xref: /netbsd-src/external/bsd/blocklist/diff/proftpd.diff (revision a51582d48a7984d3551d20318093f58613235f76) 
1df83713dSchristos--- Make.rules.in.orig	2015-05-27 20:25:54.000000000 -0400
2df83713dSchristos+++ Make.rules.in	2016-01-25 21:48:47.000000000 -0500
3df83713dSchristos@@ -110,3 +110,8 @@
4df83713dSchristos
5df83713dSchristos FTPWHO_OBJS=ftpwho.o scoreboard.o misc.o
6df83713dSchristos BUILD_FTPWHO_OBJS=utils/ftpwho.o utils/scoreboard.o utils/misc.o
7df83713dSchristos+
8*a51582d4Schristos+CPPFLAGS+=-DHAVE_BLOCKLIST
9df83713dSchristos+LIBS+=-lblocklist
10df83713dSchristos+OBJS+= pfilter.o
11df83713dSchristos+BUILD_OBJS+= src/pfilter.o
12df83713dSchristos--- /dev/null	2016-01-22 17:30:55.000000000 -0500
13df83713dSchristos+++ include/pfilter.h	2016-01-22 16:18:33.000000000 -0500
14df83713dSchristos@@ -0,0 +1,3 @@
15df83713dSchristos+
16df83713dSchristos+void pfilter_notify(int);
17df83713dSchristos+void pfilter_init(void);
18df83713dSchristos--- modules/mod_auth.c.orig	2015-05-27 20:25:54.000000000 -0400
19df83713dSchristos+++ modules/mod_auth.c	2016-01-22 16:21:06.000000000 -0500
20df83713dSchristos@@ -30,6 +30,7 @@
21df83713dSchristos
22df83713dSchristos #include "conf.h"
23df83713dSchristos #include "privs.h"
24df83713dSchristos+#include "pfilter.h"
25df83713dSchristos
26df83713dSchristos extern pid_t mpid;
27df83713dSchristos
28df83713dSchristos@@ -84,6 +85,8 @@
29df83713dSchristos     _("Login timeout (%d %s): closing control connection"), TimeoutLogin,
30df83713dSchristos     TimeoutLogin != 1 ? "seconds" : "second");
31df83713dSchristos
32df83713dSchristos+  pfilter_notify(1);
33df83713dSchristos+
34df83713dSchristos   /* It's possible that any listeners of this event might terminate the
35df83713dSchristos    * session process themselves (e.g. mod_ban).  So write out that the
36df83713dSchristos    * TimeoutLogin has been exceeded to the log here, in addition to the
37df83713dSchristos@@ -913,6 +916,7 @@
38df83713dSchristos         pr_memscrub(pass, strlen(pass));
39df83713dSchristos       }
40df83713dSchristos
41df83713dSchristos+      pfilter_notify(1);
42df83713dSchristos       pr_log_auth(PR_LOG_NOTICE, "SECURITY VIOLATION: Root login attempted");
43df83713dSchristos       return 0;
44df83713dSchristos     }
45df83713dSchristos@@ -1726,6 +1730,7 @@
46df83713dSchristos   return 1;
47df83713dSchristos
48df83713dSchristos auth_failure:
49df83713dSchristos+  pfilter_notify(1);
50df83713dSchristos   if (pass)
51df83713dSchristos     pr_memscrub(pass, strlen(pass));
52df83713dSchristos   session.user = session.group = NULL;
53df83713dSchristos--- src/main.c.orig	2016-01-22 17:36:43.000000000 -0500
54df83713dSchristos+++ src/main.c	2016-01-22 17:37:58.000000000 -0500
55df83713dSchristos@@ -49,6 +49,7 @@
56df83713dSchristos #endif
57df83713dSchristos
58df83713dSchristos #include "privs.h"
59df83713dSchristos+#include "pfilter.h"
60df83713dSchristos
61df83713dSchristos int (*cmd_auth_chk)(cmd_rec *);
62df83713dSchristos void (*cmd_handler)(server_rec *, conn_t *);
63df83713dSchristos@@ -1050,6 +1051,7 @@
64df83713dSchristos   pid_t pid;
65df83713dSchristos   sigset_t sig_set;
66df83713dSchristos
67df83713dSchristos+  pfilter_init();
68df83713dSchristos   if (!nofork) {
69df83713dSchristos
70df83713dSchristos     /* A race condition exists on heavily loaded servers where the parent
71df83713dSchristos@@ -1169,7 +1171,8 @@
72df83713dSchristos
73df83713dSchristos   /* Reseed pseudo-randoms */
74df83713dSchristos   srand((unsigned int) (time(NULL) * getpid()));
75df83713dSchristos-
76df83713dSchristos+#else
77df83713dSchristos+  pfilter_init();
78df83713dSchristos #endif /* PR_DEVEL_NO_FORK */
79df83713dSchristos
80df83713dSchristos   /* Child is running here */
81df83713dSchristos--- /dev/null	2016-01-22 17:30:55.000000000 -0500
82df83713dSchristos+++ src/pfilter.c	2016-01-22 16:37:55.000000000 -0500
83df83713dSchristos@@ -0,0 +1,41 @@
84df83713dSchristos+#include "pfilter.h"
85df83713dSchristos+#include "conf.h"
86df83713dSchristos+#include "privs.h"
87*a51582d4Schristos+#ifdef HAVE_BLOCKLIST
88df83713dSchristos+#include <blocklist.h>
89df83713dSchristos+#endif
90df83713dSchristos+
91df83713dSchristos+static struct blocklist *blstate;
92df83713dSchristos+
93df83713dSchristos+void
94df83713dSchristos+pfilter_init(void)
95df83713dSchristos+{
96*a51582d4Schristos+#ifdef HAVE_BLOCKLIST
97df83713dSchristos+	if (blstate == NULL)
98df83713dSchristos+		blstate = blocklist_open();
99df83713dSchristos+#endif
100df83713dSchristos+}
101df83713dSchristos+
102df83713dSchristos+void
103df83713dSchristos+pfilter_notify(int a)
104df83713dSchristos+{
105*a51582d4Schristos+#ifdef HAVE_BLOCKLIST
106df83713dSchristos+	conn_t *c = session.c;
107df83713dSchristos+	int fd;
108df83713dSchristos+
109df83713dSchristos+	if (c == NULL)
110df83713dSchristos+		return;
111df83713dSchristos+	if (c->rfd != -1)
112df83713dSchristos+		fd = c->rfd;
113df83713dSchristos+	else if (c->wfd != -1)
114df83713dSchristos+		fd = c->wfd;
115df83713dSchristos+	else
116df83713dSchristos+		return;
117df83713dSchristos+
118df83713dSchristos+	if (blstate == NULL)
119df83713dSchristos+		pfilter_init();
120df83713dSchristos+	if (blstate == NULL)
121df83713dSchristos+		return;
122df83713dSchristos+	(void)blocklist_r(blstate, a, fd, "proftpd");
123df83713dSchristos+#endif
124df83713dSchristos+}
125