From owner-dev-commits-src-all@freebsd.org  Tue Sep 14 17:51:32 2021
Return-Path: <owner-dev-commits-src-all@freebsd.org>
Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id DFE1A66DA87;
 Tue, 14 Sep 2021 17:51:32 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4H89rh62lgz3jxt;
 Tue, 14 Sep 2021 17:51:32 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:5])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id AF4531F325;
 Tue, 14 Sep 2021 17:51:32 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
 by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 18EHpWuI015755;
 Tue, 14 Sep 2021 17:51:32 GMT (envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
 by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 18EHpWI1015754;
 Tue, 14 Sep 2021 17:51:32 GMT (envelope-from git)
Date: Tue, 14 Sep 2021 17:51:32 GMT
Message-Id: <202109141751.18EHpWI1015754@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
 dev-commits-src-main@FreeBSD.org
From: Ed Maste <emaste@FreeBSD.org>
Subject: git: 0f9bafdfc325 - main - openssh: pass ssh context to
 BLACKLIST_NOTIFY
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: emaste
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 0f9bafdfc325779e4ecc5154d5bb06c752297138
Auto-Submitted: auto-generated
X-BeenThere: dev-commits-src-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Commit messages for all branches of the src repository
 <dev-commits-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/dev-commits-src-all>, 
 <mailto:dev-commits-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/dev-commits-src-all/>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Help: <mailto:dev-commits-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all>, 
 <mailto:dev-commits-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Sep 2021 17:51:33 -0000

The branch main has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=0f9bafdfc325779e4ecc5154d5bb06c752297138

commit 0f9bafdfc325779e4ecc5154d5bb06c752297138
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2021-09-14 16:39:21 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2021-09-14 17:44:39 +0000

    openssh: pass ssh context to BLACKLIST_NOTIFY
    
    Fixes:          19261079b743 ("openssh: update to OpenSSH v8.7p1")
    Sponsored by:   The FreeBSD Foundation
---
 crypto/openssh/auth-pam.c         | 2 +-
 crypto/openssh/auth.c             | 4 ++--
 crypto/openssh/auth2.c            | 2 +-
 crypto/openssh/blacklist.c        | 6 +++---
 crypto/openssh/blacklist_client.h | 6 +++---
 crypto/openssh/packet.c           | 2 +-
 crypto/openssh/sshd.c             | 2 +-
 7 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/crypto/openssh/auth-pam.c b/crypto/openssh/auth-pam.c
index f077b70595e6..7e6f972681e9 100644
--- a/crypto/openssh/auth-pam.c
+++ b/crypto/openssh/auth-pam.c
@@ -923,7 +923,7 @@ sshpam_query(void *ctx, char **name, char **info,
 				sshbuf_free(buffer);
 				return (0);
 			}
-			BLACKLIST_NOTIFY(BLACKLIST_BAD_USER,
+			BLACKLIST_NOTIFY(NULL, BLACKLIST_BAD_USER,
 			    sshpam_authctxt->user);
 			error("PAM: %s for %s%.100s from %.100s", msg,
 			    sshpam_authctxt->valid ? "" : "illegal user ",
diff --git a/crypto/openssh/auth.c b/crypto/openssh/auth.c
index 6b53585e2567..581d8dce2792 100644
--- a/crypto/openssh/auth.c
+++ b/crypto/openssh/auth.c
@@ -336,7 +336,7 @@ auth_log(struct ssh *ssh, int authenticated, int partial,
 	else {
 		authmsg = authenticated ? "Accepted" : "Failed";
 		if (authenticated)
-			BLACKLIST_NOTIFY(BLACKLIST_AUTH_OK, "ssh");
+			BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_OK, "ssh");
 	}
 
 	if ((extra = format_method_key(authctxt)) == NULL) {
@@ -600,7 +600,7 @@ getpwnamallow(struct ssh *ssh, const char *user)
 	aix_restoreauthdb();
 #endif
 	if (pw == NULL) {
-		BLACKLIST_NOTIFY(BLACKLIST_BAD_USER, user);
+		BLACKLIST_NOTIFY(ssh, BLACKLIST_BAD_USER, user);
 		logit("Invalid user %.100s from %.100s port %d",
 		    user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
 #ifdef CUSTOM_FAILED_LOGIN
diff --git a/crypto/openssh/auth2.c b/crypto/openssh/auth2.c
index cd5bd9ff501c..ff1228513d1e 100644
--- a/crypto/openssh/auth2.c
+++ b/crypto/openssh/auth2.c
@@ -425,7 +425,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
 		if (!partial && !authctxt->server_caused_failure &&
 		    (authctxt->attempt > 1 || strcmp(method, "none") != 0)) {
 			authctxt->failures++;
-			BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, "ssh");
+			BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "ssh");
 		}
 		if (authctxt->failures >= options.max_authtries) {
 #ifdef SSH_AUDIT_EVENTS
diff --git a/crypto/openssh/blacklist.c b/crypto/openssh/blacklist.c
index 78830c525c85..f118edab40cf 100644
--- a/crypto/openssh/blacklist.c
+++ b/crypto/openssh/blacklist.c
@@ -88,10 +88,10 @@ blacklist_init(void)
 }
 
 void
-blacklist_notify(int action, const char *msg)
+blacklist_notify(struct ssh *ssh, int action, const char *msg)
 {
 
-	if (blstate != NULL && ssh_packet_connection_is_on_socket(NULL))
+	if (blstate != NULL && ssh_packet_connection_is_on_socket(ssh))
 		(void)blacklist_r(blstate, action,
-		ssh_packet_get_connection_in(NULL), msg);
+		ssh_packet_get_connection_in(ssh), msg);
 }
diff --git a/crypto/openssh/blacklist_client.h b/crypto/openssh/blacklist_client.h
index af5a2a6d3c1d..236884092010 100644
--- a/crypto/openssh/blacklist_client.h
+++ b/crypto/openssh/blacklist_client.h
@@ -45,15 +45,15 @@ enum {
 
 #ifdef USE_BLACKLIST
 void blacklist_init(void);
-void blacklist_notify(int, const char *);
+void blacklist_notify(struct ssh *, int, const char *);
 
 #define BLACKLIST_INIT() blacklist_init()
-#define BLACKLIST_NOTIFY(x,msg) blacklist_notify(x,msg)
+#define BLACKLIST_NOTIFY(ssh,x,msg) blacklist_notify(ssh,x,msg)
 
 #else
 
 #define BLACKLIST_INIT()
-#define BLACKLIST_NOTIFY(x,msg)
+#define BLACKLIST_NOTIFY(ssh,x,msg)
 
 #endif
 
diff --git a/crypto/openssh/packet.c b/crypto/openssh/packet.c
index 3379862ebc79..bc8314287cba 100644
--- a/crypto/openssh/packet.c
+++ b/crypto/openssh/packet.c
@@ -1876,7 +1876,7 @@ sshpkt_vfatal(struct ssh *ssh, int r, const char *fmt, va_list ap)
 	case SSH_ERR_NO_KEX_ALG_MATCH:
 	case SSH_ERR_NO_HOSTKEY_ALG_MATCH:
 		if (ssh && ssh->kex && ssh->kex->failed_choice) {
-			BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, "ssh");
+			BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "ssh");
 			ssh_packet_clear_keys(ssh);
 			errno = oerrno;
 			logdie("Unable to negotiate with %s: %s. "
diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c
index b3a2c4151e01..864ad09b29fc 100644
--- a/crypto/openssh/sshd.c
+++ b/crypto/openssh/sshd.c
@@ -385,7 +385,7 @@ grace_alarm_handler(int sig)
 		kill(0, SIGTERM);
 	}
 
-	BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, "ssh");
+	BLACKLIST_NOTIFY(NULL, BLACKLIST_AUTH_FAIL, "ssh");
 
 	/* Log error and exit. */
 	if (use_privsep && pmonitor != NULL && pmonitor->m_pid <= 0)