xref: /freebsd/contrib/blocklist/diff/proftpd.diff (revision aa1a8ff2d6dbc51ef058f46f3db5a8bb77967145) 
1--- Make.rules.in.orig	2015-05-27 20:25:54.000000000 -0400
2+++ Make.rules.in	2016-01-25 21:48:47.000000000 -0500
3@@ -110,3 +110,8 @@
4
5 FTPWHO_OBJS=ftpwho.o scoreboard.o misc.o
6 BUILD_FTPWHO_OBJS=utils/ftpwho.o utils/scoreboard.o utils/misc.o
7+
8+CPPFLAGS+=-DHAVE_BLACKLIST
9+LIBS+=-lblacklist
10+OBJS+= pfilter.o
11+BUILD_OBJS+= src/pfilter.o
12--- /dev/null	2016-01-22 17:30:55.000000000 -0500
13+++ include/pfilter.h	2016-01-22 16:18:33.000000000 -0500
14@@ -0,0 +1,3 @@
15+
16+void pfilter_notify(int);
17+void pfilter_init(void);
18--- modules/mod_auth.c.orig	2015-05-27 20:25:54.000000000 -0400
19+++ modules/mod_auth.c	2016-01-22 16:21:06.000000000 -0500
20@@ -30,6 +30,7 @@
21
22 #include "conf.h"
23 #include "privs.h"
24+#include "pfilter.h"
25
26 extern pid_t mpid;
27
28@@ -84,6 +85,8 @@
29     _("Login timeout (%d %s): closing control connection"), TimeoutLogin,
30     TimeoutLogin != 1 ? "seconds" : "second");
31
32+  pfilter_notify(1);
33+
34   /* It's possible that any listeners of this event might terminate the
35    * session process themselves (e.g. mod_ban).  So write out that the
36    * TimeoutLogin has been exceeded to the log here, in addition to the
37@@ -913,6 +916,7 @@
38         pr_memscrub(pass, strlen(pass));
39       }
40
41+      pfilter_notify(1);
42       pr_log_auth(PR_LOG_NOTICE, "SECURITY VIOLATION: Root login attempted");
43       return 0;
44     }
45@@ -1726,6 +1730,7 @@
46   return 1;
47
48 auth_failure:
49+  pfilter_notify(1);
50   if (pass)
51     pr_memscrub(pass, strlen(pass));
52   session.user = session.group = NULL;
53--- src/main.c.orig	2016-01-22 17:36:43.000000000 -0500
54+++ src/main.c	2016-01-22 17:37:58.000000000 -0500
55@@ -49,6 +49,7 @@
56 #endif
57
58 #include "privs.h"
59+#include "pfilter.h"
60
61 int (*cmd_auth_chk)(cmd_rec *);
62 void (*cmd_handler)(server_rec *, conn_t *);
63@@ -1050,6 +1051,7 @@
64   pid_t pid;
65   sigset_t sig_set;
66
67+  pfilter_init();
68   if (!nofork) {
69
70     /* A race condition exists on heavily loaded servers where the parent
71@@ -1169,7 +1171,8 @@
72
73   /* Reseed pseudo-randoms */
74   srand((unsigned int) (time(NULL) * getpid()));
75-
76+#else
77+  pfilter_init();
78 #endif /* PR_DEVEL_NO_FORK */
79
80   /* Child is running here */
81--- /dev/null	2016-01-22 17:30:55.000000000 -0500
82+++ src/pfilter.c	2016-01-22 16:37:55.000000000 -0500
83@@ -0,0 +1,41 @@
84+#include "pfilter.h"
85+#include "conf.h"
86+#include "privs.h"
87+#ifdef HAVE_BLACKLIST
88+#include <blacklist.h>
89+#endif
90+
91+static struct blacklist *blstate;
92+
93+void
94+pfilter_init(void)
95+{
96+#ifdef HAVE_BLACKLIST
97+	if (blstate == NULL)
98+		blstate = blacklist_open();
99+#endif
100+}
101+
102+void
103+pfilter_notify(int a)
104+{
105+#ifdef HAVE_BLACKLIST
106+	conn_t *c = session.c;
107+	int fd;
108+
109+	if (c == NULL)
110+		return;
111+	if (c->rfd != -1)
112+		fd = c->rfd;
113+	else if (c->wfd != -1)
114+		fd = c->wfd;
115+	else
116+		return;
117+
118+	if (blstate == NULL)
119+		pfilter_init();
120+	if (blstate == NULL)
121+		return;
122+	(void)blacklist_r(blstate, a, fd, "proftpd");
123+#endif
124+}
125