head 1.2; access; symbols perseant-exfatfs-base-20250801:1.2 perseant-exfatfs-base-20240630:1.2 perseant-exfatfs:1.2.0.6 perseant-exfatfs-base:1.2 netbsd-8-3-RELEASE:1.1 netbsd-9-4-RELEASE:1.1 netbsd-9-3-RELEASE:1.1 cjep_sun2x:1.2.0.4 cjep_sun2x-base:1.2 cjep_staticlib_x-base1:1.2 netbsd-9-2-RELEASE:1.1 cjep_staticlib_x:1.2.0.2 cjep_staticlib_x-base:1.2 netbsd-9-1-RELEASE:1.1 phil-wifi-20200421:1.1 phil-wifi-20200411:1.1 is-mlppp:1.1.0.22 is-mlppp-base:1.1 phil-wifi-20200406:1.1 netbsd-8-2-RELEASE:1.1 netbsd-9-0-RELEASE:1.1 netbsd-9-0-RC2:1.1 netbsd-9-0-RC1:1.1 phil-wifi-20191119:1.1 netbsd-9:1.1.0.20 netbsd-9-base:1.1 phil-wifi-20190609:1.1 netbsd-8-1-RELEASE:1.1 netbsd-8-1-RC1:1.1 pgoyette-compat-merge-20190127:1.1 pgoyette-compat-20190127:1.1 pgoyette-compat-20190118:1.1 pgoyette-compat-1226:1.1 pgoyette-compat-1126:1.1 pgoyette-compat-1020:1.1 pgoyette-compat-0930:1.1 pgoyette-compat-0906:1.1 netbsd-7-2-RELEASE:1.1.2.2 pgoyette-compat-0728:1.1 netbsd-8-0-RELEASE:1.1 phil-wifi:1.1.0.18 phil-wifi-base:1.1 pgoyette-compat-0625:1.1 netbsd-8-0-RC2:1.1 pgoyette-compat-0521:1.1 pgoyette-compat-0502:1.1 pgoyette-compat-0422:1.1 netbsd-8-0-RC1:1.1 pgoyette-compat-0415:1.1 pgoyette-compat-0407:1.1 pgoyette-compat-0330:1.1 pgoyette-compat-0322:1.1 pgoyette-compat-0315:1.1 netbsd-7-1-2-RELEASE:1.1.2.2 pgoyette-compat:1.1.0.16 pgoyette-compat-base:1.1 netbsd-7-1-1-RELEASE:1.1.2.2 matt-nb8-mediatek:1.1.0.14 matt-nb8-mediatek-base:1.1 perseant-stdc-iso10646:1.1.0.12 perseant-stdc-iso10646-base:1.1 netbsd-8:1.1.0.10 netbsd-8-base:1.1 prg-localcount2-base3:1.1 prg-localcount2-base2:1.1 prg-localcount2-base1:1.1 prg-localcount2:1.1.0.8 prg-localcount2-base:1.1 pgoyette-localcount-20170426:1.1 bouyer-socketcan-base1:1.1 pgoyette-localcount-20170320:1.1 netbsd-7-1:1.1.2.2.0.6 netbsd-7-1-RELEASE:1.1.2.2 netbsd-7-1-RC2:1.1.2.2 netbsd-7-nhusb-base-20170116:1.1.2.2 bouyer-socketcan:1.1.0.6 bouyer-socketcan-base:1.1 pgoyette-localcount-20170107:1.1 netbsd-7-1-RC1:1.1.2.2 pgoyette-localcount-20161104:1.1 netbsd-7-0-2-RELEASE:1.1.2.2 localcount-20160914:1.1 netbsd-7-nhusb:1.1.2.2.0.4 netbsd-7-nhusb-base:1.1.2.2 pgoyette-localcount-20160806:1.1 pgoyette-localcount-20160726:1.1 pgoyette-localcount:1.1.0.4 pgoyette-localcount-base:1.1 netbsd-7-0-1-RELEASE:1.1.2.2 netbsd-7-0:1.1.2.2.0.2 netbsd-7-0-RELEASE:1.1.2.2 netbsd-7-0-RC3:1.1.2.2 netbsd-7-0-RC2:1.1.2.2 netbsd-7-0-RC1:1.1.2.2 netbsd-7:1.1.0.2; locks; strict; comment @# @; 1.2 date 2020.06.15.01.57.32; author christos; state dead; branches; next 1.1; commitid 1zJ7owqywyzYigcC; 1.1 date 2015.01.23.22.33.37; author christos; state Exp; branches 1.1.2.1; next ; commitid kcXtx1Juoq1dtc7y; 1.1.2.1 date 2015.01.23.22.33.37; author riz; state dead; branches; next 1.1.2.2; commitid HvseHc4xVzxnTzjy; 1.1.2.2 date 2015.04.30.06.07.33; author riz; state Exp; branches; next ; commitid HvseHc4xVzxnTzjy; desc @@ 1.2 log @Rename blacklist -> blocklist @ text @--- /dev/null 2015-01-23 17:30:40.000000000 -0500 +++ pfilter.c 2015-01-23 17:12:02.000000000 -0500 @@@@ -0,0 +1,24 @@@@ +#include +#include + +#include "pfilter.h" + +static struct blacklist *blstate; + +void +pfilter_open(void) +{ + if (blstate == NULL) + blstate = blacklist_open(); +} + +void +pfilter_notify(int what, const char *msg) +{ + pfilter_open(); + + if (blstate == NULL) + return; + + blacklist_r(blstate, what, 0, msg); +} --- /dev/null 2015-01-23 17:30:40.000000000 -0500 +++ pfilter.h 2015-01-23 17:07:25.000000000 -0500 @@@@ -0,0 +1,2 @@@@ +void pfilter_open(void); +void pfilter_notify(int, const char *); Index: Makefile =================================================================== RCS file: /cvsroot/src/libexec/ftpd/Makefile,v retrieving revision 1.63 diff -u -p -u -r1.63 Makefile --- Makefile 14 Aug 2011 11:46:28 -0000 1.63 +++ Makefile 23 Jan 2015 22:32:20 -0000 @@@@ -11,6 +11,10 @@@@ LDADD+= -lcrypt -lutil MAN= ftpd.conf.5 ftpusers.5 ftpd.8 MLINKS= ftpusers.5 ftpchroot.5 +SRCS+= pfilter.c +LDADD+= -lblacklist +DPADD+= ${LIBBLACKLIST} + .if defined(NO_INTERNAL_LS) CPPFLAGS+=-DNO_INTERNAL_LS .else Index: ftpd.c =================================================================== RCS file: /cvsroot/src/libexec/ftpd/ftpd.c,v retrieving revision 1.200 diff -u -p -u -r1.200 ftpd.c --- ftpd.c 31 Jul 2013 19:50:47 -0000 1.200 +++ ftpd.c 23 Jan 2015 22:32:20 -0000 @@@@ -165,6 +165,8 @@@@ __RCSID("$NetBSD: ftpd.c,v 1.200 2013/07 #include #endif +#include "pfilter.h" + #define GLOBAL #include "extern.h" #include "pathnames.h" @@@@ -471,6 +473,8 @@@@ main(int argc, char *argv[]) if (EMPTYSTR(confdir)) confdir = _DEFAULT_CONFDIR; + pfilter_open(); + if (dowtmp) { #ifdef SUPPORT_UTMPX ftpd_initwtmpx(); @@@@ -1401,6 +1405,7 @@@@ do_pass(int pass_checked, int pass_rval, if (rval) { reply(530, "%s", rval == 2 ? "Password expired." : "Login incorrect."); + pfilter_notify(1, rval == 2 ? "exppass" : "badpass"); if (logging) { syslog(LOG_NOTICE, "FTP LOGIN FAILED FROM %s", remoteloghost); @@@@ -1444,6 +1449,7 @@@@ do_pass(int pass_checked, int pass_rval, *remote_ip = 0; remote_ip[sizeof(remote_ip) - 1] = 0; if (!auth_hostok(lc, remotehost, remote_ip)) { + pfilter_notify(1, "bannedhost"); syslog(LOG_INFO|LOG_AUTH, "FTP LOGIN FAILED (HOST) as %s: permission denied.", pw->pw_name); @ 1.1 log @add ftpd @ text @@ 1.1.2.1 log @file ftpd.diff was added on branch netbsd-7 on 2015-04-30 06:07:33 +0000 @ text @d1 91 @ 1.1.2.2 log @Pull up blacklistd(8), requested by christos in ticket #711: crypto/external/bsd/openssh/dist/moduli-gen/Makefile up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli-gen.sh up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.1024 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.1536 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 up to 1.1.1.1 crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c up to 1.2 crypto/external/bsd/openssh/dist/kexc25519.c up to 1.3 crypto/external/bsd/openssh/dist/smult_curve25519_ref.c up to 1.3 crypto/external/bsd/openssh/dist/bitmap.c up to 1.2 plus patch crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305 up to 1.1.1.1 crypto/external/bsd/openssh/dist/PROTOCOL.key up to 1.1.1.1 crypto/external/bsd/openssh/dist/blf.h up to 1.1 crypto/external/bsd/openssh/dist/blocks.c up to 1.3 crypto/external/bsd/openssh/dist/blowfish.c up to 1.2 crypto/external/bsd/openssh/dist/chacha.c up to 1.3 crypto/external/bsd/openssh/dist/chacha.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/cipher-aesctr.c up to 1.1.1.2 crypto/external/bsd/openssh/dist/cipher-aesctr.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/cipher-chachapoly.c up to 1.3 crypto/external/bsd/openssh/dist/cipher-chachapoly.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/crypto_api.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/digest-libc.c up to 1.3 crypto/external/bsd/openssh/dist/digest-openssl.c up to 1.3 crypto/external/bsd/openssh/dist/digest.h up to 1.1.1.2 crypto/external/bsd/openssh/dist/ed25519.c up to 1.3 crypto/external/bsd/openssh/dist/fe25519.c up to 1.3 crypto/external/bsd/openssh/dist/fe25519.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/ge25519.c up to 1.3 crypto/external/bsd/openssh/dist/ge25519.h up to 1.1.1.2 crypto/external/bsd/openssh/dist/ge25519_base.data up to 1.1.1.1 crypto/external/bsd/openssh/dist/hash.c up to 1.3 crypto/external/bsd/openssh/dist/hmac.c up to 1.3 crypto/external/bsd/openssh/dist/hmac.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/kexc25519c.c up to 1.3 crypto/external/bsd/openssh/dist/kexc25519s.c up to 1.3 crypto/external/bsd/openssh/dist/poly1305.c up to 1.3 crypto/external/bsd/openssh/dist/poly1305.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/rijndael.c up to 1.1.1.2 crypto/external/bsd/openssh/dist/rijndael.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/sc25519.c up to 1.3 crypto/external/bsd/openssh/dist/sc25519.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/ssh-ed25519.c up to 1.3 crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c up to 1.3 crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c up to 1.3 crypto/external/bsd/openssh/dist/sshbuf-misc.c up to 1.3 crypto/external/bsd/openssh/dist/sshbuf.c up to 1.3 crypto/external/bsd/openssh/dist/sshbuf.h up to 1.4 crypto/external/bsd/openssh/dist/ssherr.c up to 1.3 crypto/external/bsd/openssh/dist/ssherr.h up to 1.1.1.2 crypto/external/bsd/openssh/dist/sshkey.c up to 1.3 crypto/external/bsd/openssh/dist/sshkey.h up to 1.1.1.2 crypto/external/bsd/openssh/dist/verify.c up to 1.3 crypto/external/bsd/openssh/dist/opacket.c up to 1.2 crypto/external/bsd/openssh/dist/umac128.c up to 1.1 crypto/external/bsd/openssh/dist/pfilter.c up to 1.2 crypto/external/bsd/openssh/dist/pfilter.h up to 1.1 crypto/external/bsd/openssh/dist/bitmap.h up to 1.2 crypto/external/bsd/openssh/dist/opacket.h up to 1.2 crypto/external/bsd/openssh/dist/ssh_api.c up to 1.2 crypto/external/bsd/openssh/dist/ssh_api.h up to 1.2 crypto/external/bsd/openssh/dist/auth2-jpake.c delete crypto/external/bsd/openssh/dist/compress.c delete crypto/external/bsd/openssh/dist/compress.h delete crypto/external/bsd/openssh/dist/jpake.c delete crypto/external/bsd/openssh/dist/jpake.h delete crypto/external/bsd/openssh/dist/schnorr.c delete crypto/external/bsd/openssh/dist/schnorr.h delete crypto/external/bsd/openssh/dist/strtonum.c 1.1 crypto/external/bsd/openssh/Makefile.inc up to 1.8 crypto/external/bsd/openssh/bin/Makefile.inc up to 1.3 crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile up to 1.2 crypto/external/bsd/openssh/bin/sshd/Makefile up to 1.12 crypto/external/bsd/openssh/dist/PROTOCOL up to 1.5 crypto/external/bsd/openssh/dist/PROTOCOL.krl up to 1.1.1.2 crypto/external/bsd/openssh/dist/addrmatch.c up to 1.8 crypto/external/bsd/openssh/dist/atomicio.c up to 1.6 crypto/external/bsd/openssh/dist/auth-bsdauth.c up to 1.4 crypto/external/bsd/openssh/dist/auth-chall.c up to 1.6 crypto/external/bsd/openssh/dist/auth-krb5.c up to 1.7 crypto/external/bsd/openssh/dist/auth-options.c up to 1.9 crypto/external/bsd/openssh/dist/auth-options.h up to 1.6 crypto/external/bsd/openssh/dist/auth-passwd.c up to 1.4 crypto/external/bsd/openssh/dist/auth-rh-rsa.c up to 1.6 crypto/external/bsd/openssh/dist/auth-rhosts.c up to 1.5 crypto/external/bsd/openssh/dist/auth-rsa.c up to 1.10 crypto/external/bsd/openssh/dist/auth.c up to 1.12 crypto/external/bsd/openssh/dist/auth.h up to 1.10 crypto/external/bsd/openssh/dist/auth1.c up to 1.11 crypto/external/bsd/openssh/dist/auth2-chall.c up to 1.7 crypto/external/bsd/openssh/dist/auth2-gss.c up to 1.8 crypto/external/bsd/openssh/dist/auth2-hostbased.c up to 1.7 crypto/external/bsd/openssh/dist/auth2-kbdint.c up to 1.5 crypto/external/bsd/openssh/dist/auth2-krb5.c up to 1.4 crypto/external/bsd/openssh/dist/auth2-none.c up to 1.5 crypto/external/bsd/openssh/dist/auth2-passwd.c up to 1.5 crypto/external/bsd/openssh/dist/auth2-pubkey.c up to 1.11 crypto/external/bsd/openssh/dist/auth2.c up to 1.11 crypto/external/bsd/openssh/dist/authfd.c up to 1.8 crypto/external/bsd/openssh/dist/authfd.h up to 1.5 crypto/external/bsd/openssh/dist/authfile.c up to 1.10 crypto/external/bsd/openssh/dist/authfile.h up to 1.6 crypto/external/bsd/openssh/dist/bufaux.c up to 1.7 crypto/external/bsd/openssh/dist/bufbn.c up to 1.5 crypto/external/bsd/openssh/dist/bufec.c up to 1.5 crypto/external/bsd/openssh/dist/buffer.c up to 1.6 crypto/external/bsd/openssh/dist/buffer.h up to 1.7 crypto/external/bsd/openssh/dist/canohost.c up to 1.8 crypto/external/bsd/openssh/dist/channels.c up to 1.13 crypto/external/bsd/openssh/dist/channels.h up to 1.10 crypto/external/bsd/openssh/dist/cipher-3des1.c up to 1.7 crypto/external/bsd/openssh/dist/cipher-bf1.c up to 1.6 crypto/external/bsd/openssh/dist/cipher.c up to 1.7 crypto/external/bsd/openssh/dist/cipher.h up to 1.7 crypto/external/bsd/openssh/dist/clientloop.c up to 1.13 crypto/external/bsd/openssh/dist/compat.c up to 1.9 crypto/external/bsd/openssh/dist/compat.h up to 1.6 crypto/external/bsd/openssh/dist/deattack.c up to 1.4 crypto/external/bsd/openssh/dist/deattack.h up to 1.4 crypto/external/bsd/openssh/dist/dh.c up to 1.8 crypto/external/bsd/openssh/dist/dh.h up to 1.4 crypto/external/bsd/openssh/dist/dispatch.c up to 1.5 crypto/external/bsd/openssh/dist/dispatch.h up to 1.4 crypto/external/bsd/openssh/dist/dns.c up to 1.11 crypto/external/bsd/openssh/dist/dns.h up to 1.6 crypto/external/bsd/openssh/dist/groupaccess.c up to 1.5 crypto/external/bsd/openssh/dist/gss-genr.c up to 1.7 crypto/external/bsd/openssh/dist/gss-serv-krb5.c up to 1.8 crypto/external/bsd/openssh/dist/gss-serv.c up to 1.7 crypto/external/bsd/openssh/dist/hostfile.c up to 1.7 crypto/external/bsd/openssh/dist/hostfile.h up to 1.7 crypto/external/bsd/openssh/dist/includes.h up to 1.4 crypto/external/bsd/openssh/dist/kex.c up to 1.10 crypto/external/bsd/openssh/dist/kex.h up to 1.9 crypto/external/bsd/openssh/dist/kexdh.c up to 1.4 crypto/external/bsd/openssh/dist/kexdhc.c up to 1.6 crypto/external/bsd/openssh/dist/kexdhs.c up to 1.8 crypto/external/bsd/openssh/dist/kexecdh.c up to 1.5 crypto/external/bsd/openssh/dist/kexecdhc.c up to 1.5 crypto/external/bsd/openssh/dist/kexecdhs.c up to 1.5 crypto/external/bsd/openssh/dist/kexgex.c up to 1.4 crypto/external/bsd/openssh/dist/kexgexc.c up to 1.6 crypto/external/bsd/openssh/dist/kexgexs.c up to 1.8 crypto/external/bsd/openssh/dist/key.c up to 1.16 crypto/external/bsd/openssh/dist/key.h up to 1.9 crypto/external/bsd/openssh/dist/krl.c up to 1.5 crypto/external/bsd/openssh/dist/krl.h up to 1.1.1.2 crypto/external/bsd/openssh/dist/mac.c up to 1.11 crypto/external/bsd/openssh/dist/mac.h up to 1.5 crypto/external/bsd/openssh/dist/match.c up to 1.5 crypto/external/bsd/openssh/dist/misc.c up to 1.10 crypto/external/bsd/openssh/dist/misc.h up to 1.9 plus patch crypto/external/bsd/openssh/dist/moduli.c up to 1.8 crypto/external/bsd/openssh/dist/monitor.c up to 1.14 crypto/external/bsd/openssh/dist/monitor.h up to 1.7 crypto/external/bsd/openssh/dist/monitor_fdpass.c up to 1.5 crypto/external/bsd/openssh/dist/monitor_mm.c up to 1.6 crypto/external/bsd/openssh/dist/monitor_mm.h up to 1.4 crypto/external/bsd/openssh/dist/monitor_wrap.c up to 1.11 crypto/external/bsd/openssh/dist/monitor_wrap.h up to 1.8 crypto/external/bsd/openssh/dist/msg.c up to 1.4 crypto/external/bsd/openssh/dist/msg.h up to 1.4 crypto/external/bsd/openssh/dist/mux.c up to 1.11 crypto/external/bsd/openssh/dist/myproposal.h up to 1.10 crypto/external/bsd/openssh/dist/namespace.h up to 1.5 crypto/external/bsd/openssh/dist/packet.c up to 1.18 crypto/external/bsd/openssh/dist/packet.h up to 1.11 crypto/external/bsd/openssh/dist/pathnames.h up to 1.9 crypto/external/bsd/openssh/dist/pkcs11.h up to 1.4 crypto/external/bsd/openssh/dist/progressmeter.c up to 1.7 crypto/external/bsd/openssh/dist/progressmeter.h up to 1.4 crypto/external/bsd/openssh/dist/reallocarray.c new crypto/external/bsd/openssh/dist/readconf.c up to 1.13 crypto/external/bsd/openssh/dist/readconf.h up to 1.12 crypto/external/bsd/openssh/dist/readpass.c up to 1.6 crypto/external/bsd/openssh/dist/roaming_client.c up to 1.7 crypto/external/bsd/openssh/dist/roaming_common.c up to 1.9 crypto/external/bsd/openssh/dist/roaming_dummy.c up to 1.4 crypto/external/bsd/openssh/dist/rsa.c up to 1.5 crypto/external/bsd/openssh/dist/rsa.h up to 1.4 crypto/external/bsd/openssh/dist/sandbox-systrace.c up to 1.1.1.5 crypto/external/bsd/openssh/dist/scp.1 up to 1.9 crypto/external/bsd/openssh/dist/scp.c up to 1.11 crypto/external/bsd/openssh/dist/servconf.c up to 1.17 crypto/external/bsd/openssh/dist/servconf.h up to 1.11 crypto/external/bsd/openssh/dist/serverloop.c up to 1.12 crypto/external/bsd/openssh/dist/session.c up to 1.14 crypto/external/bsd/openssh/dist/session.h up to 1.4 crypto/external/bsd/openssh/dist/sftp-client.c up to 1.13 crypto/external/bsd/openssh/dist/sftp-client.h up to 1.7 crypto/external/bsd/openssh/dist/sftp-common.c up to 1.7 crypto/external/bsd/openssh/dist/sftp-common.h up to 1.5 crypto/external/bsd/openssh/dist/sftp-glob.c up to 1.8 crypto/external/bsd/openssh/dist/sftp-server.8 up to 1.9 crypto/external/bsd/openssh/dist/sftp-server.c up to 1.11 crypto/external/bsd/openssh/dist/sftp.1 up to 1.11 crypto/external/bsd/openssh/dist/sftp.c up to 1.15 crypto/external/bsd/openssh/dist/ssh-add.1 up to 1.9 crypto/external/bsd/openssh/dist/ssh-add.c up to 1.10 crypto/external/bsd/openssh/dist/ssh-agent.1 up to 1.8 crypto/external/bsd/openssh/dist/ssh-agent.c up to 1.14 crypto/external/bsd/openssh/dist/ssh-dss.c up to 1.7 crypto/external/bsd/openssh/dist/ssh-ecdsa.c up to 1.6 crypto/external/bsd/openssh/dist/ssh-gss.h up to 1.5 crypto/external/bsd/openssh/dist/ssh-keygen.1 up to 1.13 crypto/external/bsd/openssh/dist/ssh-keygen.c up to 1.16 crypto/external/bsd/openssh/dist/ssh-keyscan.1 up to 1.10 crypto/external/bsd/openssh/dist/ssh-keyscan.c up to 1.13 crypto/external/bsd/openssh/dist/ssh-keysign.8 up to 1.9 crypto/external/bsd/openssh/dist/ssh-keysign.c up to 1.8 crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c up to 1.6 crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c up to 1.8 crypto/external/bsd/openssh/dist/ssh-pkcs11.c up to 1.7 crypto/external/bsd/openssh/dist/ssh-pkcs11.h up to 1.4 crypto/external/bsd/openssh/dist/ssh-rsa.c up to 1.7 crypto/external/bsd/openssh/dist/ssh.1 up to 1.14 crypto/external/bsd/openssh/dist/ssh.c up to 1.16 crypto/external/bsd/openssh/dist/ssh2.h up to 1.6 crypto/external/bsd/openssh/dist/ssh_config up to 1.8 crypto/external/bsd/openssh/dist/ssh_config.5 up to 1.13 crypto/external/bsd/openssh/dist/sshconnect.c up to 1.11 crypto/external/bsd/openssh/dist/sshconnect.h up to 1.6 crypto/external/bsd/openssh/dist/sshconnect1.c up to 1.6 crypto/external/bsd/openssh/dist/sshconnect2.c up to 1.19 crypto/external/bsd/openssh/dist/sshd.8 up to 1.13 crypto/external/bsd/openssh/dist/sshd.c up to 1.18 crypto/external/bsd/openssh/dist/sshd_config up to 1.13 crypto/external/bsd/openssh/dist/sshd_config.5 up to 1.17 crypto/external/bsd/openssh/dist/sshlogin.c up to 1.6 crypto/external/bsd/openssh/dist/sshpty.c up to 1.4 crypto/external/bsd/openssh/dist/uidswap.c up to 1.4 crypto/external/bsd/openssh/dist/umac.c up to 1.9 crypto/external/bsd/openssh/dist/version.h up to 1.14 crypto/external/bsd/openssh/dist/xmalloc.c up to 1.5 crypto/external/bsd/openssh/lib/Makefile up to 1.17 plus patch crypto/external/bsd/openssh/lib/shlib_version up to 1.13 distrib/sets/lists/base/ad.aarch64 patch distrib/sets/lists/base/ad.arm patch distrib/sets/lists/base/ad.mips patch distrib/sets/lists/base/ad.powerpc patch distrib/sets/lists/base/md.amd64 patch distrib/sets/lists/base/md.sparc64 patch distrib/sets/lists/base/mi patch distrib/sets/lists/base/shl.mi patch distrib/sets/lists/comp/ad.aarch64 patch distrib/sets/lists/comp/ad.arm patch distrib/sets/lists/comp/ad.mips patch distrib/sets/lists/comp/ad.powerpc patch distrib/sets/lists/comp/md.amd64 patch distrib/sets/lists/comp/md.sparc64 patch distrib/sets/lists/comp/mi patch distrib/sets/lists/comp/shl.mi patch distrib/sets/lists/debug/ad.aarch64 patch distrib/sets/lists/debug/ad.arm patch distrib/sets/lists/debug/ad.mips patch distrib/sets/lists/debug/ad.powerpc patch distrib/sets/lists/debug/md.amd64 patch distrib/sets/lists/debug/md.sparc64 patch distrib/sets/lists/debug/shl.mi patch distrib/sets/lists/etc/mi patch distrib/sets/lists/man/mi patch etc/defaults/rc.conf 1.130 etc/mtree/NetBSD.dist.base 1.142 external/bsd/Makefile up to 1.48 external/bsd/blacklist/bin/Makefile up to 1.11 plus patch external/bsd/blacklist/bin/blacklistctl.8 up to 1.6 external/bsd/blacklist/bin/blacklistctl.c up to 1.17 external/bsd/blacklist/bin/blacklistd.8 up to 1.10 external/bsd/blacklist/bin/blacklistd.c up to 1.32 external/bsd/blacklist/bin/blacklistd.conf.5 up to 1.2 external/bsd/blacklist/bin/conf.c up to 1.18 external/bsd/blacklist/bin/conf.h up to 1.6 external/bsd/blacklist/bin/internal.c up to 1.5 external/bsd/blacklist/bin/internal.h up to 1.12 external/bsd/blacklist/bin/run.c up to 1.12 external/bsd/blacklist/bin/run.h up to 1.5 external/bsd/blacklist/bin/state.c up to 1.15 external/bsd/blacklist/bin/state.h up to 1.5 external/bsd/blacklist/bin/support.c up to 1.6 external/bsd/blacklist/bin/support.h up to 1.5 external/bsd/blacklist/etc/rc.d/Makefile up to 1.1 external/bsd/blacklist/etc/rc.d/blacklistd up to 1.1 external/bsd/blacklist/etc/Makefile up to 1.3 external/bsd/blacklist/etc/blacklistd.conf up to 1.3 external/bsd/blacklist/etc/npf.conf up to 1.1 external/bsd/blacklist/Makefile up to 1.2 external/bsd/blacklist/Makefile.inc up to 1.3 external/bsd/blacklist/README up to 1.7 external/bsd/blacklist/TODO up to 1.7 external/bsd/blacklist/diff/ftpd.diff up to 1.1 external/bsd/blacklist/diff/named.diff up to 1.6 external/bsd/blacklist/diff/ssh.diff up to 1.6 external/bsd/blacklist/include/Makefile up to 1.1 external/bsd/blacklist/include/bl.h up to 1.12 external/bsd/blacklist/include/blacklist.h up to 1.3 external/bsd/blacklist/include/config.h new external/bsd/blacklist/lib/Makefile up to 1.3 external/bsd/blacklist/lib/bl.c up to 1.24 external/bsd/blacklist/lib/blacklist.c up to 1.5 external/bsd/blacklist/lib/libblacklist.3 up to 1.3 external/bsd/blacklist/lib/shlib_version up to 1.1 external/bsd/blacklist/libexec/Makefile up to 1.1 external/bsd/blacklist/libexec/blacklistd-helper up to 1.4 external/bsd/blacklist/port/m4/.cvsignore up to 1.1 external/bsd/blacklist/port/Makefile.am up to 1.4 external/bsd/blacklist/port/_strtoi.h up to 1.1 external/bsd/blacklist/port/clock_gettime.c up to 1.2 external/bsd/blacklist/port/configure.ac up to 1.7 external/bsd/blacklist/port/fgetln.c up to 1.1 external/bsd/blacklist/port/fparseln.c up to 1.1 external/bsd/blacklist/port/getprogname.c up to 1.4 external/bsd/blacklist/port/pidfile.c up to 1.1 external/bsd/blacklist/port/popenve.c up to 1.2 external/bsd/blacklist/port/port.h up to 1.6 external/bsd/blacklist/port/sockaddr_snprintf.c up to 1.9 external/bsd/blacklist/port/strlcat.c up to 1.2 external/bsd/blacklist/port/strlcpy.c up to 1.2 external/bsd/blacklist/port/strtoi.c up to 1.3 external/bsd/blacklist/test/Makefile up to 1.2 external/bsd/blacklist/test/cltest.c up to 1.6 external/bsd/blacklist/test/srvtest.c up to 1.9 lib/libpam/modules/pam_ssh/pam_ssh.c up to 1.23 libexec/ftpd/pfilter.c up to 1.1 libexec/ftpd/pfilter.h up to 1.1 libexec/ftpd/Makefile up to 1.64 libexec/ftpd/ftpd.c up to 1.201 Add blacklistd(8), a daemon to block and release network ports on demand to mitigate abuse, and related changes to system daemons to support it. [christos, ticket #711] @ text @a0 91 --- /dev/null 2015-01-23 17:30:40.000000000 -0500 +++ pfilter.c 2015-01-23 17:12:02.000000000 -0500 @@@@ -0,0 +1,24 @@@@ +#include +#include + +#include "pfilter.h" + +static struct blacklist *blstate; + +void +pfilter_open(void) +{ + if (blstate == NULL) + blstate = blacklist_open(); +} + +void +pfilter_notify(int what, const char *msg) +{ + pfilter_open(); + + if (blstate == NULL) + return; + + blacklist_r(blstate, what, 0, msg); +} --- /dev/null 2015-01-23 17:30:40.000000000 -0500 +++ pfilter.h 2015-01-23 17:07:25.000000000 -0500 @@@@ -0,0 +1,2 @@@@ +void pfilter_open(void); +void pfilter_notify(int, const char *); Index: Makefile =================================================================== RCS file: /cvsroot/src/libexec/ftpd/Makefile,v retrieving revision 1.63 diff -u -p -u -r1.63 Makefile --- Makefile 14 Aug 2011 11:46:28 -0000 1.63 +++ Makefile 23 Jan 2015 22:32:20 -0000 @@@@ -11,6 +11,10 @@@@ LDADD+= -lcrypt -lutil MAN= ftpd.conf.5 ftpusers.5 ftpd.8 MLINKS= ftpusers.5 ftpchroot.5 +SRCS+= pfilter.c +LDADD+= -lblacklist +DPADD+= ${LIBBLACKLIST} + .if defined(NO_INTERNAL_LS) CPPFLAGS+=-DNO_INTERNAL_LS .else Index: ftpd.c =================================================================== RCS file: /cvsroot/src/libexec/ftpd/ftpd.c,v retrieving revision 1.200 diff -u -p -u -r1.200 ftpd.c --- ftpd.c 31 Jul 2013 19:50:47 -0000 1.200 +++ ftpd.c 23 Jan 2015 22:32:20 -0000 @@@@ -165,6 +165,8 @@@@ __RCSID("$NetBSD: ftpd.c,v 1.200 2013/07 #include #endif +#include "pfilter.h" + #define GLOBAL #include "extern.h" #include "pathnames.h" @@@@ -471,6 +473,8 @@@@ main(int argc, char *argv[]) if (EMPTYSTR(confdir)) confdir = _DEFAULT_CONFDIR; + pfilter_open(); + if (dowtmp) { #ifdef SUPPORT_UTMPX ftpd_initwtmpx(); @@@@ -1401,6 +1405,7 @@@@ do_pass(int pass_checked, int pass_rval, if (rval) { reply(530, "%s", rval == 2 ? "Password expired." : "Login incorrect."); + pfilter_notify(1, rval == 2 ? "exppass" : "badpass"); if (logging) { syslog(LOG_NOTICE, "FTP LOGIN FAILED FROM %s", remoteloghost); @@@@ -1444,6 +1449,7 @@@@ do_pass(int pass_checked, int pass_rval, *remote_ip = 0; remote_ip[sizeof(remote_ip) - 1] = 0; if (!auth_hostok(lc, remotehost, remote_ip)) { + pfilter_notify(1, "bannedhost"); syslog(LOG_INFO|LOG_AUTH, "FTP LOGIN FAILED (HOST) as %s: permission denied.", pw->pw_name); @