Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:16.0:Staging:adi:141
pidentd
01-legacy.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 01-legacy.patch of Package pidentd
Index: pidentd-3.0.19.ds1/INSTALL =================================================================== --- pidentd-3.0.19.ds1.orig/INSTALL +++ pidentd-3.0.19.ds1/INSTALL @@ -75,7 +75,7 @@ The libcrypto library included with his ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.y.z.tar.gz -The libcrypto library is actually the prefered one since it includes +The libcrypto library is actually the preferred one since it includes a good random DES key generator which is used (if found) by the Ikeygen program. Index: pidentd-3.0.19.ds1/etc/identd.conf =================================================================== --- pidentd-3.0.19.ds1.orig/etc/identd.conf +++ pidentd-3.0.19.ds1/etc/identd.conf @@ -1,4 +1,4 @@ -# /usr/local/etc/identd.conf - an example configuration file +# /etc/identd.conf - an example configuration file #-- The syslog facility for error messages @@ -18,7 +18,7 @@ server:user = nobody # server:backlog = 256 #-- Where to write the file containing our process id -# server:pid-file = "/etc/identd.pid" +# server:pid-file = "/var/run/identd/identd.pid" #-- Maximum number of concurrent requests allowed (0 = unlimited) # server:max-requests = 0 @@ -28,7 +28,7 @@ server:user = nobody #-- Enable some protocol extensions like "VERSION" or "QUIT" protocol:extensions = enabled -#-- Allow multiple queries per connection. This slightly breaks RFC1413 +#-- Allow multiple queries per connection protocol:multiquery = enabled #-- Timeout in seconds since connection or last query. Zero = disable Index: pidentd-3.0.19.ds1/doc/identd.8 =================================================================== --- pidentd-3.0.19.ds1.orig/doc/identd.8 +++ pidentd-3.0.19.ds1/doc/identd.8 @@ -2,11 +2,11 @@ .\" Copyright (c) 1992-1999 Peter Eriksson, Lysator, Linkoping University. .\" This manual page is released into the public domain." .\" -.TH identd 1 "8 Jan 1999" +.TH identd 8 "8 Jan 1999" .SH NAME -identd, in.identd \- TCP/IP IDENT protocol server +identd \- TCP/IP IDENT protocol server .SH SYNOPSIS -.B [in.]identd [options] +.B identd [options] .SH DESCRIPTION .IX "identd daemon" "" \fLidentd\fP daemon" .B Identd @@ -111,7 +111,7 @@ wish to keep the user names a secret). Directs .B identd to check for a file ".noident" in each home directory for the user which -the daemon is about to return the user name for. It that file exists then +the daemon is about to return the user name for. If that file exists then the daemon will give the error .B HIDDEN-USER instead of the normal USERID response. @@ -134,7 +134,7 @@ processed per session. Each request is s the responses will be returned one per line. The connection will not be closed until the connecting part closes it's end of the line. .SH INSTALLATION -The prefered way to start +The preferred way to start .B identd depends on how it was built. .PP @@ -193,7 +193,9 @@ The configuration file contains a list o pairs. .TP 10 .B syslog:facility = FACILITY -Set which facility to use when sending syslog messages. +Set which facility to use when sending syslog messages. See +.BR syslog.conf (5) +for more information. .TP 10 .B server:user = USER Set what user (and group, from the passwd database) the daemon @@ -254,8 +256,10 @@ Define the character set returned in rep Define the operating system returned in replies. Default: "UNIX" .TP 10 .B result:syslog-level = LEVEL -If set to anything other than "none", all request replies till -be sent to the syslog service with the specificed severity level. +If set to anything other than "none", all requested replies will +be sent to the syslog service with the specified severity level. See +.BR syslog.conf (5) +for more information. Default: none .TP 10 .B result:encrypt = YES/NO @@ -287,16 +291,16 @@ returns info for outgoing connections, n Contains the default configuration options for .B identd. .TP -.B /etc/identd.pid -Contains (if enabled) the process number of the -.B identd -daemon. -.TP .B /etc/identd.key If compiled with .I DES encryption enabled, the 1024 first bytes of this file is used to specify the secret key for encrypting replies. +.TP +.B /var/run/identd/identd.pid +Contains (if enabled) the process number of the +.B identd +daemon. .SH AVAILABILITY The daemon is free software. You can redistribute it and/or modify it as you wish - as long as you don't claim that you wrote @@ -320,7 +324,5 @@ The author can be contacted at: , .BR ikeygen (8) , -.BR authuser (3) -, .BR inetd.conf (5) , Index: pidentd-3.0.19.ds1/src/request.c =================================================================== --- pidentd-3.0.19.ds1.orig/src/request.c +++ pidentd-3.0.19.ds1/src/request.c @@ -98,6 +98,13 @@ handle_request(int fd, switch (kp->status) { + case 2: + send_error(fd, + local_port, remote_port, + "HIDDEN-USER", + remote_addr); + break; + case 1: send_result(fd, kp); break; @@ -188,8 +195,9 @@ request_thread(void *vp) got = s_read(rp->fd, buf+len, sizeof(buf)-len-1); if (got < 0) { - syslog(LOG_ERR, "request_thread: read(%d, ..., %d) failed: %m", - rp->fd, sizeof(buf)-len-1); + if (debug) + fprintf(stderr, "request_thread: read(%d, ..., %d) failed: %s", + rp->fd, sizeof(buf)-len-1, strerror(errno)); goto Exit; } Index: pidentd-3.0.19.ds1/src/safeio.c =================================================================== --- pidentd-3.0.19.ds1.orig/src/safeio.c +++ pidentd-3.0.19.ds1/src/safeio.c @@ -327,3 +327,18 @@ s_snprintf(char *buf, return retcode; } + + + +int +s_poll(struct pollfd *ufds, + unsigned int nfds, + int timeout) +{ + int code; + + while ((code = poll(ufds, nfds, timeout)) == -1 && errno == EINTR) + ; + + return code; +} Index: pidentd-3.0.19.ds1/src/safeio.h =================================================================== --- pidentd-3.0.19.ds1.orig/src/safeio.h +++ pidentd-3.0.19.ds1/src/safeio.h @@ -15,6 +15,8 @@ #ifndef PIDENTD_SAFEIO_H #define PIDENTD_SAFEIO_H +#include <sys/poll.h> + extern void s_abort(void); extern int s_open(const char *path, int oflag, ...); @@ -37,4 +39,5 @@ extern int s_snprintf(char *buf, size_t bufsize, const char *format, ...); +extern int s_poll(struct pollfd *, unsigned int, int); #endif Index: pidentd-3.0.19.ds1/src/main.c =================================================================== --- pidentd-3.0.19.ds1.orig/src/main.c +++ pidentd-3.0.19.ds1/src/main.c @@ -377,7 +377,12 @@ main(int argc, char *argv[]) { if (!debug && pidfile_path != NULL) pidfile_create(pidfile_path); - + + if (listen_sock < 0) + { + request_timeout = 0; + } + if (server_init() < 0) { if (debug) Index: pidentd-3.0.19.ds1/src/server.c =================================================================== --- pidentd-3.0.19.ds1.orig/src/server.c +++ pidentd-3.0.19.ds1/src/server.c @@ -15,11 +15,14 @@ #include "config.h" #include <syslog.h> +#include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/time.h> #include <sys/resource.h> #include <errno.h> +#include <unistd.h> +#include <fcntl.h> #include "pidentd.h" @@ -115,10 +118,29 @@ server_init(void) int server_run(void) { + struct pollfd ufds[1]; int fd; - + int timeout = request_timeout <= 0 ? -1 : request_timeout * 1000; + int retval; + + if (fcntl(listen_sock, F_SETFL, O_NONBLOCK) == -1) + { + syslog(LOG_ERR, "fcntl() failed: %m"); + return -1; + } + + ufds[0].fd = listen_sock; + ufds[0].events = POLLIN; while (1) { + if ((retval = s_poll(ufds, 1, timeout)) == -1) + { + syslog(LOG_ERR, "poll() failed: %m"); + return -1; + } + else if (retval == 0) + break; + fd = s_accept(listen_sock, NULL, NULL); if (fd < 0) { @@ -139,4 +161,8 @@ server_run(void) request_run(fd, 0); } + + if (debug) + fprintf(stderr, "accept() timed out\n"); + exit(0); } Index: pidentd-3.0.19.ds1/src/pidentd.h =================================================================== --- pidentd-3.0.19.ds1.orig/src/pidentd.h +++ pidentd-3.0.19.ds1/src/pidentd.h @@ -42,7 +42,7 @@ #endif #ifndef PATH_PIDFILE -#define PATH_PIDFILE "/etc/identd.pid" +#define PATH_PIDFILE "/var/run/identd/identd.pid" #endif #ifndef PATH_CFGFILE Index: pidentd-3.0.19.ds1/src/k_linux.c =================================================================== --- pidentd-3.0.19.ds1.orig/src/k_linux.c +++ pidentd-3.0.19.ds1/src/k_linux.c @@ -17,15 +17,28 @@ #include <stdio.h> #include <syslog.h> #include <errno.h> +#include <unistd.h> #include <sys/types.h> #include <sys/param.h> #include <sys/socket.h> #include <netinet/in.h> +#include <netinet/tcp.h> #include <arpa/inet.h> +#include <linux/types.h> +#include <linux/netlink.h> +#include <linux/inet_diag.h> + #include "pidentd.h" +struct kainfo +{ + int nlfd; + __u32 seq; + FILE *proc_net_tcp; +}; + /* ** Make sure we are running on a supported OS version */ @@ -39,23 +52,85 @@ ka_init(void) int ka_open(void **misc) { - FILE *fp; + struct kainfo *kp; + + kp = s_malloc(sizeof(*kp)); + kp->seq = 0; + kp->nlfd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_INET_DIAG); + if (kp->nlfd >= 0) + goto out; - while ((fp = fopen("/proc/net/tcp", "r")) == NULL && errno == EINTR) - ; + syslog(LOG_INFO, "netlink failed, fallback to /proc/net/tcp: %m"); + kp->proc_net_tcp = fopen("/proc/net/tcp", "r"); - if (fp == NULL) + if (kp->proc_net_tcp == NULL) { syslog(LOG_ERR, "fopen(\"/proc/net/tcp\", \"r\"): %m"); return -1; } - *misc = (void *) fp; +out: + *misc = (void *) kp; return 0; } +static int +netlink_lookup(struct kainfo *kip, struct kernel *kp) +{ + int status; + struct { + struct nlmsghdr nlh; + union { + struct inet_diag_req req; + struct inet_diag_msg rsp; + } u; + } buf; + struct sockaddr_nl addr; + + memset(&buf, 0, sizeof(buf)); + buf.nlh.nlmsg_len = NLMSG_ALIGN(NLMSG_LENGTH(sizeof(buf.u.req))); + buf.nlh.nlmsg_type = TCPDIAG_GETSOCK; + buf.nlh.nlmsg_flags = NLM_F_REQUEST; + buf.nlh.nlmsg_seq = ++kip->seq; + buf.u.req.idiag_family = AF_INET; + + buf.u.req.id.idiag_dport = kp->remote.sin_port; + buf.u.req.id.idiag_sport = kp->local.sin_port; + buf.u.req.id.idiag_dst[0] = kp->remote.sin_addr.s_addr; + buf.u.req.id.idiag_src[0] = kp->local.sin_addr.s_addr; + buf.u.req.id.idiag_cookie[0] = INET_DIAG_NOCOOKIE; + buf.u.req.id.idiag_cookie[1] = INET_DIAG_NOCOOKIE; + + status = write(kip->nlfd, &buf, buf.nlh.nlmsg_len); + if (status < 0) { + syslog(LOG_ERR, "netlink_lookup: write failed: %m"); + return 3; + } + + do { + socklen_t alen = sizeof(addr); + status = recvfrom(kip->nlfd, &buf, sizeof(buf), 0, + (void *)&addr, &alen); + if (status < 0) { + if (errno == ENOBUFS) + return -1; + syslog(LOG_ERR, "netlink_lookup: recvfrom failed: %m"); + return 3; + } + } while (addr.nl_pid || buf.nlh.nlmsg_seq != kip->seq); + + if (buf.nlh.nlmsg_type != TCPDIAG_GETSOCK) + return 0; + if (buf.u.rsp.idiag_state != TCP_ESTABLISHED) + return 0; + + kp->euid = buf.u.rsp.idiag_uid; + return 1; +} + + int ka_lookup(void *vp, struct kernel *kp) { @@ -66,6 +141,9 @@ ka_lookup(void *vp, struct kernel *kp) int r_lport, r_rport, mylport, myrport; int euid; int nra; + int status; + unsigned long ino; + struct kainfo *kip; /* * PSz 11 Dec 02 @@ -94,23 +172,28 @@ ka_lookup(void *vp, struct kernel *kp) * * Should we skip lines with just ino, or both uid and ino, zero? */ - unsigned long int ino; - + + kip = (struct kainfo *)vp; + kp->ruid = NO_UID; + + if (kip->nlfd >= 0) + return netlink_lookup(kip, kp); + r_rport = ntohs(kp->remote.sin_port); r_lport = ntohs(kp->local.sin_port); r_raddr = kp->remote.sin_addr.s_addr; r_laddr = kp->local.sin_addr.s_addr; - fp = (FILE *) vp; + fp = kip->proc_net_tcp; - kp->ruid = NO_UID; rewind(fp); /* eat header */ if (fgets(buf, sizeof(buf)-1,fp) == NULL) return -1; + status = 0; while (fgets(buf, sizeof(buf)-1, fp) != NULL) { nra = sscanf(buf, "%d: %lX:%x %lX:%x %x %lX:%lX %x:%lX %lx %d %ld %lu", @@ -119,9 +202,10 @@ ka_lookup(void *vp, struct kernel *kp) &euid, &dummy, &ino); if (nra >= 12) { - if (myladdr == r_laddr && mylport == r_lport && - myraddr == r_raddr && myrport == r_rport) + if (myladdr == r_laddr && mylport == r_lport) { + if (myraddr != r_raddr || myrport != r_rport || !ino) + continue; if (nra >= 14 && euid == 0 && ino == 0) { /* * Both uid and ino are zero: not even a socket? @@ -131,11 +215,11 @@ ka_lookup(void *vp, struct kernel *kp) continue; } kp->euid = euid; - return 1; + status = 1; } } } - return -1; + return status; } Index: pidentd-3.0.19.ds1/src/kernel.c =================================================================== --- pidentd-3.0.19.ds1.orig/src/kernel.c +++ pidentd-3.0.19.ds1/src/kernel.c @@ -107,7 +107,7 @@ kernel_thread(void *vp) if (debug) fprintf(stderr, "ka_lookup(), attempt = %d, status = %d\n", attempt, kp->status); - if (kp->status > 0) + if (kp->status >= 0) break; if (attempt > 2 && (attempt & 1) == 1)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor