Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 27 Feb 2017 04:08:08 +0000 (UTC)
From:      Kurt Lidl <lidl@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r314325 - stable/11/contrib/blacklist/bin
Message-ID:  <201702270408.v1R488So066628@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: lidl
Date: Mon Feb 27 04:08:08 2017
New Revision: 314325
URL: https://svnweb.freebsd.org/changeset/base/314325

Log:
  MFC r314120: Reset failed login count to zero when removing a blocked address
  
  The blacklistd daemon keeps records of failed login attempts for
  each address:port that is flagged as a failed login.  When a
  successful login occurs for that address:port combination,
  the record's last update time is set to zero, to indicate no current
  failed login attempts.
  
  Reset the failed login count to zero, so that at the next failed
  login attempt, the counting will restart properly at zero.  Without
  this reset to zero, the first failed login after a successful login
  will cause the address to be blocked immediately.
  
  When debugging is turned on, output more information about database
  state before and after the database updates have occured.
  
  A similar patch has already been upstreamed to NetBSD.
  
  Sponsored by:	The FreeBSD Foundation

Modified:
  stable/11/contrib/blacklist/bin/blacklistd.c

Modified: stable/11/contrib/blacklist/bin/blacklistd.c
==============================================================================
--- stable/11/contrib/blacklist/bin/blacklistd.c	Mon Feb 27 04:05:34 2017	(r314324)
+++ stable/11/contrib/blacklist/bin/blacklistd.c	Mon Feb 27 04:08:08 2017	(r314325)
@@ -207,7 +207,7 @@ process(bl_t bl)
 
 	if (debug) {
 		char b1[128], b2[128];
-		(*lfun)(LOG_DEBUG, "%s: db state info for %s: count=%d/%d "
+		(*lfun)(LOG_DEBUG, "%s: initial db state for %s: count=%d/%d "
 		    "last=%s now=%s", __func__, rbuf, dbi.count, c.c_nfail,
 		    fmttime(b1, sizeof(b1), dbi.last),
 		    fmttime(b2, sizeof(b2), ts.tv_sec));
@@ -246,15 +246,24 @@ process(bl_t bl)
 	case BL_DELETE:
 		if (dbi.last == 0)
 			goto out;
+		dbi.count = 0;
 		dbi.last = 0;
 		break;
 	default:
 		(*lfun)(LOG_ERR, "unknown message %d", bi->bi_type); 
 	}
-	if (state_put(state, &c, &dbi) == -1)
-		goto out;
+	state_put(state, &c, &dbi);
+
 out:
 	close(bi->bi_fd);
+
+	if (debug) {
+		char b1[128], b2[128];
+		(*lfun)(LOG_DEBUG, "%s: final db state for %s: count=%d/%d "
+		    "last=%s now=%s", __func__, rbuf, dbi.count, c.c_nfail,
+		    fmttime(b1, sizeof(b1), dbi.last),
+		    fmttime(b2, sizeof(b2), ts.tv_sec));
+	}
 }
 
 static void
@@ -393,7 +402,7 @@ rules_restore(void)
 int
 main(int argc, char *argv[])
 {
-	int c, tout, flags, flush, restore;
+	int c, tout, flags, flush, restore, ret;
 	const char *spath, *blsock;
 
 	setprogname(argv[0]);
@@ -512,7 +521,10 @@ main(int argc, char *argv[])
 			readconf = 0;
 			conf_parse(configfile);
 		}
-		switch (poll(pfd, (nfds_t)nfd, tout)) {
+		ret = poll(pfd, (nfds_t)nfd, tout);
+		if (debug)
+			(*lfun)(LOG_DEBUG, "received %d from poll()", ret);
+		switch (ret) {
 		case -1:
 			if (errno == EINTR)
 				continue;



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201702270408.v1R488So066628>