From owner-svn-src-all@freebsd.org Fri Jun 3 06:24:04 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 935CEB6808F; Fri, 3 Jun 2016 06:24:04 +0000 (UTC) (envelope-from lidl@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6EAC71234; Fri, 3 Jun 2016 06:24:04 +0000 (UTC) (envelope-from lidl@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u536O3jJ068425; Fri, 3 Jun 2016 06:24:03 GMT (envelope-from lidl@FreeBSD.org) Received: (from lidl@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u536O3SS068421; Fri, 3 Jun 2016 06:24:03 GMT (envelope-from lidl@FreeBSD.org) Message-Id: <201606030624.u536O3SS068421@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: lidl set sender to lidl@FreeBSD.org using -f From: Kurt Lidl Date: Fri, 3 Jun 2016 06:24:03 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r301241 - head/libexec/ftpd X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Jun 2016 06:24:04 -0000 Author: lidl Date: Fri Jun 3 06:24:03 2016 New Revision: 301241 URL: https://svnweb.freebsd.org/changeset/base/301241 Log: Add blacklist support to ftpd Reviewed by: rpaulo Approved by: rpaulo Relnotes: YES Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D6703 Added: head/libexec/ftpd/blacklist.c (contents, props changed) head/libexec/ftpd/blacklist_client.h (contents, props changed) Modified: head/libexec/ftpd/Makefile head/libexec/ftpd/ftpd.c Modified: head/libexec/ftpd/Makefile ============================================================================== --- head/libexec/ftpd/Makefile Fri Jun 3 06:15:52 2016 (r301240) +++ head/libexec/ftpd/Makefile Fri Jun 3 06:24:03 2016 (r301241) @@ -24,6 +24,13 @@ SRCS+= ls.c cmp.c print.c util.c CFLAGS+=-Dmain=ls_main -I${.CURDIR}/${LSDIR} LIBADD+= m +.if ${MK_BLACKLIST_SUPPORT} != "no" +CFLAGS+= -DUSE_BLACKLIST -I${SRCTOP}/contrib/blacklist/include +SRCS+= blacklist.c +LIBADD+= blacklist +LDFLAGS+=-L${LIBBLACKLISTDIR} +.endif + .if ${MK_INET6_SUPPORT} != "no" CFLAGS+=-DINET6 .endif Added: head/libexec/ftpd/blacklist.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/libexec/ftpd/blacklist.c Fri Jun 3 06:24:03 2016 (r301241) @@ -0,0 +1,55 @@ +/*- + * Copyright (c) 2016 The FreeBSD Foundation + * All rights reserved. + * + * This software was developed by Kurt Lidl under sponsorship from the + * FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ + +/* $FreeBSD$ */ + +#include +#include +#include +#include + +#include "blacklist_client.h" +#include + +static struct blacklist *blstate; + +void +blacklist_init(void) +{ + blstate = blacklist_open(); +} + +void +blacklist_notify(int action, int fd, char *msg) +{ + if (blstate == NULL) + blacklist_init(); + if (blstate == NULL) + return; + (void)blacklist_r(blstate, action, fd, msg); +} Added: head/libexec/ftpd/blacklist_client.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/libexec/ftpd/blacklist_client.h Fri Jun 3 06:24:03 2016 (r301241) @@ -0,0 +1,32 @@ +/*- + * Copyright (c) 2016 The FreeBSD Foundation + * All rights reserved. + * + * This software was developed by Kurt Lidl under sponsorship from the + * FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ + +/* $FreeBSD$ */ + +void blacklist_notify(int, int, char *); +void blacklist_init(void); Modified: head/libexec/ftpd/ftpd.c ============================================================================== --- head/libexec/ftpd/ftpd.c Fri Jun 3 06:15:52 2016 (r301240) +++ head/libexec/ftpd/ftpd.c Fri Jun 3 06:24:03 2016 (r301241) @@ -93,6 +93,10 @@ __FBSDID("$FreeBSD$"); #include #endif +#ifdef USE_BLACKLIST +#include "blacklist_client.h" +#endif + #include "pathnames.h" #include "extern.h" @@ -640,6 +644,9 @@ gotchild: reply(220, "%s FTP server (%s) ready.", hostname, version); else reply(220, "FTP server ready."); +#ifdef USE_BLACKLIST + blacklist_init(); +#endif for (;;) (void) yyparse(); /* NOTREACHED */ @@ -1415,6 +1422,9 @@ skip: */ if (rval) { reply(530, "Login incorrect."); +#ifdef USE_BLACKLIST + blacklist_notify(1, 0, "Login incorrect"); +#endif if (logging) { syslog(LOG_NOTICE, "FTP LOGIN FAILED FROM %s", @@ -1432,6 +1442,11 @@ skip: } return; } +#ifdef USE_BLACKLIST + else { + blacklist_notify(0, 0, "Login successful"); + } +#endif } login_attempts = 0; /* this time successful */ if (setegid(pw->pw_gid) < 0) {