xref: /src/contrib/blocklist/diff/proftpd.diff (revision 48e64ca13d4f36795ac718911b805e3e9a726f1b) 
1df0cfa3bSKurt Lidl--- Make.rules.in.orig	2015-05-27 20:25:54.000000000 -0400
2df0cfa3bSKurt Lidl+++ Make.rules.in	2016-01-25 21:48:47.000000000 -0500
3df0cfa3bSKurt Lidl@@ -110,3 +110,8 @@
4df0cfa3bSKurt Lidl
5df0cfa3bSKurt Lidl FTPWHO_OBJS=ftpwho.o scoreboard.o misc.o
6df0cfa3bSKurt Lidl BUILD_FTPWHO_OBJS=utils/ftpwho.o utils/scoreboard.o utils/misc.o
7df0cfa3bSKurt Lidl+
8e6a066acSEd Maste+CPPFLAGS+=-DHAVE_BLOCKLIST
9e6a066acSEd Maste+LIBS+=-lblocklist
10df0cfa3bSKurt Lidl+OBJS+= pfilter.o
11df0cfa3bSKurt Lidl+BUILD_OBJS+= src/pfilter.o
12df0cfa3bSKurt Lidl--- /dev/null	2016-01-22 17:30:55.000000000 -0500
13df0cfa3bSKurt Lidl+++ include/pfilter.h	2016-01-22 16:18:33.000000000 -0500
14df0cfa3bSKurt Lidl@@ -0,0 +1,3 @@
15df0cfa3bSKurt Lidl+
16df0cfa3bSKurt Lidl+void pfilter_notify(int);
17df0cfa3bSKurt Lidl+void pfilter_init(void);
18df0cfa3bSKurt Lidl--- modules/mod_auth.c.orig	2015-05-27 20:25:54.000000000 -0400
19df0cfa3bSKurt Lidl+++ modules/mod_auth.c	2016-01-22 16:21:06.000000000 -0500
20df0cfa3bSKurt Lidl@@ -30,6 +30,7 @@
21df0cfa3bSKurt Lidl
22df0cfa3bSKurt Lidl #include "conf.h"
23df0cfa3bSKurt Lidl #include "privs.h"
24df0cfa3bSKurt Lidl+#include "pfilter.h"
25df0cfa3bSKurt Lidl
26df0cfa3bSKurt Lidl extern pid_t mpid;
27df0cfa3bSKurt Lidl
28df0cfa3bSKurt Lidl@@ -84,6 +85,8 @@
29df0cfa3bSKurt Lidl     _("Login timeout (%d %s): closing control connection"), TimeoutLogin,
30df0cfa3bSKurt Lidl     TimeoutLogin != 1 ? "seconds" : "second");
31df0cfa3bSKurt Lidl
32df0cfa3bSKurt Lidl+  pfilter_notify(1);
33df0cfa3bSKurt Lidl+
34df0cfa3bSKurt Lidl   /* It's possible that any listeners of this event might terminate the
35df0cfa3bSKurt Lidl    * session process themselves (e.g. mod_ban).  So write out that the
36df0cfa3bSKurt Lidl    * TimeoutLogin has been exceeded to the log here, in addition to the
37df0cfa3bSKurt Lidl@@ -913,6 +916,7 @@
38df0cfa3bSKurt Lidl         pr_memscrub(pass, strlen(pass));
39df0cfa3bSKurt Lidl       }
40df0cfa3bSKurt Lidl
41df0cfa3bSKurt Lidl+      pfilter_notify(1);
42df0cfa3bSKurt Lidl       pr_log_auth(PR_LOG_NOTICE, "SECURITY VIOLATION: Root login attempted");
43df0cfa3bSKurt Lidl       return 0;
44df0cfa3bSKurt Lidl     }
45df0cfa3bSKurt Lidl@@ -1726,6 +1730,7 @@
46df0cfa3bSKurt Lidl   return 1;
47df0cfa3bSKurt Lidl
48df0cfa3bSKurt Lidl auth_failure:
49df0cfa3bSKurt Lidl+  pfilter_notify(1);
50df0cfa3bSKurt Lidl   if (pass)
51df0cfa3bSKurt Lidl     pr_memscrub(pass, strlen(pass));
52df0cfa3bSKurt Lidl   session.user = session.group = NULL;
53df0cfa3bSKurt Lidl--- src/main.c.orig	2016-01-22 17:36:43.000000000 -0500
54df0cfa3bSKurt Lidl+++ src/main.c	2016-01-22 17:37:58.000000000 -0500
55df0cfa3bSKurt Lidl@@ -49,6 +49,7 @@
56df0cfa3bSKurt Lidl #endif
57df0cfa3bSKurt Lidl
58df0cfa3bSKurt Lidl #include "privs.h"
59df0cfa3bSKurt Lidl+#include "pfilter.h"
60df0cfa3bSKurt Lidl
61df0cfa3bSKurt Lidl int (*cmd_auth_chk)(cmd_rec *);
62df0cfa3bSKurt Lidl void (*cmd_handler)(server_rec *, conn_t *);
63df0cfa3bSKurt Lidl@@ -1050,6 +1051,7 @@
64df0cfa3bSKurt Lidl   pid_t pid;
65df0cfa3bSKurt Lidl   sigset_t sig_set;
66df0cfa3bSKurt Lidl
67df0cfa3bSKurt Lidl+  pfilter_init();
68df0cfa3bSKurt Lidl   if (!nofork) {
69df0cfa3bSKurt Lidl
70df0cfa3bSKurt Lidl     /* A race condition exists on heavily loaded servers where the parent
71df0cfa3bSKurt Lidl@@ -1169,7 +1171,8 @@
72df0cfa3bSKurt Lidl
73df0cfa3bSKurt Lidl   /* Reseed pseudo-randoms */
74df0cfa3bSKurt Lidl   srand((unsigned int) (time(NULL) * getpid()));
75df0cfa3bSKurt Lidl-
76df0cfa3bSKurt Lidl+#else
77df0cfa3bSKurt Lidl+  pfilter_init();
78df0cfa3bSKurt Lidl #endif /* PR_DEVEL_NO_FORK */
79df0cfa3bSKurt Lidl
80df0cfa3bSKurt Lidl   /* Child is running here */
81df0cfa3bSKurt Lidl--- /dev/null	2016-01-22 17:30:55.000000000 -0500
82df0cfa3bSKurt Lidl+++ src/pfilter.c	2016-01-22 16:37:55.000000000 -0500
83df0cfa3bSKurt Lidl@@ -0,0 +1,41 @@
84df0cfa3bSKurt Lidl+#include "pfilter.h"
85df0cfa3bSKurt Lidl+#include "conf.h"
86df0cfa3bSKurt Lidl+#include "privs.h"
87e6a066acSEd Maste+#ifdef HAVE_BLOCKLIST
88e6a066acSEd Maste+#include <blocklist.h>
89df0cfa3bSKurt Lidl+#endif
90df0cfa3bSKurt Lidl+
91e6a066acSEd Maste+static struct blocklist *blstate;
92df0cfa3bSKurt Lidl+
93df0cfa3bSKurt Lidl+void
94df0cfa3bSKurt Lidl+pfilter_init(void)
95df0cfa3bSKurt Lidl+{
96e6a066acSEd Maste+#ifdef HAVE_BLOCKLIST
97df0cfa3bSKurt Lidl+	if (blstate == NULL)
98e6a066acSEd Maste+		blstate = blocklist_open();
99df0cfa3bSKurt Lidl+#endif
100df0cfa3bSKurt Lidl+}
101df0cfa3bSKurt Lidl+
102df0cfa3bSKurt Lidl+void
103df0cfa3bSKurt Lidl+pfilter_notify(int a)
104df0cfa3bSKurt Lidl+{
105e6a066acSEd Maste+#ifdef HAVE_BLOCKLIST
106df0cfa3bSKurt Lidl+	conn_t *c = session.c;
107df0cfa3bSKurt Lidl+	int fd;
108df0cfa3bSKurt Lidl+
109df0cfa3bSKurt Lidl+	if (c == NULL)
110df0cfa3bSKurt Lidl+		return;
111df0cfa3bSKurt Lidl+	if (c->rfd != -1)
112df0cfa3bSKurt Lidl+		fd = c->rfd;
113df0cfa3bSKurt Lidl+	else if (c->wfd != -1)
114df0cfa3bSKurt Lidl+		fd = c->wfd;
115df0cfa3bSKurt Lidl+	else
116df0cfa3bSKurt Lidl+		return;
117df0cfa3bSKurt Lidl+
118df0cfa3bSKurt Lidl+	if (blstate == NULL)
119df0cfa3bSKurt Lidl+		pfilter_init();
120df0cfa3bSKurt Lidl+	if (blstate == NULL)
121df0cfa3bSKurt Lidl+		return;
122e6a066acSEd Maste+	(void)blocklist_r(blstate, a, fd, "proftpd");
123df0cfa3bSKurt Lidl+#endif
124df0cfa3bSKurt Lidl+}
125