sshd: remove blacklist call from grace_alarm_timer

Under certain circumstances it may call log(3), which is not async-
signal-safe.

For now just remove the blacklist integration from this path, which
means that blacklistd will not detect and firewall hosts that establish
a connection but do nothing further.

Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46203

(cherry picked from commit 2739a68450)
(cherry picked from commit 3d3bae9b95)
(cherry picked from commit 73466449a9)

Approved by:	so
This commit is contained in:
Ed Maste 2024-07-31 20:04:46 -04:00
parent 38e43c9057
commit d5f16ef646
6 changed files with 5 additions and 7 deletions

View File

@ -44,4 +44,4 @@
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
# UserKnownHostsFile ~/.ssh/known_hosts.d/%k
# VersionAddendum FreeBSD-20240318
# VersionAddendum FreeBSD-20240806

View File

@ -2137,7 +2137,7 @@ in
Specifies a string to append to the regular version string to identify
OS- or site-specific modifications.
The default is
.Dq FreeBSD-20240318 .
.Dq FreeBSD-20240806 .
The value
.Cm none
may be used to disable this.

View File

@ -377,8 +377,6 @@ grace_alarm_handler(int sig)
kill(0, SIGTERM);
}
BLACKLIST_NOTIFY(the_active_state, BLACKLIST_AUTH_FAIL, "ssh");
/* Log error and exit. */
sigdie("Timeout before authentication for %s port %d",
ssh_remote_ipaddr(the_active_state),

View File

@ -105,7 +105,7 @@ AuthorizedKeysFile .ssh/authorized_keys
#PermitTunnel no
#ChrootDirectory none
#UseBlacklist no
#VersionAddendum FreeBSD-20240318
#VersionAddendum FreeBSD-20240806
# no default banner path
#Banner none

View File

@ -1947,7 +1947,7 @@ The default is
Optionally specifies additional text to append to the SSH protocol banner
sent by the server upon connection.
The default is
.Qq FreeBSD-20240318 .
.Qq FreeBSD-20240806 .
The value
.Cm none
may be used to disable this.

View File

@ -5,4 +5,4 @@
#define SSH_PORTABLE "p1"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
#define SSH_VERSION_FREEBSD "FreeBSD-20240701"
#define SSH_VERSION_FREEBSD "FreeBSD-20240806"