[src/trunk]: src/crypto/external/bsd/openssh/dist Add some more pfilter_notif...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/401954bb51c9
branches:  trunk
changeset: 465931:401954bb51c9
user:      christos <christos%NetBSD.org@localhost>
date:      Sat Dec 07 16:32:22 2019 +0000

description:
Add some more pfilter_notify() calls where authentication attempts fail.

diffstat:

 crypto/external/bsd/openssh/dist/auth2.c   |  8 +++++---
 crypto/external/bsd/openssh/dist/monitor.c |  9 ++++++---
 2 files changed, 11 insertions(+), 6 deletions(-)

diffs (68 lines):

diff -r 719dc11d44ba -r 401954bb51c9 crypto/external/bsd/openssh/dist/auth2.c
--- a/crypto/external/bsd/openssh/dist/auth2.c  Sat Dec 07 16:25:36 2019 +0000
+++ b/crypto/external/bsd/openssh/dist/auth2.c  Sat Dec 07 16:32:22 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: auth2.c,v 1.20 2019/10/12 18:32:22 christos Exp $      */
+/*     $NetBSD: auth2.c,v 1.21 2019/12/07 16:32:22 christos Exp $      */
 /* $OpenBSD: auth2.c,v 1.157 2019/09/06 04:53:27 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth2.c,v 1.20 2019/10/12 18:32:22 christos Exp $");
+__RCSID("$NetBSD: auth2.c,v 1.21 2019/12/07 16:32:22 christos Exp $");
 
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -440,8 +440,10 @@
        } else {
                /* Allow initial try of "none" auth without failure penalty */
                if (!partial && !authctxt->server_caused_failure &&
-                   (authctxt->attempt > 1 || strcmp(method, "none") != 0))
+                   (authctxt->attempt > 1 || strcmp(method, "none") != 0)) {
                        authctxt->failures++;
+                       pfilter_notify(1);
+               }
                if (authctxt->failures >= options.max_authtries)
                        auth_maxtries_exceeded(ssh);
                methods = authmethods_get(authctxt);
diff -r 719dc11d44ba -r 401954bb51c9 crypto/external/bsd/openssh/dist/monitor.c
--- a/crypto/external/bsd/openssh/dist/monitor.c        Sat Dec 07 16:25:36 2019 +0000
+++ b/crypto/external/bsd/openssh/dist/monitor.c        Sat Dec 07 16:32:22 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: monitor.c,v 1.30 2019/10/12 18:32:22 christos Exp $    */
+/*     $NetBSD: monitor.c,v 1.31 2019/12/07 16:32:22 christos Exp $    */
 /* $OpenBSD: monitor.c,v 1.199 2019/10/07 23:10:38 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos%citi.umich.edu@localhost>
@@ -27,7 +27,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: monitor.c,v 1.30 2019/10/12 18:32:22 christos Exp $");
+__RCSID("$NetBSD: monitor.c,v 1.31 2019/12/07 16:32:22 christos Exp $");
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <sys/socket.h>
@@ -320,8 +320,10 @@
                if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
                        auth_log(ssh, authenticated, partial,
                            auth_method, auth_submethod);
-                       if (!partial && !authenticated)
+                       if (!partial && !authenticated) {
+                               pfilter_notify(1);
                                authctxt->failures++;
+                       }
                        if (authenticated || partial) {
                                auth2_update_session_info(authctxt,
                                    auth_method, auth_submethod);
@@ -1223,6 +1225,7 @@
        } else {
                /* Log failed attempt */
                auth_log(ssh, 0, 0, auth_method, NULL);
+               pfilter_notify(1);
                free(cuser);
                free(chost);
        }