From 0f9bafdfc325779e4ecc5154d5bb06c752297138 Mon Sep 17 00:00:00 2001 From: Ed Maste Date: Tue, 14 Sep 2021 12:39:21 -0400 Subject: [PATCH] openssh: pass ssh context to BLACKLIST_NOTIFY Fixes: 19261079b743 ("openssh: update to OpenSSH v8.7p1") Sponsored by: The FreeBSD Foundation --- crypto/openssh/auth-pam.c | 2 +- crypto/openssh/auth.c | 4 ++-- crypto/openssh/auth2.c | 2 +- crypto/openssh/blacklist.c | 6 +++--- crypto/openssh/blacklist_client.h | 6 +++--- crypto/openssh/packet.c | 2 +- crypto/openssh/sshd.c | 2 +- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/crypto/openssh/auth-pam.c b/crypto/openssh/auth-pam.c index f077b70595e6..7e6f972681e9 100644 --- a/crypto/openssh/auth-pam.c +++ b/crypto/openssh/auth-pam.c @@ -923,7 +923,7 @@ sshpam_query(void *ctx, char **name, char **info, sshbuf_free(buffer); return (0); } - BLACKLIST_NOTIFY(BLACKLIST_BAD_USER, + BLACKLIST_NOTIFY(NULL, BLACKLIST_BAD_USER, sshpam_authctxt->user); error("PAM: %s for %s%.100s from %.100s", msg, sshpam_authctxt->valid ? "" : "illegal user ", diff --git a/crypto/openssh/auth.c b/crypto/openssh/auth.c index 6b53585e2567..581d8dce2792 100644 --- a/crypto/openssh/auth.c +++ b/crypto/openssh/auth.c @@ -336,7 +336,7 @@ auth_log(struct ssh *ssh, int authenticated, int partial, else { authmsg = authenticated ? "Accepted" : "Failed"; if (authenticated) - BLACKLIST_NOTIFY(BLACKLIST_AUTH_OK, "ssh"); + BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_OK, "ssh"); } if ((extra = format_method_key(authctxt)) == NULL) { @@ -600,7 +600,7 @@ getpwnamallow(struct ssh *ssh, const char *user) aix_restoreauthdb(); #endif if (pw == NULL) { - BLACKLIST_NOTIFY(BLACKLIST_BAD_USER, user); + BLACKLIST_NOTIFY(ssh, BLACKLIST_BAD_USER, user); logit("Invalid user %.100s from %.100s port %d", user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); #ifdef CUSTOM_FAILED_LOGIN diff --git a/crypto/openssh/auth2.c b/crypto/openssh/auth2.c index cd5bd9ff501c..ff1228513d1e 100644 --- a/crypto/openssh/auth2.c +++ b/crypto/openssh/auth2.c @@ -425,7 +425,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, if (!partial && !authctxt->server_caused_failure && (authctxt->attempt > 1 || strcmp(method, "none") != 0)) { authctxt->failures++; - BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, "ssh"); + BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "ssh"); } if (authctxt->failures >= options.max_authtries) { #ifdef SSH_AUDIT_EVENTS diff --git a/crypto/openssh/blacklist.c b/crypto/openssh/blacklist.c index 78830c525c85..f118edab40cf 100644 --- a/crypto/openssh/blacklist.c +++ b/crypto/openssh/blacklist.c @@ -88,10 +88,10 @@ blacklist_init(void) } void -blacklist_notify(int action, const char *msg) +blacklist_notify(struct ssh *ssh, int action, const char *msg) { - if (blstate != NULL && ssh_packet_connection_is_on_socket(NULL)) + if (blstate != NULL && ssh_packet_connection_is_on_socket(ssh)) (void)blacklist_r(blstate, action, - ssh_packet_get_connection_in(NULL), msg); + ssh_packet_get_connection_in(ssh), msg); } diff --git a/crypto/openssh/blacklist_client.h b/crypto/openssh/blacklist_client.h index af5a2a6d3c1d..236884092010 100644 --- a/crypto/openssh/blacklist_client.h +++ b/crypto/openssh/blacklist_client.h @@ -45,15 +45,15 @@ enum { #ifdef USE_BLACKLIST void blacklist_init(void); -void blacklist_notify(int, const char *); +void blacklist_notify(struct ssh *, int, const char *); #define BLACKLIST_INIT() blacklist_init() -#define BLACKLIST_NOTIFY(x,msg) blacklist_notify(x,msg) +#define BLACKLIST_NOTIFY(ssh,x,msg) blacklist_notify(ssh,x,msg) #else #define BLACKLIST_INIT() -#define BLACKLIST_NOTIFY(x,msg) +#define BLACKLIST_NOTIFY(ssh,x,msg) #endif diff --git a/crypto/openssh/packet.c b/crypto/openssh/packet.c index 3379862ebc79..bc8314287cba 100644 --- a/crypto/openssh/packet.c +++ b/crypto/openssh/packet.c @@ -1876,7 +1876,7 @@ sshpkt_vfatal(struct ssh *ssh, int r, const char *fmt, va_list ap) case SSH_ERR_NO_KEX_ALG_MATCH: case SSH_ERR_NO_HOSTKEY_ALG_MATCH: if (ssh && ssh->kex && ssh->kex->failed_choice) { - BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, "ssh"); + BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "ssh"); ssh_packet_clear_keys(ssh); errno = oerrno; logdie("Unable to negotiate with %s: %s. " diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c index b3a2c4151e01..864ad09b29fc 100644 --- a/crypto/openssh/sshd.c +++ b/crypto/openssh/sshd.c @@ -385,7 +385,7 @@ grace_alarm_handler(int sig) kill(0, SIGTERM); } - BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, "ssh"); + BLACKLIST_NOTIFY(NULL, BLACKLIST_AUTH_FAIL, "ssh"); /* Log error and exit. */ if (use_privsep && pmonitor != NULL && pmonitor->m_pid <= 0)