d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e35c28a24b
freebsd-dev/contrib/blacklist/diff/ftpd.diff
Kurt Lidl 12017ca883 Import NetBSD's blacklist source from vendor tree 
This import includes The basic blacklist library and utility programs,
to add a system-wide packet filtering notification mechanism to
FreeBSD.

The rational behind the daemon was given by Christos Zoulas in a
presentation at vBSDcon 2015: https://youtu.be/fuuf8G28mjs

Reviewed by:	rpaulo
Approved by:	rpaulo
Obtained from:	NetBSD
Relnotes:	YES
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D5912
2016-06-01 22:04:10 +00:00

92 lines
2.4 KiB
Diff
Raw Blame History

--- /dev/null 2015-01-23 17:30:40.000000000 -0500
+++ pfilter.c 2015-01-23 17:12:02.000000000 -0500
@@ -0,0 +1,24 @@
+#include <stdio.h>
+#include <blacklist.h>
+
+#include "pfilter.h"
+
+static struct blacklist *blstate;
+
+void
+pfilter_open(void)
+{
+ if (blstate == NULL)
+ blstate = blacklist_open();
+}
+
+void
+pfilter_notify(int what, const char *msg)
+{
+ pfilter_open();
+
+ if (blstate == NULL)
+ return;
+
+ blacklist_r(blstate, what, 0, msg);
+}
--- /dev/null 2015-01-23 17:30:40.000000000 -0500
+++ pfilter.h 2015-01-23 17:07:25.000000000 -0500
@@ -0,0 +1,2 @@
+void pfilter_open(void);
+void pfilter_notify(int, const char *);
Index: Makefile
===================================================================
RCS file: /cvsroot/src/libexec/ftpd/Makefile,v
retrieving revision 1.63
diff -u -p -u -r1.63 Makefile
--- Makefile 14 Aug 2011 11:46:28 -0000 1.63
+++ Makefile 23 Jan 2015 22:32:20 -0000
@@ -11,6 +11,10 @@ LDADD+= -lcrypt -lutil
MAN= ftpd.conf.5 ftpusers.5 ftpd.8
MLINKS= ftpusers.5 ftpchroot.5
+SRCS+= pfilter.c
+LDADD+= -lblacklist
+DPADD+= ${LIBBLACKLIST}
+
.if defined(NO_INTERNAL_LS)
CPPFLAGS+=-DNO_INTERNAL_LS
.else
Index: ftpd.c
===================================================================
RCS file: /cvsroot/src/libexec/ftpd/ftpd.c,v
retrieving revision 1.200
diff -u -p -u -r1.200 ftpd.c
--- ftpd.c 31 Jul 2013 19:50:47 -0000 1.200
+++ ftpd.c 23 Jan 2015 22:32:20 -0000
@@ -165,6 +165,8 @@ __RCSID("$NetBSD: ftpd.c,v 1.200 2013/07
#include <security/pam_appl.h>
#endif
+#include "pfilter.h"
+
#define GLOBAL
#include "extern.h"
#include "pathnames.h"
@@ -471,6 +473,8 @@ main(int argc, char *argv[])
if (EMPTYSTR(confdir))
confdir = _DEFAULT_CONFDIR;
+ pfilter_open();
+
if (dowtmp) {
#ifdef SUPPORT_UTMPX
ftpd_initwtmpx();
@@ -1401,6 +1405,7 @@ do_pass(int pass_checked, int pass_rval,
if (rval) {
reply(530, "%s", rval == 2 ? "Password expired." :
"Login incorrect.");
+ pfilter_notify(1, rval == 2 ? "exppass" : "badpass");
if (logging) {
syslog(LOG_NOTICE,
"FTP LOGIN FAILED FROM %s", remoteloghost);
@@ -1444,6 +1449,7 @@ do_pass(int pass_checked, int pass_rval,
*remote_ip = 0;
remote_ip[sizeof(remote_ip) - 1] = 0;
if (!auth_hostok(lc, remotehost, remote_ip)) {
+ pfilter_notify(1, "bannedhost");
syslog(LOG_INFO|LOG_AUTH,
"FTP LOGIN FAILED (HOST) as %s: permission denied.",
pw->pw_name);
Reference in New Issue View Git Blame Copy Permalink