PR/58369 CVS commit: src/crypto/external/bsd/openssh/dist

["Rin Okuyama" <rin%netbsd.org@localhost>]

The following reply was made to PR bin/58369; it has been noted by GNATS.

From: "Rin Okuyama" <rin%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc: 
Subject: PR/58369 CVS commit: src/crypto/external/bsd/openssh/dist
Date: Wed, 9 Oct 2024 01:49:20 +0000

 Module Name:	src
 Committed By:	rin
 Date:		Wed Oct  9 01:49:20 UTC 2024
 
 Modified Files:
 	src/crypto/external/bsd/openssh/dist: auth.c auth2.c
 
 Log Message:
 sshd: Finally fix spurious blocklistd activation (PR bin/58369)
 
 Drop one more pfilter_notify() call from userauth_finish(),
 for single failure in authentication attempt.
 
 This happens for users with multiple public keys; e.g., both
 rsa and ed25519 keys are registered into ssh-agent(1), while
 only the latter is in remote authorized_keys.
 
 Instead, it is called from auth_maxtries_exceeded(), when
 authentication process is actually failed. This function is
 called also from input_userauth_request(). But I guess this
 cannot happen frequently; this path is taken with >= 1024
 failed attempts, although MaxAuthTries is 6 by default...
 
 
 To generate a diff of this commit:
 cvs rdiff -u -r1.36 -r1.37 src/crypto/external/bsd/openssh/dist/auth.c
 cvs rdiff -u -r1.31 -r1.32 src/crypto/external/bsd/openssh/dist/auth2.c
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.