From 4aaee013a2ad016399bc86d13c50c008214ddea4 Mon Sep 17 00:00:00 2001 From: duyiwei Date: Fri, 17 Jun 2022 10:00:03 +0800 Subject: [PATCH] CVE-2022-1049 Signed-off-by: duyiwei --- CHANGELOG.md | 4 +++- pcs/daemon/auth.py | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index feefd72..9e44da5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,8 @@ - Removed unwanted logging to system log (/var/log/messages) ([rhbz#1917286]) - Fixed rare race condition in `pcs cluster start --wait` ([rhbz#1794062]) - Better error message when unable to connect to pcsd ([rhbz#1619818]) +- Pcs daemon was allowing expired accounts, and accounts with expired + passwords to login when using PAM auth. ([huntr#220307]) ### Deprecated - Commands `pcs config import-cman` and `pcs config export @@ -38,7 +40,7 @@ [rhbz#1869399]: https://bugzilla.redhat.com/show_bug.cgi?id=1869399 [rhbz#1885841]: https://bugzilla.redhat.com/show_bug.cgi?id=1885841 [rhbz#1917286]: https://bugzilla.redhat.com/show_bug.cgi?id=1917286 - +[huntr#220307]: https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5/ ## [0.10.7] - 2020-09-30 diff --git a/pcs/daemon/auth.py b/pcs/daemon/auth.py index 2c86b17..d99ae2d 100644 --- a/pcs/daemon/auth.py +++ b/pcs/daemon/auth.py @@ -52,6 +52,7 @@ libpam = CDLL(find_library("pam")) strdup = prep_fn(libc.strdup, POINTER(c_char), [c_char_p]) calloc = prep_fn(libc.calloc, c_void_p, [c_uint, c_uint]) pam_authenticate = prep_fn(libpam.pam_authenticate, c_int, [pam_handle, c_int]) +pam_acct_mgmt = prep_fn(libpam.pam_acct_mgmt, c_int, [pam_handle, c_int]) pam_end = prep_fn(libpam.pam_end, c_int, [pam_handle, c_int]) pam_start = prep_fn( libpam.pam_start, @@ -90,6 +91,8 @@ def authenticate_by_pam(username, password): ) if returncode == PAM_SUCCESS: returncode = pam_authenticate(pamh, 0) + if returncode == PAM_SUCCESS: + returncode = pam_acct_mgmt(pamh, 0) pam_end(pamh, returncode) return returncode == PAM_SUCCESS -- 2.33.0