K 10
svn:author
V 4
lidl
K 8
svn:date
V 27
2017-02-22T04:15:39.352064Z
K 7
svn:log
V 939
MFC r313965:

Only notify blacklistd for successful logins in auth.c

Before this change, every pass through auth.c resulted in a
call to blacklist_notify().

In a normal remote login, there would be a failed login flagged for
the printing of the "xxx login:" prompt, before the remote user
could enter a password.

If the user successfully entered a good password, then a good login
would be flagged, and everything would be OK.

If the user entered an incorrect password, there would be another
failed login flagged in auth1.c (or auth2.c) for the actual bad
password attempt.  Finally, when sshd got around to issuing the
second "xxx login:" prompt, there would be yet another failed login
notice sent to blacklistd.

So, if there was a 3 bad logins limit set (the default), the system
would actually block the address after the first bad password attempt.

Reported by:	Rick Adams
Reviewed by:	des
Sponsored by:	The FreeBSD Foundation

END