1*0a6a1f1dSLionel Sambuc--- /dev/null 2015-01-23 17:30:40.000000000 -0500 2*0a6a1f1dSLionel Sambuc+++ pfilter.c 2015-01-23 17:12:02.000000000 -0500 3*0a6a1f1dSLionel Sambuc@@ -0,0 +1,24 @@ 4*0a6a1f1dSLionel Sambuc+#include <stdio.h> 5*0a6a1f1dSLionel Sambuc+#include <blacklist.h> 6*0a6a1f1dSLionel Sambuc+ 7*0a6a1f1dSLionel Sambuc+#include "pfilter.h" 8*0a6a1f1dSLionel Sambuc+ 9*0a6a1f1dSLionel Sambuc+static struct blacklist *blstate; 10*0a6a1f1dSLionel Sambuc+ 11*0a6a1f1dSLionel Sambuc+void 12*0a6a1f1dSLionel Sambuc+pfilter_open(void) 13*0a6a1f1dSLionel Sambuc+{ 14*0a6a1f1dSLionel Sambuc+ if (blstate == NULL) 15*0a6a1f1dSLionel Sambuc+ blstate = blacklist_open(); 16*0a6a1f1dSLionel Sambuc+} 17*0a6a1f1dSLionel Sambuc+ 18*0a6a1f1dSLionel Sambuc+void 19*0a6a1f1dSLionel Sambuc+pfilter_notify(int what, const char *msg) 20*0a6a1f1dSLionel Sambuc+{ 21*0a6a1f1dSLionel Sambuc+ pfilter_open(); 22*0a6a1f1dSLionel Sambuc+ 23*0a6a1f1dSLionel Sambuc+ if (blstate == NULL) 24*0a6a1f1dSLionel Sambuc+ return; 25*0a6a1f1dSLionel Sambuc+ 26*0a6a1f1dSLionel Sambuc+ blacklist_r(blstate, what, 0, msg); 27*0a6a1f1dSLionel Sambuc+} 28*0a6a1f1dSLionel Sambuc--- /dev/null 2015-01-23 17:30:40.000000000 -0500 29*0a6a1f1dSLionel Sambuc+++ pfilter.h 2015-01-23 17:07:25.000000000 -0500 30*0a6a1f1dSLionel Sambuc@@ -0,0 +1,2 @@ 31*0a6a1f1dSLionel Sambuc+void pfilter_open(void); 32*0a6a1f1dSLionel Sambuc+void pfilter_notify(int, const char *); 33*0a6a1f1dSLionel SambucIndex: Makefile 34*0a6a1f1dSLionel Sambuc=================================================================== 35*0a6a1f1dSLionel SambucRCS file: /cvsroot/src/libexec/ftpd/Makefile,v 36*0a6a1f1dSLionel Sambucretrieving revision 1.63 37*0a6a1f1dSLionel Sambucdiff -u -p -u -r1.63 Makefile 38*0a6a1f1dSLionel Sambuc--- Makefile 14 Aug 2011 11:46:28 -0000 1.63 39*0a6a1f1dSLionel Sambuc+++ Makefile 23 Jan 2015 22:32:20 -0000 40*0a6a1f1dSLionel Sambuc@@ -11,6 +11,10 @@ LDADD+= -lcrypt -lutil 41*0a6a1f1dSLionel Sambuc MAN= ftpd.conf.5 ftpusers.5 ftpd.8 42*0a6a1f1dSLionel Sambuc MLINKS= ftpusers.5 ftpchroot.5 43*0a6a1f1dSLionel Sambuc 44*0a6a1f1dSLionel Sambuc+SRCS+= pfilter.c 45*0a6a1f1dSLionel Sambuc+LDADD+= -lblacklist 46*0a6a1f1dSLionel Sambuc+DPADD+= ${LIBBLACKLIST} 47*0a6a1f1dSLionel Sambuc+ 48*0a6a1f1dSLionel Sambuc .if defined(NO_INTERNAL_LS) 49*0a6a1f1dSLionel Sambuc CPPFLAGS+=-DNO_INTERNAL_LS 50*0a6a1f1dSLionel Sambuc .else 51*0a6a1f1dSLionel SambucIndex: ftpd.c 52*0a6a1f1dSLionel Sambuc=================================================================== 53*0a6a1f1dSLionel SambucRCS file: /cvsroot/src/libexec/ftpd/ftpd.c,v 54*0a6a1f1dSLionel Sambucretrieving revision 1.200 55*0a6a1f1dSLionel Sambucdiff -u -p -u -r1.200 ftpd.c 56*0a6a1f1dSLionel Sambuc--- ftpd.c 31 Jul 2013 19:50:47 -0000 1.200 57*0a6a1f1dSLionel Sambuc+++ ftpd.c 23 Jan 2015 22:32:20 -0000 58*0a6a1f1dSLionel Sambuc@@ -165,6 +165,8 @@ __RCSID("$NetBSD: ftpd.c,v 1.200 2013/07 59*0a6a1f1dSLionel Sambuc #include <security/pam_appl.h> 60*0a6a1f1dSLionel Sambuc #endif 61*0a6a1f1dSLionel Sambuc 62*0a6a1f1dSLionel Sambuc+#include "pfilter.h" 63*0a6a1f1dSLionel Sambuc+ 64*0a6a1f1dSLionel Sambuc #define GLOBAL 65*0a6a1f1dSLionel Sambuc #include "extern.h" 66*0a6a1f1dSLionel Sambuc #include "pathnames.h" 67*0a6a1f1dSLionel Sambuc@@ -471,6 +473,8 @@ main(int argc, char *argv[]) 68*0a6a1f1dSLionel Sambuc if (EMPTYSTR(confdir)) 69*0a6a1f1dSLionel Sambuc confdir = _DEFAULT_CONFDIR; 70*0a6a1f1dSLionel Sambuc 71*0a6a1f1dSLionel Sambuc+ pfilter_open(); 72*0a6a1f1dSLionel Sambuc+ 73*0a6a1f1dSLionel Sambuc if (dowtmp) { 74*0a6a1f1dSLionel Sambuc #ifdef SUPPORT_UTMPX 75*0a6a1f1dSLionel Sambuc ftpd_initwtmpx(); 76*0a6a1f1dSLionel Sambuc@@ -1401,6 +1405,7 @@ do_pass(int pass_checked, int pass_rval, 77*0a6a1f1dSLionel Sambuc if (rval) { 78*0a6a1f1dSLionel Sambuc reply(530, "%s", rval == 2 ? "Password expired." : 79*0a6a1f1dSLionel Sambuc "Login incorrect."); 80*0a6a1f1dSLionel Sambuc+ pfilter_notify(1, rval == 2 ? "exppass" : "badpass"); 81*0a6a1f1dSLionel Sambuc if (logging) { 82*0a6a1f1dSLionel Sambuc syslog(LOG_NOTICE, 83*0a6a1f1dSLionel Sambuc "FTP LOGIN FAILED FROM %s", remoteloghost); 84*0a6a1f1dSLionel Sambuc@@ -1444,6 +1449,7 @@ do_pass(int pass_checked, int pass_rval, 85*0a6a1f1dSLionel Sambuc *remote_ip = 0; 86*0a6a1f1dSLionel Sambuc remote_ip[sizeof(remote_ip) - 1] = 0; 87*0a6a1f1dSLionel Sambuc if (!auth_hostok(lc, remotehost, remote_ip)) { 88*0a6a1f1dSLionel Sambuc+ pfilter_notify(1, "bannedhost"); 89*0a6a1f1dSLionel Sambuc syslog(LOG_INFO|LOG_AUTH, 90*0a6a1f1dSLionel Sambuc "FTP LOGIN FAILED (HOST) as %s: permission denied.", 91*0a6a1f1dSLionel Sambuc pw->pw_name); 92