blocklist: Add back probes

The banner exchange was moved to the sshd-auth process in upstream
commit bb781f02d4efd178e329a62a838962bee16e3e9b.  Add it back.

Add back fatal exit probe.

NetBSD PR:	bin/60270 (GNATS)
Reviewed by:	emaste
Fixes:		2574974648 ("OpenSSH: Update to 10.3p1")
Differential Revision:	https://reviews.freebsd.org/D57027
This commit is contained in:
Jose Luis Duran
2026-05-16 22:00:02 +00:00
parent 72ab129799
commit 3d246db083
2 changed files with 8 additions and 2 deletions
+4 -1
View File
@@ -96,6 +96,7 @@
#include "srclimit.h"
#include "ssh-sandbox.h"
#include "dh.h"
#include "blocklist_client.h"
/* Privsep fds */
#define PRIVSEP_MONITOR_FD (STDERR_FILENO + 1)
@@ -812,8 +813,10 @@ do_ssh2_kex(struct ssh *ssh)
free(hkalgs);
if ((r = kex_exchange_identification(ssh, -1,
options.version_addendum)) != 0)
options.version_addendum)) != 0) {
BLOCKLIST_NOTIFY(ssh, BLOCKLIST_AUTH_FAIL, "Banner exchange");
sshpkt_fatal(ssh, r, "banner exchange");
}
mm_sshkey_setcompat(ssh); /* tell monitor */
if ((ssh->compat & SSH_BUG_NOREKEY))
+4 -1
View File
@@ -1369,8 +1369,11 @@ cleanup_exit(int i)
audit_event(the_active_state, SSH_CONNECTION_ABANDON);
#endif
/* Override default fatal exit value when auth was attempted */
if (i == 255 && monitor_auth_attempted())
if (i == 255 && monitor_auth_attempted()) {
BLOCKLIST_NOTIFY(the_active_state, BLOCKLIST_AUTH_FAIL,
"Fatal exit");
_exit(EXIT_AUTH_ATTEMPTED);
}
if (i == 255 && monitor_invalid_user())
_exit(EXIT_INVALID_USER);
_exit(i);