Module Name: src Committed By: christos Date: Wed May 23 16:04:13 UTC 2018
Modified Files: src/crypto/external/bsd/openssh/dist: auth-pam.c sshd.c Log Message: Increase strictness of blacklistd patches to include timeouts, operating system errors, and pam failures. To generate a diff of this commit: cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/auth-pam.c cvs rdiff -u -r1.30 -r1.31 src/crypto/external/bsd/openssh/dist/sshd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/crypto/external/bsd/openssh/dist/auth-pam.c diff -u src/crypto/external/bsd/openssh/dist/auth-pam.c:1.14 src/crypto/external/bsd/openssh/dist/auth-pam.c:1.15 --- src/crypto/external/bsd/openssh/dist/auth-pam.c:1.14 Fri Apr 6 14:58:59 2018 +++ src/crypto/external/bsd/openssh/dist/auth-pam.c Wed May 23 12:04:13 2018 @@ -50,7 +50,7 @@ /* * NetBSD local changes */ -__RCSID("$NetBSD: auth-pam.c,v 1.14 2018/04/06 18:58:59 christos Exp $"); +__RCSID("$NetBSD: auth-pam.c,v 1.15 2018/05/23 16:04:13 christos Exp $"); #undef USE_POSIX_THREADS /* Not yet */ #define HAVE_SECURITY_PAM_APPL_H #define HAVE_PAM_GETENVLIST @@ -552,6 +552,7 @@ sshpam_thread(void *ctxtp) ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, &buffer); else ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer); + pfilter_notify(1); buffer_free(&buffer); pthread_exit(NULL); @@ -830,6 +831,7 @@ sshpam_query(void *ctx, char **name, cha free(msg); return (0); } + pfilter_notify(1); error("PAM: %s for %s%.100s from %.100s", msg, sshpam_authctxt->valid ? "" : "illegal user ", sshpam_authctxt->user, Index: src/crypto/external/bsd/openssh/dist/sshd.c diff -u src/crypto/external/bsd/openssh/dist/sshd.c:1.30 src/crypto/external/bsd/openssh/dist/sshd.c:1.31 --- src/crypto/external/bsd/openssh/dist/sshd.c:1.30 Sun Apr 8 17:56:48 2018 +++ src/crypto/external/bsd/openssh/dist/sshd.c Wed May 23 12:04:13 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: sshd.c,v 1.30 2018/04/08 21:56:48 joerg Exp $ */ +/* $NetBSD: sshd.c,v 1.31 2018/05/23 16:04:13 christos Exp $ */ /* $OpenBSD: sshd.c,v 1.506 2018/03/03 03:15:51 djm Exp $ */ /* * Author: Tatu Ylonen <y...@cs.hut.fi> @@ -44,7 +44,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: sshd.c,v 1.30 2018/04/08 21:56:48 joerg Exp $"); +__RCSID("$NetBSD: sshd.c,v 1.31 2018/05/23 16:04:13 christos Exp $"); #include <sys/types.h> #include <sys/param.h> #include <sys/ioctl.h> @@ -344,6 +344,7 @@ main_sigchld_handler(int sig) __dead static void grace_alarm_handler(int sig) { + pfilter_notify(1); if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0) kill(pmonitor->m_pid, SIGALRM); @@ -356,7 +357,6 @@ grace_alarm_handler(int sig) killpg(0, SIGTERM); } - pfilter_notify(1); /* Log error and exit. */ sigdie("Timeout before authentication for %s port %d", ssh_remote_ipaddr(active_state), ssh_remote_port(active_state)); @@ -2193,6 +2193,9 @@ cleanup_exit(int i) { struct ssh *ssh = active_state; /* XXX */ + if (i == 255) + pfilter_notify(1); + if (the_authctxt) { do_cleanup(ssh, the_authctxt); if (use_privsep && privsep_is_preauth &&