saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Simply check against cleaned key from disk.

Browse source
This commit is contained in:
Justin Zandbergen 2024-02-26 10:09:46 +01:00 committed by Daniel Wozniak
parent 4e72e2f0a5
commit 0f4c022fda
1 changed files with 1 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
salt/channel/server.py
View file

@ -371,15 +371,7 @@ class ReqServerChannel:
elif os.path.isfile(pubfn):
# The key has been accepted, check it
with salt.utils.files.fopen(pubfn, "r") as pubfn_handle:
keyFromDisk = pubfn_handle.read()
# if the keyFromDisk has a final newline it is a oldstyle key
# if we clean it, it will not match. Only clean the key if it
# is a new style key.
if keyFromDisk[-1:] != "\n":
keyFromDisk = salt.crypt.clean_key(keyFromDisk)
if keyFromDisk != load["pub"]:
if salt.crypt.clean_key(pubfn_handle.read()) != salt.crypt.clean_key(load["pub"])
log.error(
"Authentication attempt from %s failed, the public "
"keys did not match. This may be an attempt to compromise "