Index: head/libexec/ftpd/blacklist.c =================================================================== --- head/libexec/ftpd/blacklist.c +++ head/libexec/ftpd/blacklist.c @@ -37,16 +37,20 @@ #include static struct blacklist *blstate; +extern int use_blacklist; void blacklist_init(void) { - blstate = blacklist_open(); + + if (use_blacklist) + blstate = blacklist_open(); } void blacklist_notify(int action, int fd, char *msg) { + if (blstate == NULL) return; (void)blacklist_r(blstate, action, fd, msg); Index: head/libexec/ftpd/blacklist_client.h =================================================================== --- head/libexec/ftpd/blacklist_client.h +++ head/libexec/ftpd/blacklist_client.h @@ -28,5 +28,26 @@ /* $FreeBSD$ */ -void blacklist_notify(int, int, char *); +#ifndef BLACKLIST_CLIENT_H +#define BLACKLIST_CLIENT_H + +enum { + BLACKLIST_AUTH_OK = 0, + BLACKLIST_AUTH_FAIL +}; + +#ifdef USE_BLACKLIST void blacklist_init(void); +void blacklist_notify(int, int, char *); + +#define BLACKLIST_INIT() blacklist_init() +#define BLACKLIST_NOTIFY(x, y, z) blacklist_notify(x, y, z) + +#else + +#define BLACKLIST_INIT() +#define BLACKLIST_NOTIFY(x, y, z) + +#endif + +#endif /* BLACKLIST_CLIENT_H */ Index: head/libexec/ftpd/ftpd.8 =================================================================== --- head/libexec/ftpd/ftpd.8 +++ head/libexec/ftpd/ftpd.8 @@ -36,7 +36,7 @@ .Nd Internet File Transfer Protocol server .Sh SYNOPSIS .Nm -.Op Fl 468ADdEhMmOoRrSUvW +.Op Fl 468ABDdEhMmOoRrSUvW .Op Fl l Op Fl l .Op Fl a Ar address .Op Fl P Ar port @@ -95,6 +95,14 @@ .Fl D is specified, accept connections only on the specified .Ar address . +.It Fl B +With this option set, +.Nm +sends authentication success and failure messages to the +.Xr blacklistd 8 +daemon. If this option is not specified, no communcation with the +.Xr blacklistd 8 +daemon is attempted. .It Fl D With this option set, .Nm Index: head/libexec/ftpd/ftpd.c =================================================================== --- head/libexec/ftpd/ftpd.c +++ head/libexec/ftpd/ftpd.c @@ -144,6 +144,7 @@ int noguestretr = 0; /* RETR command is disabled for anon users. */ int noguestmkd = 0; /* MKD command is disabled for anon users. */ int noguestmod = 1; /* anon users may not modify existing files. */ +int use_blacklist = 0; off_t file_size; off_t byte_count; @@ -305,7 +306,7 @@ openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP); while ((ch = getopt(argc, argv, - "468a:AdDEhlmMoOp:P:rRSt:T:u:UvW")) != -1) { + "468a:ABdDEhlmMoOp:P:rRSt:T:u:UvW")) != -1) { switch (ch) { case '4': family = (family == AF_INET6) ? AF_UNSPEC : AF_INET; @@ -327,6 +328,14 @@ anon_only = 1; break; + case 'B': +#ifdef USE_BLACKLIST + use_blacklist = 1; +#else + syslog(LOG_WARNING, "not compiled with USE_BLACKLIST support"); +#endif + break; + case 'd': ftpdebug++; break; @@ -644,9 +653,7 @@ reply(220, "%s FTP server (%s) ready.", hostname, version); else reply(220, "FTP server ready."); -#ifdef USE_BLACKLIST - blacklist_init(); -#endif + BLACKLIST_INIT(); for (;;) (void) yyparse(); /* NOTREACHED */ @@ -1422,9 +1429,7 @@ */ if (rval) { reply(530, "Login incorrect."); -#ifdef USE_BLACKLIST - blacklist_notify(1, STDIN_FILENO, "Login incorrect"); -#endif + BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, STDIN_FILENO, "Login incorrect"); if (logging) { syslog(LOG_NOTICE, "FTP LOGIN FAILED FROM %s", @@ -1441,12 +1446,9 @@ exit(0); } return; + } else { + BLACKLIST_NOTIFY(BLACKLIST_AUTH_OK, STDIN_FILENO, "Login successful"); } -#ifdef USE_BLACKLIST - else { - blacklist_notify(0, STDIN_FILENO, "Login successful"); - } -#endif } login_attempts = 0; /* this time successful */ if (setegid(pw->pw_gid) < 0) {