ssh.diff | searchcode

/external/bsd/blacklist/diff/ssh.diff

http://www.minix3.org/
diff | 177 lines | 166 code | 11 blank | 0 comment | 0 complexity | 70ffb5493dfda764be43648896f0503e MD5 | raw file
Possible License(s): MIT, WTFPL, AGPL-1.0, BSD-3-Clause, GPL-3.0, LGPL-2.0, JSON, 0BSD

--- /dev/null	2015-01-22 23:10:33.000000000 -0500
+++ dist/pfilter.c	2015-01-22 23:46:03.000000000 -0500
@@ -0,0 +1,27 @@
+#include "namespace.h"
+#include "ssh.h"
+#include "packet.h"
+#include "log.h"
+#include "pfilter.h"
+#include <blacklist.h>
+
+static struct blacklist *blstate;
+
+void
+pfilter_init(void)
+{
+	blstate = blacklist_open();
+}
+
+void
+pfilter_notify(int a)
+{
+	int fd;
+	if (blstate == NULL)
+		pfilter_init();
+	if (blstate == NULL)
+		return;
+	// XXX: 3?
+ 	fd = packet_connection_is_on_socket() ? packet_get_connection_in() : 3;
+	(void)blacklist_r(blstate, a, fd, "ssh");
+}
--- /dev/null	2015-01-20 21:14:44.000000000 -0500
+++ dist/pfilter.h	2015-01-20 20:16:20.000000000 -0500
@@ -0,0 +1,3 @@
+
+void pfilter_notify(int);
+void pfilter_init(void);
Index: bin/sshd/Makefile
===================================================================
RCS file: /cvsroot/src/crypto/external/bsd/openssh/bin/sshd/Makefile,v
retrieving revision 1.10
diff -u -u -r1.10 Makefile
--- bin/sshd/Makefile	19 Oct 2014 16:30:58 -0000	1.10
+++ bin/sshd/Makefile	22 Jan 2015 21:39:21 -0000
@@ -15,7 +15,7 @@
 	auth2-none.c auth2-passwd.c auth2-pubkey.c \
 	monitor_mm.c monitor.c monitor_wrap.c \
 	kexdhs.c kexgexs.c kexecdhs.c sftp-server.c sftp-common.c \
-	roaming_common.c roaming_serv.c sandbox-rlimit.c
+	roaming_common.c roaming_serv.c sandbox-rlimit.c pfilter.c
 
 COPTS.auth-options.c=	-Wno-pointer-sign
 COPTS.ldapauth.c=	-Wno-format-nonliteral	# XXX: should fix
@@ -68,3 +68,6 @@
 
 LDADD+=	-lwrap
 DPADD+=	${LIBWRAP}
+
+LDADD+=	-lblacklist
+DPADD+=	${LIBBLACKLIST}
Index: dist/auth.c
===================================================================
RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth.c,v
retrieving revision 1.10
diff -u -u -r1.10 auth.c
--- dist/auth.c	19 Oct 2014 16:30:58 -0000	1.10
+++ dist/auth.c	22 Jan 2015 21:39:22 -0000
@@ -62,6 +62,7 @@
 #include "monitor_wrap.h"
 #include "krl.h"
 #include "compat.h"
+#include "pfilter.h"
 
 #ifdef HAVE_LOGIN_CAP
 #include <login_cap.h>
@@ -362,6 +363,8 @@
 	    compat20 ? "ssh2" : "ssh1",
 	    authctxt->info != NULL ? ": " : "",
 	    authctxt->info != NULL ? authctxt->info : "");
+	if (!authctxt->postponed)
+		pfilter_notify(!authenticated);
 	free(authctxt->info);
 	authctxt->info = NULL;
 }
Index: dist/sshd.c
===================================================================
RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/sshd.c,v
retrieving revision 1.15
diff -u -u -r1.15 sshd.c
--- dist/sshd.c	28 Oct 2014 21:36:16 -0000	1.15
+++ dist/sshd.c	22 Jan 2015 21:39:22 -0000
@@ -109,6 +109,7 @@
 #include "roaming.h"
 #include "ssh-sandbox.h"
 #include "version.h"
+#include "pfilter.h"
 
 #ifdef LIBWRAP
 #include <tcpd.h>
@@ -364,6 +365,7 @@
 		killpg(0, SIGTERM);
 	}
 
+	pfilter_notify(1);
 	/* Log error and exit. */
 	sigdie("Timeout before authentication for %s", get_remote_ipaddr());
 }
@@ -1160,6 +1162,7 @@
 	for (i = 0; i < options.max_startups; i++)
 		startup_pipes[i] = -1;
 
+	pfilter_init();
 	/*
 	 * Stay listening for connections until the system crashes or
 	 * the daemon is killed with a signal.
Index: auth1.c
===================================================================
RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth1.c,v
retrieving revision 1.9
diff -u -u -r1.9 auth1.c
--- auth1.c	19 Oct 2014 16:30:58 -0000	1.9
+++ auth1.c	14 Feb 2015 15:40:51 -0000
@@ -41,6 +41,7 @@
 #endif
 #include "monitor_wrap.h"
 #include "buffer.h"
+#include "pfilter.h"
 
 /* import */
 extern ServerOptions options;
@@ -445,6 +446,7 @@
 	else {
 		debug("do_authentication: invalid user %s", user);
 		authctxt->pw = fakepw();
+		pfilter_notify(1);
 	}
 
 	/* Configuration may have changed as a result of Match */
Index: auth2.c
===================================================================
RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth2.c,v
retrieving revision 1.9
diff -u -u -r1.9 auth2.c
--- auth2.c	19 Oct 2014 16:30:58 -0000	1.9
+++ auth2.c	14 Feb 2015 15:40:51 -0000
@@ -52,6 +52,7 @@
 #include "pathnames.h"
 #include "buffer.h"
 #include "canohost.h"
+#include "pfilter.h"
 
 #ifdef GSSAPI
 #include "ssh-gss.h"
@@ -256,6 +257,7 @@
 		} else {
 			logit("input_userauth_request: invalid user %s", user);
 			authctxt->pw = fakepw();
+			pfilter_notify(1);
 		}
 #ifdef USE_PAM
 		if (options.use_pam)
Index: sshd.c
===================================================================
RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/sshd.c,v
retrieving revision 1.16
diff -u -r1.16 sshd.c
--- sshd.c	25 Jan 2015 15:52:44 -0000	1.16
+++ sshd.c	14 Feb 2015 09:55:06 -0000
@@ -628,6 +628,8 @@
 	explicit_bzero(pw->pw_passwd, strlen(pw->pw_passwd));
 	endpwent();
 
+	pfilter_init();
+
 	/* Change our root directory */
 	if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
 		fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,