| @@ -1,17 +1,18 @@ | | | @@ -1,17 +1,18 @@ |
1 | --- /dev/null 2015-01-22 23:10:33.000000000 -0500 | | 1 | --- /dev/null 2015-01-22 23:10:33.000000000 -0500 |
2 | +++ dist/pfilter.c 2015-01-22 23:46:03.000000000 -0500 | | 2 | +++ dist/pfilter.c 2015-01-22 23:46:03.000000000 -0500 |
3 | @@ -0,0 +1,27 @@ | | 3 | @@ -0,0 +1,28 @@ |
4 | +#include "namespace.h" | | 4 | +#include "namespace.h" |
| | | 5 | +#include "includes.h" |
5 | +#include "ssh.h" | | 6 | +#include "ssh.h" |
6 | +#include "packet.h" | | 7 | +#include "packet.h" |
7 | +#include "log.h" | | 8 | +#include "log.h" |
8 | +#include "pfilter.h" | | 9 | +#include "pfilter.h" |
9 | +#include <blacklist.h> | | 10 | +#include <blacklist.h> |
10 | + | | 11 | + |
11 | +static struct blacklist *blstate; | | 12 | +static struct blacklist *blstate; |
12 | + | | 13 | + |
13 | +void | | 14 | +void |
14 | +pfilter_init(void) | | 15 | +pfilter_init(void) |
15 | +{ | | 16 | +{ |
16 | + blstate = blacklist_open(); | | 17 | + blstate = blacklist_open(); |
17 | +} | | 18 | +} |
| @@ -165,13 +166,66 @@ retrieving revision 1.16 | | | @@ -165,13 +166,66 @@ retrieving revision 1.16 |
165 | diff -u -r1.16 sshd.c | | 166 | diff -u -r1.16 sshd.c |
166 | --- sshd.c 25 Jan 2015 15:52:44 -0000 1.16 | | 167 | --- sshd.c 25 Jan 2015 15:52:44 -0000 1.16 |
167 | +++ sshd.c 14 Feb 2015 09:55:06 -0000 | | 168 | +++ sshd.c 14 Feb 2015 09:55:06 -0000 |
168 | @@ -628,6 +628,8 @@ | | 169 | @@ -628,6 +628,8 @@ |
169 | explicit_bzero(pw->pw_passwd, strlen(pw->pw_passwd)); | | 170 | explicit_bzero(pw->pw_passwd, strlen(pw->pw_passwd)); |
170 | endpwent(); | | 171 | endpwent(); |
171 | | | 172 | |
172 | + pfilter_init(); | | 173 | + pfilter_init(); |
173 | + | | 174 | + |
174 | /* Change our root directory */ | | 175 | /* Change our root directory */ |
175 | if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) | | 176 | if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) |
176 | fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, | | 177 | fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, |
177 | | | 178 | |
| | | 179 | Index: auth-pam.c |
| | | 180 | =================================================================== |
| | | 181 | RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth-pam.c,v |
| | | 182 | retrieving revision 1.7 |
| | | 183 | diff -u -u -r1.7 auth-pam.c |
| | | 184 | --- auth-pam.c 3 Jul 2015 00:59:59 -0000 1.7 |
| | | 185 | +++ auth-pam.c 23 Jan 2016 00:01:16 -0000 |
| | | 186 | @@ -114,6 +114,7 @@ |
| | | 187 | #include "ssh-gss.h" |
| | | 188 | #endif |
| | | 189 | #include "monitor_wrap.h" |
| | | 190 | +#include "pfilter.h" |
| | | 191 | |
| | | 192 | extern ServerOptions options; |
| | | 193 | extern Buffer loginmsg; |
| | | 194 | @@ -809,6 +810,7 @@ |
| | | 195 | free(msg); |
| | | 196 | return (0); |
| | | 197 | } |
| | | 198 | + pfilter_notify(1); |
| | | 199 | error("PAM: %s for %s%.100s from %.100s", msg, |
| | | 200 | sshpam_authctxt->valid ? "" : "illegal user ", |
| | | 201 | sshpam_authctxt->user, |
| | | 202 | Index: auth.c |
| | | 203 | =================================================================== |
| | | 204 | RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth.c,v |
| | | 205 | retrieving revision 1.15 |
| | | 206 | diff -u -u -r1.15 auth.c |
| | | 207 | --- auth.c 21 Aug 2015 08:20:59 -0000 1.15 |
| | | 208 | +++ auth.c 23 Jan 2016 00:01:16 -0000 |
| | | 209 | @@ -656,6 +656,7 @@ |
| | | 210 | |
| | | 211 | pw = getpwnam(user); |
| | | 212 | if (pw == NULL) { |
| | | 213 | + pfilter_notify(1); |
| | | 214 | logit("Invalid user %.100s from %.100s", |
| | | 215 | user, get_remote_ipaddr()); |
| | | 216 | return (NULL); |
| | | 217 | Index: auth1.c |
| | | 218 | =================================================================== |
| | | 219 | RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth1.c,v |
| | | 220 | retrieving revision 1.12 |
| | | 221 | diff -u -u -r1.12 auth1.c |
| | | 222 | --- auth1.c 3 Jul 2015 00:59:59 -0000 1.12 |
| | | 223 | +++ auth1.c 23 Jan 2016 00:01:16 -0000 |
| | | 224 | @@ -376,6 +376,7 @@ |
| | | 225 | char *msg; |
| | | 226 | size_t len; |
| | | 227 | |
| | | 228 | + pfilter_notify(1); |
| | | 229 | error("Access denied for user %s by PAM account " |
| | | 230 | "configuration", authctxt->user); |
| | | 231 | len = buffer_len(&loginmsg); |