Module Name: src
Committed By: christos
Date: Sun Jan 25 15:53:49 UTC 2015
Modified Files:
src/libexec/ftpd: Makefile ftpd.c
Added Files:
src/libexec/ftpd: pfilter.c pfilter.h
Log Message:
blacklist hooks
To generate a diff of this commit:
cvs rdiff -u -r1.63 -r1.64 src/libexec/ftpd/Makefile
cvs rdiff -u -r1.200 -r1.201 src/libexec/ftpd/ftpd.c
cvs rdiff -u -r0 -r1.1 src/libexec/ftpd/pfilter.c src/libexec/ftpd/pfilter.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/libexec/ftpd/Makefile
diff -u src/libexec/ftpd/Makefile:1.63 src/libexec/ftpd/Makefile:1.64
--- src/libexec/ftpd/Makefile:1.63 Sun Aug 14 07:46:28 2011
+++ src/libexec/ftpd/Makefile Sun Jan 25 10:53:49 2015
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.63 2011/08/14 11:46:28 christos Exp $
+# $NetBSD: Makefile,v 1.64 2015/01/25 15:53:49 christos Exp $
# @(#)Makefile 8.2 (Berkeley) 4/4/94
.include <bsd.own.mk>
@@ -11,6 +11,10 @@ LDADD+= -lcrypt -lutil
MAN= ftpd.conf.5 ftpusers.5 ftpd.8
MLINKS= ftpusers.5 ftpchroot.5
+SRCS+= pfilter.c
+LDADD+= -lblacklist
+DPADD+= ${LIBBLACKLIST}
+
.if defined(NO_INTERNAL_LS)
CPPFLAGS+=-DNO_INTERNAL_LS
.else
Index: src/libexec/ftpd/ftpd.c
diff -u src/libexec/ftpd/ftpd.c:1.200 src/libexec/ftpd/ftpd.c:1.201
--- src/libexec/ftpd/ftpd.c:1.200 Wed Jul 31 15:50:47 2013
+++ src/libexec/ftpd/ftpd.c Sun Jan 25 10:53:49 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: ftpd.c,v 1.200 2013/07/31 19:50:47 christos Exp $ */
+/* $NetBSD: ftpd.c,v 1.201 2015/01/25 15:53:49 christos Exp $ */
/*
* Copyright (c) 1997-2009 The NetBSD Foundation, Inc.
@@ -97,7 +97,7 @@ __COPYRIGHT("@(#) Copyright (c) 1985, 19
#if 0
static char sccsid[] = "@(#)ftpd.c 8.5 (Berkeley) 4/28/95";
#else
-__RCSID("$NetBSD: ftpd.c,v 1.200 2013/07/31 19:50:47 christos Exp $");
+__RCSID("$NetBSD: ftpd.c,v 1.201 2015/01/25 15:53:49 christos Exp $");
#endif
#endif /* not lint */
@@ -165,6 +165,8 @@ __RCSID("$NetBSD: ftpd.c,v 1.200 2013/07
#include <security/pam_appl.h>
#endif
+#include "pfilter.h"
+
#define GLOBAL
#include "extern.h"
#include "pathnames.h"
@@ -471,6 +473,8 @@ main(int argc, char *argv[])
if (EMPTYSTR(confdir))
confdir = _DEFAULT_CONFDIR;
+ pfilter_open();
+
if (dowtmp) {
#ifdef SUPPORT_UTMPX
ftpd_initwtmpx();
@@ -1401,6 +1405,7 @@ do_pass(int pass_checked, int pass_rval,
if (rval) {
reply(530, "%s", rval == 2 ? "Password expired." :
"Login incorrect.");
+ pfilter_notify(1, rval == 2 ? "exppass" : "badpass");
if (logging) {
syslog(LOG_NOTICE,
"FTP LOGIN FAILED FROM %s", remoteloghost);
@@ -1444,6 +1449,7 @@ do_pass(int pass_checked, int pass_rval,
*remote_ip = 0;
remote_ip[sizeof(remote_ip) - 1] = 0;
if (!auth_hostok(lc, remotehost, remote_ip)) {
+ pfilter_notify(1, "bannedhost");
syslog(LOG_INFO|LOG_AUTH,
"FTP LOGIN FAILED (HOST) as %s: permission denied.",
pw->pw_name);
Added files:
Index: src/libexec/ftpd/pfilter.c
diff -u /dev/null src/libexec/ftpd/pfilter.c:1.1
--- /dev/null Sun Jan 25 10:53:49 2015
+++ src/libexec/ftpd/pfilter.c Sun Jan 25 10:53:49 2015
@@ -0,0 +1,24 @@
+#include <stdio.h>
+#include <blacklist.h>
+
+#include "pfilter.h"
+
+static struct blacklist *blstate;
+
+void
+pfilter_open(void)
+{
+ if (blstate == NULL)
+ blstate = blacklist_open();
+}
+
+void
+pfilter_notify(int what, const char *msg)
+{
+ pfilter_open();
+
+ if (blstate == NULL)
+ return;
+
+ blacklist_r(blstate, what, 0, msg);
+}
Index: src/libexec/ftpd/pfilter.h
diff -u /dev/null src/libexec/ftpd/pfilter.h:1.1
--- /dev/null Sun Jan 25 10:53:49 2015
+++ src/libexec/ftpd/pfilter.h Sun Jan 25 10:53:49 2015
@@ -0,0 +1,2 @@
+void pfilter_open(void);
+void pfilter_notify(int, const char *);
