Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/openssh/dist Increase strictness of blac...
details: https://anonhg.NetBSD.org/src/rev/232ca035803f
branches: trunk
changeset: 832691:232ca035803f
user: christos <christos%NetBSD.org@localhost>
date: Wed May 23 16:04:13 2018 +0000
description:
Increase strictness of blacklistd patches to include timeouts, operating
system errors, and pam failures.
diffstat:
crypto/external/bsd/openssh/dist/auth-pam.c | 4 +++-
crypto/external/bsd/openssh/dist/sshd.c | 9 ++++++---
2 files changed, 9 insertions(+), 4 deletions(-)
diffs (72 lines):
diff -r ac51a4c1eddf -r 232ca035803f crypto/external/bsd/openssh/dist/auth-pam.c
--- a/crypto/external/bsd/openssh/dist/auth-pam.c Wed May 23 16:03:07 2018 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-pam.c Wed May 23 16:04:13 2018 +0000
@@ -50,7 +50,7 @@
/*
* NetBSD local changes
*/
-__RCSID("$NetBSD: auth-pam.c,v 1.14 2018/04/06 18:58:59 christos Exp $");
+__RCSID("$NetBSD: auth-pam.c,v 1.15 2018/05/23 16:04:13 christos Exp $");
#undef USE_POSIX_THREADS /* Not yet */
#define HAVE_SECURITY_PAM_APPL_H
#define HAVE_PAM_GETENVLIST
@@ -552,6 +552,7 @@
ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, &buffer);
else
ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer);
+ pfilter_notify(1);
buffer_free(&buffer);
pthread_exit(NULL);
@@ -830,6 +831,7 @@
free(msg);
return (0);
}
+ pfilter_notify(1);
error("PAM: %s for %s%.100s from %.100s", msg,
sshpam_authctxt->valid ? "" : "illegal user ",
sshpam_authctxt->user,
diff -r ac51a4c1eddf -r 232ca035803f crypto/external/bsd/openssh/dist/sshd.c
--- a/crypto/external/bsd/openssh/dist/sshd.c Wed May 23 16:03:07 2018 +0000
+++ b/crypto/external/bsd/openssh/dist/sshd.c Wed May 23 16:04:13 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: sshd.c,v 1.30 2018/04/08 21:56:48 joerg Exp $ */
+/* $NetBSD: sshd.c,v 1.31 2018/05/23 16:04:13 christos Exp $ */
/* $OpenBSD: sshd.c,v 1.506 2018/03/03 03:15:51 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
@@ -44,7 +44,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: sshd.c,v 1.30 2018/04/08 21:56:48 joerg Exp $");
+__RCSID("$NetBSD: sshd.c,v 1.31 2018/05/23 16:04:13 christos Exp $");
#include <sys/types.h>
#include <sys/param.h>
#include <sys/ioctl.h>
@@ -344,6 +344,7 @@
__dead static void
grace_alarm_handler(int sig)
{
+ pfilter_notify(1);
if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0)
kill(pmonitor->m_pid, SIGALRM);
@@ -356,7 +357,6 @@
killpg(0, SIGTERM);
}
- pfilter_notify(1);
/* Log error and exit. */
sigdie("Timeout before authentication for %s port %d",
ssh_remote_ipaddr(active_state), ssh_remote_port(active_state));
@@ -2193,6 +2193,9 @@
{
struct ssh *ssh = active_state; /* XXX */
+ if (i == 255)
+ pfilter_notify(1);
+
if (the_authctxt) {
do_cleanup(ssh, the_authctxt);
if (use_privsep && privsep_is_preauth &&
Home |
Main Index |
Thread Index |
Old Index