Module Name: src
Committed By: christos
Date: Tue Jun 25 16:58:24 UTC 2024
Modified Files:
src/crypto/external/bsd/openssh/dist: auth2.c monitor.c
Log Message:
Don't call pfilter_notify for each authentication attempt, only call it
once we failed to authenticate.
To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 src/crypto/external/bsd/openssh/dist/auth2.c
cvs rdiff -u -r1.43 -r1.44 src/crypto/external/bsd/openssh/dist/monitor.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssh/dist/auth2.c
diff -u src/crypto/external/bsd/openssh/dist/auth2.c:1.29 src/crypto/external/bsd/openssh/dist/auth2.c:1.30
--- src/crypto/external/bsd/openssh/dist/auth2.c:1.29 Wed Dec 20 12:15:20 2023
+++ src/crypto/external/bsd/openssh/dist/auth2.c Tue Jun 25 12:58:24 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: auth2.c,v 1.29 2023/12/20 17:15:20 christos Exp $ */
+/* $NetBSD: auth2.c,v 1.30 2024/06/25 16:58:24 christos Exp $ */
/* $OpenBSD: auth2.c,v 1.168 2023/12/18 14:45:49 djm Exp $ */
/*
@@ -26,7 +26,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: auth2.c,v 1.29 2023/12/20 17:15:20 christos Exp $");
+__RCSID("$NetBSD: auth2.c,v 1.30 2024/06/25 16:58:24 christos Exp $");
#include <sys/types.h>
#include <sys/stat.h>
@@ -320,7 +320,6 @@ input_userauth_request(int type, u_int32
authctxt->valid = 0;
/* Invalid user, fake password information */
authctxt->pw = fakepw();
- pfilter_notify(1);
}
#ifdef USE_PAM
if (options.use_pam)
Index: src/crypto/external/bsd/openssh/dist/monitor.c
diff -u src/crypto/external/bsd/openssh/dist/monitor.c:1.43 src/crypto/external/bsd/openssh/dist/monitor.c:1.44
--- src/crypto/external/bsd/openssh/dist/monitor.c:1.43 Wed Oct 25 16:19:57 2023
+++ src/crypto/external/bsd/openssh/dist/monitor.c Tue Jun 25 12:58:24 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: monitor.c,v 1.43 2023/10/25 20:19:57 christos Exp $ */
+/* $NetBSD: monitor.c,v 1.44 2024/06/25 16:58:24 christos Exp $ */
/* $OpenBSD: monitor.c,v 1.237 2023/08/16 16:14:11 djm Exp $ */
/*
@@ -28,7 +28,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: monitor.c,v 1.43 2023/10/25 20:19:57 christos Exp $");
+__RCSID("$NetBSD: monitor.c,v 1.44 2024/06/25 16:58:24 christos Exp $");
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/socket.h>
@@ -318,7 +318,6 @@ monitor_child_preauth(struct ssh *ssh, s
auth_log(ssh, authenticated, partial,
auth_method, auth_submethod);
if (!partial && !authenticated) {
- pfilter_notify(1);
authctxt->failures++;
}
if (authenticated || partial) {
@@ -327,16 +326,21 @@ monitor_child_preauth(struct ssh *ssh, s
}
}
if (authctxt->failures > options.max_authtries) {
+ pfilter_notify(1);
/* Shouldn't happen */
fatal_f("privsep child made too many authentication "
"attempts");
}
}
- if (!authctxt->valid)
+ if (!authctxt->valid) {
+ pfilter_notify(1);
fatal_f("authenticated invalid user");
- if (strcmp(auth_method, "unknown") == 0)
+ }
+ if (strcmp(auth_method, "unknown") == 0) {
+ pfilter_notify(1);
fatal_f("authentication method name unknown");
+ }
debug_f("user %s authenticated by privileged process", authctxt->user);
ssh->authctxt = NULL;
