git: 0f9bafdfc325 - main - openssh: pass ssh context to BLACKLIST_NOTIFY
Ed Maste
emaste at FreeBSD.org
Tue Sep 14 17:51:33 UTC 2021
The branch main has been updated by emaste:
URL: https://cgit.FreeBSD.org/src/commit/?id=0f9bafdfc325779e4ecc5154d5bb06c752297138
commit 0f9bafdfc325779e4ecc5154d5bb06c752297138
Author: Ed Maste <emaste at FreeBSD.org>
AuthorDate: 2021-09-14 16:39:21 +0000
Commit: Ed Maste <emaste at FreeBSD.org>
CommitDate: 2021-09-14 17:44:39 +0000
openssh: pass ssh context to BLACKLIST_NOTIFY
Fixes: 19261079b743 ("openssh: update to OpenSSH v8.7p1")
Sponsored by: The FreeBSD Foundation
---
crypto/openssh/auth-pam.c | 2 +-
crypto/openssh/auth.c | 4 ++--
crypto/openssh/auth2.c | 2 +-
crypto/openssh/blacklist.c | 6 +++---
crypto/openssh/blacklist_client.h | 6 +++---
crypto/openssh/packet.c | 2 +-
crypto/openssh/sshd.c | 2 +-
7 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/crypto/openssh/auth-pam.c b/crypto/openssh/auth-pam.c
index f077b70595e6..7e6f972681e9 100644
--- a/crypto/openssh/auth-pam.c
+++ b/crypto/openssh/auth-pam.c
@@ -923,7 +923,7 @@ sshpam_query(void *ctx, char **name, char **info,
sshbuf_free(buffer);
return (0);
}
- BLACKLIST_NOTIFY(BLACKLIST_BAD_USER,
+ BLACKLIST_NOTIFY(NULL, BLACKLIST_BAD_USER,
sshpam_authctxt->user);
error("PAM: %s for %s%.100s from %.100s", msg,
sshpam_authctxt->valid ? "" : "illegal user ",
diff --git a/crypto/openssh/auth.c b/crypto/openssh/auth.c
index 6b53585e2567..581d8dce2792 100644
--- a/crypto/openssh/auth.c
+++ b/crypto/openssh/auth.c
@@ -336,7 +336,7 @@ auth_log(struct ssh *ssh, int authenticated, int partial,
else {
authmsg = authenticated ? "Accepted" : "Failed";
if (authenticated)
- BLACKLIST_NOTIFY(BLACKLIST_AUTH_OK, "ssh");
+ BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_OK, "ssh");
}
if ((extra = format_method_key(authctxt)) == NULL) {
@@ -600,7 +600,7 @@ getpwnamallow(struct ssh *ssh, const char *user)
aix_restoreauthdb();
#endif
if (pw == NULL) {
- BLACKLIST_NOTIFY(BLACKLIST_BAD_USER, user);
+ BLACKLIST_NOTIFY(ssh, BLACKLIST_BAD_USER, user);
logit("Invalid user %.100s from %.100s port %d",
user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
#ifdef CUSTOM_FAILED_LOGIN
diff --git a/crypto/openssh/auth2.c b/crypto/openssh/auth2.c
index cd5bd9ff501c..ff1228513d1e 100644
--- a/crypto/openssh/auth2.c
+++ b/crypto/openssh/auth2.c
@@ -425,7 +425,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
if (!partial && !authctxt->server_caused_failure &&
(authctxt->attempt > 1 || strcmp(method, "none") != 0)) {
authctxt->failures++;
- BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, "ssh");
+ BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "ssh");
}
if (authctxt->failures >= options.max_authtries) {
#ifdef SSH_AUDIT_EVENTS
diff --git a/crypto/openssh/blacklist.c b/crypto/openssh/blacklist.c
index 78830c525c85..f118edab40cf 100644
--- a/crypto/openssh/blacklist.c
+++ b/crypto/openssh/blacklist.c
@@ -88,10 +88,10 @@ blacklist_init(void)
}
void
-blacklist_notify(int action, const char *msg)
+blacklist_notify(struct ssh *ssh, int action, const char *msg)
{
- if (blstate != NULL && ssh_packet_connection_is_on_socket(NULL))
+ if (blstate != NULL && ssh_packet_connection_is_on_socket(ssh))
(void)blacklist_r(blstate, action,
- ssh_packet_get_connection_in(NULL), msg);
+ ssh_packet_get_connection_in(ssh), msg);
}
diff --git a/crypto/openssh/blacklist_client.h b/crypto/openssh/blacklist_client.h
index af5a2a6d3c1d..236884092010 100644
--- a/crypto/openssh/blacklist_client.h
+++ b/crypto/openssh/blacklist_client.h
@@ -45,15 +45,15 @@ enum {
#ifdef USE_BLACKLIST
void blacklist_init(void);
-void blacklist_notify(int, const char *);
+void blacklist_notify(struct ssh *, int, const char *);
#define BLACKLIST_INIT() blacklist_init()
-#define BLACKLIST_NOTIFY(x,msg) blacklist_notify(x,msg)
+#define BLACKLIST_NOTIFY(ssh,x,msg) blacklist_notify(ssh,x,msg)
#else
#define BLACKLIST_INIT()
-#define BLACKLIST_NOTIFY(x,msg)
+#define BLACKLIST_NOTIFY(ssh,x,msg)
#endif
diff --git a/crypto/openssh/packet.c b/crypto/openssh/packet.c
index 3379862ebc79..bc8314287cba 100644
--- a/crypto/openssh/packet.c
+++ b/crypto/openssh/packet.c
@@ -1876,7 +1876,7 @@ sshpkt_vfatal(struct ssh *ssh, int r, const char *fmt, va_list ap)
case SSH_ERR_NO_KEX_ALG_MATCH:
case SSH_ERR_NO_HOSTKEY_ALG_MATCH:
if (ssh && ssh->kex && ssh->kex->failed_choice) {
- BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, "ssh");
+ BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "ssh");
ssh_packet_clear_keys(ssh);
errno = oerrno;
logdie("Unable to negotiate with %s: %s. "
diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c
index b3a2c4151e01..864ad09b29fc 100644
--- a/crypto/openssh/sshd.c
+++ b/crypto/openssh/sshd.c
@@ -385,7 +385,7 @@ grace_alarm_handler(int sig)
kill(0, SIGTERM);
}
- BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, "ssh");
+ BLACKLIST_NOTIFY(NULL, BLACKLIST_AUTH_FAIL, "ssh");
/* Log error and exit. */
if (use_privsep && pmonitor != NULL && pmonitor->m_pid <= 0)
More information about the dev-commits-src-all
mailing list