xref: /freebsd/contrib/blocklist/diff/ftpd.diff (revision 9c8bf69a53f628b62fb196182ea55fb34c1c19e1)
1--- /dev/null	2015-01-23 17:30:40.000000000 -0500
2+++ pfilter.c	2015-01-23 17:12:02.000000000 -0500
3@@ -0,0 +1,24 @@
4+#include <stdio.h>
5+#include <blacklist.h>
6+
7+#include "pfilter.h"
8+
9+static struct blacklist *blstate;
10+
11+void
12+pfilter_open(void)
13+{
14+	if (blstate == NULL)
15+		blstate = blacklist_open();
16+}
17+
18+void
19+pfilter_notify(int what, const char *msg)
20+{
21+	pfilter_open();
22+
23+	if (blstate == NULL)
24+		return;
25+
26+	blacklist_r(blstate, what, 0, msg);
27+}
28--- /dev/null	2015-01-23 17:30:40.000000000 -0500
29+++ pfilter.h	2015-01-23 17:07:25.000000000 -0500
30@@ -0,0 +1,2 @@
31+void pfilter_open(void);
32+void pfilter_notify(int, const char *);
33Index: Makefile
34===================================================================
35RCS file: /cvsroot/src/libexec/ftpd/Makefile,v
36retrieving revision 1.63
37diff -u -p -u -r1.63 Makefile
38--- Makefile	14 Aug 2011 11:46:28 -0000	1.63
39+++ Makefile	23 Jan 2015 22:32:20 -0000
40@@ -11,6 +11,10 @@ LDADD+=	-lcrypt -lutil
41 MAN=	ftpd.conf.5 ftpusers.5 ftpd.8
42 MLINKS=	ftpusers.5 ftpchroot.5
43
44+SRCS+=	pfilter.c
45+LDADD+=	-lblacklist
46+DPADD+=	${LIBBLACKLIST}
47+
48 .if defined(NO_INTERNAL_LS)
49 CPPFLAGS+=-DNO_INTERNAL_LS
50 .else
51Index: ftpd.c
52===================================================================
53RCS file: /cvsroot/src/libexec/ftpd/ftpd.c,v
54retrieving revision 1.200
55diff -u -p -u -r1.200 ftpd.c
56--- ftpd.c	31 Jul 2013 19:50:47 -0000	1.200
57+++ ftpd.c	23 Jan 2015 22:32:20 -0000
58@@ -165,6 +165,8 @@ __RCSID("$NetBSD: ftpd.c,v 1.200 2013/07
59 #include <security/pam_appl.h>
60 #endif
61
62+#include "pfilter.h"
63+
64 #define	GLOBAL
65 #include "extern.h"
66 #include "pathnames.h"
67@@ -471,6 +473,8 @@ main(int argc, char *argv[])
68 	if (EMPTYSTR(confdir))
69 		confdir = _DEFAULT_CONFDIR;
70
71+	pfilter_open();
72+
73 	if (dowtmp) {
74 #ifdef SUPPORT_UTMPX
75 		ftpd_initwtmpx();
76@@ -1401,6 +1405,7 @@ do_pass(int pass_checked, int pass_rval,
77 		if (rval) {
78 			reply(530, "%s", rval == 2 ? "Password expired." :
79 			    "Login incorrect.");
80+			pfilter_notify(1, rval == 2 ? "exppass" : "badpass");
81 			if (logging) {
82 				syslog(LOG_NOTICE,
83 				    "FTP LOGIN FAILED FROM %s", remoteloghost);
84@@ -1444,6 +1449,7 @@ do_pass(int pass_checked, int pass_rval,
85 				*remote_ip = 0;
86 		remote_ip[sizeof(remote_ip) - 1] = 0;
87 		if (!auth_hostok(lc, remotehost, remote_ip)) {
88+			pfilter_notify(1, "bannedhost");
89 			syslog(LOG_INFO|LOG_AUTH,
90 			    "FTP LOGIN FAILED (HOST) as %s: permission denied.",
91 			    pw->pw_name);
92