openssh/fix-audit-fail-attempt.patch
Antonio Larrosa dd9c4b9bb1 - Add patch to fix sshd not logging in the audit failed login
attempts (submitted to upstream in
  https://github.com/openssh/openssh-portable/pull/516):
  * fix-audit-fail-attempt.patch
- Use --enable-dsa-keys when building openssh. It's required if
  the user sets the crypto-policy mode to LEGACY, where DSA keys
  should be allowed. The option was added by upstream in 9.7 and
  set to disabled by default.
- These two changes fix 2 of the 3 issues reported in bsc#1229650.

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=273
2024-08-23 12:36:12 +00:00

24 lines
714 B
Diff

Index: openssh-9.8p1/sshd-session.c
===================================================================
--- openssh-9.8p1.orig/sshd-session.c
+++ openssh-9.8p1/sshd-session.c
@@ -1624,9 +1624,6 @@ cleanup_exit(int i)
}
}
}
- /* Override default fatal exit value when auth was attempted */
- if (i == 255 && auth_attempted)
- _exit(EXIT_AUTH_ATTEMPTED);
#ifdef SSH_AUDIT_EVENTS
/* done after do_cleanup so it can cancel the PAM auth 'thread' */
if (the_active_state != NULL &&
@@ -1636,5 +1633,8 @@ cleanup_exit(int i)
#endif
clobber_stack();
+ /* Override default fatal exit value when auth was attempted */
+ if (i == 255 && auth_attempted)
+ _exit(EXIT_AUTH_ATTEMPTED);
_exit(i);
}