Attachment #936 for bug #1058




}
void
update_trusted_badlogins(char *username)
{
if(iscomsec()){
                struct pr_passwd *pr,*putpr;
                pr=getprpwnam((char *)username);
                putpr=pr;
                if(putpr != NULL) {
                       if(!putpr->uflg.fg_nlogins)
                               putpr->uflg.fg_nlogins=1;
                putpr->ufld.fd_nlogins++;
                putprpwnam(username,putpr);
               }
        }
}


void
auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
{
       void (*authlog) (const char *fmt,...) = verbose;

           get_remote_port(),
           info);

#ifdef CUSTOM_FAILED_LOGIN
       if (authenticated == 0 && !authctxt->postponed &&
           (strcmp(method, "password") == 0 ||

           strcmp(method, "challenge-response") == 0))
               record_failed_login(authctxt->user,
                   get_canonical_hostname(options.use_dns), "ssh");
       else
          if (authenticated == 0 && !authctxt->postponed && options.use_pam && strcmp(method, "none"))
               PRIVSEP(update_trusted_badlogins(authctxt->user));
#endif
#ifdef SSH_AUDIT_EVENTS
       if (authenticated == 0 && !authctxt->postponed) {

Lines 126-131 Link Here

(-)openssh-4.1p1/monitor.c (+14 lines)
126	int mm_answer_rsa_response(int, Buffer *);	126	int mm_answer_rsa_response(int, Buffer *);
127	int mm_answer_sesskey(int, Buffer *);	127	int mm_answer_sesskey(int, Buffer *);
128	int mm_answer_sessid(int, Buffer *);	128	int mm_answer_sessid(int, Buffer *);
		129	int mm_answer_update_trusted_badlogins(int, Buffer *);
129	#ifdef USE_PAM	130	#ifdef USE_PAM
130	int mm_answer_pam_start(int, Buffer *);	131	int mm_answer_pam_start(int, Buffer *);
Lines 210-215 Link Here
210	{MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},	211	{MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
211	{MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},	212	{MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
212	#endif	213	#endif
		214	{MONITOR_REQ_TRUSTED_BADLOGIN, MON_ISAUTH, mm_answer_update_trusted_badlogins},
213	{0, 0, NULL}	215	{0, 0, NULL}
214	};	216	};
Lines 254-259 Link Here
254	#ifdef SSH_AUDIT_EVENTS	256	#ifdef SSH_AUDIT_EVENTS
255	{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},	257	{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
256	#endif	258	#endif
		259	{MONITOR_REQ_TRUSTED_BADLOGIN, MON_ISAUTH, mm_answer_update_trusted_badlogins},
257	{0, 0, NULL}	260	{0, 0, NULL}
258	};	261	};
Lines 1916-1918 Link Here
1916	return (authenticated);	1919	return (authenticated);
1917	}	1920	}
1918	#endif /* GSSAPI */	1921	#endif /* GSSAPI */
		1922
		1923	int
		1924	mm_answer_update_trusted_badlogins(int socket, Buffer *m)
		1925	{
		1926
		1927	update_trusted_badlogins(authctxt->user);
		1928
		1929
		1930	return (0);
		1931	}
		1932

Lines 60-65 Link Here

(-)openssh-4.1p1/monitor.h (+1 lines)
60	MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,	60	MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,
61	MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,	61	MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
62	MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,	62	MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,
		63	MONITOR_REQ_TRUSTED_BADLOGIN,
63	MONITOR_REQ_TERM	64	MONITOR_REQ_TERM
64	};	65	};




       return (authenticated);
}
#endif /* GSSAPI */

void
mm_update_trusted_badlogins(char *username) {

        Buffer m;

        buffer_init(&m);

        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TRUSTED_BADLOGIN, &m);

        buffer_free(&m);
}


Lines 111-114 Link Here

(-)openssh-4.1p1/monitor_wrap.h (+2 lines)
111	void mm_zfree(struct mm_master , void );	111	void mm_zfree(struct mm_master , void );
112	void mm_init_compression(struct mm_master *);	112	void mm_init_compression(struct mm_master *);
		113	void mm_update_trusted_badlogins(char *);
		114
113	#endif /* _MM_H_ */	115	#endif /* _MM_H_ */

Return to bug 1058

Lines 219-224 Link Here

(-)openssh-4.1p1/auth.c (+21 lines)
219	}	219	}
220	void	220	void
		221	update_trusted_badlogins(char *username)
		222	{
		223	if(iscomsec()){
		224	struct pr_passwd pr,putpr;
		225	pr=getprpwnam((char *)username);
		226	putpr=pr;
		227	if(putpr != NULL) {
		228	if(!putpr->uflg.fg_nlogins)
		229	putpr->uflg.fg_nlogins=1;
		230	putpr->ufld.fd_nlogins++;
		231	putprpwnam(username,putpr);
		232	}
		233	}
		234	}
		235
		236
		237	void
221	auth_log(Authctxt authctxt, int authenticated, char method, char *info)	238	auth_log(Authctxt authctxt, int authenticated, char method, char *info)
222	{	239	{
223	void (authlog) (const char fmt,...) = verbose;	240	void (authlog) (const char fmt,...) = verbose;
Lines 245-250 Link Here
245	get_remote_port(),	262	get_remote_port(),
246	info);	263	info);
		264
247	#ifdef CUSTOM_FAILED_LOGIN	265	#ifdef CUSTOM_FAILED_LOGIN
248	if (authenticated == 0 && !authctxt->postponed &&	266	if (authenticated == 0 && !authctxt->postponed &&
249	(strcmp(method, "password") == 0 \|\|	267	(strcmp(method, "password") == 0 \|\|
Lines 252-257 Link Here
252	strcmp(method, "challenge-response") == 0))	270	strcmp(method, "challenge-response") == 0))
253	record_failed_login(authctxt->user,	271	record_failed_login(authctxt->user,
254	get_canonical_hostname(options.use_dns), "ssh");	272	get_canonical_hostname(options.use_dns), "ssh");
		273	else
		274	if (authenticated == 0 && !authctxt->postponed && options.use_pam && strcmp(method, "none"))
		275	PRIVSEP(update_trusted_badlogins(authctxt->user));
255	#endif	276	#endif
256	#ifdef SSH_AUDIT_EVENTS	277	#ifdef SSH_AUDIT_EVENTS
257	if (authenticated == 0 && !authctxt->postponed) {	278	if (authenticated == 0 && !authctxt->postponed) {

Lines 1218-1220 Link Here

(-)openssh-4.1p1/monitor_wrap.c (+13 lines)
1218	return (authenticated);	1218	return (authenticated);
1219	}	1219	}
1220	#endif /* GSSAPI */	1220	#endif /* GSSAPI */
		1221
		1222	void
		1223	mm_update_trusted_badlogins(char *username) {
		1224
		1225	Buffer m;
		1226
		1227	buffer_init(&m);
		1228
		1229	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TRUSTED_BADLOGIN, &m);
		1230
		1231	buffer_free(&m);
		1232	}
		1233