Page MenuHomeFreeBSD
Differential D52748

openssh: blocklist: Cleanup blocklist client
Needs ReviewPublic
Actions

Authored by jlduran on Fri, Sep 26, 10:03 AM.
Tags
None
Referenced Files
F133419224: D52748.id164185.diff
Sat, Oct 25, 4:15 PM
F133407020: D52748.id162865.diff
Sat, Oct 25, 2:06 PM
Unknown Object (File)
Fri, Oct 24, 5:33 AM
Unknown Object (File)
Fri, Oct 17, 5:07 AM
Unknown Object (File)
Thu, Oct 16, 10:52 AM
Unknown Object (File)
Thu, Oct 16, 4:35 AM
Unknown Object (File)
Wed, Oct 15, 2:50 PM
Unknown Object (File)
Fri, Oct 10, 3:39 AM
View All 22 Files
Subscribers
imp

Details

Reviewers
emaste
Summary

Cleanup and adapt our blocklist client with the fallbacks currently on
NetBSD's pfilter.c implementation:

  • If blstate is NULL, it tries to initialize it with blocklist_init(), which in turn uses bl_create() instead of blocklist_open(), given we want to use our custom logging function. If it is still NULL, it means it failed to create the necessary state to communicate with blocklistd(8), and returns.

    It is worth noting that we have blocklist_open2() on CURRENT, which could allow us to use a custom logging function without using the internal bl_create() function, but we want to MFC these changes to branches which do not have blocklist_open2().
  • Track the global connection state and authentication context (the_active_state), to have an ssh struct in case the one passed to blocklist_notify is NULL. Note that NetBSD relies only on the_active_state.

    To determine the file descriptor passed to blocklist_r(), if the ssh struct is not NULL, it passes it to ssh_packet_connection_is_on_socket(), which determines if the remote host is connected via a socket, if it is, it passes the ssh struct to ssh_packet_get_connection_in() to get the socket used for reading, if it isn't, it sets the file descriptor to 3.
  • Finally, if the action received is BLOCKLIST_AUTH_OK (0), call blocklist_close() to free resources, and reset blstate.

Clean up code spaces and fix a typo: impedance.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 67795
Build 64678: arc lint + arc unit

Event Timeline

jlduran created this revision.Fri, Sep 26, 10:03 AM
Herald added a subscriber: imp. · View Herald TranscriptFri, Sep 26, 10:03 AM
jlduran requested review of this revision.Fri, Sep 26, 10:03 AM
Harbormaster completed remote builds in B67345: Diff 162865.Fri, Sep 26, 10:03 AM
jlduran added a child revision: D52749: openssh: blocklist: Use NetBSD probes.Fri, Sep 26, 10:03 AM
jlduran planned changes to this revision.Fri, Sep 26, 10:06 AM
jlduran updated this revision to Diff 162867.Fri, Sep 26, 10:12 AM

Implement proper patch.

Harbormaster completed remote builds in B67347: Diff 162867.Fri, Sep 26, 10:12 AM
jlduran updated this revision to Diff 164185.Tue, Oct 14, 9:08 PM
  • Rebase with new nomenclature
  • Fixup commit message
Harbormaster completed remote builds in B67790: Diff 164185.Tue, Oct 14, 9:08 PM
jlduran edited the summary of this revision. (Show Details)Tue, Oct 14, 9:08 PM
jlduran updated this revision to Diff 164195.Wed, Oct 15, 1:41 AM
  • Track the_active_state, for those probes where the ssh struct passed is NULL (like the one in _auth-pam.c_).
Harbormaster completed remote builds in B67795: Diff 164195.Wed, Oct 15, 1:41 AM
jlduran edited the summary of this revision. (Show Details)Wed, Oct 15, 1:41 AM

Revision Contents
Changeset List

PathSize
crypto/
openssh/
25 lines
1 line

Diff 164195

View Options

crypto/openssh/blocklist.c

Loading...
View Options

crypto/openssh/blocklist_client.h

Loading...