cehoffman · April 27, 2012 18:50 · shadowbq · Jan 9, 2014 · shadowbq · Feb 3, 2015
diff --git a/.gitignore b/.gitignore
 build/
diff --git a/CMakeLists.txt b/CMakeLists.txt
 cmake_minimum_required (VERSION 2.8)
 project (sshguard-reprieve)

 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c99")

 include(ExternalProject)
 ExternalProject_Add (sshguard
  URL http://downloads.sourceforge.net/project/sshguard/sshguard/sshguard-1.5/sshguard-1.5.tar.bz2
  URL_MD5 11b9f47f9051e25bdfe84a365c961ec1
  CONFIGURE_COMMAND <SOURCE_DIR>/configure --prefix=<INSTALL_DIR> --with-firewall=null
  PATCH_COMMAND patch -p1 < ${CMAKE_SOURCE_DIR}/expose.patch
  BUILD_IN_SOURCE 1
 )

 ExternalProject_Get_Property(sshguard source_dir)
 include_directories(${source_dir}/src)

 FILE(WRITE ${source_dir}/src/sshguard_blacklist.o "")
 SET_SOURCE_FILES_PROPERTIES(${source_dir}/src/sshguard_blacklist.o PROPERTIES EXTERNAL_OBJECT TRUE)
 FILE(WRITE ${source_dir}/src/seekers.o "")
 SET_SOURCE_FILES_PROPERTIES(${source_dir}/src/seekers.o PROPERTIES EXTERNAL_OBJECT TRUE)
 FILE(WRITE ${source_dir}/src/simclist.o "")
 SET_SOURCE_FILES_PROPERTIES(${source_dir}/src/simclist.o PROPERTIES EXTERNAL_OBJECT TRUE)

 add_executable(sshguard-reprieve sshguard-reprieve.c ${source_dir}/src/sshguard_blacklist.o
  ${source_dir}/src/simclist.o ${source_dir}/src/seekers.o
 )

 install(TARGETS sshguard-reprieve DESTINATION bin)
diff --git a/expose.patch b/expose.patch
 --- a/src/sshguard_blacklist.h	2012-04-27 15:40:11.000000000 -0500
 +++ b/src/sshguard_blacklist.h	2012-04-27 15:55:37.000000000 -0500
 @@ -25,6 +25,8 @@
 
 #include "sshguard_attack.h"
 
 +void *attacker_serializer(const void *restrict el, uint32_t *restrict len);
 +
 /**
  * Load the blacklist contained at a given filename.
  *
 --- a/src/sshguard_blacklist.c	2012-04-27 15:35:22.000000000 -0500
 +++ b/src/sshguard_blacklist.c	2012-04-27 15:55:48.000000000 -0500
 @@ -29,7 +29,7 @@
 #include <assert.h>
 
 #include "sshguard_addresskind.h"
 -#include "sshguard_log.h"
 +#define sshguard_log(...)
 #include "sshguard_blacklist.h"
 
 #define BL_MAXBUF      50
 @@ -59,7 +59,7 @@
 }
 */
 
 -static void *attacker_serializer(const void *restrict el, uint32_t *restrict len) {
 +void *attacker_serializer(const void *restrict el, uint32_t *restrict len) {
     /* buffer for serialization operations */
     char *serialization_buf;
     attacker_t atkr = *(const attacker_t *restrict)el;
diff --git a/sshguard-reprieve.c b/sshguard-reprieve.c
 #include <stdio.h>
 #include <stdlib.h>
 #include <libgen.h> // For basename

 #include "sshguard_blacklist.h"
 #include "seekers.h"

 #include <regex.h>
 #include "regexlib.h"

 int main(int argc, char **argv) {
  if (argc < 3) {
    printf("Usage: %s <blacklist file> <ip address>\n", basename(argv[0]));
    return 1;
  }

  char *filename = argv[1];
  attacker_t *el;
  list_t *blacklist;
  sshg_address_t me;
  regex_t ipreg4, ipreg6;

  if (regcomp(&ipreg4, "^" REGEXLIB_IPV4 "$", REG_EXTENDED) ||
      regcomp(&ipreg6, "^" REGEXLIB_IPV6 "$", REG_EXTENDED)) {
    printf("Failed detecting ip address type: regex compile failed\n");
    return 2;
  }

  if (!regexec(&ipreg4, argv[2], 0, NULL, 0)) {
    me.kind = ADDRKIND_IPv4;
  } else if (!regexec(&ipreg6, argv[2], 0, NULL, 0)) {
    me.kind = ADDRKIND_IPv6;
  } else {
    printf("%s is not a valid ip address\n", argv[2]);
    regfree(&ipreg4);
    regfree(&ipreg6);
    return 2;
  }

  for(int i = 0; *(me.value + i) = *(argv[2] + i); i++);
  regfree(&ipreg4);
  regfree(&ipreg6);

  if (!(blacklist = blacklist_load(filename))) {
      perror("Failed opening blacklist");
      return 3;
  }

  list_attributes_seeker(blacklist, seeker_addr);
  list_attributes_serializer(blacklist, attacker_serializer);

  if ((el = list_seek(blacklist, &me))) {
    list_delete(blacklist, el);

    printf("Removed %s from blacklist\n", me.value);

    if (list_dump_file(blacklist, filename, NULL) == 0) {
      printf("Saved modified blacklist\n");
    } else {
      perror("Failed saving blacklist");
      list_destroy(blacklist);
      free(blacklist);
      return 5;
    }
  } else {
    printf("%s is not in blacklist\n", me.value);
    list_destroy(blacklist);
    free(blacklist);
    return 4;
  }

  list_destroy(blacklist);
  free(blacklist);

  return 0;
 }
	cmake_minimum_required (VERSION 2.8)
	project (sshguard-reprieve)

	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c99")

	include(ExternalProject)
	ExternalProject_Add (sshguard
	URL http://downloads.sourceforge.net/project/sshguard/sshguard/sshguard-1.5/sshguard-1.5.tar.bz2
	URL_MD5 11b9f47f9051e25bdfe84a365c961ec1
	CONFIGURE_COMMAND <SOURCE_DIR>/configure --prefix=<INSTALL_DIR> --with-firewall=null
	PATCH_COMMAND patch -p1 < ${CMAKE_SOURCE_DIR}/expose.patch
	BUILD_IN_SOURCE 1
	)

	ExternalProject_Get_Property(sshguard source_dir)
	include_directories(${source_dir}/src)

	FILE(WRITE ${source_dir}/src/sshguard_blacklist.o "")
	SET_SOURCE_FILES_PROPERTIES(${source_dir}/src/sshguard_blacklist.o PROPERTIES EXTERNAL_OBJECT TRUE)
	FILE(WRITE ${source_dir}/src/seekers.o "")
	SET_SOURCE_FILES_PROPERTIES(${source_dir}/src/seekers.o PROPERTIES EXTERNAL_OBJECT TRUE)
	FILE(WRITE ${source_dir}/src/simclist.o "")
	SET_SOURCE_FILES_PROPERTIES(${source_dir}/src/simclist.o PROPERTIES EXTERNAL_OBJECT TRUE)

	add_executable(sshguard-reprieve sshguard-reprieve.c ${source_dir}/src/sshguard_blacklist.o
	${source_dir}/src/simclist.o ${source_dir}/src/seekers.o
	)

	install(TARGETS sshguard-reprieve DESTINATION bin)
	--- a/src/sshguard_blacklist.h 2012-04-27 15:40:11.000000000 -0500
	+++ b/src/sshguard_blacklist.h 2012-04-27 15:55:37.000000000 -0500
	@@ -25,6 +25,8 @@

	#include "sshguard_attack.h"

	+void attacker_serializer(const void restrict el, uint32_t *restrict len);
	+
	/**
	* Load the blacklist contained at a given filename.
	*
	--- a/src/sshguard_blacklist.c 2012-04-27 15:35:22.000000000 -0500
	+++ b/src/sshguard_blacklist.c 2012-04-27 15:55:48.000000000 -0500
	@@ -29,7 +29,7 @@
	#include <assert.h>

	#include "sshguard_addresskind.h"
	-#include "sshguard_log.h"
	+#define sshguard_log(...)
	#include "sshguard_blacklist.h"

	#define BL_MAXBUF 50
	@@ -59,7 +59,7 @@
	}
	*/

	-static void attacker_serializer(const void restrict el, uint32_t *restrict len) {
	+void attacker_serializer(const void restrict el, uint32_t *restrict len) {
	/* buffer for serialization operations */
	char *serialization_buf;
	attacker_t atkr = (const attacker_t restrict)el;
	#include <stdio.h>
	#include <stdlib.h>
	#include <libgen.h> // For basename

	#include "sshguard_blacklist.h"
	#include "seekers.h"

	#include <regex.h>
	#include "regexlib.h"

	int main(int argc, char **argv) {
	if (argc < 3) {
	printf("Usage: %s <blacklist file> <ip address>\n", basename(argv[0]));
	return 1;
	}

	char *filename = argv[1];
	attacker_t *el;
	list_t *blacklist;
	sshg_address_t me;
	regex_t ipreg4, ipreg6;

	if (regcomp(&ipreg4, "^" REGEXLIB_IPV4 "$", REG_EXTENDED) \|\|
	regcomp(&ipreg6, "^" REGEXLIB_IPV6 "$", REG_EXTENDED)) {
	printf("Failed detecting ip address type: regex compile failed\n");
	return 2;
	}

	if (!regexec(&ipreg4, argv[2], 0, NULL, 0)) {
	me.kind = ADDRKIND_IPv4;
	} else if (!regexec(&ipreg6, argv[2], 0, NULL, 0)) {
	me.kind = ADDRKIND_IPv6;
	} else {
	printf("%s is not a valid ip address\n", argv[2]);
	regfree(&ipreg4);
	regfree(&ipreg6);
	return 2;
	}

	for(int i = 0; (me.value + i) = (argv[2] + i); i++);
	regfree(&ipreg4);
	regfree(&ipreg6);

	if (!(blacklist = blacklist_load(filename))) {
	perror("Failed opening blacklist");
	return 3;
	}

	list_attributes_seeker(blacklist, seeker_addr);
	list_attributes_serializer(blacklist, attacker_serializer);

	if ((el = list_seek(blacklist, &me))) {
	list_delete(blacklist, el);

	printf("Removed %s from blacklist\n", me.value);

	if (list_dump_file(blacklist, filename, NULL) == 0) {
	printf("Saved modified blacklist\n");
	} else {
	perror("Failed saving blacklist");
	list_destroy(blacklist);
	free(blacklist);
	return 5;
	}
	} else {
	printf("%s is not in blacklist\n", me.value);
	list_destroy(blacklist);
	free(blacklist);
	return 4;
	}

	list_destroy(blacklist);
	free(blacklist);

	return 0;
	}