1 --- /dev/null 2015-01-22 23:10:33.000000000 -0500
2 +++ dist/pfilter.c 2015-01-22 23:46:03.000000000 -0500
4 +#include "namespace.h"
10 +#include <blacklist.h>
12 +static struct blacklist *blstate;
17 + blstate = blacklist_open();
21 +pfilter_notify(int a)
24 + if (blstate == NULL)
26 + if (blstate == NULL)
29 + fd = packet_connection_is_on_socket() ? packet_get_connection_in() : 3;
30 + (void)blacklist_r(blstate, a, fd, "ssh");
32 + blacklist_close(blstate);
36 --- /dev/null 2015-01-20 21:14:44.000000000 -0500
37 +++ dist/pfilter.h 2015-01-20 20:16:20.000000000 -0500
40 +void pfilter_notify(int);
41 +void pfilter_init(void);
42 Index: bin/sshd/Makefile
43 ===================================================================
44 RCS file: /cvsroot/src/crypto/external/bsd/openssh/bin/sshd/Makefile,v
45 retrieving revision 1.10
46 diff -u -u -r1.10 Makefile
47 --- bin/sshd/Makefile 19 Oct 2014 16:30:58 -0000 1.10
48 +++ bin/sshd/Makefile 22 Jan 2015 21:39:21 -0000
50 auth2-none.c auth2-passwd.c auth2-pubkey.c \
51 monitor_mm.c monitor.c monitor_wrap.c \
52 kexdhs.c kexgexs.c kexecdhs.c sftp-server.c sftp-common.c \
53 - roaming_common.c roaming_serv.c sandbox-rlimit.c
54 + roaming_common.c roaming_serv.c sandbox-rlimit.c pfilter.c
56 COPTS.auth-options.c= -Wno-pointer-sign
57 COPTS.ldapauth.c= -Wno-format-nonliteral # XXX: should fix
64 +DPADD+= ${LIBBLACKLIST}
65 diff -ru openssh-7.7p1/auth-pam.c dist/auth-pam.c
66 --- openssh-7.7p1/auth-pam.c 2018-04-02 01:38:28.000000000 -0400
67 +++ dist/auth-pam.c 2018-05-23 11:56:22.206661484 -0400
71 #include "monitor_wrap.h"
74 extern ServerOptions options;
75 extern Buffer loginmsg;
77 ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, &buffer);
79 ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer);
89 error("PAM: %s for %s%.100s from %.100s", msg,
90 sshpam_authctxt->valid ? "" : "illegal user ",
91 sshpam_authctxt->user,
92 diff -ru openssh-7.7p1/auth2.c dist/auth2.c
93 --- openssh-7.7p1/auth2.c 2018-04-02 01:38:28.000000000 -0400
94 +++ dist/auth2.c 2018-05-23 11:57:31.022197317 -0400
97 #include "pathnames.h"
105 /* Invalid user, fake password information */
106 authctxt->pw = fakepw();
108 #ifdef SSH_AUDIT_EVENTS
109 PRIVSEP(audit_event(SSH_INVALID_USER));
111 Only in dist: pfilter.c
112 Only in dist: pfilter.h
113 diff -ru openssh-7.7p1/sshd.c dist/sshd.c
114 --- openssh-7.7p1/sshd.c 2018-04-02 01:38:28.000000000 -0400
115 +++ dist/sshd.c 2018-05-23 11:59:39.573197347 -0400
117 #include "auth-options.h"
120 +#include "pfilter.h"
123 #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
126 grace_alarm_handler(int sig)
129 if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0)
130 kill(pmonitor->m_pid, SIGALRM);
132 @@ -1835,6 +1837,8 @@
139 * Clear out any supplemental groups we may have inherited. This
140 * prevents inadvertent creation of files with bad modes (in the
141 @@ -2280,6 +2284,9 @@
143 struct ssh *ssh = active_state; /* XXX */
149 do_cleanup(ssh, the_authctxt);
150 if (use_privsep && privsep_is_preauth &&