openssh: pass ssh context to BLACKLIST_NOTIFY
Fixes: 19261079b7
("openssh: update to OpenSSH v8.7p1")
Sponsored by: The FreeBSD Foundation
This commit is contained in:
parent
b1746faad6
commit
0f9bafdfc3
@ -923,7 +923,7 @@ sshpam_query(void *ctx, char **name, char **info,
|
||||
sshbuf_free(buffer);
|
||||
return (0);
|
||||
}
|
||||
BLACKLIST_NOTIFY(BLACKLIST_BAD_USER,
|
||||
BLACKLIST_NOTIFY(NULL, BLACKLIST_BAD_USER,
|
||||
sshpam_authctxt->user);
|
||||
error("PAM: %s for %s%.100s from %.100s", msg,
|
||||
sshpam_authctxt->valid ? "" : "illegal user ",
|
||||
|
@ -336,7 +336,7 @@ auth_log(struct ssh *ssh, int authenticated, int partial,
|
||||
else {
|
||||
authmsg = authenticated ? "Accepted" : "Failed";
|
||||
if (authenticated)
|
||||
BLACKLIST_NOTIFY(BLACKLIST_AUTH_OK, "ssh");
|
||||
BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_OK, "ssh");
|
||||
}
|
||||
|
||||
if ((extra = format_method_key(authctxt)) == NULL) {
|
||||
@ -600,7 +600,7 @@ getpwnamallow(struct ssh *ssh, const char *user)
|
||||
aix_restoreauthdb();
|
||||
#endif
|
||||
if (pw == NULL) {
|
||||
BLACKLIST_NOTIFY(BLACKLIST_BAD_USER, user);
|
||||
BLACKLIST_NOTIFY(ssh, BLACKLIST_BAD_USER, user);
|
||||
logit("Invalid user %.100s from %.100s port %d",
|
||||
user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
|
||||
#ifdef CUSTOM_FAILED_LOGIN
|
||||
|
@ -425,7 +425,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
|
||||
if (!partial && !authctxt->server_caused_failure &&
|
||||
(authctxt->attempt > 1 || strcmp(method, "none") != 0)) {
|
||||
authctxt->failures++;
|
||||
BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, "ssh");
|
||||
BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "ssh");
|
||||
}
|
||||
if (authctxt->failures >= options.max_authtries) {
|
||||
#ifdef SSH_AUDIT_EVENTS
|
||||
|
@ -88,10 +88,10 @@ blacklist_init(void)
|
||||
}
|
||||
|
||||
void
|
||||
blacklist_notify(int action, const char *msg)
|
||||
blacklist_notify(struct ssh *ssh, int action, const char *msg)
|
||||
{
|
||||
|
||||
if (blstate != NULL && ssh_packet_connection_is_on_socket(NULL))
|
||||
if (blstate != NULL && ssh_packet_connection_is_on_socket(ssh))
|
||||
(void)blacklist_r(blstate, action,
|
||||
ssh_packet_get_connection_in(NULL), msg);
|
||||
ssh_packet_get_connection_in(ssh), msg);
|
||||
}
|
||||
|
@ -45,15 +45,15 @@ enum {
|
||||
|
||||
#ifdef USE_BLACKLIST
|
||||
void blacklist_init(void);
|
||||
void blacklist_notify(int, const char *);
|
||||
void blacklist_notify(struct ssh *, int, const char *);
|
||||
|
||||
#define BLACKLIST_INIT() blacklist_init()
|
||||
#define BLACKLIST_NOTIFY(x,msg) blacklist_notify(x,msg)
|
||||
#define BLACKLIST_NOTIFY(ssh,x,msg) blacklist_notify(ssh,x,msg)
|
||||
|
||||
#else
|
||||
|
||||
#define BLACKLIST_INIT()
|
||||
#define BLACKLIST_NOTIFY(x,msg)
|
||||
#define BLACKLIST_NOTIFY(ssh,x,msg)
|
||||
|
||||
#endif
|
||||
|
||||
|
@ -1876,7 +1876,7 @@ sshpkt_vfatal(struct ssh *ssh, int r, const char *fmt, va_list ap)
|
||||
case SSH_ERR_NO_KEX_ALG_MATCH:
|
||||
case SSH_ERR_NO_HOSTKEY_ALG_MATCH:
|
||||
if (ssh && ssh->kex && ssh->kex->failed_choice) {
|
||||
BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, "ssh");
|
||||
BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "ssh");
|
||||
ssh_packet_clear_keys(ssh);
|
||||
errno = oerrno;
|
||||
logdie("Unable to negotiate with %s: %s. "
|
||||
|
@ -385,7 +385,7 @@ grace_alarm_handler(int sig)
|
||||
kill(0, SIGTERM);
|
||||
}
|
||||
|
||||
BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, "ssh");
|
||||
BLACKLIST_NOTIFY(NULL, BLACKLIST_AUTH_FAIL, "ssh");
|
||||
|
||||
/* Log error and exit. */
|
||||
if (use_privsep && pmonitor != NULL && pmonitor->m_pid <= 0)
|
||||
|
Loading…
Reference in New Issue
Block a user