dist

Christos Zoulas Fri, 21 Mar 2025 07:04:42 -0700

Module Name:    src
Committed By:   christos
Date:           Fri Mar 21 14:04:33 UTC 2025


Modified Files:
        src/crypto/external/bsd/openssh/dist: log.c monitor.c mux.c packet.c
            serverloop.c session.c sshd-session.c

Log Message:
PR/59200: Jose Luis Duran: Change exit probe location

Move the probe where not only an exit status 255 is checked, but also an
authentication was attempted.  This facility was added by OpenSSH commit
81c1099d2 ("upstream: Add a facility to sshd(8) to penalise particular")
which affords us to remove all occurrences of cleanup exit renumbering,
as well as to avoid counting a normal session exit as an nfail.


To generate a diff of this commit:
cvs rdiff -u -r1.30 -r1.31 src/crypto/external/bsd/openssh/dist/log.c
cvs rdiff -u -r1.46 -r1.47 src/crypto/external/bsd/openssh/dist/monitor.c
cvs rdiff -u -r1.36 -r1.37 src/crypto/external/bsd/openssh/dist/mux.c \
    src/crypto/external/bsd/openssh/dist/serverloop.c
cvs rdiff -u -r1.53 -r1.54 src/crypto/external/bsd/openssh/dist/packet.c
cvs rdiff -u -r1.40 -r1.41 src/crypto/external/bsd/openssh/dist/session.c
cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssh/dist/sshd-session.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/log.c
diff -u src/crypto/external/bsd/openssh/dist/log.c:1.30 src/crypto/external/bsd/openssh/dist/log.c:1.31
--- src/crypto/external/bsd/openssh/dist/log.c:1.30	Mon Jul  8 18:33:43 2024
+++ src/crypto/external/bsd/openssh/dist/log.c	Fri Mar 21 10:04:33 2025
@@ -1,4 +1,4 @@
-/*	$NetBSD: log.c,v 1.30 2024/07/08 22:33:43 christos Exp $	*/
+/*	$NetBSD: log.c,v 1.31 2025/03/21 14:04:33 christos Exp $	*/
 /* $OpenBSD: log.c,v 1.62 2024/06/27 22:36:44 djm Exp $ */
 
 /*
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: log.c,v 1.30 2024/07/08 22:33:43 christos Exp $");
+__RCSID("$NetBSD: log.c,v 1.31 2025/03/21 14:04:33 christos Exp $");
 #include <sys/types.h>
 #include <sys/uio.h>
 
@@ -415,7 +415,7 @@ sshlogdie(const char *file, const char *
 	sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_INFO,
 	    suffix, fmt, args);
 	va_end(args);
-	cleanup_exit(254);
+	cleanup_exit(255);
 }
 
 void

Index: src/crypto/external/bsd/openssh/dist/monitor.c
diff -u src/crypto/external/bsd/openssh/dist/monitor.c:1.46 src/crypto/external/bsd/openssh/dist/monitor.c:1.47
--- src/crypto/external/bsd/openssh/dist/monitor.c:1.46	Tue Sep 24 17:32:18 2024
+++ src/crypto/external/bsd/openssh/dist/monitor.c	Fri Mar 21 10:04:33 2025
@@ -1,4 +1,4 @@
-/*	$NetBSD: monitor.c,v 1.46 2024/09/24 21:32:18 christos Exp $	*/
+/*	$NetBSD: monitor.c,v 1.47 2025/03/21 14:04:33 christos Exp $	*/
 /* $OpenBSD: monitor.c,v 1.244 2024/09/15 01:09:40 djm Exp $ */
 
 /*
@@ -28,7 +28,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: monitor.c,v 1.46 2024/09/24 21:32:18 christos Exp $");
+__RCSID("$NetBSD: monitor.c,v 1.47 2025/03/21 14:04:33 christos Exp $");
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <sys/socket.h>
@@ -1575,7 +1575,7 @@ mm_record_login(struct ssh *ssh, Session
 		if (getpeername(ssh_packet_get_connection_in(ssh),
 		    (struct sockaddr *)&from, &fromlen) == -1) {
 			debug("getpeername: %.100s", strerror(errno));
-			cleanup_exit(254);
+			cleanup_exit(255);
 		}
 	}
 	/* Record that there was a login on that tty from the remote host. */

Index: src/crypto/external/bsd/openssh/dist/mux.c
diff -u src/crypto/external/bsd/openssh/dist/mux.c:1.36 src/crypto/external/bsd/openssh/dist/mux.c:1.37
--- src/crypto/external/bsd/openssh/dist/mux.c:1.36	Tue Sep 24 17:32:18 2024
+++ src/crypto/external/bsd/openssh/dist/mux.c	Fri Mar 21 10:04:33 2025
@@ -1,4 +1,4 @@
-/*	$NetBSD: mux.c,v 1.36 2024/09/24 21:32:18 christos Exp $	*/
+/*	$NetBSD: mux.c,v 1.37 2025/03/21 14:04:33 christos Exp $	*/
 /* $OpenBSD: mux.c,v 1.102 2024/07/25 22:40:08 djm Exp $ */
 
 /*
@@ -20,7 +20,7 @@
 /* ssh session multiplexing support */
 
 #include "includes.h"
-__RCSID("$NetBSD: mux.c,v 1.36 2024/09/24 21:32:18 christos Exp $");
+__RCSID("$NetBSD: mux.c,v 1.37 2025/03/21 14:04:33 christos Exp $");
 #include <sys/types.h>
 #include <sys/queue.h>
 #include <sys/stat.h>
@@ -1311,7 +1311,7 @@ muxserver_listen(struct ssh *ssh)
 			return;
 		} else {
 			/* unix_listener() logs the error */
-			cleanup_exit(254);
+			cleanup_exit(255);
 		}
 	}
 
Index: src/crypto/external/bsd/openssh/dist/serverloop.c
diff -u src/crypto/external/bsd/openssh/dist/serverloop.c:1.36 src/crypto/external/bsd/openssh/dist/serverloop.c:1.37
--- src/crypto/external/bsd/openssh/dist/serverloop.c:1.36	Mon Jul  8 18:33:44 2024
+++ src/crypto/external/bsd/openssh/dist/serverloop.c	Fri Mar 21 10:04:33 2025
@@ -1,4 +1,4 @@
-/*	$NetBSD: serverloop.c,v 1.36 2024/07/08 22:33:44 christos Exp $	*/
+/*	$NetBSD: serverloop.c,v 1.37 2025/03/21 14:04:33 christos Exp $	*/
 /* $OpenBSD: serverloop.c,v 1.240 2024/06/17 08:28:31 djm Exp $ */
 
 /*
@@ -38,7 +38,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: serverloop.c,v 1.36 2024/07/08 22:33:44 christos Exp $");
+__RCSID("$NetBSD: serverloop.c,v 1.37 2025/03/21 14:04:33 christos Exp $");
 
 #include <sys/param.h>	/* MIN MAX */
 #include <sys/types.h>
@@ -289,7 +289,7 @@ process_input(struct ssh *ssh, int conne
 		logit("Read error from remote host %s port %d: %s",
 		    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
 		    strerror(errno));
-		cleanup_exit(254);
+		cleanup_exit(255);
 	}
 	return -1;
 }

Index: src/crypto/external/bsd/openssh/dist/packet.c
diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.53 src/crypto/external/bsd/openssh/dist/packet.c:1.54
--- src/crypto/external/bsd/openssh/dist/packet.c:1.53	Tue Feb 18 12:53:24 2025
+++ src/crypto/external/bsd/openssh/dist/packet.c	Fri Mar 21 10:04:33 2025
@@ -1,4 +1,4 @@
-/*	$NetBSD: packet.c,v 1.53 2025/02/18 17:53:24 christos Exp $	*/
+/*	$NetBSD: packet.c,v 1.54 2025/03/21 14:04:33 christos Exp $	*/
 /* $OpenBSD: packet.c,v 1.318 2025/02/18 08:02:12 djm Exp $ */
 
 /*
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: packet.c,v 1.53 2025/02/18 17:53:24 christos Exp $");
+__RCSID("$NetBSD: packet.c,v 1.54 2025/03/21 14:04:33 christos Exp $");
 
 #include <sys/param.h>	/* MIN roundup */
 #include <sys/types.h>
@@ -2085,7 +2085,7 @@ ssh_packet_disconnect(struct ssh *ssh, c
 
 	/* Close the connection. */
 	ssh_packet_close(ssh);
-	cleanup_exit(254);
+	cleanup_exit(255);
 }
 
 /*

Index: src/crypto/external/bsd/openssh/dist/session.c
diff -u src/crypto/external/bsd/openssh/dist/session.c:1.40 src/crypto/external/bsd/openssh/dist/session.c:1.41
--- src/crypto/external/bsd/openssh/dist/session.c:1.40	Mon Jul  8 18:33:44 2024
+++ src/crypto/external/bsd/openssh/dist/session.c	Fri Mar 21 10:04:33 2025
@@ -1,4 +1,4 @@
-/*	$NetBSD: session.c,v 1.40 2024/07/08 22:33:44 christos Exp $	*/
+/*	$NetBSD: session.c,v 1.41 2025/03/21 14:04:33 christos Exp $	*/
 /* $OpenBSD: session.c,v 1.338 2024/05/17 00:30:24 djm Exp $ */
 
 /*
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: session.c,v 1.40 2024/07/08 22:33:44 christos Exp $");
+__RCSID("$NetBSD: session.c,v 1.41 2025/03/21 14:04:33 christos Exp $");
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <sys/un.h>
@@ -722,7 +722,7 @@ do_login(struct ssh *ssh, Session *s, co
 		if (getpeername(ssh_packet_get_connection_in(ssh),
 		    (struct sockaddr *)&from, &fromlen) == -1) {
 			debug("getpeername: %.100s", strerror(errno));
-			cleanup_exit(254);
+			cleanup_exit(255);
 		}
 	}
 

Index: src/crypto/external/bsd/openssh/dist/sshd-session.c
diff -u src/crypto/external/bsd/openssh/dist/sshd-session.c:1.6 src/crypto/external/bsd/openssh/dist/sshd-session.c:1.7
--- src/crypto/external/bsd/openssh/dist/sshd-session.c:1.6	Wed Jan  8 16:49:32 2025
+++ src/crypto/external/bsd/openssh/dist/sshd-session.c	Fri Mar 21 10:04:33 2025
@@ -1,4 +1,4 @@
-/*	$NetBSD: sshd-session.c,v 1.6 2025/01/08 21:49:32 christos Exp $	*/
+/*	$NetBSD: sshd-session.c,v 1.7 2025/03/21 14:04:33 christos Exp $	*/
 /* $OpenBSD: sshd-session.c,v 1.9 2024/09/09 02:39:57 djm Exp $ */
 
 /*
@@ -30,7 +30,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: sshd-session.c,v 1.6 2025/01/08 21:49:32 christos Exp $");
+__RCSID("$NetBSD: sshd-session.c,v 1.7 2025/03/21 14:04:33 christos Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -1452,9 +1452,6 @@ cleanup_exit(int i)
 {
 	extern int auth_attempted; /* monitor.c */
 
-	if (i == 255)
-		pfilter_notify(1);
-
 	if (the_active_state != NULL && the_authctxt != NULL) {
 		do_cleanup(the_active_state, the_authctxt);
 		if (privsep_is_preauth &&
@@ -1468,7 +1465,9 @@ cleanup_exit(int i)
 		}
 	}
 	/* Override default fatal exit value when auth was attempted */
-	if (i == 255 && auth_attempted)
+	if (i == 255 && auth_attempted) {
+		pfilter_notify(1);
 		_exit(EXIT_AUTH_ATTEMPTED);
+	}
 	_exit(i);
 }

CVS commit: src/crypto/external/bsd/openssh/dist

Reply via email to