[Bug 258414] libblacklist: BLACKLIST_BAD_USER does nothing
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 258414] libblacklist: BLACKLIST_BAD_USER does nothing"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 258414] libblacklist: BLACKLIST_BAD_USER does nothing"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 258414] libblacklist: BLACKLIST_BAD_USER does nothing"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 10 Sep 2021 20:24:28 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258414
Bug ID: 258414
Summary: libblacklist: BLACKLIST_BAD_USER does nothing
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: misc
Assignee: bugs@FreeBSD.org
Reporter: emaste@freebsd.org
BLACKLIST_BAD_USER has no effect - in contrib/blacklist/lib/blacklist.c
translates it to BL_BADUSER
case BLACKLIST_BAD_USER:
internal_action = BL_BADUSER;
break;
then in contrib/blacklist/bin/blacklistd.c
case BL_BADUSER:
/* ignore for now */
break;
In fact this is (barely) documented:
BLACKLIST_BAD_USER The sending daemon has determined the
username presented for authentication is
invalid. The blacklistd(8) daemon
compares the username to a configured
list of forbidden usernames and blocks
the address immediately if a forbidden
username matches. (The
BLACKLIST_BAD_USER support is not
currently available.)
base system OpenSSH tries to make use of this in two places:
sshpam_query()
BLACKLIST_NOTIFY(BLACKLIST_BAD_USER,
sshpam_authctxt->user);
error("PAM: %s for %s%.100s from %.100s", msg,
sshpam_authctxt->valid ? "" : "illegal user ",
sshpam_authctxt->user, sshpam_rhost);
getpwnamallow()
if (pw == NULL) {
BLACKLIST_NOTIFY(BLACKLIST_BAD_USER, user);
logit("Invalid user %.100s from %.100s port %d",
user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
--
You are receiving this mail because:
You are the assignee for the bug.