diff --git a/auth.c b/auth.c index fea2c650f..a4c1dece5 100644 --- a/auth.c +++ b/auth.c @@ -356,11 +356,11 @@ auth_log(struct ssh *ssh, int authenticated, int partial, (strcmp(method, "password") == 0 || strncmp(method, "keyboard-interactive", 20) == 0 || strcmp(method, "challenge-response") == 0)) - record_failed_login(authctxt->user, + record_failed_login(ssh, authctxt->user, auth_get_canonical_hostname(ssh, options.use_dns), "ssh"); # ifdef WITH_AIXAUTHENTICATE if (authenticated) - sys_auth_record_login(authctxt->user, + sys_auth_record_login(ssh, authctxt->user, auth_get_canonical_hostname(ssh, options.use_dns), "ssh", loginmsg); # endif @@ -601,7 +601,7 @@ getpwnamallow(struct ssh *ssh, const char *user) logit("Invalid user %.100s from %.100s port %d", user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); #ifdef CUSTOM_FAILED_LOGIN - record_failed_login(user, + record_failed_login(ssh, user, auth_get_canonical_hostname(ssh, options.use_dns), "ssh"); #endif #ifdef SSH_AUDIT_EVENTS diff --git a/auth2.c b/auth2.c index 1f023e8b1..2e996fa59 100644 --- a/auth2.c +++ b/auth2.c @@ -401,7 +401,10 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, fatal("%s: buffer error: %s", __func__, ssh_err(r)); userauth_send_banner(ssh, sshbuf_ptr(loginmsg)); - packet_write_wait(); + if ((r = ssh_packet_write_wait(ssh)) != 0) { + sshpkt_fatal(ssh, r, + "%s: send PAM banner", __func__); + } } fatal("Access denied for user %s by PAM account " "configuration", authctxt->user); diff --git a/loginrec.c b/loginrec.c index 08fc73758..5f2a47797 100644 --- a/loginrec.c +++ b/loginrec.c @@ -1653,7 +1653,7 @@ utmpx_get_entry(struct logininfo *li) */ void -record_failed_login(const char *username, const char *hostname, +record_failed_login(struct ssh *ssh, const char *username, const char *hostname, const char *ttyn) { int fd; @@ -1696,8 +1696,8 @@ record_failed_login(const char *username, const char *hostname, /* strncpy because we don't necessarily want nul termination */ strncpy(ut.ut_host, hostname, sizeof(ut.ut_host)); - if (packet_connection_is_on_socket() && - getpeername(packet_get_connection_in(), + if (ssh_packet_connection_is_on_socket(ssh) && + getpeername(ssh_packet_get_connection_in(ssh), (struct sockaddr *)&from, &fromlen) == 0) { ipv64_normalise_mapped(&from, &fromlen); if (from.ss_family == AF_INET) { diff --git a/loginrec.h b/loginrec.h index 28923e781..62cc0e78c 100644 --- a/loginrec.h +++ b/loginrec.h @@ -31,6 +31,8 @@ #include "includes.h" +struct ssh; + /** ** you should use the login_* calls to work around platform dependencies **/ @@ -126,6 +128,7 @@ char *line_fullname(char *dst, const char *src, u_int dstsize); char *line_stripname(char *dst, const char *src, int dstsize); char *line_abbrevname(char *dst, const char *src, int dstsize); -void record_failed_login(const char *, const char *, const char *); +void record_failed_login(struct ssh *, const char *, const char *, + const char *); #endif /* _HAVE_LOGINREC_H_ */ diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 943177c70..52698050c 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -280,8 +280,8 @@ sys_auth_allowed_user(struct passwd *pw, struct sshbuf *loginmsg) } int -sys_auth_record_login(const char *user, const char *host, const char *ttynm, - struct sshbuf *loginmsg) +sys_auth_record_login(struct ssh *ssh, const char *user, const char *host, + const char *ttynm, struct sshbuf *loginmsg) { char *msg = NULL; int success = 0; diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 748c0e4e3..4702e3bf1 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -30,6 +30,7 @@ # include #endif +struct ssh; struct sshbuf; /* These should be in the system headers but are not. */ @@ -89,7 +90,7 @@ void aix_usrinfo(struct passwd *); # define CUSTOM_SYS_AUTH_ALLOWED_USER 1 int sys_auth_allowed_user(struct passwd *, struct sshbuf *); # define CUSTOM_SYS_AUTH_RECORD_LOGIN 1 -int sys_auth_record_login(const char *, const char *, +int sys_auth_record_login(struct ssh *, const char *, const char *, const char *, struct sshbuf *); # define CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG char *sys_auth_get_lastlogin_msg(const char *, uid_t);