saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

fix: Older keys end with a newline, this breaks minion auth.

Browse source
This commit is contained in:
Justin Zandbergen 2024-02-23 10:50:22 +01:00 committed by Daniel Wozniak
parent e9122b1d7c
commit 52d9886620
1 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
salt/channel/server.py
View file

@ -371,7 +371,15 @@ class ReqServerChannel:
elif os.path.isfile(pubfn):
# The key has been accepted, check it
with salt.utils.files.fopen(pubfn, "r") as pubfn_handle:
if salt.crypt.clean_key(pubfn_handle.read()) != load["pub"]:
keyFromDisk = pubfn_handle.read()
# if the keyFromDisk has a final newline it is a oldstyle key
# if we clean it, it will not match. Only clean the key if it
# is a new style key.
if keyFromDisk[-1:] != "\n":
keyFromDisk = salt.crypt.clean(orgkey)
if keyFromDisk != load["pub"]:
log.error(
"Authentication attempt from %s failed, the public "
"keys did not match. This may be an attempt to compromise "