git: 0f9bafdfc325 - main - openssh: pass ssh context to BLACKLIST_NOTIFY

Ed Maste emaste at FreeBSD.org
Tue Sep 14 17:51:33 UTC 2021 

The branch main has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=0f9bafdfc325779e4ecc5154d5bb06c752297138

commit 0f9bafdfc325779e4ecc5154d5bb06c752297138
Author:     Ed Maste <emaste at FreeBSD.org>
AuthorDate: 2021-09-14 16:39:21 +0000
Commit:     Ed Maste <emaste at FreeBSD.org>
CommitDate: 2021-09-14 17:44:39 +0000

    openssh: pass ssh context to BLACKLIST_NOTIFY
    
    Fixes:          19261079b743 ("openssh: update to OpenSSH v8.7p1")
    Sponsored by:   The FreeBSD Foundation
---
 crypto/openssh/auth-pam.c         | 2 +-
 crypto/openssh/auth.c             | 4 ++--
 crypto/openssh/auth2.c            | 2 +-
 crypto/openssh/blacklist.c        | 6 +++---
 crypto/openssh/blacklist_client.h | 6 +++---
 crypto/openssh/packet.c           | 2 +-
 crypto/openssh/sshd.c             | 2 +-
 7 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/crypto/openssh/auth-pam.c b/crypto/openssh/auth-pam.c
index f077b70595e6..7e6f972681e9 100644
--- a/crypto/openssh/auth-pam.c
+++ b/crypto/openssh/auth-pam.c
@@ -923,7 +923,7 @@ sshpam_query(void *ctx, char **name, char **info,
 				sshbuf_free(buffer);
 				return (0);
 			}
-			BLACKLIST_NOTIFY(BLACKLIST_BAD_USER,
+			BLACKLIST_NOTIFY(NULL, BLACKLIST_BAD_USER,
 			    sshpam_authctxt->user);
 			error("PAM: %s for %s%.100s from %.100s", msg,
 			    sshpam_authctxt->valid ? "" : "illegal user ",
diff --git a/crypto/openssh/auth.c b/crypto/openssh/auth.c
index 6b53585e2567..581d8dce2792 100644
--- a/crypto/openssh/auth.c
+++ b/crypto/openssh/auth.c
@@ -336,7 +336,7 @@ auth_log(struct ssh *ssh, int authenticated, int partial,
 	else {
 		authmsg = authenticated ? "Accepted" : "Failed";
 		if (authenticated)
-			BLACKLIST_NOTIFY(BLACKLIST_AUTH_OK, "ssh");
+			BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_OK, "ssh");
 	}
 
 	if ((extra = format_method_key(authctxt)) == NULL) {
@@ -600,7 +600,7 @@ getpwnamallow(struct ssh *ssh, const char *user)
 	aix_restoreauthdb();
 #endif
 	if (pw == NULL) {
-		BLACKLIST_NOTIFY(BLACKLIST_BAD_USER, user);
+		BLACKLIST_NOTIFY(ssh, BLACKLIST_BAD_USER, user);
 		logit("Invalid user %.100s from %.100s port %d",
 		    user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
 #ifdef CUSTOM_FAILED_LOGIN
diff --git a/crypto/openssh/auth2.c b/crypto/openssh/auth2.c
index cd5bd9ff501c..ff1228513d1e 100644
--- a/crypto/openssh/auth2.c
+++ b/crypto/openssh/auth2.c
@@ -425,7 +425,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
 		if (!partial && !authctxt->server_caused_failure &&
 		    (authctxt->attempt > 1 || strcmp(method, "none") != 0)) {
 			authctxt->failures++;
-			BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, "ssh");
+			BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "ssh");
 		}
 		if (authctxt->failures >= options.max_authtries) {
 #ifdef SSH_AUDIT_EVENTS
diff --git a/crypto/openssh/blacklist.c b/crypto/openssh/blacklist.c
index 78830c525c85..f118edab40cf 100644
--- a/crypto/openssh/blacklist.c
+++ b/crypto/openssh/blacklist.c
@@ -88,10 +88,10 @@ blacklist_init(void)
 }
 
 void
-blacklist_notify(int action, const char *msg)
+blacklist_notify(struct ssh *ssh, int action, const char *msg)
 {
 
-	if (blstate != NULL && ssh_packet_connection_is_on_socket(NULL))
+	if (blstate != NULL && ssh_packet_connection_is_on_socket(ssh))
 		(void)blacklist_r(blstate, action,
-		ssh_packet_get_connection_in(NULL), msg);
+		ssh_packet_get_connection_in(ssh), msg);
 }
diff --git a/crypto/openssh/blacklist_client.h b/crypto/openssh/blacklist_client.h
index af5a2a6d3c1d..236884092010 100644
--- a/crypto/openssh/blacklist_client.h
+++ b/crypto/openssh/blacklist_client.h
@@ -45,15 +45,15 @@ enum {
 
 #ifdef USE_BLACKLIST
 void blacklist_init(void);
-void blacklist_notify(int, const char *);
+void blacklist_notify(struct ssh *, int, const char *);
 
 #define BLACKLIST_INIT() blacklist_init()
-#define BLACKLIST_NOTIFY(x,msg) blacklist_notify(x,msg)
+#define BLACKLIST_NOTIFY(ssh,x,msg) blacklist_notify(ssh,x,msg)
 
 #else
 
 #define BLACKLIST_INIT()
-#define BLACKLIST_NOTIFY(x,msg)
+#define BLACKLIST_NOTIFY(ssh,x,msg)
 
 #endif
 
diff --git a/crypto/openssh/packet.c b/crypto/openssh/packet.c
index 3379862ebc79..bc8314287cba 100644
--- a/crypto/openssh/packet.c
+++ b/crypto/openssh/packet.c
@@ -1876,7 +1876,7 @@ sshpkt_vfatal(struct ssh *ssh, int r, const char *fmt, va_list ap)
 	case SSH_ERR_NO_KEX_ALG_MATCH:
 	case SSH_ERR_NO_HOSTKEY_ALG_MATCH:
 		if (ssh && ssh->kex && ssh->kex->failed_choice) {
-			BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, "ssh");
+			BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "ssh");
 			ssh_packet_clear_keys(ssh);
 			errno = oerrno;
 			logdie("Unable to negotiate with %s: %s. "
diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c
index b3a2c4151e01..864ad09b29fc 100644
--- a/crypto/openssh/sshd.c
+++ b/crypto/openssh/sshd.c
@@ -385,7 +385,7 @@ grace_alarm_handler(int sig)
 		kill(0, SIGTERM);
 	}
 
-	BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, "ssh");
+	BLACKLIST_NOTIFY(NULL, BLACKLIST_AUTH_FAIL, "ssh");
 
 	/* Log error and exit. */
 	if (use_privsep && pmonitor != NULL && pmonitor->m_pid <= 0)

More information about the dev-commits-src-all mailing list