CVS commit: src/crypto/external/bsd/openssh/dist

Wed, 23 May 2018 09:05:07 -0700 

Module Name:    src
Committed By:   christos
Date:           Wed May 23 16:04:13 UTC 2018

Modified Files:
        src/crypto/external/bsd/openssh/dist: auth-pam.c sshd.c

Log Message:
Increase strictness of blacklistd patches to include timeouts, operating
system errors, and pam failures.


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/auth-pam.c
cvs rdiff -u -r1.30 -r1.31 src/crypto/external/bsd/openssh/dist/sshd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth-pam.c
diff -u src/crypto/external/bsd/openssh/dist/auth-pam.c:1.14 src/crypto/external/bsd/openssh/dist/auth-pam.c:1.15
--- src/crypto/external/bsd/openssh/dist/auth-pam.c:1.14	Fri Apr  6 14:58:59 2018
+++ src/crypto/external/bsd/openssh/dist/auth-pam.c	Wed May 23 12:04:13 2018
@@ -50,7 +50,7 @@
 /*
  * NetBSD local changes
  */
-__RCSID("$NetBSD: auth-pam.c,v 1.14 2018/04/06 18:58:59 christos Exp $");
+__RCSID("$NetBSD: auth-pam.c,v 1.15 2018/05/23 16:04:13 christos Exp $");
 #undef USE_POSIX_THREADS /* Not yet */
 #define HAVE_SECURITY_PAM_APPL_H
 #define HAVE_PAM_GETENVLIST
@@ -552,6 +552,7 @@ sshpam_thread(void *ctxtp)
 		ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, &buffer);
 	else
 		ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer);
+	pfilter_notify(1);
 	buffer_free(&buffer);
 	pthread_exit(NULL);
 
@@ -830,6 +831,7 @@ sshpam_query(void *ctx, char **name, cha
 				free(msg);
 				return (0);
 			}
+			pfilter_notify(1);
 			error("PAM: %s for %s%.100s from %.100s", msg,
 			    sshpam_authctxt->valid ? "" : "illegal user ",
 			    sshpam_authctxt->user,

Index: src/crypto/external/bsd/openssh/dist/sshd.c
diff -u src/crypto/external/bsd/openssh/dist/sshd.c:1.30 src/crypto/external/bsd/openssh/dist/sshd.c:1.31
--- src/crypto/external/bsd/openssh/dist/sshd.c:1.30	Sun Apr  8 17:56:48 2018
+++ src/crypto/external/bsd/openssh/dist/sshd.c	Wed May 23 12:04:13 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: sshd.c,v 1.30 2018/04/08 21:56:48 joerg Exp $	*/
+/*	$NetBSD: sshd.c,v 1.31 2018/05/23 16:04:13 christos Exp $	*/
 /* $OpenBSD: sshd.c,v 1.506 2018/03/03 03:15:51 djm Exp $ */
 /*
  * Author: Tatu Ylonen <y...@cs.hut.fi>
@@ -44,7 +44,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: sshd.c,v 1.30 2018/04/08 21:56:48 joerg Exp $");
+__RCSID("$NetBSD: sshd.c,v 1.31 2018/05/23 16:04:13 christos Exp $");
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/ioctl.h>
@@ -344,6 +344,7 @@ main_sigchld_handler(int sig)
 __dead static void
 grace_alarm_handler(int sig)
 {
+	pfilter_notify(1);
 	if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0)
 		kill(pmonitor->m_pid, SIGALRM);
 
@@ -356,7 +357,6 @@ grace_alarm_handler(int sig)
 		killpg(0, SIGTERM);
 	}
 
-	pfilter_notify(1);
 	/* Log error and exit. */
 	sigdie("Timeout before authentication for %s port %d",
 	    ssh_remote_ipaddr(active_state), ssh_remote_port(active_state));
@@ -2193,6 +2193,9 @@ cleanup_exit(int i)
 {
 	struct ssh *ssh = active_state; /* XXX */
 
+	if (i == 255)
+		pfilter_notify(1);
+
 	if (the_authctxt) {
 		do_cleanup(ssh, the_authctxt);
 		if (use_privsep && privsep_is_preauth &&

Reply via email to