Page MenuHomeFreeBSD

Add refactored blacklist support to sshd
ClosedPublic

Authored by lidl on Jul 2 2016, 5:23 AM.

Details

Summary

Add refactored blacklist support to sshd

Remove use of #ifdef USE_BLACKLIST / #endif, and change the
calls to of blacklist_init() and blacklist_notify to be
macros defined in the blacklist_client.h file.

Remove redundent initialization attempts from within
blacklist_notify - everything always goes through
blacklistd_init().

Added UseBlacklist option to sshd, which defaults to off.
To enable the functionality, use '-o UseBlacklist=yes' on
the command line, or uncomment in the sshd_config file.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

lidl retitled this revision from to Add refactored blacklist support to sshd.
lidl updated this object.
lidl edited the test plan for this revision. (Show Details)
lidl added reviewers: emaste, rpaulo, des.
lidl set the repository for this revision to rS FreeBSD src repository - subversion.

Please upload with full context - instructions available at https://wiki.freebsd.org/CodeReview

lidl edited edge metadata.

Full diff uploaded, as requested by Ed Maste. Should otherwise be the same as the prior diff.

lidl updated this object.
lidl edited edge metadata.

Refresh diff with latest code.
Updates based on comments received from des@ in email.

lidl removed a reviewer: des.

Latest version of the diff, updated based on des' comments.

lidl edited edge metadata.

This is the same as the last uploaded diff, only generated with -U99999 so the entire content of any affected files can be viewed through Phabricator.

wblock added inline comments.
crypto/openssh/sshd_config.5
1543 ↗(On Diff #19569)

Passive -> active. Also, "should" implies a recommendation.

s/should attempt/attempts/

1552 ↗(On Diff #19569)

As above:

looks up the remote host name and checks that
lidl added inline comments.
crypto/openssh/sshd_config.5
1552 ↗(On Diff #19569)

I'm not going to make this change in this part of the text, as this comes from upstream. While you are correct it could be improved, I don't think that improvement ought to be part of this patch.

crypto/openssh/sshd_config.5
1552 ↗(On Diff #19569)

Fair enough.

This revision was automatically updated to reflect the committed changes.