Date: Fri, 10 Sep 2021 20:24:28 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 258414] libblacklist: BLACKLIST_BAD_USER does nothing Message-ID: <bug-258414-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D258414 Bug ID: 258414 Summary: libblacklist: BLACKLIST_BAD_USER does nothing Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: misc Assignee: bugs@FreeBSD.org Reporter: emaste@freebsd.org BLACKLIST_BAD_USER has no effect - in contrib/blacklist/lib/blacklist.c translates it to BL_BADUSER case BLACKLIST_BAD_USER: internal_action =3D BL_BADUSER; break; then in contrib/blacklist/bin/blacklistd.c case BL_BADUSER: /* ignore for now */ break; In fact this is (barely) documented: BLACKLIST_BAD_USER The sending daemon has determined the username presented for authentication = is invalid. The blacklistd(8) daemon compares the username to a configured list of forbidden usernames and blocks the address immediately if a forbidden username matches. (The BLACKLIST_BAD_USER support is not currently available.) base system OpenSSH tries to make use of this in two places: sshpam_query() BLACKLIST_NOTIFY(BLACKLIST_BAD_USER, sshpam_authctxt->user); error("PAM: %s for %s%.100s from %.100s", msg, sshpam_authctxt->valid ? "" : "illegal user ", sshpam_authctxt->user, sshpam_rhost); getpwnamallow() if (pw =3D=3D NULL) { BLACKLIST_NOTIFY(BLACKLIST_BAD_USER, user); logit("Invalid user %.100s from %.100s port %d", user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-258414-227>