Date: Fri, 3 Jun 2016 06:24:03 +0000 (UTC) From: Kurt Lidl <lidl@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r301241 - head/libexec/ftpd Message-ID: <201606030624.u536O3SS068421@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: lidl Date: Fri Jun 3 06:24:03 2016 New Revision: 301241 URL: https://svnweb.freebsd.org/changeset/base/301241 Log: Add blacklist support to ftpd Reviewed by: rpaulo Approved by: rpaulo Relnotes: YES Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D6703 Added: head/libexec/ftpd/blacklist.c (contents, props changed) head/libexec/ftpd/blacklist_client.h (contents, props changed) Modified: head/libexec/ftpd/Makefile head/libexec/ftpd/ftpd.c Modified: head/libexec/ftpd/Makefile ============================================================================== --- head/libexec/ftpd/Makefile Fri Jun 3 06:15:52 2016 (r301240) +++ head/libexec/ftpd/Makefile Fri Jun 3 06:24:03 2016 (r301241) @@ -24,6 +24,13 @@ SRCS+= ls.c cmp.c print.c util.c CFLAGS+=-Dmain=ls_main -I${.CURDIR}/${LSDIR} LIBADD+= m +.if ${MK_BLACKLIST_SUPPORT} != "no" +CFLAGS+= -DUSE_BLACKLIST -I${SRCTOP}/contrib/blacklist/include +SRCS+= blacklist.c +LIBADD+= blacklist +LDFLAGS+=-L${LIBBLACKLISTDIR} +.endif + .if ${MK_INET6_SUPPORT} != "no" CFLAGS+=-DINET6 .endif Added: head/libexec/ftpd/blacklist.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/libexec/ftpd/blacklist.c Fri Jun 3 06:24:03 2016 (r301241) @@ -0,0 +1,55 @@ +/*- + * Copyright (c) 2016 The FreeBSD Foundation + * All rights reserved. + * + * This software was developed by Kurt Lidl under sponsorship from the + * FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ + +/* $FreeBSD$ */ + +#include <ctype.h> +#include <stdarg.h> +#include <stdlib.h> +#include <unistd.h> + +#include "blacklist_client.h" +#include <blacklist.h> + +static struct blacklist *blstate; + +void +blacklist_init(void) +{ + blstate = blacklist_open(); +} + +void +blacklist_notify(int action, int fd, char *msg) +{ + if (blstate == NULL) + blacklist_init(); + if (blstate == NULL) + return; + (void)blacklist_r(blstate, action, fd, msg); +} Added: head/libexec/ftpd/blacklist_client.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/libexec/ftpd/blacklist_client.h Fri Jun 3 06:24:03 2016 (r301241) @@ -0,0 +1,32 @@ +/*- + * Copyright (c) 2016 The FreeBSD Foundation + * All rights reserved. + * + * This software was developed by Kurt Lidl under sponsorship from the + * FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ + +/* $FreeBSD$ */ + +void blacklist_notify(int, int, char *); +void blacklist_init(void); Modified: head/libexec/ftpd/ftpd.c ============================================================================== --- head/libexec/ftpd/ftpd.c Fri Jun 3 06:15:52 2016 (r301240) +++ head/libexec/ftpd/ftpd.c Fri Jun 3 06:24:03 2016 (r301241) @@ -93,6 +93,10 @@ __FBSDID("$FreeBSD$"); #include <security/pam_appl.h> #endif +#ifdef USE_BLACKLIST +#include "blacklist_client.h" +#endif + #include "pathnames.h" #include "extern.h" @@ -640,6 +644,9 @@ gotchild: reply(220, "%s FTP server (%s) ready.", hostname, version); else reply(220, "FTP server ready."); +#ifdef USE_BLACKLIST + blacklist_init(); +#endif for (;;) (void) yyparse(); /* NOTREACHED */ @@ -1415,6 +1422,9 @@ skip: */ if (rval) { reply(530, "Login incorrect."); +#ifdef USE_BLACKLIST + blacklist_notify(1, 0, "Login incorrect"); +#endif if (logging) { syslog(LOG_NOTICE, "FTP LOGIN FAILED FROM %s", @@ -1432,6 +1442,11 @@ skip: } return; } +#ifdef USE_BLACKLIST + else { + blacklist_notify(0, 0, "Login successful"); + } +#endif } login_attempts = 0; /* this time successful */ if (setegid(pw->pw_gid) < 0) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201606030624.u536O3SS068421>