author: Oliver Lehmann <oliver@FreeBSD.org> 2004-10-24 12:16:51 +0000
committer: Oliver Lehmann <oliver@FreeBSD.org> 2004-10-24 12:16:51 +0000
commit: f4c03164ecda236c8b4acc36ec369cbdac9674b0 (patch)
tree: 8c4f5ba8f9e9a1bdd02c19b9cc70b4041ad59ca8 /security/oidentd
parent: 3039b528dd2678536dc60651d470681b4b545dd2 (diff)
download: ports-f4c03164ecda236c8b4acc36ec369cbdac9674b0.tar.gz
ports-f4c03164ecda236c8b4acc36ec369cbdac9674b0.zip
2 files changed, 216 insertions, 3 deletions
diff --git a/security/oidentd/Makefile b/security/oidentd/Makefile
index 144d0c3eab4a..7672b3c26882 100644
--- a/security/oidentd/Makefile
+++ b/security/oidentd/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	oidentd
 PORTVERSION=	2.0.7
-PORTREVISION=	7
+PORTREVISION=	8
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	ojnk
diff --git a/security/oidentd/files/patch-unprivileged_ipv6 b/security/oidentd/files/patch-unprivileged_ipv6
index a005c6eb5261..5a798d101d46 100644
--- a/security/oidentd/files/patch-unprivileged_ipv6
+++ b/security/oidentd/files/patch-unprivileged_ipv6
@@ -1,5 +1,218 @@
---- src/kernel/freebsd5.c.orig	Wed Feb 12 03:15:59 2003
-+++ src/kernel/freebsd5.c	Fri Oct 15 19:36:01 2004
+diff -ru src.old/kernel/freebsd.c src/kernel/freebsd.c
+--- src.old/kernel/freebsd.c	Tue May 18 23:12:23 2004
++++ src/kernel/freebsd.c	Tue May 18 23:13:45 2004
+@@ -159,11 +159,11 @@
+ 
+ #ifdef _HAVE_OLD_INPCB
+ 
+-static struct socket *getlist4(	void *arg,
++static struct socket *getlist(	void *arg,
+ 								in_port_t lport,
+ 								in_port_t fport,
+-								const struct in_addr *laddr,
+-								const struct in_addr *faddr)
++								const struct sockaddr *laddr,
++								const struct sockaddr *faddr)
+ {
+ 	struct inpcb *pcbp = arg;
+ 	struct inpcb *head;
+@@ -175,8 +175,8 @@
+ 
+ 	do {
+ 		if (opt_enabled(PROXY)) {
+-			if (faddr->s_addr == SIN4(&proxy)->sin_addr.s_addr &&
+-				laddr->s_addr != SIN4(&proxy)->sin_addr.s_addr &&
++			if (SIN4(faddr)->sin_addr.s_addr == SIN4(&proxy)->sin_addr.s_addr &&
++				SIN4(laddr)->sin_addr.s_addr != SIN4(&proxy)->sin_addr.s_addr &&
+ 				pcbp->inp_fport == fport &&
+ 				pcbp->inp_lport == lport)
+ 			{
+@@ -184,8 +184,8 @@
+ 			}
+ 		}
+ 
+-		if (pcbp->inp_faddr.s_addr == faddr->s_addr &&
+-			pcbp->inp_laddr.s_addr == laddr->s_addr &&
++		if (pcbp->inp_faddr.s_addr == SIN4(faddr)->sin_addr.s_addr &&
++			pcbp->inp_laddr.s_addr == SIN4(laddr)->sin_addr.s_addr &&
+ 			pcbp->inp_fport == fport &&
+ 			pcbp->inp_lport == lport)
+ 		{
+@@ -199,28 +199,45 @@
+ 
+ #else
+ 
+-static struct socket *getlist4(	void *arg,
++static struct socket *getlist(	void *arg,
+ 								in_port_t lport,
+ 								in_port_t fport,
+-								const struct in_addr *laddr,
+-								const struct in_addr *faddr)
++								const struct sockaddr *local,
++								const struct sockaddr *remote)
+ {
+ 	struct inpcb *head, pcbp;
+ 	struct inpcbhead *pcbhead = arg;
++	char *faddr, *laddr, *pfaddr, *pladdr;
++	int alen;
+ 
+-	(void) laddr;
++	if (remote->sa_family != local->sa_family)
++		return (NULL);
++	switch (remote->sa_family) {
++	case AF_INET:
++		faddr = (char *)&SIN4(remote)->sin_addr;
++		laddr = (char *)&SIN4(local)->sin_addr;
++		break;
++#ifdef INP_IPV6
++	case AF_INET6:
++		faddr = (char *)&SIN6(remote)->sin6_addr;
++		laddr = (char *)&SIN6(local)->sin6_addr;
++		break;
++#endif
++	default:
++		return (NULL);
++	}
+ 
+ 	head = pcbhead->lh_first;
+ 	if (head == NULL)
+ 		return (NULL);
+ 
+-	do {
++	for (; head != NULL; head = pcbp.inp_list.le_next) {
+ 		if (getbuf((u_long) head, &pcbp, sizeof(struct inpcb)) == -1)
+ 			break;
+ 
+-		if (opt_enabled(PROXY)) {
+-			if (faddr->s_addr == SIN4(&proxy)->sin_addr.s_addr &&
+-				laddr->s_addr != SIN4(&proxy)->sin_addr.s_addr &&
++		if (opt_enabled(PROXY) && remote->sa_family == AF_INET) {
++			if (SIN4(remote)->sin_addr.s_addr == SIN4(&proxy)->sin_addr.s_addr &&
++				SIN4(local)->sin_addr.s_addr != SIN4(&proxy)->sin_addr.s_addr &&
+ 				pcbp.inp_fport == fport &&
+ 				pcbp.inp_lport == lport)
+ 			{
+@@ -228,16 +245,39 @@
+ 			}
+ 		}
+ 
+-		if (pcbp.inp_faddr.s_addr == faddr->s_addr &&
+-			pcbp.inp_laddr.s_addr == laddr->s_addr &&
++#ifdef INP_IPV6
++		if (pcbp.inp_vflag & INP_IPV4)
++		{
++			if (remote->sa_family != AF_INET)
++				continue;
++			pfaddr = (char *)&pcbp.inp_faddr;
++			pladdr = (char *)&pcbp.inp_laddr;
++			alen = sizeof(struct in_addr);
++		}
++		else if (pcbp.inp_vflag & INP_IPV6)
++		{
++			if (remote->sa_family != AF_INET6)
++				continue;
++			pfaddr = (char *)&pcbp.in6p_faddr;
++			pladdr = (char *)&pcbp.in6p_laddr;
++			alen = sizeof(struct in6_addr);
++		}
++		else
++			continue;
++#else
++		pfaddr = (char *)&pcbp.inp_faddr;
++		pladdr = (char *)&pcbp.inp_laddr;
++		alen = sizeof(struct in_addr);
++#endif
++		if (memcmp(pfaddr, faddr, alen) == 0 &&
++			memcmp(pladdr, laddr, alen) == 0 &&
+ 			pcbp.inp_fport == fport &&
+ 			pcbp.inp_lport == lport)
+ 		{
+ 			return (pcbp.inp_socket);
+ 		}
+ 
+-		head = pcbp.inp_list.le_next;
+-	} while (head != NULL);
++	}
+ 
+ 	return (NULL);
+ }
+@@ -248,7 +288,7 @@
+ ** Return the UID of the connection owner
+ */
+ 
+-int get_user4(	in_port_t lport,
++static int get_user(	in_port_t lport,
+ 				in_port_t fport,
+ 				struct sockaddr_storage *laddr,
+ 				struct sockaddr_storage *faddr)
+@@ -276,8 +316,9 @@
+ 	tcb.inp_prev = (struct inpcb *) kinfo->nl[N_TCB].n_value;
+ #endif
+ 
+-	sockp = getlist4(&tcb, lport, fport,
+-				&SIN4(laddr)->sin_addr, &SIN4(faddr)->sin_addr);
++	sockp = getlist(&tcb, lport, fport,
++				(struct sockaddr *)laddr,
++				(struct sockaddr *)faddr);
+ 
+ 	if (sockp == NULL)
+ 		return (-1);
+@@ -346,6 +387,14 @@
+ 	return (-1);
+ }
+ 
++int get_user4(	in_port_t lport,
++				in_port_t fport,
++				struct sockaddr_storage *laddr,
++				struct sockaddr_storage *faddr)
++{
++	return (get_user(lport, fport, laddr, faddr));
++}
++
+ #ifdef MASQ_SUPPORT
+ 
+ /*
+@@ -456,36 +505,7 @@
+ 				struct sockaddr_storage *laddr,
+ 				struct sockaddr_storage *faddr)
+ {
+-	struct ucred ucred;
+-	struct sockaddr_in6 sin6[2];
+-	int len;
+-	int ret;
+-
+-	len = sizeof(struct ucred);
+-
+-	memset(sin6, 0, sizeof(sin6));
+-
+-	sin6[0].sin6_len = sizeof(struct sockaddr_in6);
+-	sin6[0].sin6_family = AF_INET6;
+-	sin6[0].sin6_port = lport;
+-	memcpy(&sin6[0].sin6_addr, &SIN6(laddr)->sin6_addr,
+-		sizeof(sin6[0].sin6_addr));
+-
+-	sin6[1].sin6_len = sizeof(struct sockaddr_in6);
+-	sin6[1].sin6_family = AF_INET6;
+-	sin6[1].sin6_port = fport;
+-	memcpy(&sin6[1].sin6_addr, &SIN6(faddr)->sin6_addr,
+-		sizeof(sin6[1].sin6_addr));
+-
+-	ret = sysctlbyname("net.inet6.tcp6.getcred",
+-			&ucred, &len, sin6, sizeof(sin6));
+-
+-	if (ret == -1) {
+-		debug("sysctlbyname: %s", strerror(errno));
+-		return (-1);
+-	}
+-
+-	return (ucred.cr_uid);
++	return (get_user(lport, fport, laddr, faddr));
+ }
+ 
+ #endif
+diff -ru src.old/kernel/freebsd5.c src/kernel/freebsd5.c
+--- src.old/kernel/freebsd5.c	Tue May 18 23:12:23 2004
++++ src/kernel/freebsd5.c	Tue May 18 23:12:46 2004
 @@ -160,11 +160,11 @@
  
  #ifdef _HAVE_OLD_INPCB
author	Oliver Lehmann <oliver@FreeBSD.org>	2004-10-24 12:16:51 +0000
committer	Oliver Lehmann <oliver@FreeBSD.org>	2004-10-24 12:16:51 +0000
commit	f4c03164ecda236c8b4acc36ec369cbdac9674b0 (patch)
tree	8c4f5ba8f9e9a1bdd02c19b9cc70b4041ad59ca8 /security/oidentd
parent	3039b528dd2678536dc60651d470681b4b545dd2 (diff)
download	ports-f4c03164ecda236c8b4acc36ec369cbdac9674b0.tar.gz ports-f4c03164ecda236c8b4acc36ec369cbdac9674b0.zip