}.tar.xz
Patch0: 0001-Resolve-the-failure-of-field-matching-in-test-cases.patch Patch0: 0001-Resolve-the-failure-of-field-matching-in-test-cases.patch
Patch1: 0002-FIX-CVE-2022-1049.patch
# git for patches # git for patches
BuildRequires: make BuildRequires: make
BuildRequires: git-core BuildRequires: git-core
@ -386,6 +387,9 @@ remove_all_tests
%license pyagentx_LICENSE.txt %license pyagentx_LICENSE.txt
%changelog %changelog
* Fri Jun 17 2022 duyiwei <duyiwei@kylinos.cn> - 0.10.8-2
- FIX-CVE-2022-1049
* Thu Mar 10 2022 jiangxinyu <jiangxinyu@kylinos.cn> - 0.10.8-1 * Thu Mar 10 2022 jiangxinyu <jiangxinyu@kylinos.cn> - 0.10.8-1
- update to 0.10.8 - update to 0.10.8