File 01-legacy.patch of Package pidentd
Index: pidentd-3.0.19.ds1/INSTALL
===================================================================
--- pidentd-3.0.19.ds1.orig/INSTALL
+++ pidentd-3.0.19.ds1/INSTALL
@@ -75,7 +75,7 @@ The libcrypto library included with his
ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.y.z.tar.gz
-The libcrypto library is actually the prefered one since it includes
+The libcrypto library is actually the preferred one since it includes
a good random DES key generator which is used (if found) by the
Ikeygen program.
Index: pidentd-3.0.19.ds1/etc/identd.conf
===================================================================
--- pidentd-3.0.19.ds1.orig/etc/identd.conf
+++ pidentd-3.0.19.ds1/etc/identd.conf
@@ -1,4 +1,4 @@
-# /usr/local/etc/identd.conf - an example configuration file
+# /etc/identd.conf - an example configuration file
#-- The syslog facility for error messages
@@ -18,7 +18,7 @@ server:user = nobody
# server:backlog = 256
#-- Where to write the file containing our process id
-# server:pid-file = "/etc/identd.pid"
+# server:pid-file = "/var/run/identd/identd.pid"
#-- Maximum number of concurrent requests allowed (0 = unlimited)
# server:max-requests = 0
@@ -28,7 +28,7 @@ server:user = nobody
#-- Enable some protocol extensions like "VERSION" or "QUIT"
protocol:extensions = enabled
-#-- Allow multiple queries per connection. This slightly breaks RFC1413
+#-- Allow multiple queries per connection
protocol:multiquery = enabled
#-- Timeout in seconds since connection or last query. Zero = disable
Index: pidentd-3.0.19.ds1/doc/identd.8
===================================================================
--- pidentd-3.0.19.ds1.orig/doc/identd.8
+++ pidentd-3.0.19.ds1/doc/identd.8
@@ -2,11 +2,11 @@
.\" Copyright (c) 1992-1999 Peter Eriksson, Lysator, Linkoping University.
.\" This manual page is released into the public domain."
.\"
-.TH identd 1 "8 Jan 1999"
+.TH identd 8 "8 Jan 1999"
.SH NAME
-identd, in.identd \- TCP/IP IDENT protocol server
+identd \- TCP/IP IDENT protocol server
.SH SYNOPSIS
-.B [in.]identd [options]
+.B identd [options]
.SH DESCRIPTION
.IX "identd daemon" "" \fLidentd\fP daemon"
.B Identd
@@ -111,7 +111,7 @@ wish to keep the user names a secret).
Directs
.B identd
to check for a file ".noident" in each home directory for the user which
-the daemon is about to return the user name for. It that file exists then
+the daemon is about to return the user name for. If that file exists then
the daemon will give the error
.B HIDDEN-USER
instead of the normal USERID response.
@@ -134,7 +134,7 @@ processed per session. Each request is s
the responses will be returned one per line. The connection will not
be closed until the connecting part closes it's end of the line.
.SH INSTALLATION
-The prefered way to start
+The preferred way to start
.B identd
depends on how it was built.
.PP
@@ -193,7 +193,9 @@ The configuration file contains a list o
pairs.
.TP 10
.B syslog:facility = FACILITY
-Set which facility to use when sending syslog messages.
+Set which facility to use when sending syslog messages. See
+.BR syslog.conf (5)
+for more information.
.TP 10
.B server:user = USER
Set what user (and group, from the passwd database) the daemon
@@ -254,8 +256,10 @@ Define the character set returned in rep
Define the operating system returned in replies. Default: "UNIX"
.TP 10
.B result:syslog-level = LEVEL
-If set to anything other than "none", all request replies till
-be sent to the syslog service with the specificed severity level.
+If set to anything other than "none", all requested replies will
+be sent to the syslog service with the specified severity level. See
+.BR syslog.conf (5)
+for more information.
Default: none
.TP 10
.B result:encrypt = YES/NO
@@ -287,16 +291,16 @@ returns info for outgoing connections, n
Contains the default configuration options for
.B identd.
.TP
-.B /etc/identd.pid
-Contains (if enabled) the process number of the
-.B identd
-daemon.
-.TP
.B /etc/identd.key
If compiled with
.I DES
encryption enabled, the 1024 first bytes of this file is used to specify
the secret key for encrypting replies.
+.TP
+.B /var/run/identd/identd.pid
+Contains (if enabled) the process number of the
+.B identd
+daemon.
.SH AVAILABILITY
The daemon is free software. You can redistribute it and/or
modify it as you wish - as long as you don't claim that you wrote
@@ -320,7 +324,5 @@ The author can be contacted at:
,
.BR ikeygen (8)
,
-.BR authuser (3)
-,
.BR inetd.conf (5)
,
Index: pidentd-3.0.19.ds1/src/request.c
===================================================================
--- pidentd-3.0.19.ds1.orig/src/request.c
+++ pidentd-3.0.19.ds1/src/request.c
@@ -98,6 +98,13 @@ handle_request(int fd,
switch (kp->status)
{
+ case 2:
+ send_error(fd,
+ local_port, remote_port,
+ "HIDDEN-USER",
+ remote_addr);
+ break;
+
case 1:
send_result(fd, kp);
break;
@@ -188,8 +195,9 @@ request_thread(void *vp)
got = s_read(rp->fd, buf+len, sizeof(buf)-len-1);
if (got < 0)
{
- syslog(LOG_ERR, "request_thread: read(%d, ..., %d) failed: %m",
- rp->fd, sizeof(buf)-len-1);
+ if (debug)
+ fprintf(stderr, "request_thread: read(%d, ..., %d) failed: %s",
+ rp->fd, sizeof(buf)-len-1, strerror(errno));
goto Exit;
}
Index: pidentd-3.0.19.ds1/src/safeio.c
===================================================================
--- pidentd-3.0.19.ds1.orig/src/safeio.c
+++ pidentd-3.0.19.ds1/src/safeio.c
@@ -327,3 +327,18 @@ s_snprintf(char *buf,
return retcode;
}
+
+
+
+int
+s_poll(struct pollfd *ufds,
+ unsigned int nfds,
+ int timeout)
+{
+ int code;
+
+ while ((code = poll(ufds, nfds, timeout)) == -1 && errno == EINTR)
+ ;
+
+ return code;
+}
Index: pidentd-3.0.19.ds1/src/safeio.h
===================================================================
--- pidentd-3.0.19.ds1.orig/src/safeio.h
+++ pidentd-3.0.19.ds1/src/safeio.h
@@ -15,6 +15,8 @@
#ifndef PIDENTD_SAFEIO_H
#define PIDENTD_SAFEIO_H
+#include <sys/poll.h>
+
extern void s_abort(void);
extern int s_open(const char *path, int oflag, ...);
@@ -37,4 +39,5 @@ extern int s_snprintf(char *buf,
size_t bufsize,
const char *format, ...);
+extern int s_poll(struct pollfd *, unsigned int, int);
#endif
Index: pidentd-3.0.19.ds1/src/main.c
===================================================================
--- pidentd-3.0.19.ds1.orig/src/main.c
+++ pidentd-3.0.19.ds1/src/main.c
@@ -377,7 +377,12 @@ main(int argc, char *argv[])
{
if (!debug && pidfile_path != NULL)
pidfile_create(pidfile_path);
-
+
+ if (listen_sock < 0)
+ {
+ request_timeout = 0;
+ }
+
if (server_init() < 0)
{
if (debug)
Index: pidentd-3.0.19.ds1/src/server.c
===================================================================
--- pidentd-3.0.19.ds1.orig/src/server.c
+++ pidentd-3.0.19.ds1/src/server.c
@@ -15,11 +15,14 @@
#include "config.h"
#include <syslog.h>
+#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <errno.h>
+#include <unistd.h>
+#include <fcntl.h>
#include "pidentd.h"
@@ -115,10 +118,29 @@ server_init(void)
int
server_run(void)
{
+ struct pollfd ufds[1];
int fd;
-
+ int timeout = request_timeout <= 0 ? -1 : request_timeout * 1000;
+ int retval;
+
+ if (fcntl(listen_sock, F_SETFL, O_NONBLOCK) == -1)
+ {
+ syslog(LOG_ERR, "fcntl() failed: %m");
+ return -1;
+ }
+
+ ufds[0].fd = listen_sock;
+ ufds[0].events = POLLIN;
while (1)
{
+ if ((retval = s_poll(ufds, 1, timeout)) == -1)
+ {
+ syslog(LOG_ERR, "poll() failed: %m");
+ return -1;
+ }
+ else if (retval == 0)
+ break;
+
fd = s_accept(listen_sock, NULL, NULL);
if (fd < 0)
{
@@ -139,4 +161,8 @@ server_run(void)
request_run(fd, 0);
}
+
+ if (debug)
+ fprintf(stderr, "accept() timed out\n");
+ exit(0);
}
Index: pidentd-3.0.19.ds1/src/pidentd.h
===================================================================
--- pidentd-3.0.19.ds1.orig/src/pidentd.h
+++ pidentd-3.0.19.ds1/src/pidentd.h
@@ -42,7 +42,7 @@
#endif
#ifndef PATH_PIDFILE
-#define PATH_PIDFILE "/etc/identd.pid"
+#define PATH_PIDFILE "/var/run/identd/identd.pid"
#endif
#ifndef PATH_CFGFILE
Index: pidentd-3.0.19.ds1/src/k_linux.c
===================================================================
--- pidentd-3.0.19.ds1.orig/src/k_linux.c
+++ pidentd-3.0.19.ds1/src/k_linux.c
@@ -17,15 +17,28 @@
#include <stdio.h>
#include <syslog.h>
#include <errno.h>
+#include <unistd.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <netinet/in.h>
+#include <netinet/tcp.h>
#include <arpa/inet.h>
+#include <linux/types.h>
+#include <linux/netlink.h>
+#include <linux/inet_diag.h>
+
#include "pidentd.h"
+struct kainfo
+{
+ int nlfd;
+ __u32 seq;
+ FILE *proc_net_tcp;
+};
+
/*
** Make sure we are running on a supported OS version
*/
@@ -39,23 +52,85 @@ ka_init(void)
int
ka_open(void **misc)
{
- FILE *fp;
+ struct kainfo *kp;
+
+ kp = s_malloc(sizeof(*kp));
+ kp->seq = 0;
+ kp->nlfd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_INET_DIAG);
+ if (kp->nlfd >= 0)
+ goto out;
- while ((fp = fopen("/proc/net/tcp", "r")) == NULL && errno == EINTR)
- ;
+ syslog(LOG_INFO, "netlink failed, fallback to /proc/net/tcp: %m");
+ kp->proc_net_tcp = fopen("/proc/net/tcp", "r");
- if (fp == NULL)
+ if (kp->proc_net_tcp == NULL)
{
syslog(LOG_ERR, "fopen(\"/proc/net/tcp\", \"r\"): %m");
return -1;
}
- *misc = (void *) fp;
+out:
+ *misc = (void *) kp;
return 0;
}
+static int
+netlink_lookup(struct kainfo *kip, struct kernel *kp)
+{
+ int status;
+ struct {
+ struct nlmsghdr nlh;
+ union {
+ struct inet_diag_req req;
+ struct inet_diag_msg rsp;
+ } u;
+ } buf;
+ struct sockaddr_nl addr;
+
+ memset(&buf, 0, sizeof(buf));
+ buf.nlh.nlmsg_len = NLMSG_ALIGN(NLMSG_LENGTH(sizeof(buf.u.req)));
+ buf.nlh.nlmsg_type = TCPDIAG_GETSOCK;
+ buf.nlh.nlmsg_flags = NLM_F_REQUEST;
+ buf.nlh.nlmsg_seq = ++kip->seq;
+ buf.u.req.idiag_family = AF_INET;
+
+ buf.u.req.id.idiag_dport = kp->remote.sin_port;
+ buf.u.req.id.idiag_sport = kp->local.sin_port;
+ buf.u.req.id.idiag_dst[0] = kp->remote.sin_addr.s_addr;
+ buf.u.req.id.idiag_src[0] = kp->local.sin_addr.s_addr;
+ buf.u.req.id.idiag_cookie[0] = INET_DIAG_NOCOOKIE;
+ buf.u.req.id.idiag_cookie[1] = INET_DIAG_NOCOOKIE;
+
+ status = write(kip->nlfd, &buf, buf.nlh.nlmsg_len);
+ if (status < 0) {
+ syslog(LOG_ERR, "netlink_lookup: write failed: %m");
+ return 3;
+ }
+
+ do {
+ socklen_t alen = sizeof(addr);
+ status = recvfrom(kip->nlfd, &buf, sizeof(buf), 0,
+ (void *)&addr, &alen);
+ if (status < 0) {
+ if (errno == ENOBUFS)
+ return -1;
+ syslog(LOG_ERR, "netlink_lookup: recvfrom failed: %m");
+ return 3;
+ }
+ } while (addr.nl_pid || buf.nlh.nlmsg_seq != kip->seq);
+
+ if (buf.nlh.nlmsg_type != TCPDIAG_GETSOCK)
+ return 0;
+ if (buf.u.rsp.idiag_state != TCP_ESTABLISHED)
+ return 0;
+
+ kp->euid = buf.u.rsp.idiag_uid;
+ return 1;
+}
+
+
int
ka_lookup(void *vp, struct kernel *kp)
{
@@ -66,6 +141,9 @@ ka_lookup(void *vp, struct kernel *kp)
int r_lport, r_rport, mylport, myrport;
int euid;
int nra;
+ int status;
+ unsigned long ino;
+ struct kainfo *kip;
/*
* PSz 11 Dec 02
@@ -94,23 +172,28 @@ ka_lookup(void *vp, struct kernel *kp)
*
* Should we skip lines with just ino, or both uid and ino, zero?
*/
- unsigned long int ino;
-
+
+ kip = (struct kainfo *)vp;
+ kp->ruid = NO_UID;
+
+ if (kip->nlfd >= 0)
+ return netlink_lookup(kip, kp);
+
r_rport = ntohs(kp->remote.sin_port);
r_lport = ntohs(kp->local.sin_port);
r_raddr = kp->remote.sin_addr.s_addr;
r_laddr = kp->local.sin_addr.s_addr;
- fp = (FILE *) vp;
+ fp = kip->proc_net_tcp;
- kp->ruid = NO_UID;
rewind(fp);
/* eat header */
if (fgets(buf, sizeof(buf)-1,fp) == NULL)
return -1;
+ status = 0;
while (fgets(buf, sizeof(buf)-1, fp) != NULL)
{
nra = sscanf(buf, "%d: %lX:%x %lX:%x %x %lX:%lX %x:%lX %lx %d %ld %lu",
@@ -119,9 +202,10 @@ ka_lookup(void *vp, struct kernel *kp)
&euid, &dummy, &ino);
if (nra >= 12)
{
- if (myladdr == r_laddr && mylport == r_lport &&
- myraddr == r_raddr && myrport == r_rport)
+ if (myladdr == r_laddr && mylport == r_lport)
{
+ if (myraddr != r_raddr || myrport != r_rport || !ino)
+ continue;
if (nra >= 14 && euid == 0 && ino == 0) {
/*
* Both uid and ino are zero: not even a socket?
@@ -131,11 +215,11 @@ ka_lookup(void *vp, struct kernel *kp)
continue;
}
kp->euid = euid;
- return 1;
+ status = 1;
}
}
}
- return -1;
+ return status;
}
Index: pidentd-3.0.19.ds1/src/kernel.c
===================================================================
--- pidentd-3.0.19.ds1.orig/src/kernel.c
+++ pidentd-3.0.19.ds1/src/kernel.c
@@ -107,7 +107,7 @@ kernel_thread(void *vp)
if (debug)
fprintf(stderr, "ka_lookup(), attempt = %d, status = %d\n",
attempt, kp->status);
- if (kp->status > 0)
+ if (kp->status >= 0)
break;
if (attempt > 2 && (attempt & 1) == 1)