xref: /freebsd/crypto/openssh/blacklist.c (revision 43a5ec4eb41567cc92586503212743d89686d78f)
1 /*-
2  * Copyright (c) 2015 The NetBSD Foundation, Inc.
3  * Copyright (c) 2016 The FreeBSD Foundation, Inc.
4  * All rights reserved.
5  *
6  * Portions of this software were developed by Kurt Lidl
7  * under sponsorship from the FreeBSD Foundation.
8  *
9  * This code is derived from software contributed to The NetBSD Foundation
10  * by Christos Zoulas.
11  *
12  * Redistribution and use in source and binary forms, with or without
13  * modification, are permitted provided that the following conditions
14  * are met:
15  * 1. Redistributions of source code must retain the above copyright
16  *    notice, this list of conditions and the following disclaimer.
17  * 2. Redistributions in binary form must reproduce the above copyright
18  *    notice, this list of conditions and the following disclaimer in the
19  *    documentation and/or other materials provided with the distribution.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
22  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
23  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
25  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31  * POSSIBILITY OF SUCH DAMAGE.
32  */
33 
34 #include "includes.h"
35 
36 #include <ctype.h>
37 #include <stdarg.h>
38 #include <stdbool.h>
39 #include <stdio.h>
40 #include <stdlib.h>
41 #include <syslog.h>
42 #include <unistd.h>
43 
44 #include "ssh.h"
45 #include "packet.h"
46 #include "log.h"
47 #include "misc.h"
48 #include "servconf.h"
49 #include <blacklist.h>
50 #include "blacklist_client.h"
51 
52 static struct blacklist *blstate = NULL;
53 
54 /* import */
55 extern ServerOptions options;
56 
57 /* internal definition from bl.h */
58 struct blacklist *bl_create(bool, char *, void (*)(int, const char *, va_list));
59 
60 /* impedence match vsyslog() to sshd's internal logging levels */
61 void
62 im_log(int priority, const char *message, va_list args)
63 {
64 	LogLevel imlevel;
65 
66 	switch (priority) {
67 	case LOG_ERR:
68 		imlevel = SYSLOG_LEVEL_ERROR;
69 		break;
70 	case LOG_DEBUG:
71 		imlevel = SYSLOG_LEVEL_DEBUG1;
72 		break;
73 	case LOG_INFO:
74 		imlevel = SYSLOG_LEVEL_INFO;
75 		break;
76 	default:
77 		imlevel = SYSLOG_LEVEL_DEBUG2;
78 	}
79 	do_log2(imlevel, message, args);
80 }
81 
82 void
83 blacklist_init(void)
84 {
85 
86 	if (options.use_blacklist)
87 		blstate = bl_create(false, NULL, im_log);
88 }
89 
90 void
91 blacklist_notify(struct ssh *ssh, int action, const char *msg)
92 {
93 
94 	if (blstate != NULL && ssh_packet_connection_is_on_socket(ssh))
95 		(void)blacklist_r(blstate, action,
96 		ssh_packet_get_connection_in(ssh), msg);
97 }
98