Author: lidl
Date: Tue Nov 8 20:12:13 2016
New Revision: 308446
URL: https://svnweb.freebsd.org/changeset/base/308446
Log:
MFC r308175: Revisit blacklistd support in ftpd
Enhance blacklistd support to not log anything by default,
unless blacklistd support is enabled on the command line.
Document new flag in man page, cleanup patches to be less
intrusive in code.
Sponsored by: The FreeBSD Foundation
Modified:
stable/11/libexec/ftpd/blacklist.c
stable/11/libexec/ftpd/blacklist_client.h
stable/11/libexec/ftpd/ftpd.8
stable/11/libexec/ftpd/ftpd.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/libexec/ftpd/blacklist.c
==============================================================================
--- stable/11/libexec/ftpd/blacklist.c Tue Nov 8 17:36:19 2016
(r308445)
+++ stable/11/libexec/ftpd/blacklist.c Tue Nov 8 20:12:13 2016
(r308446)
@@ -37,16 +37,20 @@
#include <blacklist.h>
static struct blacklist *blstate;
+extern int use_blacklist;
void
blacklist_init(void)
{
- blstate = blacklist_open();
+
+ if (use_blacklist)
+ blstate = blacklist_open();
}
void
blacklist_notify(int action, int fd, char *msg)
{
+
if (blstate == NULL)
return;
(void)blacklist_r(blstate, action, fd, msg);
Modified: stable/11/libexec/ftpd/blacklist_client.h
==============================================================================
--- stable/11/libexec/ftpd/blacklist_client.h Tue Nov 8 17:36:19 2016
(r308445)
+++ stable/11/libexec/ftpd/blacklist_client.h Tue Nov 8 20:12:13 2016
(r308446)
@@ -28,5 +28,26 @@
/* $FreeBSD$ */
-void blacklist_notify(int, int, char *);
+#ifndef BLACKLIST_CLIENT_H
+#define BLACKLIST_CLIENT_H
+
+enum {
+ BLACKLIST_AUTH_OK = 0,
+ BLACKLIST_AUTH_FAIL
+};
+
+#ifdef USE_BLACKLIST
void blacklist_init(void);
+void blacklist_notify(int, int, char *);
+
+#define BLACKLIST_INIT() blacklist_init()
+#define BLACKLIST_NOTIFY(x, y, z) blacklist_notify(x, y, z)
+
+#else
+
+#define BLACKLIST_INIT()
+#define BLACKLIST_NOTIFY(x, y, z)
+
+#endif
+
+#endif /* BLACKLIST_CLIENT_H */
Modified: stable/11/libexec/ftpd/ftpd.8
==============================================================================
--- stable/11/libexec/ftpd/ftpd.8 Tue Nov 8 17:36:19 2016
(r308445)
+++ stable/11/libexec/ftpd/ftpd.8 Tue Nov 8 20:12:13 2016
(r308446)
@@ -36,7 +36,7 @@
.Nd Internet File Transfer Protocol server
.Sh SYNOPSIS
.Nm
-.Op Fl 468ADdEhMmOoRrSUvW
+.Op Fl 468ABDdEhMmOoRrSUvW
.Op Fl l Op Fl l
.Op Fl a Ar address
.Op Fl P Ar port
@@ -95,6 +95,14 @@ When
.Fl D
is specified, accept connections only on the specified
.Ar address .
+.It Fl B
+With this option set,
+.Nm
+sends authentication success and failure messages to the
+.Xr blacklistd 8
+daemon. If this option is not specified, no communcation with the
+.Xr blacklistd 8
+daemon is attempted.
.It Fl D
With this option set,
.Nm
Modified: stable/11/libexec/ftpd/ftpd.c
==============================================================================
--- stable/11/libexec/ftpd/ftpd.c Tue Nov 8 17:36:19 2016
(r308445)
+++ stable/11/libexec/ftpd/ftpd.c Tue Nov 8 20:12:13 2016
(r308446)
@@ -144,6 +144,7 @@ int noretr = 0; /* RETR command is disa
int noguestretr = 0; /* RETR command is disabled for anon users. */
int noguestmkd = 0; /* MKD command is disabled for anon users. */
int noguestmod = 1; /* anon users may not modify existing files. */
+int use_blacklist = 0;
off_t file_size;
off_t byte_count;
@@ -305,7 +306,7 @@ main(int argc, char *argv[], char **envp
openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP);
while ((ch = getopt(argc, argv,
- "468a:AdDEhlmMoOp:P:rRSt:T:u:UvW")) != -1) {
+ "468a:ABdDEhlmMoOp:P:rRSt:T:u:UvW")) != -1) {
switch (ch) {
case '4':
family = (family == AF_INET6) ? AF_UNSPEC : AF_INET;
@@ -327,6 +328,14 @@ main(int argc, char *argv[], char **envp
anon_only = 1;
break;
+ case 'B':
+#ifdef USE_BLACKLIST
+ use_blacklist = 1;
+#else
+ syslog(LOG_WARNING, "not compiled with USE_BLACKLIST
support");
+#endif
+ break;
+
case 'd':
ftpdebug++;
break;
@@ -644,9 +653,7 @@ gotchild:
reply(220, "%s FTP server (%s) ready.", hostname, version);
else
reply(220, "FTP server ready.");
-#ifdef USE_BLACKLIST
- blacklist_init();
-#endif
+ BLACKLIST_INIT();
for (;;)
(void) yyparse();
/* NOTREACHED */
@@ -1422,9 +1429,7 @@ skip:
*/
if (rval) {
reply(530, "Login incorrect.");
-#ifdef USE_BLACKLIST
- blacklist_notify(1, STDIN_FILENO, "Login incorrect");
-#endif
+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, STDIN_FILENO,
"Login incorrect");
if (logging) {
syslog(LOG_NOTICE,
"FTP LOGIN FAILED FROM %s",
@@ -1441,12 +1446,9 @@ skip:
exit(0);
}
return;
+ } else {
+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_OK, STDIN_FILENO,
"Login successful");
}
-#ifdef USE_BLACKLIST
- else {
- blacklist_notify(0, STDIN_FILENO, "Login successful");
- }
-#endif
}
login_attempts = 0; /* this time successful */
if (setegid(pw->pw_gid) < 0) {
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
