Changeset View
Changeset View
Standalone View
Standalone View
contrib/blacklist/diff/proftpd.diff
- This file was added.
--- Make.rules.in.orig 2015-05-27 20:25:54.000000000 -0400 | |||||
+++ Make.rules.in 2016-01-25 21:48:47.000000000 -0500 | |||||
@@ -110,3 +110,8 @@ | |||||
FTPWHO_OBJS=ftpwho.o scoreboard.o misc.o | |||||
BUILD_FTPWHO_OBJS=utils/ftpwho.o utils/scoreboard.o utils/misc.o | |||||
+ | |||||
+CPPFLAGS+=-DHAVE_BLACKLIST | |||||
+LIBS+=-lblacklist | |||||
+OBJS+= pfilter.o | |||||
+BUILD_OBJS+= src/pfilter.o | |||||
--- /dev/null 2016-01-22 17:30:55.000000000 -0500 | |||||
+++ include/pfilter.h 2016-01-22 16:18:33.000000000 -0500 | |||||
@@ -0,0 +1,3 @@ | |||||
+ | |||||
+void pfilter_notify(int); | |||||
+void pfilter_init(void); | |||||
--- modules/mod_auth.c.orig 2015-05-27 20:25:54.000000000 -0400 | |||||
+++ modules/mod_auth.c 2016-01-22 16:21:06.000000000 -0500 | |||||
@@ -30,6 +30,7 @@ | |||||
#include "conf.h" | |||||
#include "privs.h" | |||||
+#include "pfilter.h" | |||||
extern pid_t mpid; | |||||
@@ -84,6 +85,8 @@ | |||||
_("Login timeout (%d %s): closing control connection"), TimeoutLogin, | |||||
TimeoutLogin != 1 ? "seconds" : "second"); | |||||
+ pfilter_notify(1); | |||||
+ | |||||
/* It's possible that any listeners of this event might terminate the | |||||
* session process themselves (e.g. mod_ban). So write out that the | |||||
* TimeoutLogin has been exceeded to the log here, in addition to the | |||||
@@ -913,6 +916,7 @@ | |||||
pr_memscrub(pass, strlen(pass)); | |||||
} | |||||
+ pfilter_notify(1); | |||||
pr_log_auth(PR_LOG_NOTICE, "SECURITY VIOLATION: Root login attempted"); | |||||
return 0; | |||||
} | |||||
@@ -1726,6 +1730,7 @@ | |||||
return 1; | |||||
auth_failure: | |||||
+ pfilter_notify(1); | |||||
if (pass) | |||||
pr_memscrub(pass, strlen(pass)); | |||||
session.user = session.group = NULL; | |||||
--- src/main.c.orig 2016-01-22 17:36:43.000000000 -0500 | |||||
+++ src/main.c 2016-01-22 17:37:58.000000000 -0500 | |||||
@@ -49,6 +49,7 @@ | |||||
#endif | |||||
#include "privs.h" | |||||
+#include "pfilter.h" | |||||
int (*cmd_auth_chk)(cmd_rec *); | |||||
void (*cmd_handler)(server_rec *, conn_t *); | |||||
@@ -1050,6 +1051,7 @@ | |||||
pid_t pid; | |||||
sigset_t sig_set; | |||||
+ pfilter_init(); | |||||
if (!nofork) { | |||||
/* A race condition exists on heavily loaded servers where the parent | |||||
@@ -1169,7 +1171,8 @@ | |||||
/* Reseed pseudo-randoms */ | |||||
srand((unsigned int) (time(NULL) * getpid())); | |||||
- | |||||
+#else | |||||
+ pfilter_init(); | |||||
#endif /* PR_DEVEL_NO_FORK */ | |||||
/* Child is running here */ | |||||
--- /dev/null 2016-01-22 17:30:55.000000000 -0500 | |||||
+++ src/pfilter.c 2016-01-22 16:37:55.000000000 -0500 | |||||
@@ -0,0 +1,41 @@ | |||||
+#include "pfilter.h" | |||||
+#include "conf.h" | |||||
+#include "privs.h" | |||||
+#ifdef HAVE_BLACKLIST | |||||
+#include <blacklist.h> | |||||
+#endif | |||||
+ | |||||
+static struct blacklist *blstate; | |||||
+ | |||||
+void | |||||
+pfilter_init(void) | |||||
+{ | |||||
+#ifdef HAVE_BLACKLIST | |||||
+ if (blstate == NULL) | |||||
+ blstate = blacklist_open(); | |||||
+#endif | |||||
+} | |||||
+ | |||||
+void | |||||
+pfilter_notify(int a) | |||||
+{ | |||||
+#ifdef HAVE_BLACKLIST | |||||
+ conn_t *c = session.c; | |||||
+ int fd; | |||||
+ | |||||
+ if (c == NULL) | |||||
+ return; | |||||
+ if (c->rfd != -1) | |||||
+ fd = c->rfd; | |||||
+ else if (c->wfd != -1) | |||||
+ fd = c->wfd; | |||||
+ else | |||||
+ return; | |||||
+ | |||||
+ if (blstate == NULL) | |||||
+ pfilter_init(); | |||||
+ if (blstate == NULL) | |||||
+ return; | |||||
+ (void)blacklist_r(blstate, a, fd, "proftpd"); | |||||
+#endif | |||||
+} |