dist

Martin Husemann Wed, 09 Oct 2024 03:23:53 -0700

Module Name:    src
Committed By:   martin
Date:           Wed Oct  9 10:23:40 UTC 2024


Modified Files:
        src/crypto/external/bsd/openssh/dist [netbsd-9]: auth.c auth2.c

Log Message:
Additionaly pull up following revision(s) (requested by rin in ticket #1893):

        crypto/external/bsd/openssh/dist/auth.c: revision 1.37
        crypto/external/bsd/openssh/dist/auth2.c: revision 1.32

sshd: Finally fix spurious blocklistd activation (PR bin/58369)

Drop one more pfilter_notify() call from userauth_finish(),
for single failure in authentication attempt.
This happens for users with multiple public keys; e.g., both
rsa and ed25519 keys are registered into ssh-agent(1), while
only the latter is in remote authorized_keys.

Instead, it is called from auth_maxtries_exceeded(), when
authentication process is actually failed. This function is
called also from input_userauth_request(). But I guess this
cannot happen frequently; this path is taken with >= 1024
failed attempts, although MaxAuthTries is 6 by default...


To generate a diff of this commit:
cvs rdiff -u -r1.24.2.1 -r1.24.2.2 \
    src/crypto/external/bsd/openssh/dist/auth.c
cvs rdiff -u -r1.19.2.2 -r1.19.2.3 \
    src/crypto/external/bsd/openssh/dist/auth2.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth.c
diff -u src/crypto/external/bsd/openssh/dist/auth.c:1.24.2.1 src/crypto/external/bsd/openssh/dist/auth.c:1.24.2.2
--- src/crypto/external/bsd/openssh/dist/auth.c:1.24.2.1	Mon Dec 25 12:31:02 2023
+++ src/crypto/external/bsd/openssh/dist/auth.c	Wed Oct  9 10:23:40 2024
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth.c,v 1.24.2.1 2023/12/25 12:31:02 martin Exp $	*/
+/*	$NetBSD: auth.c,v 1.24.2.2 2024/10/09 10:23:40 martin Exp $	*/
 /* $OpenBSD: auth.c,v 1.160 2023/03/05 05:34:09 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth.c,v 1.24.2.1 2023/12/25 12:31:02 martin Exp $");
+__RCSID("$NetBSD: auth.c,v 1.24.2.2 2024/10/09 10:23:40 martin Exp $");
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/socket.h>
@@ -415,6 +415,7 @@ auth_maxtries_exceeded(struct ssh *ssh)
 {
 	Authctxt *authctxt = (Authctxt *)ssh->authctxt;
 
+	pfilter_notify(1);
 	error("maximum authentication attempts exceeded for "
 	    "%s%.100s from %.200s port %d ssh2",
 	    authctxt->valid ? "" : "invalid user ",

Index: src/crypto/external/bsd/openssh/dist/auth2.c
diff -u src/crypto/external/bsd/openssh/dist/auth2.c:1.19.2.2 src/crypto/external/bsd/openssh/dist/auth2.c:1.19.2.3
--- src/crypto/external/bsd/openssh/dist/auth2.c:1.19.2.2	Tue Oct  8 11:22:36 2024
+++ src/crypto/external/bsd/openssh/dist/auth2.c	Wed Oct  9 10:23:40 2024
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth2.c,v 1.19.2.2 2024/10/08 11:22:36 martin Exp $	*/
+/*	$NetBSD: auth2.c,v 1.19.2.3 2024/10/09 10:23:40 martin Exp $	*/
 /* $OpenBSD: auth2.c,v 1.168 2023/12/18 14:45:49 djm Exp $ */
 
 /*
@@ -26,7 +26,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth2.c,v 1.19.2.2 2024/10/08 11:22:36 martin Exp $");
+__RCSID("$NetBSD: auth2.c,v 1.19.2.3 2024/10/09 10:23:40 martin Exp $");
 
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -460,10 +460,8 @@ userauth_finish(struct ssh *ssh, int aut
 	} else {
 		/* Allow initial try of "none" auth without failure penalty */
 		if (!partial && !authctxt->server_caused_failure &&
-		    (authctxt->attempt > 1 || strcmp(method, "none") != 0)) {
+		    (authctxt->attempt > 1 || strcmp(method, "none") != 0))
 			authctxt->failures++;
-			pfilter_notify(1);
-		}
 		if (authctxt->failures >= options.max_authtries)
 			auth_maxtries_exceeded(ssh);
 		methods = authmethods_get(authctxt);

CVS commit: [netbsd-9] src/crypto/external/bsd/openssh/dist

Reply via email to