openssh: pass ssh context to BLACKLIST_NOTIFY

Fixes:		19261079b7 ("openssh: update to OpenSSH v8.7p1")
Sponsored by:	The FreeBSD Foundation

crypto/openssh/auth-pam.c

@@ -923,7 +923,7 @@ sshpam_query(void *ctx, char **name, char **info,
 				sshbuf_free(buffer);
 				return (0);
 			}
-			BLACKLIST_NOTIFY(BLACKLIST_BAD_USER,
+			BLACKLIST_NOTIFY(NULL, BLACKLIST_BAD_USER,
 			    sshpam_authctxt->user);
 			error("PAM: %s for %s%.100s from %.100s", msg,
 			    sshpam_authctxt->valid ? "" : "illegal user ",

crypto/openssh/auth.c

@@ -336,7 +336,7 @@ auth_log(struct ssh *ssh, int authenticated, int partial,
 	else {
 		authmsg = authenticated ? "Accepted" : "Failed";
 		if (authenticated)
-			BLACKLIST_NOTIFY(BLACKLIST_AUTH_OK, "ssh");
+			BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_OK, "ssh");
 	}
 
 	if ((extra = format_method_key(authctxt)) == NULL) {
@@ -600,7 +600,7 @@ getpwnamallow(struct ssh *ssh, const char *user)
 	aix_restoreauthdb();
 #endif
 	if (pw == NULL) {
-		BLACKLIST_NOTIFY(BLACKLIST_BAD_USER, user);
+		BLACKLIST_NOTIFY(ssh, BLACKLIST_BAD_USER, user);
 		logit("Invalid user %.100s from %.100s port %d",
 		    user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
 #ifdef CUSTOM_FAILED_LOGIN

crypto/openssh/auth2.c

@@ -425,7 +425,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
 		if (!partial && !authctxt->server_caused_failure &&
 		    (authctxt->attempt > 1 || strcmp(method, "none") != 0)) {
 			authctxt->failures++;
-			BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, "ssh");
+			BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "ssh");
 		}
 		if (authctxt->failures >= options.max_authtries) {
 #ifdef SSH_AUDIT_EVENTS

crypto/openssh/blacklist.c

@@ -88,10 +88,10 @@ blacklist_init(void)
 }
 
 void
-blacklist_notify(int action, const char *msg)
+blacklist_notify(struct ssh *ssh, int action, const char *msg)
 {
 
-	if (blstate != NULL && ssh_packet_connection_is_on_socket(NULL))
+	if (blstate != NULL && ssh_packet_connection_is_on_socket(ssh))
 		(void)blacklist_r(blstate, action,
-		ssh_packet_get_connection_in(NULL), msg);
+		ssh_packet_get_connection_in(ssh), msg);
 }

crypto/openssh/blacklist_client.h

@@ -45,15 +45,15 @@ enum {
 
 #ifdef USE_BLACKLIST
 void blacklist_init(void);
-void blacklist_notify(int, const char *);
+void blacklist_notify(struct ssh *, int, const char *);
 
 #define BLACKLIST_INIT() blacklist_init()
-#define BLACKLIST_NOTIFY(x,msg) blacklist_notify(x,msg)
+#define BLACKLIST_NOTIFY(ssh,x,msg) blacklist_notify(ssh,x,msg)
 
 #else
 
 #define BLACKLIST_INIT()
-#define BLACKLIST_NOTIFY(x,msg)
+#define BLACKLIST_NOTIFY(ssh,x,msg)
 
 #endif
 

crypto/openssh/packet.c

@@ -1876,7 +1876,7 @@ sshpkt_vfatal(struct ssh *ssh, int r, const char *fmt, va_list ap)
 	case SSH_ERR_NO_KEX_ALG_MATCH:
 	case SSH_ERR_NO_HOSTKEY_ALG_MATCH:
 		if (ssh && ssh->kex && ssh->kex->failed_choice) {
-			BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, "ssh");
+			BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "ssh");
 			ssh_packet_clear_keys(ssh);
 			errno = oerrno;
 			logdie("Unable to negotiate with %s: %s. "

crypto/openssh/sshd.c

@@ -385,7 +385,7 @@ grace_alarm_handler(int sig)
 		kill(0, SIGTERM);
 	}
 
-	BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, "ssh");
+	BLACKLIST_NOTIFY(NULL, BLACKLIST_AUTH_FAIL, "ssh");
 
 	/* Log error and exit. */
 	if (use_privsep && pmonitor != NULL && pmonitor->m_pid <= 0)