[src/trunk]: src/crypto/external/bsd/openssh/dist Increase strictness of blac...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/41e7679194e5
branches:  trunk
changeset: 319279:41e7679194e5
user:      christos <christos%NetBSD.org@localhost>
date:      Wed May 23 16:04:13 2018 +0000

description:
Increase strictness of blacklistd patches to include timeouts, operating
system errors, and pam failures.

diffstat:

 crypto/external/bsd/openssh/dist/auth-pam.c |  4 +++-
 crypto/external/bsd/openssh/dist/sshd.c     |  9 ++++++---
 2 files changed, 9 insertions(+), 4 deletions(-)

diffs (72 lines):

diff -r 643c03610141 -r 41e7679194e5 crypto/external/bsd/openssh/dist/auth-pam.c
--- a/crypto/external/bsd/openssh/dist/auth-pam.c       Wed May 23 16:03:07 2018 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-pam.c       Wed May 23 16:04:13 2018 +0000
@@ -50,7 +50,7 @@
 /*
  * NetBSD local changes
  */
-__RCSID("$NetBSD: auth-pam.c,v 1.14 2018/04/06 18:58:59 christos Exp $");
+__RCSID("$NetBSD: auth-pam.c,v 1.15 2018/05/23 16:04:13 christos Exp $");
 #undef USE_POSIX_THREADS /* Not yet */
 #define HAVE_SECURITY_PAM_APPL_H
 #define HAVE_PAM_GETENVLIST
@@ -552,6 +552,7 @@
                ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, &buffer);
        else
                ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer);
+       pfilter_notify(1);
        buffer_free(&buffer);
        pthread_exit(NULL);
 
@@ -830,6 +831,7 @@
                                free(msg);
                                return (0);
                        }
+                       pfilter_notify(1);
                        error("PAM: %s for %s%.100s from %.100s", msg,
                            sshpam_authctxt->valid ? "" : "illegal user ",
                            sshpam_authctxt->user,
diff -r 643c03610141 -r 41e7679194e5 crypto/external/bsd/openssh/dist/sshd.c
--- a/crypto/external/bsd/openssh/dist/sshd.c   Wed May 23 16:03:07 2018 +0000
+++ b/crypto/external/bsd/openssh/dist/sshd.c   Wed May 23 16:04:13 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: sshd.c,v 1.30 2018/04/08 21:56:48 joerg Exp $  */
+/*     $NetBSD: sshd.c,v 1.31 2018/05/23 16:04:13 christos Exp $       */
 /* $OpenBSD: sshd.c,v 1.506 2018/03/03 03:15:51 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
@@ -44,7 +44,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: sshd.c,v 1.30 2018/04/08 21:56:48 joerg Exp $");
+__RCSID("$NetBSD: sshd.c,v 1.31 2018/05/23 16:04:13 christos Exp $");
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/ioctl.h>
@@ -344,6 +344,7 @@
 __dead static void
 grace_alarm_handler(int sig)
 {
+       pfilter_notify(1);
        if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0)
                kill(pmonitor->m_pid, SIGALRM);
 
@@ -356,7 +357,6 @@
                killpg(0, SIGTERM);
        }
 
-       pfilter_notify(1);
        /* Log error and exit. */
        sigdie("Timeout before authentication for %s port %d",
            ssh_remote_ipaddr(active_state), ssh_remote_port(active_state));
@@ -2193,6 +2193,9 @@
 {
        struct ssh *ssh = active_state; /* XXX */
 
+       if (i == 255)
+               pfilter_notify(1);
+
        if (the_authctxt) {
                do_cleanup(ssh, the_authctxt);
                if (use_privsep && privsep_is_preauth &&