head 1.4; access; symbols perseant-exfatfs-base-20250801:1.4 perseant-exfatfs-base-20240630:1.4 perseant-exfatfs:1.4.0.6 perseant-exfatfs-base:1.4 netbsd-8-3-RELEASE:1.3 netbsd-9-4-RELEASE:1.3 netbsd-9-3-RELEASE:1.3 cjep_sun2x:1.4.0.4 cjep_sun2x-base:1.4 cjep_staticlib_x-base1:1.4 netbsd-9-2-RELEASE:1.3 cjep_staticlib_x:1.4.0.2 cjep_staticlib_x-base:1.4 netbsd-9-1-RELEASE:1.3 phil-wifi-20200421:1.3 phil-wifi-20200411:1.3 is-mlppp:1.3.0.20 is-mlppp-base:1.3 phil-wifi-20200406:1.3 netbsd-8-2-RELEASE:1.3 netbsd-9-0-RELEASE:1.3 netbsd-9-0-RC2:1.3 netbsd-9-0-RC1:1.3 phil-wifi-20191119:1.3 netbsd-9:1.3.0.18 netbsd-9-base:1.3 phil-wifi-20190609:1.3 netbsd-8-1-RELEASE:1.3 netbsd-8-1-RC1:1.3 pgoyette-compat-merge-20190127:1.3 pgoyette-compat-20190127:1.3 pgoyette-compat-20190118:1.3 pgoyette-compat-1226:1.3 pgoyette-compat-1126:1.3 pgoyette-compat-1020:1.3 pgoyette-compat-0930:1.3 pgoyette-compat-0906:1.3 pgoyette-compat-0728:1.3 netbsd-8-0-RELEASE:1.3 phil-wifi:1.3.0.16 phil-wifi-base:1.3 pgoyette-compat-0625:1.3 netbsd-8-0-RC2:1.3 pgoyette-compat-0521:1.3 pgoyette-compat-0502:1.3 pgoyette-compat-0422:1.3 netbsd-8-0-RC1:1.3 pgoyette-compat-0415:1.3 pgoyette-compat-0407:1.3 pgoyette-compat-0330:1.3 pgoyette-compat-0322:1.3 pgoyette-compat-0315:1.3 pgoyette-compat:1.3.0.14 pgoyette-compat-base:1.3 matt-nb8-mediatek:1.3.0.12 matt-nb8-mediatek-base:1.3 perseant-stdc-iso10646:1.3.0.10 perseant-stdc-iso10646-base:1.3 netbsd-8:1.3.0.8 netbsd-8-base:1.3 prg-localcount2-base3:1.3 prg-localcount2-base2:1.3 prg-localcount2-base1:1.3 prg-localcount2:1.3.0.6 prg-localcount2-base:1.3 pgoyette-localcount-20170426:1.3 bouyer-socketcan-base1:1.3 pgoyette-localcount-20170320:1.3 bouyer-socketcan:1.3.0.4 bouyer-socketcan-base:1.3 pgoyette-localcount-20170107:1.3 pgoyette-localcount-20161104:1.3 localcount-20160914:1.3 pgoyette-localcount-20160806:1.3 pgoyette-localcount-20160726:1.3 pgoyette-localcount:1.3.0.2 pgoyette-localcount-base:1.3; locks; strict; comment @# @; 1.4 date 2020.06.15.01.57.32; author christos; state dead; branches; next 1.3; commitid 1zJ7owqywyzYigcC; 1.3 date 2016.01.26.02.54.25; author christos; state Exp; branches; next 1.2; commitid EvYOagkik5Qg7oSy; 1.2 date 2016.01.23.03.11.14; author christos; state Exp; branches; next 1.1; commitid BpQwv1YMU2I1j0Sy; 1.1 date 2016.01.23.00.05.54; author christos; state Exp; branches; next ; commitid jkB9fxqjtRsrhZRy; desc @@ 1.4 log @Rename blacklist -> blocklist @ text @--- Make.rules.in.orig 2015-05-27 20:25:54.000000000 -0400 +++ Make.rules.in 2016-01-25 21:48:47.000000000 -0500 @@@@ -110,3 +110,8 @@@@ FTPWHO_OBJS=ftpwho.o scoreboard.o misc.o BUILD_FTPWHO_OBJS=utils/ftpwho.o utils/scoreboard.o utils/misc.o + +CPPFLAGS+=-DHAVE_BLACKLIST +LIBS+=-lblacklist +OBJS+= pfilter.o +BUILD_OBJS+= src/pfilter.o --- /dev/null 2016-01-22 17:30:55.000000000 -0500 +++ include/pfilter.h 2016-01-22 16:18:33.000000000 -0500 @@@@ -0,0 +1,3 @@@@ + +void pfilter_notify(int); +void pfilter_init(void); --- modules/mod_auth.c.orig 2015-05-27 20:25:54.000000000 -0400 +++ modules/mod_auth.c 2016-01-22 16:21:06.000000000 -0500 @@@@ -30,6 +30,7 @@@@ #include "conf.h" #include "privs.h" +#include "pfilter.h" extern pid_t mpid; @@@@ -84,6 +85,8 @@@@ _("Login timeout (%d %s): closing control connection"), TimeoutLogin, TimeoutLogin != 1 ? "seconds" : "second"); + pfilter_notify(1); + /* It's possible that any listeners of this event might terminate the * session process themselves (e.g. mod_ban). So write out that the * TimeoutLogin has been exceeded to the log here, in addition to the @@@@ -913,6 +916,7 @@@@ pr_memscrub(pass, strlen(pass)); } + pfilter_notify(1); pr_log_auth(PR_LOG_NOTICE, "SECURITY VIOLATION: Root login attempted"); return 0; } @@@@ -1726,6 +1730,7 @@@@ return 1; auth_failure: + pfilter_notify(1); if (pass) pr_memscrub(pass, strlen(pass)); session.user = session.group = NULL; --- src/main.c.orig 2016-01-22 17:36:43.000000000 -0500 +++ src/main.c 2016-01-22 17:37:58.000000000 -0500 @@@@ -49,6 +49,7 @@@@ #endif #include "privs.h" +#include "pfilter.h" int (*cmd_auth_chk)(cmd_rec *); void (*cmd_handler)(server_rec *, conn_t *); @@@@ -1050,6 +1051,7 @@@@ pid_t pid; sigset_t sig_set; + pfilter_init(); if (!nofork) { /* A race condition exists on heavily loaded servers where the parent @@@@ -1169,7 +1171,8 @@@@ /* Reseed pseudo-randoms */ srand((unsigned int) (time(NULL) * getpid())); - +#else + pfilter_init(); #endif /* PR_DEVEL_NO_FORK */ /* Child is running here */ --- /dev/null 2016-01-22 17:30:55.000000000 -0500 +++ src/pfilter.c 2016-01-22 16:37:55.000000000 -0500 @@@@ -0,0 +1,41 @@@@ +#include "pfilter.h" +#include "conf.h" +#include "privs.h" +#ifdef HAVE_BLACKLIST +#include +#endif + +static struct blacklist *blstate; + +void +pfilter_init(void) +{ +#ifdef HAVE_BLACKLIST + if (blstate == NULL) + blstate = blacklist_open(); +#endif +} + +void +pfilter_notify(int a) +{ +#ifdef HAVE_BLACKLIST + conn_t *c = session.c; + int fd; + + if (c == NULL) + return; + if (c->rfd != -1) + fd = c->rfd; + else if (c->wfd != -1) + fd = c->wfd; + else + return; + + if (blstate == NULL) + pfilter_init(); + if (blstate == NULL) + return; + (void)blacklist_r(blstate, a, fd, "proftpd"); +#endif +} @ 1.3 log @fix fd leak @ text @@ 1.2 log @cleanup pkgsrc junk @ text @d1 2 a2 2 --- Make.rules.in.orig 2016-01-22 17:33:49.000000000 -0500 +++ Make.rules.in 2016-01-22 17:33:41.000000000 -0500 d4 1 d7 1 a7 1 a11 2 + d83 1 a83 1 @@@@ -0,0 +1,40 @@@@ d97 2 a98 1 + blstate = blacklist_open(); @ 1.1 log @add proftpd diffs. @ text @a11 6 $NetBSD: patch-Makefile.in,v 1.1 2015/07/13 15:39:27 he Exp $ Make this pkgsrc friendly. Linking ftpdctl does not (seem to) require all the libraries needed for various proftpd modules. It definitely cannot include -lwrap. @