CVS commit: src/external/bsd/blacklist/diff
Module Name:src
Committed By: christos
Date: Wed May 23 16:03:07 UTC 2018
Modified Files:
src/external/bsd/blacklist/diff: ssh.diff
Log Message:
refresh the diffs to the latest portable
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 src/external/bsd/blacklist/diff/ssh.diff
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/diff/ssh.diff
diff -u src/external/bsd/blacklist/diff/ssh.diff:1.9 src/external/bsd/blacklist/diff/ssh.diff:1.10
--- src/external/bsd/blacklist/diff/ssh.diff:1.9 Mon Jun 26 13:12:05 2017
+++ src/external/bsd/blacklist/diff/ssh.diff Wed May 23 12:03:07 2018
@@ -62,174 +62,89 @@ diff -u -u -r1.10 Makefile
+
+LDADD+= -lblacklist
+DPADD+= ${LIBBLACKLIST}
-Index: dist/auth.c
-===
-RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth.c,v
-retrieving revision 1.10
-diff -u -u -r1.10 auth.c
dist/auth.c 19 Oct 2014 16:30:58 - 1.10
-+++ dist/auth.c 22 Jan 2015 21:39:22 -
-@@ -62,6 +62,7 @@
- #include "monitor_wrap.h"
- #include "krl.h"
- #include "compat.h"
-+#include "pfilter.h"
-
- #ifdef HAVE_LOGIN_CAP
- #include
-@@ -362,6 +363,8 @@
- compat20 ? "ssh2" : "ssh1",
- authctxt->info != NULL ? ": " : "",
- authctxt->info != NULL ? authctxt->info : "");
-+ if (!authctxt->postponed)
-+ pfilter_notify(!authenticated);
- free(authctxt->info);
- authctxt->info = NULL;
- }
-Index: dist/sshd.c
-===
-RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/sshd.c,v
-retrieving revision 1.15
-diff -u -u -r1.15 sshd.c
dist/sshd.c 28 Oct 2014 21:36:16 - 1.15
-+++ dist/sshd.c 22 Jan 2015 21:39:22 -
-@@ -109,6 +109,7 @@
- #include "roaming.h"
- #include "ssh-sandbox.h"
- #include "version.h"
-+#include "pfilter.h"
-
- #ifdef LIBWRAP
- #include
-@@ -364,6 +365,7 @@
- killpg(0, SIGTERM);
- }
-
-+ pfilter_notify(1);
- /* Log error and exit. */
- sigdie("Timeout before authentication for %s", get_remote_ipaddr());
- }
-@@ -1160,6 +1162,7 @@
- for (i = 0; i < options.max_startups; i++)
- startup_pipes[i] = -1;
-
-+ pfilter_init();
- /*
- * Stay listening for connections until the system crashes or
- * the daemon is killed with a signal.
-Index: auth1.c
-===
-RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth1.c,v
-retrieving revision 1.9
-diff -u -u -r1.9 auth1.c
auth1.c 19 Oct 2014 16:30:58 - 1.9
-+++ auth1.c 14 Feb 2015 15:40:51 -
-@@ -41,6 +41,7 @@
+diff -ru openssh-7.7p1/auth-pam.c dist/auth-pam.c
+--- openssh-7.7p1/auth-pam.c 2018-04-02 01:38:28.0 -0400
dist/auth-pam.c 2018-05-23 11:56:22.206661484 -0400
+@@ -103,6 +103,7 @@
+ #include "ssh-gss.h"
#endif
#include "monitor_wrap.h"
- #include "buffer.h"
+#include "pfilter.h"
- /* import */
extern ServerOptions options;
-@@ -445,6 +446,7 @@
- else {
- debug("do_authentication: invalid user %s", user);
- authctxt->pw = fakepw();
-+ pfilter_notify(1);
- }
+ extern Buffer loginmsg;
+@@ -526,6 +527,7 @@
+ ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, );
+ else
+ ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, );
++ pfilter_notify(1);
+ buffer_free();
+ pthread_exit(NULL);
- /* Configuration may have changed as a result of Match */
-Index: auth2.c
-===
-RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth2.c,v
-retrieving revision 1.9
-diff -u -u -r1.9 auth2.c
auth2.c 19 Oct 2014 16:30:58 - 1.9
-+++ auth2.c 14 Feb 2015 15:40:51 -
-@@ -52,6 +52,7 @@
+@@ -804,6 +806,7 @@
+ free(msg);
+ return (0);
+ }
++ pfilter_notify(1);
+ error("PAM: %s for %s%.100s from %.100s", msg,
+ sshpam_authctxt->valid ? "" : "illegal user ",
+ sshpam_authctxt->user,
+diff -ru openssh-7.7p1/auth2.c dist/auth2.c
+--- openssh-7.7p1/auth2.c 2018-04-02 01:38:28.0 -0400
dist/auth2.c 2018-05-23 11:57:31.022197317 -0400
+@@ -51,6 +51,7 @@
+ #include "dispatch.h"
#include "pathnames.h"
#include "buffer.h"
- #include "canohost.h"
+#include "pfilter.h"
#ifdef GSSAPI
#include "ssh-gss.h"
-@@ -256,6 +257,7 @@
+@@ -242,6 +243,7 @@
} else {
- logit("input_userauth_request: invalid user %s", user);
+ /* Invalid user, fake password information */
authctxt->pw = fakepw();
+ pfilter_notify(1);
- }
- #ifdef USE_PAM
- if (options.use_pam)
-Index: sshd.c
-===
-RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/sshd.c,v
-retrieving revision 1.16
-diff -u -r1.16 sshd.c
sshd.c 25 Jan 2015 15:52:44 - 1.16
-+++ sshd.c 14 Feb 2015 09:55:06 -
-@@ -628,6 +628,8 @@
- explicit_bzero(pw->pw_passwd,
CVS commit: src/external/bsd/blacklist/diff
Module Name:src Committed By: christos Date: Wed May 23 16:03:07 UTC 2018 Modified Files: src/external/bsd/blacklist/diff: ssh.diff Log Message: refresh the diffs to the latest portable To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.10 src/external/bsd/blacklist/diff/ssh.diff Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blacklist/diff
Module Name:src
Committed By: christos
Date: Thu Feb 1 03:32:31 UTC 2018
Added Files:
src/external/bsd/blacklist/diff: postfix.diff
Log Message:
add a diff for smtpd
To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 src/external/bsd/blacklist/diff/postfix.diff
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Added files:
Index: src/external/bsd/blacklist/diff/postfix.diff
diff -u /dev/null src/external/bsd/blacklist/diff/postfix.diff:1.1
--- /dev/null Wed Jan 31 22:32:31 2018
+++ src/external/bsd/blacklist/diff/postfix.diff Wed Jan 31 22:32:31 2018
@@ -0,0 +1,82 @@
+Index: dist/src/smtpd/pfilter.c
+===
+RCS file: dist/src/smtpd/pfilter.c
+diff -N dist/src/smtpd/pfilter.c
+--- /dev/null 1 Jan 1970 00:00:00 -
dist/src/smtpd/pfilter.c 1 Feb 2018 03:29:09 -
+@@ -0,0 +1,19 @@
++#include "pfilter.h"
++#include /* for NULL */
++#include
++
++static struct blacklist *blstate;
++
++void
++pfilter_notify(int a, int fd)
++{
++ if (blstate == NULL)
++ blstate = blacklist_open();
++ if (blstate == NULL)
++ return;
++ (void)blacklist_r(blstate, a, fd, "smtpd");
++ if (a == 0) {
++ blacklist_close(blstate);
++ blstate = NULL;
++ }
++}
+Index: dist/src/smtpd/pfilter.h
+===
+RCS file: dist/src/smtpd/pfilter.h
+diff -N dist/src/smtpd/pfilter.h
+--- /dev/null 1 Jan 1970 00:00:00 -
dist/src/smtpd/pfilter.h 1 Feb 2018 03:29:09 -
+@@ -0,0 +1,2 @@
++
++void pfilter_notify(int, int);
+Index: dist/src/smtpd/smtpd.c
+===
+RCS file: /cvsroot/src/external/ibm-public/postfix/dist/src/smtpd/smtpd.c,v
+retrieving revision 1.14
+diff -u -r1.14 smtpd.c
+--- dist/src/smtpd/smtpd.c 14 Feb 2017 01:16:48 - 1.14
dist/src/smtpd/smtpd.c 1 Feb 2018 03:29:09 -
+@@ -1197,6 +1197,8 @@
+ #include
+ #include
+
++#include "pfilter.h"
++
+ /*
+ * Tunable parameters. Make sure that there is some bound on the length of
+ * an SMTP command, so that the mail system stays in control even when a
+@@ -5048,6 +5050,7 @@
+ if (state->error_count >= var_smtpd_hard_erlim) {
+ state->reason = REASON_ERROR_LIMIT;
+ state->error_mask |= MAIL_ERROR_PROTOCOL;
++ pfilter_notify(1, vstream_fileno(state->client));
+ smtpd_chat_reply(state, "421 4.7.0 %s Error: too many errors",
+ var_myhostname);
+ break;
+Index: libexec/smtpd/Makefile
+===
+RCS file: /cvsroot/src/external/ibm-public/postfix/libexec/smtpd/Makefile,v
+retrieving revision 1.6
+diff -u -r1.6 Makefile
+--- libexec/smtpd/Makefile 21 May 2017 15:28:40 - 1.6
libexec/smtpd/Makefile 1 Feb 2018 03:29:09 -
+@@ -13,11 +13,14 @@
+ SRCS= smtpd.c smtpd_token.c smtpd_check.c smtpd_chat.c smtpd_state.c \
+ smtpd_peer.c smtpd_sasl_proto.c smtpd_sasl_glue.c smtpd_proxy.c \
+ smtpd_xforward.c smtpd_dsn_fix.c smtpd_milter.c smtpd_resolve.c \
+- smtpd_expand.c smtpd_haproxy.c
++ smtpd_expand.c smtpd_haproxy.c pfilter.c
+
+ DPADD+= ${LIBPMASTER} ${LIBPMILTER} ${LIBPGLOBAL} ${LIBPDNS} ${LIBPXSASL}
+ LDADD+= ${LIBPMASTER} ${LIBPMILTER} ${LIBPGLOBAL} ${LIBPDNS} ${LIBPXSASL}
+
++DPADD+= ${LIBBLACKLIST}
++LDADD+= -lblacklist
++
+ DPADD+= ${LIBPTLS} ${LIBSSL} ${LIBCRYPTO}
+ LDADD+= ${LIBPTLS} -lssl -lcrypto
+
CVS commit: src/external/bsd/blacklist/diff
Module Name:src Committed By: christos Date: Thu Feb 1 03:32:31 UTC 2018 Added Files: src/external/bsd/blacklist/diff: postfix.diff Log Message: add a diff for smtpd To generate a diff of this commit: cvs rdiff -u -r0 -r1.1 src/external/bsd/blacklist/diff/postfix.diff Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blacklist/diff
Module Name:src
Committed By: christos
Date: Mon Jun 26 17:12:05 UTC 2017
Modified Files:
src/external/bsd/blacklist/diff: ssh.diff
Log Message:
amend the patch to close.
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/external/bsd/blacklist/diff/ssh.diff
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/diff/ssh.diff
diff -u src/external/bsd/blacklist/diff/ssh.diff:1.8 src/external/bsd/blacklist/diff/ssh.diff:1.9
--- src/external/bsd/blacklist/diff/ssh.diff:1.8 Fri Jan 22 19:05:38 2016
+++ src/external/bsd/blacklist/diff/ssh.diff Mon Jun 26 13:12:05 2017
@@ -1,6 +1,6 @@
--- /dev/null 2015-01-22 23:10:33.0 -0500
+++ dist/pfilter.c 2015-01-22 23:46:03.0 -0500
-@@ -0,0 +1,28 @@
+@@ -0,0 +1,32 @@
+#include "namespace.h"
+#include "includes.h"
+#include "ssh.h"
@@ -28,6 +28,10 @@
+ // XXX: 3?
+ fd = packet_connection_is_on_socket() ? packet_get_connection_in() : 3;
+ (void)blacklist_r(blstate, a, fd, "ssh");
++ if (a == 0) {
++ blacklist_close(blstate);
++ blstate = NULL;
++ }
+}
--- /dev/null 2015-01-20 21:14:44.0 -0500
+++ dist/pfilter.h 2015-01-20 20:16:20.0 -0500
CVS commit: src/external/bsd/blacklist/diff
Module Name:src Committed By: christos Date: Mon Jun 26 17:12:05 UTC 2017 Modified Files: src/external/bsd/blacklist/diff: ssh.diff Log Message: amend the patch to close. To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 src/external/bsd/blacklist/diff/ssh.diff Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blacklist/diff
Module Name:src
Committed By: christos
Date: Tue Jan 26 02:54:25 UTC 2016
Modified Files:
src/external/bsd/blacklist/diff: proftpd.diff
Log Message:
fix fd leak
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/blacklist/diff/proftpd.diff
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/diff/proftpd.diff
diff -u src/external/bsd/blacklist/diff/proftpd.diff:1.2 src/external/bsd/blacklist/diff/proftpd.diff:1.3
--- src/external/bsd/blacklist/diff/proftpd.diff:1.2 Fri Jan 22 22:11:14 2016
+++ src/external/bsd/blacklist/diff/proftpd.diff Mon Jan 25 21:54:25 2016
@@ -1,15 +1,14 @@
Make.rules.in.orig 2016-01-22 17:33:49.0 -0500
-+++ Make.rules.in 2016-01-22 17:33:41.0 -0500
+--- Make.rules.in.orig 2015-05-27 20:25:54.0 -0400
Make.rules.in 2016-01-25 21:48:47.0 -0500
@@ -110,3 +110,8 @@
+
FTPWHO_OBJS=ftpwho.o scoreboard.o misc.o
BUILD_FTPWHO_OBJS=utils/ftpwho.o utils/scoreboard.o utils/misc.o
-
++
+CPPFLAGS+=-DHAVE_BLACKLIST
+LIBS+=-lblacklist
+OBJS+= pfilter.o
+BUILD_OBJS+= src/pfilter.o
-+
-
--- /dev/null 2016-01-22 17:30:55.0 -0500
+++ include/pfilter.h 2016-01-22 16:18:33.0 -0500
@@ -0,0 +1,3 @@
@@ -81,7 +80,7 @@
/* Child is running here */
--- /dev/null 2016-01-22 17:30:55.0 -0500
+++ src/pfilter.c 2016-01-22 16:37:55.0 -0500
-@@ -0,0 +1,40 @@
+@@ -0,0 +1,41 @@
+#include "pfilter.h"
+#include "conf.h"
+#include "privs.h"
@@ -95,7 +94,8 @@
+pfilter_init(void)
+{
+#ifdef HAVE_BLACKLIST
-+ blstate = blacklist_open();
++ if (blstate == NULL)
++ blstate = blacklist_open();
+#endif
+}
+
CVS commit: src/external/bsd/blacklist/diff
Module Name:src Committed By: christos Date: Tue Jan 26 02:54:25 UTC 2016 Modified Files: src/external/bsd/blacklist/diff: proftpd.diff Log Message: fix fd leak To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/external/bsd/blacklist/diff/proftpd.diff Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blacklist/diff
Module Name:src
Committed By: christos
Date: Sat Jan 23 00:05:54 UTC 2016
Added Files:
src/external/bsd/blacklist/diff: proftpd.diff
Log Message:
add proftpd diffs.
To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 src/external/bsd/blacklist/diff/proftpd.diff
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Added files:
Index: src/external/bsd/blacklist/diff/proftpd.diff
diff -u /dev/null src/external/bsd/blacklist/diff/proftpd.diff:1.1
--- /dev/null Fri Jan 22 19:05:54 2016
+++ src/external/bsd/blacklist/diff/proftpd.diff Fri Jan 22 19:05:54 2016
@@ -0,0 +1,130 @@
+--- Make.rules.in.orig 2016-01-22 17:33:49.0 -0500
Make.rules.in 2016-01-22 17:33:41.0 -0500
+@@ -110,3 +110,8 @@
+ FTPWHO_OBJS=ftpwho.o scoreboard.o misc.o
+ BUILD_FTPWHO_OBJS=utils/ftpwho.o utils/scoreboard.o utils/misc.o
+
++CPPFLAGS+=-DHAVE_BLACKLIST
++LIBS+=-lblacklist
++OBJS+= pfilter.o
++BUILD_OBJS+= src/pfilter.o
++
+$NetBSD: proftpd.diff,v 1.1 2016/01/23 00:05:54 christos Exp $
+
+Make this pkgsrc friendly.
+
+Linking ftpdctl does not (seem to) require all the libraries needed for
+various proftpd modules. It definitely cannot include -lwrap.
+
+--- /dev/null 2016-01-22 17:30:55.0 -0500
include/pfilter.h 2016-01-22 16:18:33.0 -0500
+@@ -0,0 +1,3 @@
++
++void pfilter_notify(int);
++void pfilter_init(void);
+--- modules/mod_auth.c.orig 2015-05-27 20:25:54.0 -0400
modules/mod_auth.c 2016-01-22 16:21:06.0 -0500
+@@ -30,6 +30,7 @@
+
+ #include "conf.h"
+ #include "privs.h"
++#include "pfilter.h"
+
+ extern pid_t mpid;
+
+@@ -84,6 +85,8 @@
+ _("Login timeout (%d %s): closing control connection"), TimeoutLogin,
+ TimeoutLogin != 1 ? "seconds" : "second");
+
++ pfilter_notify(1);
++
+ /* It's possible that any listeners of this event might terminate the
+* session process themselves (e.g. mod_ban). So write out that the
+* TimeoutLogin has been exceeded to the log here, in addition to the
+@@ -913,6 +916,7 @@
+ pr_memscrub(pass, strlen(pass));
+ }
+
++ pfilter_notify(1);
+ pr_log_auth(PR_LOG_NOTICE, "SECURITY VIOLATION: Root login attempted");
+ return 0;
+ }
+@@ -1726,6 +1730,7 @@
+ return 1;
+
+ auth_failure:
++ pfilter_notify(1);
+ if (pass)
+ pr_memscrub(pass, strlen(pass));
+ session.user = session.group = NULL;
+--- src/main.c.orig 2016-01-22 17:36:43.0 -0500
src/main.c 2016-01-22 17:37:58.0 -0500
+@@ -49,6 +49,7 @@
+ #endif
+
+ #include "privs.h"
++#include "pfilter.h"
+
+ int (*cmd_auth_chk)(cmd_rec *);
+ void (*cmd_handler)(server_rec *, conn_t *);
+@@ -1050,6 +1051,7 @@
+ pid_t pid;
+ sigset_t sig_set;
+
++ pfilter_init();
+ if (!nofork) {
+
+ /* A race condition exists on heavily loaded servers where the parent
+@@ -1169,7 +1171,8 @@
+
+ /* Reseed pseudo-randoms */
+ srand((unsigned int) (time(NULL) * getpid()));
+-
++#else
++ pfilter_init();
+ #endif /* PR_DEVEL_NO_FORK */
+
+ /* Child is running here */
+--- /dev/null 2016-01-22 17:30:55.0 -0500
src/pfilter.c 2016-01-22 16:37:55.0 -0500
+@@ -0,0 +1,40 @@
++#include "pfilter.h"
++#include "conf.h"
++#include "privs.h"
++#ifdef HAVE_BLACKLIST
++#include
++#endif
++
++static struct blacklist *blstate;
++
++void
++pfilter_init(void)
++{
++#ifdef HAVE_BLACKLIST
++ blstate = blacklist_open();
++#endif
++}
++
++void
++pfilter_notify(int a)
++{
++#ifdef HAVE_BLACKLIST
++ conn_t *c = session.c;
++ int fd;
++
++ if (c == NULL)
++ return;
++ if (c->rfd != -1)
++ fd = c->rfd;
++ else if (c->wfd != -1)
++ fd = c->wfd;
++ else
++ return;
++
++ if (blstate == NULL)
++ pfilter_init();
++ if (blstate == NULL)
++ return;
++ (void)blacklist_r(blstate, a, fd, "proftpd");
++#endif
++}
CVS commit: src/external/bsd/blacklist/diff
Module Name:src Committed By: christos Date: Sat Jan 23 00:05:54 UTC 2016 Added Files: src/external/bsd/blacklist/diff: proftpd.diff Log Message: add proftpd diffs. To generate a diff of this commit: cvs rdiff -u -r0 -r1.1 src/external/bsd/blacklist/diff/proftpd.diff Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blacklist/diff
Module Name:src
Committed By: christos
Date: Sat Jan 23 00:05:38 UTC 2016
Modified Files:
src/external/bsd/blacklist/diff: ssh.diff
Log Message:
add more points.
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/external/bsd/blacklist/diff/ssh.diff
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/diff/ssh.diff
diff -u src/external/bsd/blacklist/diff/ssh.diff:1.7 src/external/bsd/blacklist/diff/ssh.diff:1.8
--- src/external/bsd/blacklist/diff/ssh.diff:1.7 Sat May 30 17:05:18 2015
+++ src/external/bsd/blacklist/diff/ssh.diff Fri Jan 22 19:05:38 2016
@@ -1,7 +1,8 @@
--- /dev/null 2015-01-22 23:10:33.0 -0500
+++ dist/pfilter.c 2015-01-22 23:46:03.0 -0500
-@@ -0,0 +1,27 @@
+@@ -0,0 +1,28 @@
+#include "namespace.h"
++#include "includes.h"
+#include "ssh.h"
+#include "packet.h"
+#include "log.h"
@@ -175,3 +176,56 @@ diff -u -r1.16 sshd.c
if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
+Index: auth-pam.c
+===
+RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth-pam.c,v
+retrieving revision 1.7
+diff -u -u -r1.7 auth-pam.c
+--- auth-pam.c 3 Jul 2015 00:59:59 - 1.7
auth-pam.c 23 Jan 2016 00:01:16 -
+@@ -114,6 +114,7 @@
+ #include "ssh-gss.h"
+ #endif
+ #include "monitor_wrap.h"
++#include "pfilter.h"
+
+ extern ServerOptions options;
+ extern Buffer loginmsg;
+@@ -809,6 +810,7 @@
+ free(msg);
+ return (0);
+ }
++ pfilter_notify(1);
+ error("PAM: %s for %s%.100s from %.100s", msg,
+ sshpam_authctxt->valid ? "" : "illegal user ",
+ sshpam_authctxt->user,
+Index: auth.c
+===
+RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth.c,v
+retrieving revision 1.15
+diff -u -u -r1.15 auth.c
+--- auth.c 21 Aug 2015 08:20:59 - 1.15
auth.c 23 Jan 2016 00:01:16 -
+@@ -656,6 +656,7 @@
+
+ pw = getpwnam(user);
+ if (pw == NULL) {
++ pfilter_notify(1);
+ logit("Invalid user %.100s from %.100s",
+ user, get_remote_ipaddr());
+ return (NULL);
+Index: auth1.c
+===
+RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth1.c,v
+retrieving revision 1.12
+diff -u -u -r1.12 auth1.c
+--- auth1.c 3 Jul 2015 00:59:59 - 1.12
auth1.c 23 Jan 2016 00:01:16 -
+@@ -376,6 +376,7 @@
+ char *msg;
+ size_t len;
+
++ pfilter_notify(1);
+ error("Access denied for user %s by PAM account "
+ "configuration", authctxt->user);
+ len = buffer_len();
CVS commit: src/external/bsd/blacklist/diff
Module Name:src Committed By: christos Date: Sat Jan 23 00:05:38 UTC 2016 Modified Files: src/external/bsd/blacklist/diff: ssh.diff Log Message: add more points. To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.8 src/external/bsd/blacklist/diff/ssh.diff Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blacklist/diff
Module Name:src Committed By: christos Date: Sat Jan 23 03:11:14 UTC 2016 Modified Files: src/external/bsd/blacklist/diff: proftpd.diff Log Message: cleanup pkgsrc junk To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/external/bsd/blacklist/diff/proftpd.diff Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blacklist/diff
Module Name:src Committed By: christos Date: Sat Jan 23 03:11:14 UTC 2016 Modified Files: src/external/bsd/blacklist/diff: proftpd.diff Log Message: cleanup pkgsrc junk To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/external/bsd/blacklist/diff/proftpd.diff Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/diff/proftpd.diff diff -u src/external/bsd/blacklist/diff/proftpd.diff:1.1 src/external/bsd/blacklist/diff/proftpd.diff:1.2 --- src/external/bsd/blacklist/diff/proftpd.diff:1.1 Fri Jan 22 19:05:54 2016 +++ src/external/bsd/blacklist/diff/proftpd.diff Fri Jan 22 22:11:14 2016 @@ -9,12 +9,6 @@ +OBJS+= pfilter.o +BUILD_OBJS+= src/pfilter.o + -$NetBSD: proftpd.diff,v 1.1 2016/01/23 00:05:54 christos Exp $ - -Make this pkgsrc friendly. - -Linking ftpdctl does not (seem to) require all the libraries needed for -various proftpd modules. It definitely cannot include -lwrap. --- /dev/null 2016-01-22 17:30:55.0 -0500 +++ include/pfilter.h 2016-01-22 16:18:33.0 -0500
CVS commit: src/external/bsd/blacklist/diff
Module Name:src
Committed By: christos
Date: Sat May 30 21:05:18 UTC 2015
Modified Files:
src/external/bsd/blacklist/diff: ssh.diff
Log Message:
add prototype
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/external/bsd/blacklist/diff/ssh.diff
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/diff/ssh.diff
diff -u src/external/bsd/blacklist/diff/ssh.diff:1.6 src/external/bsd/blacklist/diff/ssh.diff:1.7
--- src/external/bsd/blacklist/diff/ssh.diff:1.6 Sat Feb 14 14:05:59 2015
+++ src/external/bsd/blacklist/diff/ssh.diff Sat May 30 17:05:18 2015
@@ -11,7 +11,7 @@
+static struct blacklist *blstate;
+
+void
-+pfilter_init()
++pfilter_init(void)
+{
+ blstate = blacklist_open();
+}
CVS commit: src/external/bsd/blacklist/diff
Module Name:src Committed By: christos Date: Sat May 30 21:05:18 UTC 2015 Modified Files: src/external/bsd/blacklist/diff: ssh.diff Log Message: add prototype To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/external/bsd/blacklist/diff/ssh.diff Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blacklist/diff
Module Name:src Committed By: christos Date: Sat Feb 14 15:42:17 UTC 2015 Modified Files: src/external/bsd/blacklist/diff: ssh.diff Log Message: Add the bad user diff. To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/external/bsd/blacklist/diff/ssh.diff Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/blacklist/diff
Module Name:src
Committed By: christos
Date: Sat Feb 14 15:42:17 UTC 2015
Modified Files:
src/external/bsd/blacklist/diff: ssh.diff
Log Message:
Add the bad user diff.
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/external/bsd/blacklist/diff/ssh.diff
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blacklist/diff/ssh.diff
diff -u src/external/bsd/blacklist/diff/ssh.diff:1.4 src/external/bsd/blacklist/diff/ssh.diff:1.5
--- src/external/bsd/blacklist/diff/ssh.diff:1.4 Fri Jan 23 18:28:45 2015
+++ src/external/bsd/blacklist/diff/ssh.diff Sat Feb 14 10:42:17 2015
@@ -112,3 +112,49 @@ diff -u -u -r1.15 sshd.c
/*
* Stay listening for connections until the system crashes or
* the daemon is killed with a signal.
+Index: auth1.c
+===
+RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth1.c,v
+retrieving revision 1.9
+diff -u -u -r1.9 auth1.c
+--- auth1.c 19 Oct 2014 16:30:58 - 1.9
auth1.c 14 Feb 2015 15:40:51 -
+@@ -41,6 +41,7 @@
+ #endif
+ #include monitor_wrap.h
+ #include buffer.h
++#include pfilter.h
+
+ /* import */
+ extern ServerOptions options;
+@@ -445,6 +446,7 @@
+ else {
+ debug(do_authentication: invalid user %s, user);
+ authctxt-pw = fakepw();
++ pfilter_notify(1);
+ }
+
+ /* Configuration may have changed as a result of Match */
+Index: auth2.c
+===
+RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth2.c,v
+retrieving revision 1.9
+diff -u -u -r1.9 auth2.c
+--- auth2.c 19 Oct 2014 16:30:58 - 1.9
auth2.c 14 Feb 2015 15:40:51 -
+@@ -52,6 +52,7 @@
+ #include pathnames.h
+ #include buffer.h
+ #include canohost.h
++#include pfilter.h
+
+ #ifdef GSSAPI
+ #include ssh-gss.h
+@@ -256,6 +257,7 @@
+ } else {
+ logit(input_userauth_request: invalid user %s, user);
+ authctxt-pw = fakepw();
++ pfilter_notify(1);
+ }
+ #ifdef USE_PAM
+ if (options.use_pam)
CVS commit: src/external/bsd/blacklist/diff
Module Name:src Committed By: christos Date: Sat Feb 14 19:05:59 UTC 2015 Modified Files: src/external/bsd/blacklist/diff: ssh.diff Log Message: one more pfilter_init() To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/external/bsd/blacklist/diff/ssh.diff Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/blacklist/diff/ssh.diff diff -u src/external/bsd/blacklist/diff/ssh.diff:1.5 src/external/bsd/blacklist/diff/ssh.diff:1.6 --- src/external/bsd/blacklist/diff/ssh.diff:1.5 Sat Feb 14 10:42:17 2015 +++ src/external/bsd/blacklist/diff/ssh.diff Sat Feb 14 14:05:59 2015 @@ -158,3 +158,20 @@ diff -u -u -r1.9 auth2.c } #ifdef USE_PAM if (options.use_pam) +Index: sshd.c +=== +RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/sshd.c,v +retrieving revision 1.16 +diff -u -r1.16 sshd.c +--- sshd.c 25 Jan 2015 15:52:44 - 1.16 sshd.c 14 Feb 2015 09:55:06 - +@@ -628,6 +628,8 @@ + explicit_bzero(pw-pw_passwd, strlen(pw-pw_passwd)); + endpwent(); + ++ pfilter_init(); ++ + /* Change our root directory */ + if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) + fatal(chroot(\%s\): %s, _PATH_PRIVSEP_CHROOT_DIR, +
CVS commit: src/external/bsd/blacklist/diff
Module Name:src Committed By: christos Date: Sat Feb 14 19:05:59 UTC 2015 Modified Files: src/external/bsd/blacklist/diff: ssh.diff Log Message: one more pfilter_init() To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/external/bsd/blacklist/diff/ssh.diff Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
