Module Name: src
Committed By: christos
Date: Wed May 23 16:04:13 UTC 2018
Modified Files:
src/crypto/external/bsd/openssh/dist: auth-pam.c sshd.c
Log Message:
Increase strictness of blacklistd patches to include timeouts, operating
system errors, and pam failures.
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/auth-pam.c
cvs rdiff -u -r1.30 -r1.31 src/crypto/external/bsd/openssh/dist/sshd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssh/dist/auth-pam.c
diff -u src/crypto/external/bsd/openssh/dist/auth-pam.c:1.14 src/crypto/external/bsd/openssh/dist/auth-pam.c:1.15
--- src/crypto/external/bsd/openssh/dist/auth-pam.c:1.14 Fri Apr 6 14:58:59 2018
+++ src/crypto/external/bsd/openssh/dist/auth-pam.c Wed May 23 12:04:13 2018
@@ -50,7 +50,7 @@
/*
* NetBSD local changes
*/
-__RCSID("$NetBSD: auth-pam.c,v 1.14 2018/04/06 18:58:59 christos Exp $");
+__RCSID("$NetBSD: auth-pam.c,v 1.15 2018/05/23 16:04:13 christos Exp $");
#undef USE_POSIX_THREADS /* Not yet */
#define HAVE_SECURITY_PAM_APPL_H
#define HAVE_PAM_GETENVLIST
@@ -552,6 +552,7 @@ sshpam_thread(void *ctxtp)
ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, &buffer);
else
ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer);
+ pfilter_notify(1);
buffer_free(&buffer);
pthread_exit(NULL);
@@ -830,6 +831,7 @@ sshpam_query(void *ctx, char **name, cha
free(msg);
return (0);
}
+ pfilter_notify(1);
error("PAM: %s for %s%.100s from %.100s", msg,
sshpam_authctxt->valid ? "" : "illegal user ",
sshpam_authctxt->user,
Index: src/crypto/external/bsd/openssh/dist/sshd.c
diff -u src/crypto/external/bsd/openssh/dist/sshd.c:1.30 src/crypto/external/bsd/openssh/dist/sshd.c:1.31
--- src/crypto/external/bsd/openssh/dist/sshd.c:1.30 Sun Apr 8 17:56:48 2018
+++ src/crypto/external/bsd/openssh/dist/sshd.c Wed May 23 12:04:13 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: sshd.c,v 1.30 2018/04/08 21:56:48 joerg Exp $ */
+/* $NetBSD: sshd.c,v 1.31 2018/05/23 16:04:13 christos Exp $ */
/* $OpenBSD: sshd.c,v 1.506 2018/03/03 03:15:51 djm Exp $ */
/*
* Author: Tatu Ylonen <[email protected]>
@@ -44,7 +44,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: sshd.c,v 1.30 2018/04/08 21:56:48 joerg Exp $");
+__RCSID("$NetBSD: sshd.c,v 1.31 2018/05/23 16:04:13 christos Exp $");
#include <sys/types.h>
#include <sys/param.h>
#include <sys/ioctl.h>
@@ -344,6 +344,7 @@ main_sigchld_handler(int sig)
__dead static void
grace_alarm_handler(int sig)
{
+ pfilter_notify(1);
if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0)
kill(pmonitor->m_pid, SIGALRM);
@@ -356,7 +357,6 @@ grace_alarm_handler(int sig)
killpg(0, SIGTERM);
}
- pfilter_notify(1);
/* Log error and exit. */
sigdie("Timeout before authentication for %s port %d",
ssh_remote_ipaddr(active_state), ssh_remote_port(active_state));
@@ -2193,6 +2193,9 @@ cleanup_exit(int i)
{
struct ssh *ssh = active_state; /* XXX */
+ if (i == 255)
+ pfilter_notify(1);
+
if (the_authctxt) {
do_cleanup(ssh, the_authctxt);
if (use_privsep && privsep_is_preauth &&
