From owner-svn-src-all@freebsd.org Thu Feb 23 05:41:01 2017 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0035DCEA425; Thu, 23 Feb 2017 05:41:00 +0000 (UTC) (envelope-from lidl@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B4C4C19A9; Thu, 23 Feb 2017 05:41:00 +0000 (UTC) (envelope-from lidl@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v1N5ex2R082806; Thu, 23 Feb 2017 05:40:59 GMT (envelope-from lidl@FreeBSD.org) Received: (from lidl@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v1N5exAB082805; Thu, 23 Feb 2017 05:40:59 GMT (envelope-from lidl@FreeBSD.org) Message-Id: <201702230540.v1N5exAB082805@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: lidl set sender to lidl@FreeBSD.org using -f From: Kurt Lidl Date: Thu, 23 Feb 2017 05:40:59 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r314120 - head/contrib/blacklist/bin X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Feb 2017 05:41:01 -0000 Author: lidl Date: Thu Feb 23 05:40:59 2017 New Revision: 314120 URL: https://svnweb.freebsd.org/changeset/base/314120 Log: Reset failed login count to zero when removing a blocked address The blacklistd daemon keeps records of failed login attempts for each address:port that is flagged as a failed login. When a successful login occurs for that address:port combination, the record's last update time is set to zero, to indicate no current failed login attempts. Reset the failed login count to zero, so that at the next failed login attempt, the counting will restart properly at zero. Without this reset to zero, the first failed login after a successful login will cause the address to be blocked immediately. When debugging is turned on, output more information about database state before and after the database updates have occured. A similar patch has already been upstreamed to NetBSD. MFC after: 3 days Sponsored by: The FreeBSD Foundation Modified: head/contrib/blacklist/bin/blacklistd.c Modified: head/contrib/blacklist/bin/blacklistd.c ============================================================================== --- head/contrib/blacklist/bin/blacklistd.c Thu Feb 23 05:33:20 2017 (r314119) +++ head/contrib/blacklist/bin/blacklistd.c Thu Feb 23 05:40:59 2017 (r314120) @@ -207,7 +207,7 @@ process(bl_t bl) if (debug) { char b1[128], b2[128]; - (*lfun)(LOG_DEBUG, "%s: db state info for %s: count=%d/%d " + (*lfun)(LOG_DEBUG, "%s: initial db state for %s: count=%d/%d " "last=%s now=%s", __func__, rbuf, dbi.count, c.c_nfail, fmttime(b1, sizeof(b1), dbi.last), fmttime(b2, sizeof(b2), ts.tv_sec)); @@ -246,15 +246,24 @@ process(bl_t bl) case BL_DELETE: if (dbi.last == 0) goto out; + dbi.count = 0; dbi.last = 0; break; default: (*lfun)(LOG_ERR, "unknown message %d", bi->bi_type); } - if (state_put(state, &c, &dbi) == -1) - goto out; + state_put(state, &c, &dbi); + out: close(bi->bi_fd); + + if (debug) { + char b1[128], b2[128]; + (*lfun)(LOG_DEBUG, "%s: final db state for %s: count=%d/%d " + "last=%s now=%s", __func__, rbuf, dbi.count, c.c_nfail, + fmttime(b1, sizeof(b1), dbi.last), + fmttime(b2, sizeof(b2), ts.tv_sec)); + } } static void @@ -393,7 +402,7 @@ rules_restore(void) int main(int argc, char *argv[]) { - int c, tout, flags, flush, restore; + int c, tout, flags, flush, restore, ret; const char *spath, *blsock; setprogname(argv[0]); @@ -512,7 +521,10 @@ main(int argc, char *argv[]) readconf = 0; conf_parse(configfile); } - switch (poll(pfd, (nfds_t)nfd, tout)) { + ret = poll(pfd, (nfds_t)nfd, tout); + if (debug) + (*lfun)(LOG_DEBUG, "received %d from poll()", ret); + switch (ret) { case -1: if (errno == EINTR) continue;