contrib/blacklist/diff/ftpd.diff

   1 --- /dev/null   2015-01-23 17:30:40.000000000 -0500
   2 +++ pfilter.c   2015-01-23 17:12:02.000000000 -0500
   3 @@ -0,0 +1,24 @@
   4 +#include <stdio.h>
   5 +#include <blacklist.h>
   6 +
   7 +#include "pfilter.h"
   8 +
   9 +static struct blacklist *blstate;
  10 +
  11 +void
  12 +pfilter_open(void)
  13 +{
  14 +       if (blstate == NULL)
  15 +               blstate = blacklist_open();
  16 +}
  17 +
  18 +void
  19 +pfilter_notify(int what, const char *msg)
  20 +{
  21 +       pfilter_open();
  22 +
  23 +       if (blstate == NULL)
  24 +               return;
  25 +
  26 +       blacklist_r(blstate, what, 0, msg);
  27 +}
  28 --- /dev/null   2015-01-23 17:30:40.000000000 -0500
  29 +++ pfilter.h   2015-01-23 17:07:25.000000000 -0500
  30 @@ -0,0 +1,2 @@
  31 +void pfilter_open(void);
  32 +void pfilter_notify(int, const char *);
  33 Index: Makefile
  34 ===================================================================
  35 RCS file: /cvsroot/src/libexec/ftpd/Makefile,v
  36 retrieving revision 1.63
  37 diff -u -p -u -r1.63 Makefile
  38 --- Makefile    14 Aug 2011 11:46:28 -0000      1.63
  39 +++ Makefile    23 Jan 2015 22:32:20 -0000
  40 @@ -11,6 +11,10 @@ LDADD+=      -lcrypt -lutil
  41  MAN=   ftpd.conf.5 ftpusers.5 ftpd.8
  42  MLINKS=        ftpusers.5 ftpchroot.5
  43
  44 +SRCS+= pfilter.c
  45 +LDADD+=        -lblacklist
  46 +DPADD+=        ${LIBBLACKLIST}
  47 +
  48  .if defined(NO_INTERNAL_LS)
  49  CPPFLAGS+=-DNO_INTERNAL_LS
  50  .else
  51 Index: ftpd.c
  52 ===================================================================
  53 RCS file: /cvsroot/src/libexec/ftpd/ftpd.c,v
  54 retrieving revision 1.200
  55 diff -u -p -u -r1.200 ftpd.c
  56 --- ftpd.c      31 Jul 2013 19:50:47 -0000      1.200
  57 +++ ftpd.c      23 Jan 2015 22:32:20 -0000
  58 @@ -165,6 +165,8 @@ __RCSID("$NetBSD: ftpd.c,v 1.200 2013/07
  59  #include <security/pam_appl.h>
  60  #endif
  61
  62 +#include "pfilter.h"
  63 +
  64  #define        GLOBAL
  65  #include "extern.h"
  66  #include "pathnames.h"
  67 @@ -471,6 +473,8 @@ main(int argc, char *argv[])
  68         if (EMPTYSTR(confdir))
  69                 confdir = _DEFAULT_CONFDIR;
  70
  71 +       pfilter_open();
  72 +
  73         if (dowtmp) {
  74  #ifdef SUPPORT_UTMPX
  75                 ftpd_initwtmpx();
  76 @@ -1401,6 +1405,7 @@ do_pass(int pass_checked, int pass_rval,
  77                 if (rval) {
  78                         reply(530, "%s", rval == 2 ? "Password expired." :
  79                             "Login incorrect.");
  80 +                       pfilter_notify(1, rval == 2 ? "exppass" : "badpass");
  81                         if (logging) {
  82                                 syslog(LOG_NOTICE,
  83                                     "FTP LOGIN FAILED FROM %s", remoteloghost);
  84 @@ -1444,6 +1449,7 @@ do_pass(int pass_checked, int pass_rval,
  85                                 *remote_ip = 0;
  86                 remote_ip[sizeof(remote_ip) - 1] = 0;
  87                 if (!auth_hostok(lc, remotehost, remote_ip)) {
  88 +                       pfilter_notify(1, "bannedhost");
  89                         syslog(LOG_INFO|LOG_AUTH,
  90                             "FTP LOGIN FAILED (HOST) as %s: permission denied.",
  91                             pw->pw_name);