diff options
author | lidl <lidl@FreeBSD.org> | 2016-06-03 06:24:03 +0000 |
---|---|---|
committer | lidl <lidl@FreeBSD.org> | 2016-06-03 06:24:03 +0000 |
commit | a9d9ad7238cfeb2e22d3703a810d2234d89b8f5d (patch) | |
tree | 1d80b4ac217aca53b73b60f237e1783d66713c2c | |
parent | 3e8c74ab95def63672e94643235039e671803854 (diff) | |
download | FreeBSD-src-a9d9ad7238cfeb2e22d3703a810d2234d89b8f5d.zip FreeBSD-src-a9d9ad7238cfeb2e22d3703a810d2234d89b8f5d.tar.gz |
Add blacklist support to ftpd
Reviewed by: rpaulo
Approved by: rpaulo
Relnotes: YES
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D6703
-rw-r--r-- | libexec/ftpd/Makefile | 7 | ||||
-rw-r--r-- | libexec/ftpd/blacklist.c | 55 | ||||
-rw-r--r-- | libexec/ftpd/blacklist_client.h | 32 | ||||
-rw-r--r-- | libexec/ftpd/ftpd.c | 15 |
4 files changed, 109 insertions, 0 deletions
diff --git a/libexec/ftpd/Makefile b/libexec/ftpd/Makefile index b67979e..b945e55 100644 --- a/libexec/ftpd/Makefile +++ b/libexec/ftpd/Makefile @@ -24,6 +24,13 @@ SRCS+= ls.c cmp.c print.c util.c CFLAGS+=-Dmain=ls_main -I${.CURDIR}/${LSDIR} LIBADD+= m +.if ${MK_BLACKLIST_SUPPORT} != "no" +CFLAGS+= -DUSE_BLACKLIST -I${SRCTOP}/contrib/blacklist/include +SRCS+= blacklist.c +LIBADD+= blacklist +LDFLAGS+=-L${LIBBLACKLISTDIR} +.endif + .if ${MK_INET6_SUPPORT} != "no" CFLAGS+=-DINET6 .endif diff --git a/libexec/ftpd/blacklist.c b/libexec/ftpd/blacklist.c new file mode 100644 index 0000000..e56fc65 --- /dev/null +++ b/libexec/ftpd/blacklist.c @@ -0,0 +1,55 @@ +/*- + * Copyright (c) 2016 The FreeBSD Foundation + * All rights reserved. + * + * This software was developed by Kurt Lidl under sponsorship from the + * FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ + +/* $FreeBSD$ */ + +#include <ctype.h> +#include <stdarg.h> +#include <stdlib.h> +#include <unistd.h> + +#include "blacklist_client.h" +#include <blacklist.h> + +static struct blacklist *blstate; + +void +blacklist_init(void) +{ + blstate = blacklist_open(); +} + +void +blacklist_notify(int action, int fd, char *msg) +{ + if (blstate == NULL) + blacklist_init(); + if (blstate == NULL) + return; + (void)blacklist_r(blstate, action, fd, msg); +} diff --git a/libexec/ftpd/blacklist_client.h b/libexec/ftpd/blacklist_client.h new file mode 100644 index 0000000..596b2bc --- /dev/null +++ b/libexec/ftpd/blacklist_client.h @@ -0,0 +1,32 @@ +/*- + * Copyright (c) 2016 The FreeBSD Foundation + * All rights reserved. + * + * This software was developed by Kurt Lidl under sponsorship from the + * FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ + +/* $FreeBSD$ */ + +void blacklist_notify(int, int, char *); +void blacklist_init(void); diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c index 521e152..5ce1d3a 100644 --- a/libexec/ftpd/ftpd.c +++ b/libexec/ftpd/ftpd.c @@ -93,6 +93,10 @@ __FBSDID("$FreeBSD$"); #include <security/pam_appl.h> #endif +#ifdef USE_BLACKLIST +#include "blacklist_client.h" +#endif + #include "pathnames.h" #include "extern.h" @@ -640,6 +644,9 @@ gotchild: reply(220, "%s FTP server (%s) ready.", hostname, version); else reply(220, "FTP server ready."); +#ifdef USE_BLACKLIST + blacklist_init(); +#endif for (;;) (void) yyparse(); /* NOTREACHED */ @@ -1415,6 +1422,9 @@ skip: */ if (rval) { reply(530, "Login incorrect."); +#ifdef USE_BLACKLIST + blacklist_notify(1, 0, "Login incorrect"); +#endif if (logging) { syslog(LOG_NOTICE, "FTP LOGIN FAILED FROM %s", @@ -1432,6 +1442,11 @@ skip: } return; } +#ifdef USE_BLACKLIST + else { + blacklist_notify(0, 0, "Login successful"); + } +#endif } login_attempts = 0; /* this time successful */ if (setegid(pw->pw_gid) < 0) { |