diff options
| author | lidl <lidl@FreeBSD.org> | 2017-02-27 04:08:08 +0000 |
|---|---|---|
| committer | lidl <lidl@FreeBSD.org> | 2017-02-27 04:08:08 +0000 |
| commit | 4b3b5194b8759eb1ba34b20a3ef9d0fb9f6a9d42 (patch) | |
| tree | a1ba083dfacb7842ac760583b9605dd589c0ff31 | |
| parent | 5cdffc8ecb36bea64b489ec38e7b7a1d98499da1 (diff) | |
| download | FreeBSD-src-4b3b5194b8759eb1ba34b20a3ef9d0fb9f6a9d42.zip FreeBSD-src-4b3b5194b8759eb1ba34b20a3ef9d0fb9f6a9d42.tar.gz | |
MFC r314120: Reset failed login count to zero when removing a blocked address
The blacklistd daemon keeps records of failed login attempts for
each address:port that is flagged as a failed login. When a
successful login occurs for that address:port combination,
the record's last update time is set to zero, to indicate no current
failed login attempts.
Reset the failed login count to zero, so that at the next failed
login attempt, the counting will restart properly at zero. Without
this reset to zero, the first failed login after a successful login
will cause the address to be blocked immediately.
When debugging is turned on, output more information about database
state before and after the database updates have occured.
A similar patch has already been upstreamed to NetBSD.
Sponsored by: The FreeBSD Foundation
| -rw-r--r-- | contrib/blacklist/bin/blacklistd.c | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/contrib/blacklist/bin/blacklistd.c b/contrib/blacklist/bin/blacklistd.c index a497f9d..256ae68 100644 --- a/contrib/blacklist/bin/blacklistd.c +++ b/contrib/blacklist/bin/blacklistd.c @@ -207,7 +207,7 @@ process(bl_t bl) if (debug) { char b1[128], b2[128]; - (*lfun)(LOG_DEBUG, "%s: db state info for %s: count=%d/%d " + (*lfun)(LOG_DEBUG, "%s: initial db state for %s: count=%d/%d " "last=%s now=%s", __func__, rbuf, dbi.count, c.c_nfail, fmttime(b1, sizeof(b1), dbi.last), fmttime(b2, sizeof(b2), ts.tv_sec)); @@ -246,15 +246,24 @@ process(bl_t bl) case BL_DELETE: if (dbi.last == 0) goto out; + dbi.count = 0; dbi.last = 0; break; default: (*lfun)(LOG_ERR, "unknown message %d", bi->bi_type); } - if (state_put(state, &c, &dbi) == -1) - goto out; + state_put(state, &c, &dbi); + out: close(bi->bi_fd); + + if (debug) { + char b1[128], b2[128]; + (*lfun)(LOG_DEBUG, "%s: final db state for %s: count=%d/%d " + "last=%s now=%s", __func__, rbuf, dbi.count, c.c_nfail, + fmttime(b1, sizeof(b1), dbi.last), + fmttime(b2, sizeof(b2), ts.tv_sec)); + } } static void @@ -393,7 +402,7 @@ rules_restore(void) int main(int argc, char *argv[]) { - int c, tout, flags, flush, restore; + int c, tout, flags, flush, restore, ret; const char *spath, *blsock; setprogname(argv[0]); @@ -512,7 +521,10 @@ main(int argc, char *argv[]) readconf = 0; conf_parse(configfile); } - switch (poll(pfd, (nfds_t)nfd, tout)) { + ret = poll(pfd, (nfds_t)nfd, tout); + if (debug) + (*lfun)(LOG_DEBUG, "received %d from poll()", ret); + switch (ret) { case -1: if (errno == EINTR) continue; |
