Module Name: src
Committed By: christos
Date: Wed Mar 26 00:08:20 UTC 2025
Modified Files:
src/crypto/external/bsd/openssh/dist: auth-pam.c monitor.c
Log Message:
PR/59214: jlduran: When a failed PAM authentication attempt is
received, blocklistd should count it towards the total allowed
number of failures. Also there is a probe under monitor.c that
often gets logged along with other offenses, effectively counting
as two (+2) failures towards the maximum allowed.
To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/openssh/dist/auth-pam.c
cvs rdiff -u -r1.47 -r1.48 src/crypto/external/bsd/openssh/dist/monitor.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssh/dist/auth-pam.c
diff -u src/crypto/external/bsd/openssh/dist/auth-pam.c:1.23 src/crypto/external/bsd/openssh/dist/auth-pam.c:1.24
--- src/crypto/external/bsd/openssh/dist/auth-pam.c:1.23 Thu Jul 11 13:26:53 2024
+++ src/crypto/external/bsd/openssh/dist/auth-pam.c Tue Mar 25 20:08:19 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: auth-pam.c,v 1.23 2024/07/11 17:26:53 riastradh Exp $ */
+/* $NetBSD: auth-pam.c,v 1.24 2025/03/26 00:08:19 christos Exp $ */
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
@@ -53,7 +53,7 @@
/*
* NetBSD local changes
*/
-__RCSID("$NetBSD: auth-pam.c,v 1.23 2024/07/11 17:26:53 riastradh Exp $");
+__RCSID("$NetBSD: auth-pam.c,v 1.24 2025/03/26 00:08:19 christos Exp $");
#define _LIB_PTHREAD_H
#undef USE_POSIX_THREADS /* Not yet */
#define HAVE_SECURITY_PAM_APPL_H
@@ -958,6 +958,7 @@ sshpam_query(void *ctx, char **name, cha
sshbuf_free(buffer);
return (0);
}
+ pfilter_notify(1);
error("PAM: %s for %s%.100s from %.100s", msg,
sshpam_authctxt->valid ? "" : "illegal user ",
sshpam_authctxt->user, sshpam_rhost);
Index: src/crypto/external/bsd/openssh/dist/monitor.c
diff -u src/crypto/external/bsd/openssh/dist/monitor.c:1.47 src/crypto/external/bsd/openssh/dist/monitor.c:1.48
--- src/crypto/external/bsd/openssh/dist/monitor.c:1.47 Fri Mar 21 10:04:33 2025
+++ src/crypto/external/bsd/openssh/dist/monitor.c Tue Mar 25 20:08:20 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: monitor.c,v 1.47 2025/03/21 14:04:33 christos Exp $ */
+/* $NetBSD: monitor.c,v 1.48 2025/03/26 00:08:20 christos Exp $ */
/* $OpenBSD: monitor.c,v 1.244 2024/09/15 01:09:40 djm Exp $ */
/*
@@ -28,7 +28,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: monitor.c,v 1.47 2025/03/21 14:04:33 christos Exp $");
+__RCSID("$NetBSD: monitor.c,v 1.48 2025/03/26 00:08:20 christos Exp $");
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/socket.h>
@@ -1273,7 +1273,6 @@ mm_answer_keyallowed(struct ssh *ssh, in
} else {
/* Log failed attempt */
auth_log(ssh, 0, 0, auth_method, NULL);
- pfilter_notify(1);
free(cuser);
free(chost);
}
