CVS commit: [netbsd-10] src/crypto/external/bsd/openssh/dist

[Martin Husemann]

Module Name:    src
Committed By:   martin
Date:           Tue Oct  8 11:21:02 UTC 2024

Modified Files:
        src/crypto/external/bsd/openssh/dist [netbsd-10]: auth2.c monitor.c

Log Message:
Pull up following revision(s) (requested by rin in ticket #931):

        crypto/external/bsd/openssh/dist/monitor.c: revision 1.44
        crypto/external/bsd/openssh/dist/auth2.c: revision 1.30

Don't call pfilter_notify for each authentication attempt, only call it
once we failed to authenticate.


To generate a diff of this commit:
cvs rdiff -u -r1.26.2.3 -r1.26.2.4 \
    src/crypto/external/bsd/openssh/dist/auth2.c
cvs rdiff -u -r1.41.2.2 -r1.41.2.3 \
    src/crypto/external/bsd/openssh/dist/monitor.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth2.c
diff -u src/crypto/external/bsd/openssh/dist/auth2.c:1.26.2.3 src/crypto/external/bsd/openssh/dist/auth2.c:1.26.2.4
--- src/crypto/external/bsd/openssh/dist/auth2.c:1.26.2.3	Mon Dec 25 12:22:55 2023
+++ src/crypto/external/bsd/openssh/dist/auth2.c	Tue Oct  8 11:21:02 2024
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth2.c,v 1.26.2.3 2023/12/25 12:22:55 martin Exp $	*/
+/*	$NetBSD: auth2.c,v 1.26.2.4 2024/10/08 11:21:02 martin Exp $	*/
 /* $OpenBSD: auth2.c,v 1.168 2023/12/18 14:45:49 djm Exp $ */
 
 /*
@@ -26,7 +26,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth2.c,v 1.26.2.3 2023/12/25 12:22:55 martin Exp $");
+__RCSID("$NetBSD: auth2.c,v 1.26.2.4 2024/10/08 11:21:02 martin Exp $");
 
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -320,7 +320,6 @@ input_userauth_request(int type, u_int32
 			authctxt->valid = 0;
 			/* Invalid user, fake password information */
 			authctxt->pw = fakepw();
-			pfilter_notify(1);
 		}
 #ifdef USE_PAM
 		if (options.use_pam)

Index: src/crypto/external/bsd/openssh/dist/monitor.c
diff -u src/crypto/external/bsd/openssh/dist/monitor.c:1.41.2.2 src/crypto/external/bsd/openssh/dist/monitor.c:1.41.2.3
--- src/crypto/external/bsd/openssh/dist/monitor.c:1.41.2.2	Thu Nov  2 22:15:21 2023
+++ src/crypto/external/bsd/openssh/dist/monitor.c	Tue Oct  8 11:21:02 2024
@@ -1,4 +1,4 @@
-/*	$NetBSD: monitor.c,v 1.41.2.2 2023/11/02 22:15:21 sborrill Exp $	*/
+/*	$NetBSD: monitor.c,v 1.41.2.3 2024/10/08 11:21:02 martin Exp $	*/
 /* $OpenBSD: monitor.c,v 1.237 2023/08/16 16:14:11 djm Exp $ */
 
 /*
@@ -28,7 +28,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: monitor.c,v 1.41.2.2 2023/11/02 22:15:21 sborrill Exp $");
+__RCSID("$NetBSD: monitor.c,v 1.41.2.3 2024/10/08 11:21:02 martin Exp $");
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <sys/socket.h>
@@ -318,7 +318,6 @@ monitor_child_preauth(struct ssh *ssh, s
 			auth_log(ssh, authenticated, partial,
 			    auth_method, auth_submethod);
 			if (!partial && !authenticated) {
-				pfilter_notify(1);
 				authctxt->failures++;
 			}
 			if (authenticated || partial) {
@@ -327,16 +326,21 @@ monitor_child_preauth(struct ssh *ssh, s
 			}
 		}
 		if (authctxt->failures > options.max_authtries) {
+			pfilter_notify(1);
 			/* Shouldn't happen */
 			fatal_f("privsep child made too many authentication "
 			    "attempts");
 		}
 	}
 
-	if (!authctxt->valid)
+	if (!authctxt->valid) {
+		pfilter_notify(1);
 		fatal_f("authenticated invalid user");
-	if (strcmp(auth_method, "unknown") == 0)
+	}
+	if (strcmp(auth_method, "unknown") == 0) {
+		pfilter_notify(1);
 		fatal_f("authentication method name unknown");
+	}
 
 	debug_f("user %s authenticated by privileged process", authctxt->user);
 	ssh->authctxt = NULL;