diff options
| author | lidl <lidl@FreeBSD.org> | 2016-09-06 14:52:14 +0000 |
|---|---|---|
| committer | lidl <lidl@FreeBSD.org> | 2016-09-06 14:52:14 +0000 |
| commit | 3b9c774076145fbda20cc62b99547f3deb4f52d3 (patch) | |
| tree | 3aab3829188eccde1796fccf737fbcc22a82ab6b /crypto/openssh/auth1.c | |
| parent | e16037a886066569c7c5ecb3c5ff0d9b7243b651 (diff) | |
| download | FreeBSD-src-3b9c774076145fbda20cc62b99547f3deb4f52d3.zip FreeBSD-src-3b9c774076145fbda20cc62b99547f3deb4f52d3.tar.gz | |
MFC r305065: Add refactored blacklist support to sshd
Change the calls to of blacklist_init() and blacklist_notify to be
macros defined in the blacklist_client.h file. This avoids
the need for #ifdef USE_BLACKLIST / #endif except in the
blacklist.c file.
Remove redundent initialization attempts from within
blacklist_notify - everything always goes through
blacklistd_init().
Added UseBlacklist option to sshd, which defaults to off.
To enable the functionality, use '-o UseBlacklist=yes' on
the command line, or uncomment in the sshd_config file.
Approved by: des
Sponsored by: The FreeBSD Foundation
Diffstat (limited to 'crypto/openssh/auth1.c')
| -rw-r--r-- | crypto/openssh/auth1.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/crypto/openssh/auth1.c b/crypto/openssh/auth1.c index 5073c49..71eb0c2 100644 --- a/crypto/openssh/auth1.c +++ b/crypto/openssh/auth1.c @@ -43,6 +43,7 @@ #endif #include "monitor_wrap.h" #include "buffer.h" +#include "blacklist_client.h" /* import */ extern ServerOptions options; @@ -337,6 +338,7 @@ do_authloop(Authctxt *authctxt) char *msg; size_t len; + BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL); error("Access denied for user %s by PAM account " "configuration", authctxt->user); len = buffer_len(&loginmsg); @@ -404,6 +406,7 @@ do_authentication(Authctxt *authctxt) else { debug("do_authentication: invalid user %s", user); authctxt->pw = fakepw(); + BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL); } /* Configuration may have changed as a result of Match */ |
