Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/blacklist - move diffs
details: https://anonhg.NetBSD.org/src/rev/7c3b3892025a
branches: trunk
changeset: 335733:7c3b3892025a
user: christos <christos%NetBSD.org@localhost>
date: Thu Jan 22 15:29:27 2015 +0000
description:
- move diffs
- always log through lfun
diffstat:
external/bsd/blacklist/README | 8 +-
external/bsd/blacklist/bin/blacklistctl.c | 10 +-
external/bsd/blacklist/bin/blacklistd.c | 10 +-
external/bsd/blacklist/bin/conf.c | 28 ++--
external/bsd/blacklist/bin/run.c | 12 +-
external/bsd/blacklist/bin/state.c | 20 +-
external/bsd/blacklist/diff/named.diff | 193 ++++++++++++++++++++++++++++++
external/bsd/blacklist/diff/ssh.diff | 114 +++++++++++++++++
8 files changed, 352 insertions(+), 43 deletions(-)
diffs (truncated from 643 to 300 lines):
diff -r 159df35f2473 -r 7c3b3892025a external/bsd/blacklist/README
--- a/external/bsd/blacklist/README Thu Jan 22 15:25:52 2015 +0000
+++ b/external/bsd/blacklist/README Thu Jan 22 15:29:27 2015 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: README,v 1.3 2015/01/21 19:39:25 christos Exp $
+# $NetBSD: README,v 1.4 2015/01/22 15:29:27 christos Exp $
This package contains library that can be used by network daemons to
communicate with a packet filter via a daemon to enforce opening and
@@ -8,8 +8,10 @@
designed for npf) and the configuration file (inspired from inetd.conf)
is in etc/conf.
-A patch to OpenSSH is in ssh.diff that adds blacklisting capabilities to
-openssh.
+Patches to various daemons to add blacklisting capabilitiers are in the
+diff directory:
+ - OpenSSH: diff/ssh.diff
+ - Bind: diff/named.diff
The network daemon (for example sshd) communicates to blacklistd, via
a unix socket like syslog. The library calls are simple and everything
diff -r 159df35f2473 -r 7c3b3892025a external/bsd/blacklist/bin/blacklistctl.c
--- a/external/bsd/blacklist/bin/blacklistctl.c Thu Jan 22 15:25:52 2015 +0000
+++ b/external/bsd/blacklist/bin/blacklistctl.c Thu Jan 22 15:29:27 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: blacklistctl.c,v 1.8 2015/01/22 03:48:07 christos Exp $ */
+/* $NetBSD: blacklistctl.c,v 1.9 2015/01/22 15:29:27 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include <sys/cdefs.h>
-__RCSID("$NetBSD: blacklistctl.c,v 1.8 2015/01/22 03:48:07 christos Exp $");
+__RCSID("$NetBSD: blacklistctl.c,v 1.9 2015/01/22 15:29:27 christos Exp $");
#include <stdio.h>
#include <time.h>
@@ -86,11 +86,11 @@
for (i = 1; state_iterate(db, &ss, &c, &dbi, i) != 0; i = 0) {
char buf[BUFSIZ];
- printf("conf: %s\n", conf_print(buf, sizeof(buf), "",
+ (*lfun)(LOG_DEBUG, "conf: %s\n", conf_print(buf, sizeof(buf), "",
":", &c));
sockaddr_snprintf(buf, sizeof(buf), "%a", (void *)&ss);
- printf("addr: %s\n", buf);
- printf("data: count=%d id=%s time=%s\n", dbi.count,
+ (*lfun)(LOG_DEBUG, "addr: %s\n", buf);
+ (*lfun)(LOG_DEBUG, "data: count=%d id=%s time=%s\n", dbi.count,
dbi.id, fmttime(buf, sizeof(buf), dbi.last));
}
state_close(db);
diff -r 159df35f2473 -r 7c3b3892025a external/bsd/blacklist/bin/blacklistd.c
--- a/external/bsd/blacklist/bin/blacklistd.c Thu Jan 22 15:25:52 2015 +0000
+++ b/external/bsd/blacklist/bin/blacklistd.c Thu Jan 22 15:29:27 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: blacklistd.c,v 1.19 2015/01/22 15:25:52 christos Exp $ */
+/* $NetBSD: blacklistd.c,v 1.20 2015/01/22 15:29:27 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
#include "config.h"
#endif
#include <sys/cdefs.h>
-__RCSID("$NetBSD: blacklistd.c,v 1.19 2015/01/22 15:25:52 christos Exp $");
+__RCSID("$NetBSD: blacklistd.c,v 1.20 2015/01/22 15:29:27 christos Exp $");
#include <sys/types.h>
#include <sys/socket.h>
@@ -127,7 +127,7 @@
return;
if (debug)
- printf("got type=%d fd=%d msg=%s uid=%lu\n",
+ (*lfun)(LOG_DEBUG, "got type=%d fd=%d msg=%s uid=%lu\n",
bi->bi_type, bi->bi_fd, bi->bi_msg,
(unsigned long)bi->bi_uid);
@@ -155,7 +155,7 @@
if (debug) {
char b1[128], b2[128];
sockaddr_snprintf(rbuf, sizeof(rbuf), "%a:%p", (void *)&rss);
- printf("%s: %s count=%d nfail=%d last=%s now=%s\n", __func__,
+ (*lfun)(LOG_DEBUG, "%s: %s count=%d nfail=%d last=%s now=%s\n", __func__,
rbuf, dbi.count, c.c_nfail,
fmttime(b1, sizeof(b1), dbi.last),
fmttime(b2, sizeof(b2), ts.tv_sec));
@@ -219,7 +219,7 @@
char b1[64], b2[64];
sockaddr_snprintf(buf, sizeof(buf), "%a:%p",
(void *)&ss);
- printf("%s:[%u] %s count=%d duration=%d last=%s "
+ (*lfun)(LOG_DEBUG, "%s:[%u] %s count=%d duration=%d last=%s "
"now=%s\n", __func__, n, buf, dbi.count,
c.c_duration, fmttime(b1, sizeof(b1), dbi.last),
fmttime(b2, sizeof(b2), ts.tv_sec));
diff -r 159df35f2473 -r 7c3b3892025a external/bsd/blacklist/bin/conf.c
--- a/external/bsd/blacklist/bin/conf.c Thu Jan 22 15:25:52 2015 +0000
+++ b/external/bsd/blacklist/bin/conf.c Thu Jan 22 15:29:27 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: conf.c,v 1.11 2015/01/22 04:13:04 christos Exp $ */
+/* $NetBSD: conf.c,v 1.12 2015/01/22 15:29:27 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include <sys/cdefs.h>
-__RCSID("$NetBSD: conf.c,v 1.11 2015/01/22 04:13:04 christos Exp $");
+__RCSID("$NetBSD: conf.c,v 1.12 2015/01/22 15:29:27 christos Exp $");
#include <stdio.h>
#include <string.h>
@@ -168,7 +168,7 @@
*d++ = '\0';
p++;
if (debug)
- printf("%s: host6 %s\n", __func__, p);
+ (*lfun)(LOG_DEBUG, "%s: host6 %s\n", __func__, p);
if (strcmp(p, "*") != 0) {
if (inet_pton(AF_INET6, p, &s6->sin6_addr) == -1)
goto out;
@@ -183,7 +183,7 @@
struct sockaddr_in *s = (void *)&c->c_ss;
*d++ = '\0';
if (debug)
- printf("%s: host4 %s\n", __func__, p);
+ (*lfun)(LOG_DEBUG, "%s: host4 %s\n", __func__, p);
if (strcmp(p, "*") != 0) {
if (inet_pton(AF_INET, p, &s->sin_addr) == -1)
goto out;
@@ -337,14 +337,14 @@
if (c2->c_ss.ss_family != 0 &&
memcmp(&c1->c_ss, &c2->c_ss, sizeof(c1->c_ss))) {
if (debug > 1)
- printf("%s: c_ss fail\n", __func__);
+ (*lfun)(LOG_DEBUG, "%s: c_ss fail\n", __func__);
return 0;
}
#define CMP(a, b, f) \
if ((a)->f != (b)->f && (b)->f != -1) { \
if (debug > 1) \
- printf("%s: %s fail\n", __func__, __STRING(f)); \
+ (*lfun)(LOG_DEBUG, "%s: %s fail\n", __func__, __STRING(f)); \
return 0; \
}
CMP(c1, c2, c_port);
@@ -443,7 +443,7 @@
if (debug) {
sockaddr_snprintf(buf, sizeof(buf), "%a:%p", (void *)&ss);
- printf("listening socket: %s\n", buf);
+ (*lfun)(LOG_DEBUG, "listening socket: %s\n", buf);
}
switch (proto) {
@@ -477,16 +477,16 @@
cr->c_duration = -1;
if (debug)
- printf("%s\n", conf_print(buf, sizeof(buf),
+ (*lfun)(LOG_DEBUG, "%s\n", conf_print(buf, sizeof(buf),
"look:\t", "", cr));
for (i = 0; i < nconf; i++) {
if (debug)
- printf("%s\n", conf_print(buf, sizeof(buf), "check:\t",
+ (*lfun)(LOG_DEBUG, "%s\n", conf_print(buf, sizeof(buf), "check:\t",
"", &conf[i]));
if (conf_eq(cr, &conf[i])) {
if (debug)
- printf("%s\n", conf_print(buf, sizeof(buf),
+ (*lfun)(LOG_DEBUG, "%s\n", conf_print(buf, sizeof(buf),
"found:\t", "", &conf[i]));
cr->c_ss = conf[i].c_ss;
memcpy(cr->c_name, conf[i].c_name, CONFNAMESZ);
@@ -496,7 +496,7 @@
}
}
if (debug)
- printf("not found\n");
+ (*lfun)(LOG_DEBUG, "not found\n");
return NULL;
}
@@ -523,7 +523,7 @@
if (!*line)
continue;
if (debug > 4)
- printf("%s, %zu: [%s]\n", f, lineno, line);
+ (*lfun)(LOG_DEBUG, "%s, %zu: [%s]\n", f, lineno, line);
#endif
if (nc == mc) {
mc += 10;
@@ -549,11 +549,11 @@
if (debug) {
char buf[BUFSIZ];
- printf(
+ (*lfun)(LOG_DEBUG,
"%20.20s\ttype\tproto\towner\tname\tnfail\tduration\n",
"target");
for (nc = 0; nc < nconf; nc++)
- printf("%s\n",
+ (*lfun)(LOG_DEBUG, "%s\n",
conf_print(buf, sizeof(buf), "", "\t", &c[nc]));
}
}
diff -r 159df35f2473 -r 7c3b3892025a external/bsd/blacklist/bin/run.c
--- a/external/bsd/blacklist/bin/run.c Thu Jan 22 15:25:52 2015 +0000
+++ b/external/bsd/blacklist/bin/run.c Thu Jan 22 15:29:27 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: run.c,v 1.8 2015/01/22 04:13:04 christos Exp $ */
+/* $NetBSD: run.c,v 1.9 2015/01/22 15:29:27 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include <sys/cdefs.h>
-__RCSID("$NetBSD: run.c,v 1.8 2015/01/22 04:13:04 christos Exp $");
+__RCSID("$NetBSD: run.c,v 1.9 2015/01/22 15:29:27 christos Exp $");
#include <stdio.h>
#ifdef HAVE_UTIL_H
@@ -72,10 +72,10 @@
va_end(ap);
if (debug) {
- printf("run %s [", controlprog);
+ (*lfun)(LOG_DEBUG, "run %s [", controlprog);
for (i = 0; argv[i]; i++)
- printf(" %s", argv[i]);
- printf("]\n");
+ (*lfun)(LOG_DEBUG, " %s", argv[i]);
+ (*lfun)(LOG_DEBUG, "]\n");
}
fp = popenve(controlprog, __UNCONST(argv), environ, "r");
@@ -89,7 +89,7 @@
res = NULL;
pclose(fp);
if (debug)
- printf("%s returns %s\n", cmd, res);
+ (*lfun)(LOG_DEBUG, "%s returns %s\n", cmd, res);
return res;
}
diff -r 159df35f2473 -r 7c3b3892025a external/bsd/blacklist/bin/state.c
--- a/external/bsd/blacklist/bin/state.c Thu Jan 22 15:25:52 2015 +0000
+++ b/external/bsd/blacklist/bin/state.c Thu Jan 22 15:29:27 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: state.c,v 1.8 2015/01/22 04:13:04 christos Exp $ */
+/* $NetBSD: state.c,v 1.9 2015/01/22 15:29:27 christos Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#endif
#include <sys/cdefs.h>
-__RCSID("$NetBSD: state.c,v 1.8 2015/01/22 04:13:04 christos Exp $");
+__RCSID("$NetBSD: state.c,v 1.9 2015/01/22 15:29:27 christos Exp $");
#include <sys/types.h>
#include <sys/socket.h>
@@ -98,10 +98,10 @@
{
const unsigned char *p = (const void *)k;
const unsigned char *e = p + sizeof(*k);
- printf("%s: ", __func__);
+ (*lfun)(LOG_DEBUG, "%s: ", __func__);
while (p < e)
- printf("%.2x", *p++);
- printf("\n");
+ (*lfun)(LOG_DEBUG, "%.2x", *p++);
+ (*lfun)(LOG_DEBUG, "\n");
}
static void
@@ -146,7 +146,7 @@
case 0:
case 1:
if (debug > 1)
- printf("%s: returns %d\n", __func__, rv);
+ (*lfun)(LOG_DEBUG, "%s: returns %d\n", __func__, rv);
return 0;
default:
(*lfun)(LOG_ERR, "%s: failed (%m)", __func__);
@@ -178,7 +178,7 @@
else
memcpy(dbi, v.data, sizeof(*dbi));
if (debug > 1)
Home |
Main Index |
Thread Index |
Old Index