vishalmishra434 / rpms / openssh

Forked from rpms/openssh a month ago
Clone
Source Code
GIT

Blame openssh-9.6p1-pam-rhost.patch

c10s-sig-hyperscale c10s-sig-hyperscale-2 c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   3d59a154394ed24b0066f0b0551f378078685228
  2.   openssh-9.6p1-pam-rhost.patch
Blob History Raw
Dmitry Belyavskiy 089d79 
From 26f366e263e575c4e1a18e2e64ba418f58878b37 Mon Sep 17 00:00:00 2001
Dmitry Belyavskiy 089d79 
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Dmitry Belyavskiy 089d79 
Date: Mon, 20 Mar 2023 20:22:14 +0100
Dmitry Belyavskiy 089d79 
Subject: [PATCH] Only set PAM_RHOST if the remote host is not "UNKNOWN"
Dmitry Belyavskiy 089d79
Dmitry Belyavskiy 089d79 
When using sshd's -i option with stdio that is not a AF_INET/AF_INET6
Dmitry Belyavskiy 089d79 
socket, auth_get_canonical_hostname() returns "UNKNOWN" which is then
Dmitry Belyavskiy 089d79 
set as the value of PAM_RHOST, causing pam to try to do a reverse DNS
Dmitry Belyavskiy 089d79 
query of "UNKNOWN", which times out multiple times, causing a
Dmitry Belyavskiy 089d79 
substantial slowdown when logging in.
Dmitry Belyavskiy 089d79
Dmitry Belyavskiy 089d79 
To fix this, let's only set PAM_RHOST if the hostname is not "UNKNOWN".
Dmitry Belyavskiy 089d79 
---
Dmitry Belyavskiy 089d79 
 auth-pam.c | 2 +-
Dmitry Belyavskiy 089d79 
 1 file changed, 1 insertion(+), 1 deletion(-)
Dmitry Belyavskiy 089d79
Dmitry Belyavskiy 089d79 
diff --git a/auth-pam.c b/auth-pam.c
Dmitry Belyavskiy 089d79 
index e143304e3..39b4e4563 100644
Dmitry Belyavskiy 089d79 
--- a/auth-pam.c
Dmitry Belyavskiy 089d79 
+++ b/auth-pam.c
Dmitry Belyavskiy 089d79 
@@ -735,7 +735,7 @@ sshpam_init(struct ssh *ssh, Authctxt *authctxt)
Dmitry Belyavskiy 089d79 
 		sshpam_laddr = get_local_ipaddr(
Dmitry Belyavskiy 089d79 
 		    ssh_packet_get_connection_in(ssh));
Dmitry Belyavskiy 089d79 
 	}
Dmitry Belyavskiy 089d79 
-	if (sshpam_rhost != NULL) {
Dmitry Belyavskiy 089d79 
+	if (sshpam_rhost != NULL && strcmp(sshpam_rhost, "UNKNOWN") != 0) {
Dmitry Belyavskiy 089d79 
 		debug("PAM: setting PAM_RHOST to \"%s\"", sshpam_rhost);
Dmitry Belyavskiy 089d79 
 		sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST,
Dmitry Belyavskiy 089d79 
 		    sshpam_rhost);
Dmitry Belyavskiy 089d79 
--
Dmitry Belyavskiy 089d79 
2.44.0
Dmitry Belyavskiy 089d79

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation