Add blacklist support to sshd

Reviewed by:	rpaulo
Approved by:	rpaulo (earlier version of changes)
Relnotes:	YES
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D5915

1 files changed, 10 insertions, 0 deletions

diff --git a/crypto/openssh/auth.c b/crypto/openssh/auth.c
index ba908801..c23b55d 100644
--- a/crypto/openssh/auth.c
+++ b/crypto/openssh/auth.c
@@ -75,6 +75,9 @@ __RCSID("$FreeBSD$");
 #include "authfile.h"
 #include "ssherr.h"
 #include "compat.h"
+#ifdef USE_BLACKLIST
+#include "blacklist_client.h"
+#endif
 
 /* import */
 extern ServerOptions options;
@@ -306,6 +309,10 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
 	    compat20 ? "ssh2" : "ssh1",
 	    authctxt->info != NULL ? ": " : "",
 	    authctxt->info != NULL ? authctxt->info : "");
+#ifdef USE_BLACKLIST
+	if (!authctxt->postponed)
+		blacklist_notify(!authenticated);
+#endif
 	free(authctxt->info);
 	authctxt->info = NULL;
 
@@ -640,6 +647,9 @@ getpwnamallow(const char *user)
 	}
 #endif
 	if (pw == NULL) {
+#ifdef USE_BLACKLIST
+		blacklist_notify(1);
+#endif
 		logit("Invalid user %.100s from %.100s",
 		    user, get_remote_ipaddr());
 #ifdef CUSTOM_FAILED_LOGIN