diff blacklist.c @ 246:f4cf0415fec1 contrib-blacklist

- blacklisting patch from Michael Deiters
author Matt Johnston <matt@ucc.asn.au>
date Tue, 06 Sep 2005 04:52:46 +0000
parents
children
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/blacklist.c	Tue Sep 06 04:52:46 2005 +0000
@@ -0,0 +1,55 @@
+#include "includes.h"
+#include "options.h"
+#include "dbutil.h"
+
+#define LINE_LENGTH 50
+
+int is_blacklisted (char *remote_ip) {
+
+	char sz_tmp[LINE_LENGTH];
+	FILE *fp_blacklist = NULL;
+
+	fp_blacklist = fopen(BLACKLISTFILE, "r");
+	if (fp_blacklist == NULL) {
+		/* TODO: this could spew log messages. */
+		dropbear_log(LOG_INFO, "Could not open blacklist %s for reading.", BLACKLISTFILE);
+	} else {
+		while (fgets(sz_tmp, LINE_LENGTH - 1, fp_blacklist) != NULL) {
+			if (strlen(sz_tmp) > 0) {
+				sz_tmp[strlen(sz_tmp)-1] = '\0';
+				if (!strcmp(sz_tmp, remote_ip)) {
+					dropbear_log(LOG_INFO, "IP %s is forbidden!", remote_ip);
+					fclose (fp_blacklist);
+					return 1;
+				}
+			}
+		}
+		fclose (fp_blacklist);
+	}
+	return 0;
+}
+
+void blacklist (char *addrstring)
+{
+        int     i;
+        FILE    *fp_blacklist = NULL;
+        char    *remote_ip = NULL;
+
+        remote_ip = m_strdup (addrstring);
+        i = strlen (remote_ip);
+		/* This may not be IPv6 safe if addrstring doesn't have a :port suffix */
+        while (i--) {
+                if (remote_ip[i] == ':') {
+                        remote_ip[i] = '\0';
+                        break;
+                }
+        }
+        dropbear_log (LOG_INFO, "Blacklisting %s", remote_ip);
+        if ((fp_blacklist = fopen (BLACKLISTFILE, "a")) == NULL) {
+                dropbear_log (LOG_INFO, "Could not open blacklist %s for appending", BLACKLISTFILE);
+        } else {
+                fprintf (fp_blacklist, "%s\n", remote_ip);
+                fclose (fp_blacklist);
+        }
+        m_free (remote_ip);
+}