xref: /minix3/external/bsd/blacklist/diff/ssh.diff (revision 0a6a1f1d05b60e214de2f05a7310ddd1f0e590e7)
1*0a6a1f1dSLionel Sambuc--- /dev/null	2015-01-22 23:10:33.000000000 -0500
2*0a6a1f1dSLionel Sambuc+++ dist/pfilter.c	2015-01-22 23:46:03.000000000 -0500
3*0a6a1f1dSLionel Sambuc@@ -0,0 +1,27 @@
4*0a6a1f1dSLionel Sambuc+#include "namespace.h"
5*0a6a1f1dSLionel Sambuc+#include "ssh.h"
6*0a6a1f1dSLionel Sambuc+#include "packet.h"
7*0a6a1f1dSLionel Sambuc+#include "log.h"
8*0a6a1f1dSLionel Sambuc+#include "pfilter.h"
9*0a6a1f1dSLionel Sambuc+#include <blacklist.h>
10*0a6a1f1dSLionel Sambuc+
11*0a6a1f1dSLionel Sambuc+static struct blacklist *blstate;
12*0a6a1f1dSLionel Sambuc+
13*0a6a1f1dSLionel Sambuc+void
14*0a6a1f1dSLionel Sambuc+pfilter_init(void)
15*0a6a1f1dSLionel Sambuc+{
16*0a6a1f1dSLionel Sambuc+	blstate = blacklist_open();
17*0a6a1f1dSLionel Sambuc+}
18*0a6a1f1dSLionel Sambuc+
19*0a6a1f1dSLionel Sambuc+void
20*0a6a1f1dSLionel Sambuc+pfilter_notify(int a)
21*0a6a1f1dSLionel Sambuc+{
22*0a6a1f1dSLionel Sambuc+	int fd;
23*0a6a1f1dSLionel Sambuc+	if (blstate == NULL)
24*0a6a1f1dSLionel Sambuc+		pfilter_init();
25*0a6a1f1dSLionel Sambuc+	if (blstate == NULL)
26*0a6a1f1dSLionel Sambuc+		return;
27*0a6a1f1dSLionel Sambuc+	// XXX: 3?
28*0a6a1f1dSLionel Sambuc+ 	fd = packet_connection_is_on_socket() ? packet_get_connection_in() : 3;
29*0a6a1f1dSLionel Sambuc+	(void)blacklist_r(blstate, a, fd, "ssh");
30*0a6a1f1dSLionel Sambuc+}
31*0a6a1f1dSLionel Sambuc--- /dev/null	2015-01-20 21:14:44.000000000 -0500
32*0a6a1f1dSLionel Sambuc+++ dist/pfilter.h	2015-01-20 20:16:20.000000000 -0500
33*0a6a1f1dSLionel Sambuc@@ -0,0 +1,3 @@
34*0a6a1f1dSLionel Sambuc+
35*0a6a1f1dSLionel Sambuc+void pfilter_notify(int);
36*0a6a1f1dSLionel Sambuc+void pfilter_init(void);
37*0a6a1f1dSLionel SambucIndex: bin/sshd/Makefile
38*0a6a1f1dSLionel Sambuc===================================================================
39*0a6a1f1dSLionel SambucRCS file: /cvsroot/src/crypto/external/bsd/openssh/bin/sshd/Makefile,v
40*0a6a1f1dSLionel Sambucretrieving revision 1.10
41*0a6a1f1dSLionel Sambucdiff -u -u -r1.10 Makefile
42*0a6a1f1dSLionel Sambuc--- bin/sshd/Makefile	19 Oct 2014 16:30:58 -0000	1.10
43*0a6a1f1dSLionel Sambuc+++ bin/sshd/Makefile	22 Jan 2015 21:39:21 -0000
44*0a6a1f1dSLionel Sambuc@@ -15,7 +15,7 @@
45*0a6a1f1dSLionel Sambuc 	auth2-none.c auth2-passwd.c auth2-pubkey.c \
46*0a6a1f1dSLionel Sambuc 	monitor_mm.c monitor.c monitor_wrap.c \
47*0a6a1f1dSLionel Sambuc 	kexdhs.c kexgexs.c kexecdhs.c sftp-server.c sftp-common.c \
48*0a6a1f1dSLionel Sambuc-	roaming_common.c roaming_serv.c sandbox-rlimit.c
49*0a6a1f1dSLionel Sambuc+	roaming_common.c roaming_serv.c sandbox-rlimit.c pfilter.c
50*0a6a1f1dSLionel Sambuc
51*0a6a1f1dSLionel Sambuc COPTS.auth-options.c=	-Wno-pointer-sign
52*0a6a1f1dSLionel Sambuc COPTS.ldapauth.c=	-Wno-format-nonliteral	# XXX: should fix
53*0a6a1f1dSLionel Sambuc@@ -68,3 +68,6 @@
54*0a6a1f1dSLionel Sambuc
55*0a6a1f1dSLionel Sambuc LDADD+=	-lwrap
56*0a6a1f1dSLionel Sambuc DPADD+=	${LIBWRAP}
57*0a6a1f1dSLionel Sambuc+
58*0a6a1f1dSLionel Sambuc+LDADD+=	-lblacklist
59*0a6a1f1dSLionel Sambuc+DPADD+=	${LIBBLACKLIST}
60*0a6a1f1dSLionel SambucIndex: dist/auth.c
61*0a6a1f1dSLionel Sambuc===================================================================
62*0a6a1f1dSLionel SambucRCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth.c,v
63*0a6a1f1dSLionel Sambucretrieving revision 1.10
64*0a6a1f1dSLionel Sambucdiff -u -u -r1.10 auth.c
65*0a6a1f1dSLionel Sambuc--- dist/auth.c	19 Oct 2014 16:30:58 -0000	1.10
66*0a6a1f1dSLionel Sambuc+++ dist/auth.c	22 Jan 2015 21:39:22 -0000
67*0a6a1f1dSLionel Sambuc@@ -62,6 +62,7 @@
68*0a6a1f1dSLionel Sambuc #include "monitor_wrap.h"
69*0a6a1f1dSLionel Sambuc #include "krl.h"
70*0a6a1f1dSLionel Sambuc #include "compat.h"
71*0a6a1f1dSLionel Sambuc+#include "pfilter.h"
72*0a6a1f1dSLionel Sambuc
73*0a6a1f1dSLionel Sambuc #ifdef HAVE_LOGIN_CAP
74*0a6a1f1dSLionel Sambuc #include <login_cap.h>
75*0a6a1f1dSLionel Sambuc@@ -362,6 +363,8 @@
76*0a6a1f1dSLionel Sambuc 	    compat20 ? "ssh2" : "ssh1",
77*0a6a1f1dSLionel Sambuc 	    authctxt->info != NULL ? ": " : "",
78*0a6a1f1dSLionel Sambuc 	    authctxt->info != NULL ? authctxt->info : "");
79*0a6a1f1dSLionel Sambuc+	if (!authctxt->postponed)
80*0a6a1f1dSLionel Sambuc+		pfilter_notify(!authenticated);
81*0a6a1f1dSLionel Sambuc 	free(authctxt->info);
82*0a6a1f1dSLionel Sambuc 	authctxt->info = NULL;
83*0a6a1f1dSLionel Sambuc }
84*0a6a1f1dSLionel SambucIndex: dist/sshd.c
85*0a6a1f1dSLionel Sambuc===================================================================
86*0a6a1f1dSLionel SambucRCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/sshd.c,v
87*0a6a1f1dSLionel Sambucretrieving revision 1.15
88*0a6a1f1dSLionel Sambucdiff -u -u -r1.15 sshd.c
89*0a6a1f1dSLionel Sambuc--- dist/sshd.c	28 Oct 2014 21:36:16 -0000	1.15
90*0a6a1f1dSLionel Sambuc+++ dist/sshd.c	22 Jan 2015 21:39:22 -0000
91*0a6a1f1dSLionel Sambuc@@ -109,6 +109,7 @@
92*0a6a1f1dSLionel Sambuc #include "roaming.h"
93*0a6a1f1dSLionel Sambuc #include "ssh-sandbox.h"
94*0a6a1f1dSLionel Sambuc #include "version.h"
95*0a6a1f1dSLionel Sambuc+#include "pfilter.h"
96*0a6a1f1dSLionel Sambuc
97*0a6a1f1dSLionel Sambuc #ifdef LIBWRAP
98*0a6a1f1dSLionel Sambuc #include <tcpd.h>
99*0a6a1f1dSLionel Sambuc@@ -364,6 +365,7 @@
100*0a6a1f1dSLionel Sambuc 		killpg(0, SIGTERM);
101*0a6a1f1dSLionel Sambuc 	}
102*0a6a1f1dSLionel Sambuc
103*0a6a1f1dSLionel Sambuc+	pfilter_notify(1);
104*0a6a1f1dSLionel Sambuc 	/* Log error and exit. */
105*0a6a1f1dSLionel Sambuc 	sigdie("Timeout before authentication for %s", get_remote_ipaddr());
106*0a6a1f1dSLionel Sambuc }
107*0a6a1f1dSLionel Sambuc@@ -1160,6 +1162,7 @@
108*0a6a1f1dSLionel Sambuc 	for (i = 0; i < options.max_startups; i++)
109*0a6a1f1dSLionel Sambuc 		startup_pipes[i] = -1;
110*0a6a1f1dSLionel Sambuc
111*0a6a1f1dSLionel Sambuc+	pfilter_init();
112*0a6a1f1dSLionel Sambuc 	/*
113*0a6a1f1dSLionel Sambuc 	 * Stay listening for connections until the system crashes or
114*0a6a1f1dSLionel Sambuc 	 * the daemon is killed with a signal.
115*0a6a1f1dSLionel SambucIndex: auth1.c
116*0a6a1f1dSLionel Sambuc===================================================================
117*0a6a1f1dSLionel SambucRCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth1.c,v
118*0a6a1f1dSLionel Sambucretrieving revision 1.9
119*0a6a1f1dSLionel Sambucdiff -u -u -r1.9 auth1.c
120*0a6a1f1dSLionel Sambuc--- auth1.c	19 Oct 2014 16:30:58 -0000	1.9
121*0a6a1f1dSLionel Sambuc+++ auth1.c	14 Feb 2015 15:40:51 -0000
122*0a6a1f1dSLionel Sambuc@@ -41,6 +41,7 @@
123*0a6a1f1dSLionel Sambuc #endif
124*0a6a1f1dSLionel Sambuc #include "monitor_wrap.h"
125*0a6a1f1dSLionel Sambuc #include "buffer.h"
126*0a6a1f1dSLionel Sambuc+#include "pfilter.h"
127*0a6a1f1dSLionel Sambuc
128*0a6a1f1dSLionel Sambuc /* import */
129*0a6a1f1dSLionel Sambuc extern ServerOptions options;
130*0a6a1f1dSLionel Sambuc@@ -445,6 +446,7 @@
131*0a6a1f1dSLionel Sambuc 	else {
132*0a6a1f1dSLionel Sambuc 		debug("do_authentication: invalid user %s", user);
133*0a6a1f1dSLionel Sambuc 		authctxt->pw = fakepw();
134*0a6a1f1dSLionel Sambuc+		pfilter_notify(1);
135*0a6a1f1dSLionel Sambuc 	}
136*0a6a1f1dSLionel Sambuc
137*0a6a1f1dSLionel Sambuc 	/* Configuration may have changed as a result of Match */
138*0a6a1f1dSLionel SambucIndex: auth2.c
139*0a6a1f1dSLionel Sambuc===================================================================
140*0a6a1f1dSLionel SambucRCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth2.c,v
141*0a6a1f1dSLionel Sambucretrieving revision 1.9
142*0a6a1f1dSLionel Sambucdiff -u -u -r1.9 auth2.c
143*0a6a1f1dSLionel Sambuc--- auth2.c	19 Oct 2014 16:30:58 -0000	1.9
144*0a6a1f1dSLionel Sambuc+++ auth2.c	14 Feb 2015 15:40:51 -0000
145*0a6a1f1dSLionel Sambuc@@ -52,6 +52,7 @@
146*0a6a1f1dSLionel Sambuc #include "pathnames.h"
147*0a6a1f1dSLionel Sambuc #include "buffer.h"
148*0a6a1f1dSLionel Sambuc #include "canohost.h"
149*0a6a1f1dSLionel Sambuc+#include "pfilter.h"
150*0a6a1f1dSLionel Sambuc
151*0a6a1f1dSLionel Sambuc #ifdef GSSAPI
152*0a6a1f1dSLionel Sambuc #include "ssh-gss.h"
153*0a6a1f1dSLionel Sambuc@@ -256,6 +257,7 @@
154*0a6a1f1dSLionel Sambuc 		} else {
155*0a6a1f1dSLionel Sambuc 			logit("input_userauth_request: invalid user %s", user);
156*0a6a1f1dSLionel Sambuc 			authctxt->pw = fakepw();
157*0a6a1f1dSLionel Sambuc+			pfilter_notify(1);
158*0a6a1f1dSLionel Sambuc 		}
159*0a6a1f1dSLionel Sambuc #ifdef USE_PAM
160*0a6a1f1dSLionel Sambuc 		if (options.use_pam)
161*0a6a1f1dSLionel SambucIndex: sshd.c
162*0a6a1f1dSLionel Sambuc===================================================================
163*0a6a1f1dSLionel SambucRCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/sshd.c,v
164*0a6a1f1dSLionel Sambucretrieving revision 1.16
165*0a6a1f1dSLionel Sambucdiff -u -r1.16 sshd.c
166*0a6a1f1dSLionel Sambuc--- sshd.c	25 Jan 2015 15:52:44 -0000	1.16
167*0a6a1f1dSLionel Sambuc+++ sshd.c	14 Feb 2015 09:55:06 -0000
168*0a6a1f1dSLionel Sambuc@@ -628,6 +628,8 @@
169*0a6a1f1dSLionel Sambuc 	explicit_bzero(pw->pw_passwd, strlen(pw->pw_passwd));
170*0a6a1f1dSLionel Sambuc 	endpwent();
171*0a6a1f1dSLionel Sambuc
172*0a6a1f1dSLionel Sambuc+	pfilter_init();
173*0a6a1f1dSLionel Sambuc+
174*0a6a1f1dSLionel Sambuc 	/* Change our root directory */
175*0a6a1f1dSLionel Sambuc 	if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
176*0a6a1f1dSLionel Sambuc 		fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
177*0a6a1f1dSLionel Sambuc
178