aboutsummaryrefslogtreecommitdiff
path: root/security/oidentd
diff options
context:
space:
mode:
authorOliver Lehmann <oliver@FreeBSD.org>2004-10-15 17:44:18 +0000
committerOliver Lehmann <oliver@FreeBSD.org>2004-10-15 17:44:18 +0000
commitaac49f07a4c681ce0ad18505efa27395244662b9 (patch)
tree50a58cbecfc19160c4d6aef2c57ee28c8ff13871 /security/oidentd
parent3ed0900d70d3d04fdd796154f64aec44b08a6976 (diff)
downloadports-aac49f07a4c681ce0ad18505efa27395244662b9.tar.gz
ports-aac49f07a4c681ce0ad18505efa27395244662b9.zip
Notes
Diffstat (limited to 'security/oidentd')
-rw-r--r--security/oidentd/Makefile15
-rw-r--r--security/oidentd/files/oidentd.sh13
-rw-r--r--security/oidentd/files/patch-ipv6_missing.h42
-rw-r--r--security/oidentd/files/patch-oidentd.834
-rw-r--r--security/oidentd/files/patch-oidentd.conf.538
-rw-r--r--security/oidentd/files/patch-oidentd_masq.conf.511
-rw-r--r--security/oidentd/files/patch-unprivileged_ipv6235
7 files changed, 154 insertions, 234 deletions
diff --git a/security/oidentd/Makefile b/security/oidentd/Makefile
index 95284cb23008..144d0c3eab4a 100644
--- a/security/oidentd/Makefile
+++ b/security/oidentd/Makefile
@@ -7,7 +7,7 @@
PORTNAME= oidentd
PORTVERSION= 2.0.7
-PORTREVISION= 6
+PORTREVISION= 7
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= ojnk
@@ -15,7 +15,7 @@ MASTER_SITE_SUBDIR= ojnk
MAINTAINER= oliver@FreeBSD.org
COMMENT= Ident server that supports user-defined ident strings
-USE_GMAKE= yes
+USE_RC_SUBR= yes
USE_REINPLACE= yes
GNU_CONFIGURE= yes
CONFIGURE_TARGET= --build=${MACHINE_ARCH}-portbld-freebsd${OSREL}
@@ -25,10 +25,6 @@ MAN8= oidentd.8
PLIST_FILES= sbin/oidentd etc/rc.d/oidentd.sh etc/oidentd.conf.sample \
etc/oidentd_masq.conf.sample
-.include <bsd.port.pre.mk>
-
-USE_RC_SUBR= yes
-
post-patch:
@${REINPLACE_CMD} -e 's,/etc/,${PREFIX}&,g' ${WRKSRC}/src/oidentd.h
@@ -41,7 +37,12 @@ do-install:
${INSTALL_PROGRAM} ${WRKSRC}/src/oidentd ${PREFIX}/sbin
${INSTALL_DATA} ${MAN5:S,^,${FILESDIR}/,:S,5$,sample,} ${PREFIX}/etc
${INSTALL_SCRIPT} ${WRKDIR}/oidentd.sh ${PREFIX}/etc/rc.d
+.if !defined(NO_INSTALL_MANPAGES)
+.for MANFILE in ${MAN5} ${MAN8}
+ @${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},g' ${WRKSRC}/doc/${MANFILE}
+.endfor
${INSTALL_MAN} ${MAN5:S,^,${WRKSRC}/doc/,} ${PREFIX}/man/man5
${INSTALL_MAN} ${MAN8:S,^,${WRKSRC}/doc/,} ${PREFIX}/man/man8
+.endif
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
diff --git a/security/oidentd/files/oidentd.sh b/security/oidentd/files/oidentd.sh
index 72bf842f09c0..2f460be51b84 100644
--- a/security/oidentd/files/oidentd.sh
+++ b/security/oidentd/files/oidentd.sh
@@ -21,12 +21,23 @@ name=oidentd
rcvar=`set_rcvar`
command=%%PREFIX%%/sbin/${name}
-required_files=%%PREFIX%%/etc/${name}.conf
# set defaults
oidentd_enable=${oidentd_enable:-"NO"}
+oidentd_conf=${oidentd_conf:-"%%PREFIX%%/etc/${name}.conf"}
oidentd_flags=${oidentd_flags:-""}
+oidentd_precmd ()
+{
+ if [ -n "${oidentd_conf}" ]; then
+ rc_flags="${rc_flags} -C ${oidentd_conf}"
+ fi
+}
+
load_rc_config ${name}
+
+start_precmd=${name}_precmd
+required_files=${oidentd_conf}
+
run_rc_command "$1"
diff --git a/security/oidentd/files/patch-ipv6_missing.h b/security/oidentd/files/patch-ipv6_missing.h
new file mode 100644
index 000000000000..143c7778f776
--- /dev/null
+++ b/security/oidentd/files/patch-ipv6_missing.h
@@ -0,0 +1,42 @@
+--- src/missing/ipv6_missing.h.orig Tue Dec 3 06:05:18 2002
++++ src/missing/ipv6_missing.h Sat Sep 4 16:05:28 2004
+@@ -1,20 +1,32 @@
+ #ifndef __IPV6_MISSING_H
+ #define __IPV6_MISSING_H
+
++/* Correspond some of these values with present-day FreeBSD;
++ * verified on 4.10-STABLE and 5.3-BETA2.
++ */
++
++#ifndef EAI_MEMORY
++# define EAI_MEMORY 6
++#endif
+ #ifndef EAI_NODATA
+-# define EAI_NODATA 1
+-# define EAI_MEMORY 2
++# define EAI_NODATA 7
+ #endif
+
+ #ifndef AI_PASSIVE
+-# define AI_PASSIVE 1
+-# define AI_CANONNAME 2
++# define AI_PASSIVE 0x00000001
++#endif
++#ifndef AI_CANONNAME
++# define AI_CANONNAME 0x00000002
+ #endif
+
+ #ifndef NI_NUMERICHOST
+-# define NI_NUMERICHOST 2
+-# define NI_NAMEREQD 4
+-# define NI_NUMERICSERV 8
++# define NI_NUMERICHOST 0x00000002
++#endif
++#ifndef NI_NAMEREQD
++# define NI_NAMEREQD 0x00000004
++#endif
++#ifndef NI_NUMERICSERV
++# define NI_NUMERICSERV 0x00000008
+ #endif
+
+ #ifndef HAVE_STRUCT_ADDRINFO
diff --git a/security/oidentd/files/patch-oidentd.8 b/security/oidentd/files/patch-oidentd.8
new file mode 100644
index 000000000000..fa1d73d908b2
--- /dev/null
+++ b/security/oidentd/files/patch-oidentd.8
@@ -0,0 +1,34 @@
+--- doc/oidentd.8.orig Sun Apr 27 20:40:59 2003
++++ doc/oidentd.8 Sat Sep 4 16:12:29 2004
+@@ -58,7 +58,7 @@
+
+ .TP
+ .B "\-C or \-\-config=<config file>"
+-Use the specified file as the configuration file. The default location of the configuration file is \fB/etc/oidentd.conf\fP.
++Use the specified file as the configuration file. The default location of the configuration file is \fB%%PREFIX%%/etc/oidentd.conf\fP.
+
+ .TP
+ .B "\-d or \-\-debug"
+@@ -70,7 +70,7 @@
+
+ .TP
+ .B "\-f or \-\-forward=[<port>]"
+-When IP masquerading support is enabled, forward requests for machines that masquerade through us to those machines on the specified port. If a port is not given, oidentd will use the default port for the ident service ("auth" or port 113). If the forwarded request fails, \fBoidentd\fP will fall back to reading the \fB/etc/oidentd_masq.conf\fP file. In order for forwarding to work, the machine to which the connection is forwarded must also be running oidentd, and oidentd must be run with the -P switch specifying the host that is forwarding the connections. If the ident daemon on the host to which the connection is forwarded is capable of returning a fixed string for any lookup (for example, the ident server built in to the mIRC windows IRC client), it is not necessary to run oidentd on that host.
++When IP masquerading support is enabled, forward requests for machines that masquerade through us to those machines on the specified port. If a port is not given, oidentd will use the default port for the ident service ("auth" or port 113). If the forwarded request fails, \fBoidentd\fP will fall back to reading the \fB%%PREFIX%%/etc/oidentd_masq.conf\fP file. In order for forwarding to work, the machine to which the connection is forwarded must also be running oidentd, and oidentd must be run with the -P switch specifying the host that is forwarding the connections. If the ident daemon on the host to which the connection is forwarded is capable of returning a fixed string for any lookup (for example, the ident server built in to the mIRC windows IRC client), it is not necessary to run oidentd on that host.
+
+ .TP
+ .B "\-g or \-\-group=<group|GID>"
+@@ -152,11 +152,11 @@
+
+ .SH FILES
+ .TP
+-.B /etc/oidentd.conf
++.B %%PREFIX%%/etc/oidentd.conf
+ The system-wide configuration file.
+
+ .TP
+-.B /etc/oidentd_masq.conf
++.B %%PREFIX%%/etc/oidentd_masq.conf
+ The NAT/IP masquerading mappings.
+
+ .TP
diff --git a/security/oidentd/files/patch-oidentd.conf.5 b/security/oidentd/files/patch-oidentd.conf.5
new file mode 100644
index 000000000000..808da011ac15
--- /dev/null
+++ b/security/oidentd/files/patch-oidentd.conf.5
@@ -0,0 +1,38 @@
+--- doc/oidentd.conf.5.orig Sun Apr 27 20:40:59 2003
++++ doc/oidentd.conf.5 Sat Sep 4 16:12:48 2004
+@@ -16,7 +16,7 @@
+ The \fBoidentd\fP configuration file is used to specify the amount of control users have over the responses \fBoidentd\fP returns upon successful lookups for connections owned by them.
+ .PP
+ The \fB$HOME/.oidentd.conf\fP file allows a user to specify what ident response will be returned for specific connections.
+-.SH /etc/oidentd.conf SYNTAX
++.SH %%PREFIX%%/etc/oidentd.conf SYNTAX
+ .TP
+ .B USER DIRECTIVE
+ The \fBoidentd.conf\fP file consists of 0 or more \fIuser\fP directives. The \fIuser\fP directive is used to grant capabilities on a per-user basis.
+@@ -101,7 +101,7 @@
+
+ The \fIglobal\fP directive acts as a wildcard, matching all connections, so if used at all, the global directive should be the first entry in the file and should be used only once. Use is permitted anywhere in the file and infinitely many times, however it doesn't make much sense to use it in this manner.
+
+-The range directive has the same syntax and semantics as the range directive in the \fB/etc/oidentd.conf\fP file. See above for a description.
++The range directive has the same syntax and semantics as the range directive in the \fB%%PREFIX%%/etc/oidentd.conf\fP file. See above for a description.
+
+ Valid capabilities are \fIreply\fP, \fIrandom\fP, \fInumeric\fP, \fIrandom_numeric\fP, and \fIhide\fP. Descriptions can be found below.
+ .SH CAPABILITIES
+@@ -126,7 +126,7 @@
+
+ In a user's \fB$HOME/.oidentd.conf\fP file, up to 20 strings may be specified for a \fBreply\fP statement.
+
+-In the \fB/etc/oidentd.conf\fP file, there is no limitation on the number of strings that may be specified.
++In the \fB%%PREFIX%%/etc/oidentd.conf\fP file, there is no limitation on the number of strings that may be specified.
+
+ The strings must be quoted strings (e.g. "string"). Strings may contain the following escape characters:
+
+@@ -183,7 +183,7 @@
+ .TP
+ .B random_numeric
+ Reply to successful with a randomly generated ident response of the form userN, where N is a random number between 0 and 100000.
+-.SH EXAMPLE /etc/oidentd.conf FILE
++.SH EXAMPLE %%PREFIX%%/etc/oidentd.conf FILE
+ .nf
+ default {
+ default {
diff --git a/security/oidentd/files/patch-oidentd_masq.conf.5 b/security/oidentd/files/patch-oidentd_masq.conf.5
new file mode 100644
index 000000000000..58f133798e82
--- /dev/null
+++ b/security/oidentd/files/patch-oidentd_masq.conf.5
@@ -0,0 +1,11 @@
+--- doc/oidentd_masq.conf.5.orig Sun Apr 27 20:40:59 2003
++++ doc/oidentd_masq.conf.5 Sat Sep 4 16:12:11 2004
+@@ -13,7 +13,7 @@
+ oidentd_masq.conf - oidentd IP masquerading/NAT configuration file.
+
+ .SH DESCRIPTION
+-If you are using IP masquerading or NAT, oidentd can optionally return a username for connections from other machines. Support for this is specified by calling \fBoidentd\fP with the \-m (or \-\-masq) flag and by creating an \fB/etc/oidentd_masq.conf\fP file.
++If you are using IP masquerading or NAT, oidentd can optionally return a username for connections from other machines. Support for this is specified by calling \fBoidentd\fP with the \-m (or \-\-masq) flag and by creating an \fB%%PREFIX%%/etc/oidentd_masq.conf\fP file.
+ .PP
+ \fBoidentd\fP can also forward requests for an IP masqueraded connection to the machine from which connection originates by way of the -f option. This will only work if the host to which the connection is forwarded is running oidentd with the -P (proxy) flag, or if the host's ident daemon will return a valid reply regardless of the input supplied by and the address of the host requesting the info (some ident daemons for windows do this, maybe others).
+
diff --git a/security/oidentd/files/patch-unprivileged_ipv6 b/security/oidentd/files/patch-unprivileged_ipv6
index b48c011b666d..a005c6eb5261 100644
--- a/security/oidentd/files/patch-unprivileged_ipv6
+++ b/security/oidentd/files/patch-unprivileged_ipv6
@@ -1,218 +1,5 @@
-diff -ru src.old/kernel/freebsd.c src/kernel/freebsd.c
---- src.old/kernel/freebsd.c Tue May 18 23:12:23 2004
-+++ src/kernel/freebsd.c Tue May 18 23:13:45 2004
-@@ -159,11 +159,11 @@
-
- #ifdef _HAVE_OLD_INPCB
-
--static struct socket *getlist4( void *arg,
-+static struct socket *getlist( void *arg,
- in_port_t lport,
- in_port_t fport,
-- const struct in_addr *laddr,
-- const struct in_addr *faddr)
-+ const struct sockaddr *laddr,
-+ const struct sockaddr *faddr)
- {
- struct inpcb *pcbp = arg;
- struct inpcb *head;
-@@ -175,8 +175,8 @@
-
- do {
- if (opt_enabled(PROXY)) {
-- if (faddr->s_addr == SIN4(&proxy)->sin_addr.s_addr &&
-- laddr->s_addr != SIN4(&proxy)->sin_addr.s_addr &&
-+ if (SIN4(faddr)->sin_addr.s_addr == SIN4(&proxy)->sin_addr.s_addr &&
-+ SIN4(laddr)->sin_addr.s_addr != SIN4(&proxy)->sin_addr.s_addr &&
- pcbp->inp_fport == fport &&
- pcbp->inp_lport == lport)
- {
-@@ -184,8 +184,8 @@
- }
- }
-
-- if (pcbp->inp_faddr.s_addr == faddr->s_addr &&
-- pcbp->inp_laddr.s_addr == laddr->s_addr &&
-+ if (pcbp->inp_faddr.s_addr == SIN4(faddr)->sin_addr.s_addr &&
-+ pcbp->inp_laddr.s_addr == SIN4(laddr)->sin_addr.s_addr &&
- pcbp->inp_fport == fport &&
- pcbp->inp_lport == lport)
- {
-@@ -199,28 +199,45 @@
-
- #else
-
--static struct socket *getlist4( void *arg,
-+static struct socket *getlist( void *arg,
- in_port_t lport,
- in_port_t fport,
-- const struct in_addr *laddr,
-- const struct in_addr *faddr)
-+ const struct sockaddr *local,
-+ const struct sockaddr *remote)
- {
- struct inpcb *head, pcbp;
- struct inpcbhead *pcbhead = arg;
-+ char *faddr, *laddr, *pfaddr, *pladdr;
-+ int alen;
-
-- (void) laddr;
-+ if (remote->sa_family != local->sa_family)
-+ return (NULL);
-+ switch (remote->sa_family) {
-+ case AF_INET:
-+ faddr = (char *)&SIN4(remote)->sin_addr;
-+ laddr = (char *)&SIN4(local)->sin_addr;
-+ break;
-+#ifdef INP_IPV6
-+ case AF_INET6:
-+ faddr = (char *)&SIN6(remote)->sin6_addr;
-+ laddr = (char *)&SIN6(local)->sin6_addr;
-+ break;
-+#endif
-+ default:
-+ return (NULL);
-+ }
-
- head = pcbhead->lh_first;
- if (head == NULL)
- return (NULL);
-
-- do {
-+ for (; head != NULL; head = pcbp.inp_list.le_next) {
- if (getbuf((u_long) head, &pcbp, sizeof(struct inpcb)) == -1)
- break;
-
-- if (opt_enabled(PROXY)) {
-- if (faddr->s_addr == SIN4(&proxy)->sin_addr.s_addr &&
-- laddr->s_addr != SIN4(&proxy)->sin_addr.s_addr &&
-+ if (opt_enabled(PROXY) && remote->sa_family == AF_INET) {
-+ if (SIN4(remote)->sin_addr.s_addr == SIN4(&proxy)->sin_addr.s_addr &&
-+ SIN4(local)->sin_addr.s_addr != SIN4(&proxy)->sin_addr.s_addr &&
- pcbp.inp_fport == fport &&
- pcbp.inp_lport == lport)
- {
-@@ -228,16 +245,39 @@
- }
- }
-
-- if (pcbp.inp_faddr.s_addr == faddr->s_addr &&
-- pcbp.inp_laddr.s_addr == laddr->s_addr &&
-+#ifdef INP_IPV6
-+ if (pcbp.inp_vflag & INP_IPV4)
-+ {
-+ if (remote->sa_family != AF_INET)
-+ continue;
-+ pfaddr = (char *)&pcbp.inp_faddr;
-+ pladdr = (char *)&pcbp.inp_laddr;
-+ alen = sizeof(struct in_addr);
-+ }
-+ else if (pcbp.inp_vflag & INP_IPV6)
-+ {
-+ if (remote->sa_family != AF_INET6)
-+ continue;
-+ pfaddr = (char *)&pcbp.in6p_faddr;
-+ pladdr = (char *)&pcbp.in6p_laddr;
-+ alen = sizeof(struct in6_addr);
-+ }
-+ else
-+ continue;
-+#else
-+ pfaddr = (char *)&pcbp.inp_faddr;
-+ pladdr = (char *)&pcbp.inp_laddr;
-+ alen = sizeof(struct in_addr);
-+#endif
-+ if (memcmp(pfaddr, faddr, alen) == 0 &&
-+ memcmp(pladdr, laddr, alen) == 0 &&
- pcbp.inp_fport == fport &&
- pcbp.inp_lport == lport)
- {
- return (pcbp.inp_socket);
- }
-
-- head = pcbp.inp_list.le_next;
-- } while (head != NULL);
-+ }
-
- return (NULL);
- }
-@@ -248,7 +288,7 @@
- ** Return the UID of the connection owner
- */
-
--int get_user4( in_port_t lport,
-+static int get_user( in_port_t lport,
- in_port_t fport,
- struct sockaddr_storage *laddr,
- struct sockaddr_storage *faddr)
-@@ -276,8 +316,9 @@
- tcb.inp_prev = (struct inpcb *) kinfo->nl[N_TCB].n_value;
- #endif
-
-- sockp = getlist4(&tcb, lport, fport,
-- &SIN4(laddr)->sin_addr, &SIN4(faddr)->sin_addr);
-+ sockp = getlist(&tcb, lport, fport,
-+ (struct sockaddr *)laddr,
-+ (struct sockaddr *)faddr);
-
- if (sockp == NULL)
- return (-1);
-@@ -346,6 +387,14 @@
- return (-1);
- }
-
-+int get_user4( in_port_t lport,
-+ in_port_t fport,
-+ struct sockaddr_storage *laddr,
-+ struct sockaddr_storage *faddr)
-+{
-+ return (get_user(lport, fport, laddr, faddr));
-+}
-+
- #ifdef MASQ_SUPPORT
-
- /*
-@@ -456,36 +505,7 @@
- struct sockaddr_storage *laddr,
- struct sockaddr_storage *faddr)
- {
-- struct ucred ucred;
-- struct sockaddr_in6 sin6[2];
-- int len;
-- int ret;
--
-- len = sizeof(struct ucred);
--
-- memset(sin6, 0, sizeof(sin6));
--
-- sin6[0].sin6_len = sizeof(struct sockaddr_in6);
-- sin6[0].sin6_family = AF_INET6;
-- sin6[0].sin6_port = lport;
-- memcpy(&sin6[0].sin6_addr, &SIN6(laddr)->sin6_addr,
-- sizeof(sin6[0].sin6_addr));
--
-- sin6[1].sin6_len = sizeof(struct sockaddr_in6);
-- sin6[1].sin6_family = AF_INET6;
-- sin6[1].sin6_port = fport;
-- memcpy(&sin6[1].sin6_addr, &SIN6(faddr)->sin6_addr,
-- sizeof(sin6[1].sin6_addr));
--
-- ret = sysctlbyname("net.inet6.tcp6.getcred",
-- &ucred, &len, sin6, sizeof(sin6));
--
-- if (ret == -1) {
-- debug("sysctlbyname: %s", strerror(errno));
-- return (-1);
-- }
--
-- return (ucred.cr_uid);
-+ return (get_user(lport, fport, laddr, faddr));
- }
-
- #endif
-diff -ru src.old/kernel/freebsd5.c src/kernel/freebsd5.c
---- src.old/kernel/freebsd5.c Tue May 18 23:12:23 2004
-+++ src/kernel/freebsd5.c Tue May 18 23:12:46 2004
+--- src/kernel/freebsd5.c.orig Wed Feb 12 03:15:59 2003
++++ src/kernel/freebsd5.c Fri Oct 15 19:36:01 2004
@@ -160,11 +160,11 @@
#ifdef _HAVE_OLD_INPCB
@@ -299,24 +86,20 @@ diff -ru src.old/kernel/freebsd5.c src/kernel/freebsd5.c
pcbp.inp_fport == fport &&
pcbp.inp_lport == lport)
{
-@@ -229,8 +244,26 @@
+@@ -229,8 +244,22 @@
}
}
- if (pcbp.inp_faddr.s_addr == faddr->s_addr &&
- pcbp.inp_laddr.s_addr == laddr->s_addr &&
-+ if (pcbp.inp_vflag & INP_IPV4)
++ if (remote->sa_family == AF_INET)
+ {
-+ if (remote->sa_family != AF_INET)
-+ continue;
+ pfaddr = (char *)&pcbp.inp_faddr;
+ pladdr = (char *)&pcbp.inp_laddr;
+ alen = sizeof(struct in_addr);
+ }
-+ else if (pcbp.inp_vflag & INP_IPV6)
++ else if (remote->sa_family == AF_INET6)
+ {
-+ if (remote->sa_family != AF_INET6)
-+ continue;
+ pfaddr = (char *)&pcbp.in6p_faddr;
+ pladdr = (char *)&pcbp.in6p_laddr;
+ alen = sizeof(struct in6_addr);
@@ -328,7 +111,7 @@ diff -ru src.old/kernel/freebsd5.c src/kernel/freebsd5.c
pcbp.inp_fport == fport &&
pcbp.inp_lport == lport)
{
-@@ -249,7 +282,7 @@
+@@ -249,7 +278,7 @@
** Return the UID of the connection owner
*/
@@ -337,7 +120,7 @@ diff -ru src.old/kernel/freebsd5.c src/kernel/freebsd5.c
in_port_t fport,
struct sockaddr_storage *laddr,
struct sockaddr_storage *faddr)
-@@ -276,8 +309,9 @@
+@@ -276,8 +305,9 @@
tcb.inp_prev = (struct inpcb *) kinfo->nl[N_TCB].n_value;
#endif
@@ -349,7 +132,7 @@ diff -ru src.old/kernel/freebsd5.c src/kernel/freebsd5.c
if (sockp == NULL)
return (-1);
-@@ -338,6 +372,14 @@
+@@ -338,6 +368,14 @@
return (-1);
}
@@ -364,7 +147,7 @@ diff -ru src.old/kernel/freebsd5.c src/kernel/freebsd5.c
#ifdef MASQ_SUPPORT
/*
-@@ -448,36 +490,7 @@
+@@ -448,36 +486,7 @@
struct sockaddr_storage *laddr,
struct sockaddr_storage *faddr)
{