From 55b673d8e21acfc6b77fc285c9ef7b5bbd38b6fd Mon Sep 17 00:00:00 2001 From: duyiwei Date: Fri, 17 Jun 2022 15:21:50 +0800 Subject: [PATCH] FIX-CVE-2022-1049 Signed-off-by: duyiwei --- CHANGELOG.md | 4 +++- pcs/daemon/auth.py | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c9484a7..39a5865 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,8 @@ - Improved ACL documentation ([rhbz#1722970]) - Added missing Strict-Transport-Security headers to redirects ([rhbz#1810017]) - Improved pcsd daemon performance ([rhbz#1783106]) +- Pcs daemon was allowing expired accounts, and accounts with expired + passwords to login when using PAM auth. ([huntr#220307]) [ghissue#231]: https://github.com/ClusterLabs/pcs/issues/231 [rhbz#1676431]: https://bugzilla.redhat.com/show_bug.cgi?id=1676431 @@ -28,7 +30,7 @@ [rhbz#1793574]: https://bugzilla.redhat.com/show_bug.cgi?id=1793574 [rhbz#1805082]: https://bugzilla.redhat.com/show_bug.cgi?id=1805082 [rhbz#1810017]: https://bugzilla.redhat.com/show_bug.cgi?id=1810017 - +[huntr#220307]: https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5/ ## [0.10.4] - 2019-11-28 diff --git a/pcs/daemon/auth.py b/pcs/daemon/auth.py index fa8cc24..7113046 100644 --- a/pcs/daemon/auth.py +++ b/pcs/daemon/auth.py @@ -46,6 +46,7 @@ libpam = CDLL(find_library("pam")) strdup = prep_fn(libc.strdup, POINTER(c_char), [c_char_p]) calloc = prep_fn(libc.calloc, c_void_p, [c_uint, c_uint]) pam_authenticate = prep_fn(libpam.pam_authenticate, c_int, [pam_handle, c_int]) +pam_acct_mgmt = prep_fn(libpam.pam_acct_mgmt, c_int, [pam_handle, c_int]) pam_end = prep_fn(libpam.pam_end, c_int, [pam_handle, c_int]) pam_start = prep_fn( libpam.pam_start, @@ -82,6 +83,8 @@ def authenticate_by_pam(username, password): ) if returncode == PAM_SUCCESS: returncode = pam_authenticate(pamh, 0) + if returncode == PAM_SUCCESS: + returncode = pam_acct_mgmt(pamh, 0) pam_end(pamh, returncode) return returncode == PAM_SUCCESS -- 2.33.0