Module Name: src
Committed By: christos
Date: Sat Jan 23 00:03:30 UTC 2016
Modified Files:
src/crypto/external/bsd/openssh/dist: auth-pam.c auth.c auth1.c
pfilter.c
Log Message:
add more blacklist rejection points.
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssh/dist/auth-pam.c
cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/auth.c
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/auth1.c
cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssh/dist/pfilter.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssh/dist/auth-pam.c
diff -u src/crypto/external/bsd/openssh/dist/auth-pam.c:1.7 src/crypto/external/bsd/openssh/dist/auth-pam.c:1.8
--- src/crypto/external/bsd/openssh/dist/auth-pam.c:1.7 Thu Jul 2 20:59:59 2015
+++ src/crypto/external/bsd/openssh/dist/auth-pam.c Fri Jan 22 19:03:30 2016
@@ -50,7 +50,7 @@
/*
* NetBSD local changes
*/
-__RCSID("$NetBSD: auth-pam.c,v 1.7 2015/07/03 00:59:59 christos Exp $");
+__RCSID("$NetBSD: auth-pam.c,v 1.8 2016/01/23 00:03:30 christos Exp $");
#undef USE_POSIX_THREADS /* Not yet */
#define HAVE_SECURITY_PAM_APPL_H
#define HAVE_PAM_GETENVLIST
@@ -114,6 +114,7 @@ void sshpam_password_change_required(int
#include "ssh-gss.h"
#endif
#include "monitor_wrap.h"
+#include "pfilter.h"
extern ServerOptions options;
extern Buffer loginmsg;
@@ -809,6 +810,7 @@ sshpam_query(void *ctx, char **name, cha
free(msg);
return (0);
}
+ pfilter_notify(1);
error("PAM: %s for %s%.100s from %.100s", msg,
sshpam_authctxt->valid ? "" : "illegal user ",
sshpam_authctxt->user,
Index: src/crypto/external/bsd/openssh/dist/auth.c
diff -u src/crypto/external/bsd/openssh/dist/auth.c:1.15 src/crypto/external/bsd/openssh/dist/auth.c:1.16
--- src/crypto/external/bsd/openssh/dist/auth.c:1.15 Fri Aug 21 04:20:59 2015
+++ src/crypto/external/bsd/openssh/dist/auth.c Fri Jan 22 19:03:30 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: auth.c,v 1.15 2015/08/21 08:20:59 christos Exp $ */
+/* $NetBSD: auth.c,v 1.16 2016/01/23 00:03:30 christos Exp $ */
/* $OpenBSD: auth.c,v 1.113 2015/08/21 03:42:19 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -25,7 +25,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: auth.c,v 1.15 2015/08/21 08:20:59 christos Exp $");
+__RCSID("$NetBSD: auth.c,v 1.16 2016/01/23 00:03:30 christos Exp $");
#include <sys/types.h>
#include <sys/stat.h>
@@ -656,6 +656,7 @@ getpwnamallow(const char *user)
pw = getpwnam(user);
if (pw == NULL) {
+ pfilter_notify(1);
logit("Invalid user %.100s from %.100s",
user, get_remote_ipaddr());
return (NULL);
Index: src/crypto/external/bsd/openssh/dist/auth1.c
diff -u src/crypto/external/bsd/openssh/dist/auth1.c:1.12 src/crypto/external/bsd/openssh/dist/auth1.c:1.13
--- src/crypto/external/bsd/openssh/dist/auth1.c:1.12 Thu Jul 2 20:59:59 2015
+++ src/crypto/external/bsd/openssh/dist/auth1.c Fri Jan 22 19:03:30 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: auth1.c,v 1.12 2015/07/03 00:59:59 christos Exp $ */
+/* $NetBSD: auth1.c,v 1.13 2016/01/23 00:03:30 christos Exp $ */
/* $OpenBSD: auth1.c,v 1.82 2014/07/15 15:54:14 millert Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: auth1.c,v 1.12 2015/07/03 00:59:59 christos Exp $");
+__RCSID("$NetBSD: auth1.c,v 1.13 2016/01/23 00:03:30 christos Exp $");
#include <sys/types.h>
#include <sys/queue.h>
@@ -376,6 +376,7 @@ do_authloop(Authctxt *authctxt)
char *msg;
size_t len;
+ pfilter_notify(1);
error("Access denied for user %s by PAM account "
"configuration", authctxt->user);
len = buffer_len(&loginmsg);
Index: src/crypto/external/bsd/openssh/dist/pfilter.c
diff -u src/crypto/external/bsd/openssh/dist/pfilter.c:1.2 src/crypto/external/bsd/openssh/dist/pfilter.c:1.3
--- src/crypto/external/bsd/openssh/dist/pfilter.c:1.2 Sun Jan 25 22:57:17 2015
+++ src/crypto/external/bsd/openssh/dist/pfilter.c Fri Jan 22 19:03:30 2016
@@ -1,4 +1,5 @@
#include "namespace.h"
+#include "includes.h"
#include "ssh.h"
#include "packet.h"
#include "log.h"
