Projects
Factory:RISC-V:Base
openssh
_service:tar_scm:bugfix-openssh-add-option-chec...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:bugfix-openssh-add-option-check-username-splash.patch of Package openssh
From 74c1a37dfeab8e9cc39e5bc76891d1d9d66b7638 Mon Sep 17 00:00:00 2001 From: wangqiang <wangqiang62@huawei.com> Date: Thu, 16 Apr 2020 15:58:30 +0800 Subject: [PATCH] openssh: add option check username splash add a check to inhibit username contains splash add an option 'CheckUserSplash' so that user can turn off this check --- auth2.c | 4 +++- servconf.c | 8 ++++++++ servconf.h | 1 + sshd_config | 2 ++ 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/auth2.c b/auth2.c index 203ba01..284ea19 100644 --- a/auth2.c +++ b/auth2.c @@ -281,11 +281,13 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) debug("userauth-request for user %s service %s method %s", user, service, method); debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); +if (options.check_user_splash) +{ #ifdef WITH_SELINUX if ((role = strchr(user, '/')) != NULL) *role++ = 0; #endif - +} if ((style = strchr(user, ':')) != NULL) *style++ = 0; diff --git a/servconf.c b/servconf.c index d72fb62..6888971 100644 --- a/servconf.c +++ b/servconf.c @@ -201,6 +201,7 @@ initialize_server_options(ServerOptions *options) options->ip_qos_interactive = -1; options->ip_qos_bulk = -1; options->version_addendum = NULL; + options->check_user_splash = -1; options->fingerprint_hash = -1; options->disable_forwarding = -1; options->expose_userauth_info = -1; @@ -460,6 +461,8 @@ fill_default_server_options(ServerOptions *options) options->ip_qos_bulk = IPTOS_DSCP_CS1; if (options->version_addendum == NULL) options->version_addendum = xstrdup(""); + if (options->check_user_splash == -1) + options->check_user_splash = 1; if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) options->fwd_opts.streamlocal_bind_mask = 0177; if (options->fwd_opts.streamlocal_bind_unlink == -1) @@ -553,6 +556,7 @@ typedef enum { sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider, sRequiredRSASize, + sCheckUserSplash, sDeprecated, sIgnore, sUnsupported } ServerOpCodes; @@ -726,6 +730,7 @@ static struct { { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, + { "checkusersplash", sCheckUserSplash, SSHCFG_GLOBAL }, { "rdomain", sRDomain, SSHCFG_ALL }, { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL }, @@ -1384,6 +1389,9 @@ process_server_config_line_depth(ServerOptions *options, char *line, case sUsePAM: intptr = &options->use_pam; goto parse_flag; + case sCheckUserSplash: + intptr = &options->check_user_splash; + goto parse_flag; /* Standard Options */ case sBadOption: diff --git a/servconf.h b/servconf.h index 77fd779..694addf 100644 --- a/servconf.h +++ b/servconf.h @@ -237,6 +237,7 @@ typedef struct { int fingerprint_hash; int expose_userauth_info; u_int64_t timing_secret; + int check_user_splash; /* check whether splash exists in username, if exist, disable login */ char *sk_provider; int required_rsa_size; /* minimum size of RSA keys */ } ServerOptions; diff --git a/sshd_config b/sshd_config index 6d47368..973aecf 100644 --- a/sshd_config +++ b/sshd_config @@ -128,3 +128,5 @@ Subsystem sftp /usr/libexec/sftp-server # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server +#CheckUserSplash yes + -- 2.27.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2