Attachment 932 Details for Bug 1058 – Patch for protected password database update on bad login

[patch] Patch for protected password database update on bad login

maxbadlogin.patch (text/plain), 3.86 KB, created by senthilkumar on 2005-06-29 16:10:37 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: senthilkumar

Created: 2005-06-29 16:10:37 AEST

Size: 3.86 KB

patch

obsolete

>diff -Nur openssh-4.1p1/auth.c openssh-4.1p1-maxbadlogin/auth.c
>--- openssh-4.1p1/auth.c        2005-03-14 17:47:27.000000000 +0530
>+++ openssh-4.1p1-maxbadlogin/auth.c    2005-06-29 11:17:20.000000000 +0530
>@@ -219,6 +219,20 @@
> }
>
> void
>+update_trusted_badlogins(char *username)
>+{
>+if(iscomsec()){
>+                struct pr_passwd *pr;
>+                pr=getprpwnam((char *)username);
>+                if(!pr->uflg.fg_nlogins)
>+                        pr->uflg.fg_nlogins=1;
>+                pr->ufld.fd_nlogins++;
>+                putprpwnam(username,pr);
>+        }
>+}
>+
>+
>+void
> auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
> {
>        void (*authlog) (const char *fmt,...) = verbose;
>@@ -245,6 +259,11 @@
>            get_remote_port(),
>            info);
>
>+if(!authctxt->postponed && !authenticated && options.use_pam && strcmp(method,"
>none") && strcmp(method, "password") && strcmp(method, "challenge-res
>+ponse") && strcmp(method, "keyboard-interactive/pam"))
>+       PRIVSEP(update_trusted_badlogins(authctxt->user));
>+
>+
> #ifdef CUSTOM_FAILED_LOGIN
>        if (authenticated == 0 && !authctxt->postponed &&
>            (strcmp(method, "password") == 0 ||
>diff -Nur openssh-4.1p1/monitor.c openssh-4.1p1-maxbadlogin/monitor.c
>--- openssh-4.1p1/monitor.c     2005-04-03 08:14:23.000000000 +0530
>+++ openssh-4.1p1-maxbadlogin/monitor.c 2005-06-29 11:23:24.000000000 +0530
>@@ -126,6 +126,7 @@
> int mm_answer_rsa_response(int, Buffer *);
> int mm_answer_sesskey(int, Buffer *);
> int mm_answer_sessid(int, Buffer *);
>+int mm_answer_update_trusted_badlogins(int, Buffer *);
>
> #ifdef USE_PAM
> int mm_answer_pam_start(int, Buffer *);
>@@ -210,6 +211,7 @@
>     {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
>     {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
> #endif
>+    {MONITOR_REQ_TRUSTED_BADLOGIN, MON_ISAUTH, mm_answer_update_trusted_badlogi
>ns},
>     {0, 0, NULL}
> };
>
>@@ -254,6 +256,7 @@
> #ifdef SSH_AUDIT_EVENTS
>     {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
> #endif
>+    {MONITOR_REQ_TRUSTED_BADLOGIN, MON_ISAUTH, mm_answer_update_trusted_badlogi
>ns},
>     {0, 0, NULL}
> };
>
>@@ -1916,3 +1919,14 @@
>        return (authenticated);
> }
> #endif /* GSSAPI */
>+
>+int
>+mm_answer_update_trusted_badlogins(int socket, Buffer *m)
>+{
>+
>+       update_trusted_badlogins(authctxt->user);
>+
>+
>+        return (0);
>+}
>+
>diff -Nur openssh-4.1p1/monitor.h openssh-4.1p1-maxbadlogin/monitor.h
>--- openssh-4.1p1/monitor.h     2005-02-02 18:50:53.000000000 +0530
>+++ openssh-4.1p1-maxbadlogin/monitor.h 2005-06-29 11:31:04.000000000 +0530
>@@ -60,6 +60,7 @@
>        MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,
>        MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
>        MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,
>+       MONITOR_REQ_TRUSTED_BADLOGIN,
>        MONITOR_REQ_TERM
> };
>
>diff -Nur openssh-4.1p1/monitor_wrap.c openssh-4.1p1-maxbadlogin/monitor_wrap.c
>--- openssh-4.1p1/monitor_wrap.c        2005-02-08 16:22:48.000000000 +0530
>+++ openssh-4.1p1-maxbadlogin/monitor_wrap.c    2005-06-29 11:30:17.000000000 +0
>530
>@@ -1218,3 +1218,16 @@
>        return (authenticated);
> }
> #endif /* GSSAPI */
>+
>+void
>+mm_update_trusted_badlogins(char *username) {
>+
>+        Buffer m;
>+
>+        buffer_init(&m);
>+
>+        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TRUSTED_BADLOGIN, &m);
>+
>+        buffer_free(&m);
>+}
>+
>diff -Nur openssh-4.1p1/monitor_wrap.h openssh-4.1p1-maxbadlogin/monitor_wrap.h
>--- openssh-4.1p1/monitor_wrap.h        2005-02-08 16:22:48.000000000 +0530
>+++ openssh-4.1p1-maxbadlogin/monitor_wrap.h    2005-06-29 11:20:54.000000000 +0
>530
>@@ -111,4 +111,6 @@
> void mm_zfree(struct mm_master *, void *);
> void mm_init_compression(struct mm_master *);
>
>+void mm_update_trusted_badlogins(char *);
>+
> #endif /* _MM_H_ */

Actions: View | Diff

Attachments on bug 1058: 932 | 936