Module Name: src
Committed By: christos
Date: Sun Jan 25 15:52:44 UTC 2015
Modified Files:
src/crypto/external/bsd/openssh/bin/sshd: Makefile
src/crypto/external/bsd/openssh/dist: auth.c sshd.c
Added Files:
src/crypto/external/bsd/openssh/dist: pfilter.c pfilter.h
Log Message:
blacklist hooks
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/openssh/bin/sshd/Makefile
cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/openssh/dist/auth.c
cvs rdiff -u -r0 -r1.1 src/crypto/external/bsd/openssh/dist/pfilter.c \
src/crypto/external/bsd/openssh/dist/pfilter.h
cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/sshd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssh/bin/sshd/Makefile
diff -u src/crypto/external/bsd/openssh/bin/sshd/Makefile:1.10 src/crypto/external/bsd/openssh/bin/sshd/Makefile:1.11
--- src/crypto/external/bsd/openssh/bin/sshd/Makefile:1.10 Sun Oct 19 12:30:58 2014
+++ src/crypto/external/bsd/openssh/bin/sshd/Makefile Sun Jan 25 10:52:44 2015
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.10 2014/10/19 16:30:58 christos Exp $
+# $NetBSD: Makefile,v 1.11 2015/01/25 15:52:44 christos Exp $
.include <bsd.own.mk>
@@ -15,7 +15,7 @@ SRCS= sshd.c auth-rhosts.c auth-passwd.c
auth2-none.c auth2-passwd.c auth2-pubkey.c \
monitor_mm.c monitor.c monitor_wrap.c \
kexdhs.c kexgexs.c kexecdhs.c sftp-server.c sftp-common.c \
- roaming_common.c roaming_serv.c sandbox-rlimit.c
+ roaming_common.c roaming_serv.c sandbox-rlimit.c pfilter.c
COPTS.auth-options.c= -Wno-pointer-sign
COPTS.ldapauth.c= -Wno-format-nonliteral # XXX: should fix
@@ -68,3 +68,6 @@ DPADD+= ${LIBCRYPT} ${LIBUTIL}
LDADD+= -lwrap
DPADD+= ${LIBWRAP}
+
+LDADD+= -lblacklist
+DPADD+= ${LIBBLACKLIST}
Index: src/crypto/external/bsd/openssh/dist/auth.c
diff -u src/crypto/external/bsd/openssh/dist/auth.c:1.10 src/crypto/external/bsd/openssh/dist/auth.c:1.11
--- src/crypto/external/bsd/openssh/dist/auth.c:1.10 Sun Oct 19 12:30:58 2014
+++ src/crypto/external/bsd/openssh/dist/auth.c Sun Jan 25 10:52:44 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: auth.c,v 1.10 2014/10/19 16:30:58 christos Exp $ */
+/* $NetBSD: auth.c,v 1.11 2015/01/25 15:52:44 christos Exp $ */
/* $OpenBSD: auth.c,v 1.106 2014/07/15 15:54:14 millert Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -25,7 +25,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: auth.c,v 1.10 2014/10/19 16:30:58 christos Exp $");
+__RCSID("$NetBSD: auth.c,v 1.11 2015/01/25 15:52:44 christos Exp $");
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/param.h>
@@ -62,6 +62,7 @@ __RCSID("$NetBSD: auth.c,v 1.10 2014/10/
#include "monitor_wrap.h"
#include "krl.h"
#include "compat.h"
+#include "pfilter.h"
#ifdef HAVE_LOGIN_CAP
#include <login_cap.h>
@@ -362,6 +363,8 @@ auth_log(Authctxt *authctxt, int authent
compat20 ? "ssh2" : "ssh1",
authctxt->info != NULL ? ": " : "",
authctxt->info != NULL ? authctxt->info : "");
+ if (!authctxt->postponed)
+ pfilter_notify(!authenticated);
free(authctxt->info);
authctxt->info = NULL;
}
Index: src/crypto/external/bsd/openssh/dist/sshd.c
diff -u src/crypto/external/bsd/openssh/dist/sshd.c:1.15 src/crypto/external/bsd/openssh/dist/sshd.c:1.16
--- src/crypto/external/bsd/openssh/dist/sshd.c:1.15 Tue Oct 28 17:36:16 2014
+++ src/crypto/external/bsd/openssh/dist/sshd.c Sun Jan 25 10:52:44 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: sshd.c,v 1.15 2014/10/28 21:36:16 joerg Exp $ */
+/* $NetBSD: sshd.c,v 1.16 2015/01/25 15:52:44 christos Exp $ */
/* $OpenBSD: sshd.c,v 1.428 2014/07/15 15:54:14 millert Exp $ */
/*
* Author: Tatu Ylonen <[email protected]>
@@ -44,7 +44,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: sshd.c,v 1.15 2014/10/28 21:36:16 joerg Exp $");
+__RCSID("$NetBSD: sshd.c,v 1.16 2015/01/25 15:52:44 christos Exp $");
#include <sys/types.h>
#include <sys/param.h>
#include <sys/ioctl.h>
@@ -109,6 +109,7 @@ __RCSID("$NetBSD: sshd.c,v 1.15 2014/10/
#include "roaming.h"
#include "ssh-sandbox.h"
#include "version.h"
+#include "pfilter.h"
#ifdef LIBWRAP
#include <tcpd.h>
@@ -364,6 +365,7 @@ grace_alarm_handler(int sig)
killpg(0, SIGTERM);
}
+ pfilter_notify(1);
/* Log error and exit. */
sigdie("Timeout before authentication for %s", get_remote_ipaddr());
}
@@ -1160,6 +1162,7 @@ server_accept_loop(int *sock_in, int *so
for (i = 0; i < options.max_startups; i++)
startup_pipes[i] = -1;
+ pfilter_init();
/*
* Stay listening for connections until the system crashes or
* the daemon is killed with a signal.
Added files:
Index: src/crypto/external/bsd/openssh/dist/pfilter.c
diff -u /dev/null src/crypto/external/bsd/openssh/dist/pfilter.c:1.1
--- /dev/null Sun Jan 25 10:52:44 2015
+++ src/crypto/external/bsd/openssh/dist/pfilter.c Sun Jan 25 10:52:44 2015
@@ -0,0 +1,27 @@
+#include "namespace.h"
+#include "ssh.h"
+#include "packet.h"
+#include "log.h"
+#include "pfilter.h"
+#include <blacklist.h>
+
+static struct blacklist *blstate;
+
+void
+pfilter_init()
+{
+ blstate = blacklist_open();
+}
+
+void
+pfilter_notify(int a)
+{
+ int fd;
+ if (blstate == NULL)
+ pfilter_init();
+ if (blstate == NULL)
+ return;
+ // XXX: 3?
+ fd = packet_connection_is_on_socket() ? packet_get_connection_in() : 3;
+ (void)blacklist_r(blstate, a, fd, "ssh");
+}
Index: src/crypto/external/bsd/openssh/dist/pfilter.h
diff -u /dev/null src/crypto/external/bsd/openssh/dist/pfilter.h:1.1
--- /dev/null Sun Jan 25 10:52:44 2015
+++ src/crypto/external/bsd/openssh/dist/pfilter.h Sun Jan 25 10:52:44 2015
@@ -0,0 +1,3 @@
+
+void pfilter_notify(int);
+void pfilter_init(void);
