diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2002-09-13 01:31:40 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2002-09-13 01:31:40 +0000 |
| commit | 042dbed6bd46ee5292b23d8fa8bc3fff3a266a6c (patch) | |
| tree | 33a804b77f46780def8b2fdba80c0bb7c38b1122 | |
| parent | 52d302515be07e1ac4f86c63f0b885d861565a4b (diff) | |
Add -H option to hide nonexistent users (useful on NAT gateways). ok millert@
| -rw-r--r-- | libexec/identd/identd.8 | 7 | ||||
| -rw-r--r-- | libexec/identd/identd.c | 8 | ||||
| -rw-r--r-- | libexec/identd/identd.h | 3 | ||||
| -rw-r--r-- | libexec/identd/parse.c | 36 |
4 files changed, 45 insertions, 9 deletions
diff --git a/libexec/identd/identd.8 b/libexec/identd/identd.8 index c9d33fd47d4..c14c1c742a5 100644 --- a/libexec/identd/identd.8 +++ b/libexec/identd/identd.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: identd.8,v 1.18 2002/07/16 10:16:10 deraadt Exp $ +.\" $OpenBSD: identd.8,v 1.19 2002/09/13 01:31:39 djm Exp $ .\" .\" Copyright (c) 1997, Jason Downs. All rights reserved. .\" @@ -106,6 +106,11 @@ Hide the actual information about the user by providing an opaque token instead. This token is entered into the local system logs so that the administrator can later discover who the real user was. +.It Fl H +Hide information about non existing users (e.g., connections through NAT) as +well as existing users. +Implies +.Fl h . .It Fl t Ar seconds Specifies an idle timeout in seconds where a daemon running in "wait" mode will timeout and exit. diff --git a/libexec/identd/identd.c b/libexec/identd/identd.c index d31167e4cc0..50db4d2c3f7 100644 --- a/libexec/identd/identd.c +++ b/libexec/identd/identd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: identd.c,v 1.32 2002/07/17 02:53:36 deraadt Exp $ */ +/* $OpenBSD: identd.c,v 1.33 2002/09/13 01:31:39 djm Exp $ */ /* * This program is in the public domain and may be used freely by anyone @@ -46,6 +46,7 @@ int number_flag; int noident_flag; int userident_flag; int token_flag; +int no_user_token_flag; int lport; int fport; @@ -160,11 +161,14 @@ main(int argc, char *argv[]) /* * Parse the command line arguments */ - while ((ch = getopt(argc, argv, "hbwit:p:a:u:g:c:r:loenvdmNU")) != -1) { + while ((ch = getopt(argc, argv, "hHbwit:p:a:u:g:c:r:loenvdmNU")) != -1) { switch (ch) { case 'h': token_flag = 1; break; + case 'H': + no_user_token_flag = token_flag = 1; + break; case 'b': /* Start as standalone daemon */ background_flag = 1; break; diff --git a/libexec/identd/identd.h b/libexec/identd/identd.h index 256502d79f9..7b4f277aab8 100644 --- a/libexec/identd/identd.h +++ b/libexec/identd/identd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: identd.h,v 1.13 2002/07/16 10:36:10 deraadt Exp $*/ +/* $OpenBSD: identd.h,v 1.14 2002/09/13 01:31:39 djm Exp $*/ /* ** @@ -23,6 +23,7 @@ extern int unknown_flag; extern int number_flag; extern int noident_flag; extern int token_flag; +extern int no_user_token_flag; extern int userident_flag; extern const char *opsys_name; diff --git a/libexec/identd/parse.c b/libexec/identd/parse.c index bd60e624eb8..c9ab00fa59d 100644 --- a/libexec/identd/parse.c +++ b/libexec/identd/parse.c @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.c,v 1.34 2002/07/24 23:11:14 millert Exp $ */ +/* $OpenBSD: parse.c,v 1.35 2002/09/13 01:31:39 djm Exp $ */ /* * This program is in the public domain and may be used freely by anyone @@ -249,8 +249,21 @@ parse(int fd, struct in_addr *laddr, struct in_addr *faddr) * Next - get the specific TCP connection and return the * uid - user number. */ - if (k_getuid(&faddr2, htons(fport), laddr, - htons(lport), &uid) == -1) { + if (k_getuid(&faddr2, htons(fport), laddr, htons(lport), &uid) == -1) { + if (no_user_token_flag) { + gentoken(token, sizeof token); + syslog(LOG_NOTICE, "token %s == NO USER", token); + n = snprintf(buf, sizeof(buf), + "%d , %d : USERID : %s%s%s :%s\r\n", lport, fport, + opsys_name, charset_sep, charset_name, token); + if (timed_write(fd, buf, n, IO_TIMEOUT) != n && + syslog_flag) { + syslog(LOG_NOTICE, "write to %s: %m", + gethost4_addr(faddr)); + return 1; + } + return 0; + } if (syslog_flag) syslog(LOG_DEBUG, "Returning: %d , %d : NO-USER", lport, fport); @@ -432,8 +445,21 @@ parse6(int fd, struct sockaddr_in6 *laddr, struct sockaddr_in6 *faddr) * Next - get the specific TCP connection and return the * uid - user number. */ - if (k_getuid6(&faddr2, htons(fport), laddr, - htons(lport), &uid) == -1) { + if (k_getuid6(&faddr2, htons(fport), laddr, htons(lport), &uid) == -1) { + if (no_user_token_flag) { + gentoken(token, sizeof token); + syslog(LOG_NOTICE, "token %s == NO USER", token); + n = snprintf(buf, sizeof(buf), + "%d , %d : USERID : %s%s%s :%s\r\n", lport, fport, + opsys_name, charset_sep, charset_name, token); + if (timed_write(fd, buf, n, IO_TIMEOUT) != n && + syslog_flag) { + syslog(LOG_NOTICE, "write to %s: %m", + gethost6(faddr)); + return 1; + } + return 0; + } if (syslog_flag) syslog(LOG_DEBUG, "Returning: %d , %d : NO-USER", lport, fport); |