diff options
| author | lidl <lidl@FreeBSD.org> | 2017-05-17 14:28:01 +0000 |
|---|---|---|
| committer | lidl <lidl@FreeBSD.org> | 2017-05-17 14:28:01 +0000 |
| commit | e90f0915e9869436646e478d5281ef3314f5a2b1 (patch) | |
| tree | 0e66a851b24e049d3ab8581ef556e6ccd263acd1 /crypto/openssh/auth.c | |
| parent | 2ff8b729046a2184760861e257c713eb6f329fa2 (diff) | |
| download | FreeBSD-src-e90f0915e9869436646e478d5281ef3314f5a2b1.zip FreeBSD-src-e90f0915e9869436646e478d5281ef3314f5a2b1.tar.gz | |
MFC r318242: Refine and update blacklist support in sshd
Adjust notification points slightly to catch all auth failures, rather
than just the ones caused by bad usernames. Modify notification point
for bad usernames to send new type of BLACKLIST_BAD_USER. (Support in
libblacklist will be forthcoming soon.) Add guards to allow library
headers to expose the enum of action values.
Reviewed by: des
Relnotes: yes
Sponsored by: The FreeBSD Foundation
Diffstat (limited to 'crypto/openssh/auth.c')
| -rw-r--r-- | crypto/openssh/auth.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/openssh/auth.c b/crypto/openssh/auth.c index c5dac04..4a7c8ed 100644 --- a/crypto/openssh/auth.c +++ b/crypto/openssh/auth.c @@ -296,7 +296,7 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, else { authmsg = authenticated ? "Accepted" : "Failed"; if (authenticated) - BLACKLIST_NOTIFY(BLACKLIST_AUTH_OK); + BLACKLIST_NOTIFY(BLACKLIST_AUTH_OK, "ssh"); } authlog("%s %s%s%s for %s%.100s from %.200s port %d %s%s%s", @@ -644,7 +644,7 @@ getpwnamallow(const char *user) } #endif if (pw == NULL) { - BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL); + BLACKLIST_NOTIFY(BLACKLIST_BAD_USER, user); logit("Invalid user %.100s from %.100s", user, get_remote_ipaddr()); #ifdef CUSTOM_FAILED_LOGIN |
