head	1.2;
access;
symbols
	netbsd-11-0-RC4:1.2
	netbsd-11-0-RC3:1.2
	netbsd-11-0-RC2:1.2
	netbsd-11-0-RC1:1.2
	perseant-exfatfs-base-20250801:1.2
	netbsd-11:1.2.0.10
	netbsd-11-base:1.2
	netbsd-10-1-RELEASE:1.2
	perseant-exfatfs-base-20240630:1.2
	perseant-exfatfs:1.2.0.8
	perseant-exfatfs-base:1.2
	netbsd-10-0-RELEASE:1.2
	netbsd-10-0-RC6:1.2
	netbsd-10-0-RC5:1.2
	netbsd-10-0-RC4:1.2
	netbsd-10-0-RC3:1.2
	netbsd-10-0-RC2:1.2
	netbsd-10-0-RC1:1.2
	netbsd-10:1.2.0.6
	netbsd-10-base:1.2
	cjep_sun2x-base1:1.2
	cjep_sun2x:1.2.0.4
	cjep_sun2x-base:1.2
	cjep_staticlib_x-base1:1.2
	cjep_staticlib_x:1.2.0.2
	cjep_staticlib_x-base:1.2
	blocklist-20200614:1.1.1.1
	CHRISTOS:1.1.1;
locks; strict;
comment	@# @;


1.2
date	2020.06.15.02.29.45;	author christos;	state Exp;
branches;
next	1.1;
commitid	Hmw5T0TEena9ugcC;

1.1
date	2020.06.15.01.52.53;	author christos;	state Exp;
branches
	1.1.1.1;
next	;
commitid	178yOO8MwJTTggcC;

1.1.1.1
date	2020.06.15.01.52.53;	author christos;	state Exp;
branches;
next	;
commitid	178yOO8MwJTTggcC;


desc
@@


1.2
log
@missed the capitalized ones.
@
text
@--- /dev/null	2015-01-22 23:10:33.000000000 -0500
+++ dist/pfilter.c	2015-01-22 23:46:03.000000000 -0500
@@@@ -0,0 +1,32 @@@@
+#include "namespace.h"
+#include "includes.h"
+#include "ssh.h"
+#include "packet.h"
+#include "log.h"
+#include "pfilter.h"
+#include <blocklist.h>
+
+static struct blocklist *blstate;
+
+void
+pfilter_init(void)
+{
+	blstate = blocklist_open();
+}
+
+void
+pfilter_notify(int a)
+{
+	int fd;
+	if (blstate == NULL)
+		pfilter_init();
+	if (blstate == NULL)
+		return;
+	// XXX: 3?
+ 	fd = packet_connection_is_on_socket() ? packet_get_connection_in() : 3;
+	(void)blocklist_r(blstate, a, fd, "ssh");
+	if (a == 0) {
+		blocklist_close(blstate);
+		blstate = NULL;
+	}
+}
--- /dev/null	2015-01-20 21:14:44.000000000 -0500
+++ dist/pfilter.h	2015-01-20 20:16:20.000000000 -0500
@@@@ -0,0 +1,3 @@@@
+
+void pfilter_notify(int);
+void pfilter_init(void);
Index: bin/sshd/Makefile
===================================================================
RCS file: /cvsroot/src/crypto/external/bsd/openssh/bin/sshd/Makefile,v
retrieving revision 1.10
diff -u -u -r1.10 Makefile
--- bin/sshd/Makefile	19 Oct 2014 16:30:58 -0000	1.10
+++ bin/sshd/Makefile	22 Jan 2015 21:39:21 -0000
@@@@ -15,7 +15,7 @@@@
 	auth2-none.c auth2-passwd.c auth2-pubkey.c \
 	monitor_mm.c monitor.c monitor_wrap.c \
 	kexdhs.c kexgexs.c kexecdhs.c sftp-server.c sftp-common.c \
-	roaming_common.c roaming_serv.c sandbox-rlimit.c
+	roaming_common.c roaming_serv.c sandbox-rlimit.c pfilter.c
 
 COPTS.auth-options.c=	-Wno-pointer-sign
 COPTS.ldapauth.c=	-Wno-format-nonliteral	# XXX: should fix
@@@@ -68,3 +68,6 @@@@
 
 LDADD+=	-lwrap
 DPADD+=	${LIBWRAP}
+
+LDADD+=	-lblocklist
+DPADD+=	${LIBBLOCKLIST}
diff -ru openssh-7.7p1/auth-pam.c dist/auth-pam.c
--- openssh-7.7p1/auth-pam.c	2018-04-02 01:38:28.000000000 -0400
+++ dist/auth-pam.c	2018-05-23 11:56:22.206661484 -0400
@@@@ -103,6 +103,7 @@@@
 #include "ssh-gss.h"
 #endif
 #include "monitor_wrap.h"
+#include "pfilter.h"
 
 extern ServerOptions options;
 extern Buffer loginmsg;
@@@@ -526,6 +527,7 @@@@
 		ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, &buffer);
 	else
 		ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer);
+	pfilter_notify(1);
 	buffer_free(&buffer);
 	pthread_exit(NULL);
 
@@@@ -804,6 +806,7 @@@@
 				free(msg);
 				return (0);
 			}
+			pfilter_notify(1);
 			error("PAM: %s for %s%.100s from %.100s", msg,
 			    sshpam_authctxt->valid ? "" : "illegal user ",
 			    sshpam_authctxt->user,
diff -ru openssh-7.7p1/auth2.c dist/auth2.c
--- openssh-7.7p1/auth2.c	2018-04-02 01:38:28.000000000 -0400
+++ dist/auth2.c	2018-05-23 11:57:31.022197317 -0400
@@@@ -51,6 +51,7 @@@@
 #include "dispatch.h"
 #include "pathnames.h"
 #include "buffer.h"
+#include "pfilter.h"
 
 #ifdef GSSAPI
 #include "ssh-gss.h"
@@@@ -242,6 +243,7 @@@@
 		} else {
 			/* Invalid user, fake password information */
 			authctxt->pw = fakepw();
+			pfilter_notify(1);
 #ifdef SSH_AUDIT_EVENTS
 			PRIVSEP(audit_event(SSH_INVALID_USER));
 #endif
Only in dist: pfilter.c
Only in dist: pfilter.h
diff -ru openssh-7.7p1/sshd.c dist/sshd.c
--- openssh-7.7p1/sshd.c	2018-04-02 01:38:28.000000000 -0400
+++ dist/sshd.c	2018-05-23 11:59:39.573197347 -0400
@@@@ -122,6 +122,7 @@@@
 #include "auth-options.h"
 #include "version.h"
 #include "ssherr.h"
+#include "pfilter.h"
 
 /* Re-exec fds */
 #define REEXEC_DEVCRYPTO_RESERVED_FD	(STDERR_FILENO + 1)
@@@@ -346,6 +347,7 @@@@
 static void
 grace_alarm_handler(int sig)
 {
+	pfilter_notify(1);
 	if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0)
 		kill(pmonitor->m_pid, SIGALRM);
 
@@@@ -1835,6 +1837,8 @@@@
 	if (test_flag)
 		exit(0);
 
+	pfilter_init();
+
 	/*
 	 * Clear out any supplemental groups we may have inherited.  This
 	 * prevents inadvertent creation of files with bad modes (in the
@@@@ -2280,6 +2284,9 @@@@
 {
 	struct ssh *ssh = active_state; /* XXX */
 
+	if (i == 255)
+		pfilter_notify(1);
+
 	if (the_authctxt) {
 		do_cleanup(ssh, the_authctxt);
 		if (use_privsep && privsep_is_preauth &&
@


1.1
log
@Initial revision
@
text
@d64 1
a64 1
+DPADD+=	${LIBBLACKLIST}
@


1.1.1.1
log
@Import blocklist from https://github.com/zoulasc/blocklist.
This is the same code as blacklist from the HEAD of the NetBSD tree.
@
text
@@