add more blacklist rejection points.

This commit is contained in:
christos 2016-01-23 00:03:30 +00:00
parent e7633a3426
commit 1d2e8f9944
4 changed files with 10 additions and 5 deletions

View File

@ -50,7 +50,7 @@
/* /*
* NetBSD local changes * NetBSD local changes
*/ */
__RCSID("$NetBSD: auth-pam.c,v 1.7 2015/07/03 00:59:59 christos Exp $"); __RCSID("$NetBSD: auth-pam.c,v 1.8 2016/01/23 00:03:30 christos Exp $");
#undef USE_POSIX_THREADS /* Not yet */ #undef USE_POSIX_THREADS /* Not yet */
#define HAVE_SECURITY_PAM_APPL_H #define HAVE_SECURITY_PAM_APPL_H
#define HAVE_PAM_GETENVLIST #define HAVE_PAM_GETENVLIST
@ -114,6 +114,7 @@ void sshpam_password_change_required(int);
#include "ssh-gss.h" #include "ssh-gss.h"
#endif #endif
#include "monitor_wrap.h" #include "monitor_wrap.h"
#include "pfilter.h"
extern ServerOptions options; extern ServerOptions options;
extern Buffer loginmsg; extern Buffer loginmsg;
@ -809,6 +810,7 @@ sshpam_query(void *ctx, char **name, char **info,
free(msg); free(msg);
return (0); return (0);
} }
pfilter_notify(1);
error("PAM: %s for %s%.100s from %.100s", msg, error("PAM: %s for %s%.100s from %.100s", msg,
sshpam_authctxt->valid ? "" : "illegal user ", sshpam_authctxt->valid ? "" : "illegal user ",
sshpam_authctxt->user, sshpam_authctxt->user,

View File

@ -1,4 +1,4 @@
/* $NetBSD: auth.c,v 1.15 2015/08/21 08:20:59 christos Exp $ */ /* $NetBSD: auth.c,v 1.16 2016/01/23 00:03:30 christos Exp $ */
/* $OpenBSD: auth.c,v 1.113 2015/08/21 03:42:19 djm Exp $ */ /* $OpenBSD: auth.c,v 1.113 2015/08/21 03:42:19 djm Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
@ -25,7 +25,7 @@
*/ */
#include "includes.h" #include "includes.h"
__RCSID("$NetBSD: auth.c,v 1.15 2015/08/21 08:20:59 christos Exp $"); __RCSID("$NetBSD: auth.c,v 1.16 2016/01/23 00:03:30 christos Exp $");
#include <sys/types.h> #include <sys/types.h>
#include <sys/stat.h> #include <sys/stat.h>
@ -656,6 +656,7 @@ getpwnamallow(const char *user)
pw = getpwnam(user); pw = getpwnam(user);
if (pw == NULL) { if (pw == NULL) {
pfilter_notify(1);
logit("Invalid user %.100s from %.100s", logit("Invalid user %.100s from %.100s",
user, get_remote_ipaddr()); user, get_remote_ipaddr());
return (NULL); return (NULL);

View File

@ -1,4 +1,4 @@
/* $NetBSD: auth1.c,v 1.12 2015/07/03 00:59:59 christos Exp $ */ /* $NetBSD: auth1.c,v 1.13 2016/01/23 00:03:30 christos Exp $ */
/* $OpenBSD: auth1.c,v 1.82 2014/07/15 15:54:14 millert Exp $ */ /* $OpenBSD: auth1.c,v 1.82 2014/07/15 15:54:14 millert Exp $ */
/* /*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -12,7 +12,7 @@
*/ */
#include "includes.h" #include "includes.h"
__RCSID("$NetBSD: auth1.c,v 1.12 2015/07/03 00:59:59 christos Exp $"); __RCSID("$NetBSD: auth1.c,v 1.13 2016/01/23 00:03:30 christos Exp $");
#include <sys/types.h> #include <sys/types.h>
#include <sys/queue.h> #include <sys/queue.h>
@ -376,6 +376,7 @@ do_authloop(Authctxt *authctxt)
char *msg; char *msg;
size_t len; size_t len;
pfilter_notify(1);
error("Access denied for user %s by PAM account " error("Access denied for user %s by PAM account "
"configuration", authctxt->user); "configuration", authctxt->user);
len = buffer_len(&loginmsg); len = buffer_len(&loginmsg);

View File

@ -1,4 +1,5 @@
#include "namespace.h" #include "namespace.h"
#include "includes.h"
#include "ssh.h" #include "ssh.h"
#include "packet.h" #include "packet.h"
#include "log.h" #include "log.h"