1 --- /dev/null 2015-01-22 23:10:33.000000000 -0500
2 +++ dist/pfilter.c 2015-01-22 23:46:03.000000000 -0500
4 +#include "namespace.h"
10 +#include <blacklist.h>
12 +static struct blacklist *blstate;
17 + blstate = blacklist_open();
21 +pfilter_notify(int a)
24 + if (blstate == NULL)
26 + if (blstate == NULL)
29 + fd = packet_connection_is_on_socket() ? packet_get_connection_in() : 3;
30 + (void)blacklist_r(blstate, a, fd, "ssh");
32 --- /dev/null 2015-01-20 21:14:44.000000000 -0500
33 +++ dist/pfilter.h 2015-01-20 20:16:20.000000000 -0500
36 +void pfilter_notify(int);
37 +void pfilter_init(void);
38 Index: bin/sshd/Makefile
39 ===================================================================
40 RCS file: /cvsroot/src/crypto/external/bsd/openssh/bin/sshd/Makefile,v
41 retrieving revision 1.10
42 diff -u -u -r1.10 Makefile
43 --- bin/sshd/Makefile 19 Oct 2014 16:30:58 -0000 1.10
44 +++ bin/sshd/Makefile 22 Jan 2015 21:39:21 -0000
46 auth2-none.c auth2-passwd.c auth2-pubkey.c \
47 monitor_mm.c monitor.c monitor_wrap.c \
48 kexdhs.c kexgexs.c kexecdhs.c sftp-server.c sftp-common.c \
49 - roaming_common.c roaming_serv.c sandbox-rlimit.c
50 + roaming_common.c roaming_serv.c sandbox-rlimit.c pfilter.c
52 COPTS.auth-options.c= -Wno-pointer-sign
53 COPTS.ldapauth.c= -Wno-format-nonliteral # XXX: should fix
60 +DPADD+= ${LIBBLACKLIST}
62 ===================================================================
63 RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth.c,v
64 retrieving revision 1.10
65 diff -u -u -r1.10 auth.c
66 --- dist/auth.c 19 Oct 2014 16:30:58 -0000 1.10
67 +++ dist/auth.c 22 Jan 2015 21:39:22 -0000
69 #include "monitor_wrap.h"
75 #include <login_cap.h>
77 compat20 ? "ssh2" : "ssh1",
78 authctxt->info != NULL ? ": " : "",
79 authctxt->info != NULL ? authctxt->info : "");
80 + if (!authctxt->postponed)
81 + pfilter_notify(!authenticated);
83 authctxt->info = NULL;
86 ===================================================================
87 RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/sshd.c,v
88 retrieving revision 1.15
89 diff -u -u -r1.15 sshd.c
90 --- dist/sshd.c 28 Oct 2014 21:36:16 -0000 1.15
91 +++ dist/sshd.c 22 Jan 2015 21:39:22 -0000
94 #include "ssh-sandbox.h"
105 /* Log error and exit. */
106 sigdie("Timeout before authentication for %s", get_remote_ipaddr());
108 @@ -1160,6 +1162,7 @@
109 for (i = 0; i < options.max_startups; i++)
110 startup_pipes[i] = -1;
114 * Stay listening for connections until the system crashes or
115 * the daemon is killed with a signal.
117 ===================================================================
118 RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth1.c,v
119 retrieving revision 1.9
120 diff -u -u -r1.9 auth1.c
121 --- auth1.c 19 Oct 2014 16:30:58 -0000 1.9
122 +++ auth1.c 14 Feb 2015 15:40:51 -0000
125 #include "monitor_wrap.h"
127 +#include "pfilter.h"
130 extern ServerOptions options;
133 debug("do_authentication: invalid user %s", user);
134 authctxt->pw = fakepw();
138 /* Configuration may have changed as a result of Match */
140 ===================================================================
141 RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth2.c,v
142 retrieving revision 1.9
143 diff -u -u -r1.9 auth2.c
144 --- auth2.c 19 Oct 2014 16:30:58 -0000 1.9
145 +++ auth2.c 14 Feb 2015 15:40:51 -0000
147 #include "pathnames.h"
149 #include "canohost.h"
150 +#include "pfilter.h"
156 logit("input_userauth_request: invalid user %s", user);
157 authctxt->pw = fakepw();
163 ===================================================================
164 RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/sshd.c,v
165 retrieving revision 1.16
166 diff -u -r1.16 sshd.c
167 --- sshd.c 25 Jan 2015 15:52:44 -0000 1.16
168 +++ sshd.c 14 Feb 2015 09:55:06 -0000
170 explicit_bzero(pw->pw_passwd, strlen(pw->pw_passwd));
175 /* Change our root directory */
176 if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
177 fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
180 ===================================================================
181 RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth-pam.c,v
182 retrieving revision 1.7
183 diff -u -u -r1.7 auth-pam.c
184 --- auth-pam.c 3 Jul 2015 00:59:59 -0000 1.7
185 +++ auth-pam.c 23 Jan 2016 00:01:16 -0000
189 #include "monitor_wrap.h"
190 +#include "pfilter.h"
192 extern ServerOptions options;
193 extern Buffer loginmsg;
199 error("PAM: %s for %s%.100s from %.100s", msg,
200 sshpam_authctxt->valid ? "" : "illegal user ",
201 sshpam_authctxt->user,
203 ===================================================================
204 RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth.c,v
205 retrieving revision 1.15
206 diff -u -u -r1.15 auth.c
207 --- auth.c 21 Aug 2015 08:20:59 -0000 1.15
208 +++ auth.c 23 Jan 2016 00:01:16 -0000
214 logit("Invalid user %.100s from %.100s",
215 user, get_remote_ipaddr());
218 ===================================================================
219 RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth1.c,v
220 retrieving revision 1.12
221 diff -u -u -r1.12 auth1.c
222 --- auth1.c 3 Jul 2015 00:59:59 -0000 1.12
223 +++ auth1.c 23 Jan 2016 00:01:16 -0000
229 error("Access denied for user %s by PAM account "
230 "configuration", authctxt->user);
231 len = buffer_len(&loginmsg);