1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
--- Make.rules.in.orig 2015-05-27 20:25:54.000000000 -0400
+++ Make.rules.in 2016-01-25 21:48:47.000000000 -0500
@@ -110,3 +110,8 @@
FTPWHO_OBJS=ftpwho.o scoreboard.o misc.o
BUILD_FTPWHO_OBJS=utils/ftpwho.o utils/scoreboard.o utils/misc.o
+
+CPPFLAGS+=-DHAVE_BLACKLIST
+LIBS+=-lblacklist
+OBJS+= pfilter.o
+BUILD_OBJS+= src/pfilter.o
--- /dev/null 2016-01-22 17:30:55.000000000 -0500
+++ include/pfilter.h 2016-01-22 16:18:33.000000000 -0500
@@ -0,0 +1,3 @@
+
+void pfilter_notify(int);
+void pfilter_init(void);
--- modules/mod_auth.c.orig 2015-05-27 20:25:54.000000000 -0400
+++ modules/mod_auth.c 2016-01-22 16:21:06.000000000 -0500
@@ -30,6 +30,7 @@
#include "conf.h"
#include "privs.h"
+#include "pfilter.h"
extern pid_t mpid;
@@ -84,6 +85,8 @@
_("Login timeout (%d %s): closing control connection"), TimeoutLogin,
TimeoutLogin != 1 ? "seconds" : "second");
+ pfilter_notify(1);
+
/* It's possible that any listeners of this event might terminate the
* session process themselves (e.g. mod_ban). So write out that the
* TimeoutLogin has been exceeded to the log here, in addition to the
@@ -913,6 +916,7 @@
pr_memscrub(pass, strlen(pass));
}
+ pfilter_notify(1);
pr_log_auth(PR_LOG_NOTICE, "SECURITY VIOLATION: Root login attempted");
return 0;
}
@@ -1726,6 +1730,7 @@
return 1;
auth_failure:
+ pfilter_notify(1);
if (pass)
pr_memscrub(pass, strlen(pass));
session.user = session.group = NULL;
--- src/main.c.orig 2016-01-22 17:36:43.000000000 -0500
+++ src/main.c 2016-01-22 17:37:58.000000000 -0500
@@ -49,6 +49,7 @@
#endif
#include "privs.h"
+#include "pfilter.h"
int (*cmd_auth_chk)(cmd_rec *);
void (*cmd_handler)(server_rec *, conn_t *);
@@ -1050,6 +1051,7 @@
pid_t pid;
sigset_t sig_set;
+ pfilter_init();
if (!nofork) {
/* A race condition exists on heavily loaded servers where the parent
@@ -1169,7 +1171,8 @@
/* Reseed pseudo-randoms */
srand((unsigned int) (time(NULL) * getpid()));
-
+#else
+ pfilter_init();
#endif /* PR_DEVEL_NO_FORK */
/* Child is running here */
--- /dev/null 2016-01-22 17:30:55.000000000 -0500
+++ src/pfilter.c 2016-01-22 16:37:55.000000000 -0500
@@ -0,0 +1,41 @@
+#include "pfilter.h"
+#include "conf.h"
+#include "privs.h"
+#ifdef HAVE_BLACKLIST
+#include <blacklist.h>
+#endif
+
+static struct blacklist *blstate;
+
+void
+pfilter_init(void)
+{
+#ifdef HAVE_BLACKLIST
+ if (blstate == NULL)
+ blstate = blacklist_open();
+#endif
+}
+
+void
+pfilter_notify(int a)
+{
+#ifdef HAVE_BLACKLIST
+ conn_t *c = session.c;
+ int fd;
+
+ if (c == NULL)
+ return;
+ if (c->rfd != -1)
+ fd = c->rfd;
+ else if (c->wfd != -1)
+ fd = c->wfd;
+ else
+ return;
+
+ if (blstate == NULL)
+ pfilter_init();
+ if (blstate == NULL)
+ return;
+ (void)blacklist_r(blstate, a, fd, "proftpd");
+#endif
+}
|
