diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 1998-09-16 20:22:16 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 1998-09-16 20:22:16 +0000 |
| commit | edcde75a6e5031132471d87a80170324c2a0d24f (patch) | |
| tree | 3edd2f88e9724a7be1efb57c55e589dacfc0ffb7 | |
| parent | a175113c8fa8e797ae87375ec57ee2a0f2708baa (diff) | |
change to using getopt() [some inetd.conf files will need repair];
add usage()
and add token support via -h (token information is sysloged)
| -rw-r--r-- | libexec/identd/identd.8 | 8 | ||||
| -rw-r--r-- | libexec/identd/identd.c | 62 | ||||
| -rw-r--r-- | libexec/identd/identd.h | 3 | ||||
| -rw-r--r-- | libexec/identd/parse.c | 40 |
4 files changed, 88 insertions, 25 deletions
diff --git a/libexec/identd/identd.8 b/libexec/identd/identd.8 index fe0b60b9776..b01215600a8 100644 --- a/libexec/identd/identd.8 +++ b/libexec/identd/identd.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: identd.8,v 1.6 1998/09/07 16:44:35 aaron Exp $ +.\" $OpenBSD: identd.8,v 1.7 1998/09/16 20:22:14 deraadt Exp $ .\" .\" Copyright (c) 1997, Jason Downs. All rights reserved. .\" @@ -49,7 +49,7 @@ .Op Fl p Ar port .Op Fl a Ar address .Op Fl c Ar charset -.Op Fl noelVvmNd +.Op Fl noelVvmNdh .Sh DESCRIPTION .Nm is a server which implements the @@ -97,6 +97,10 @@ This version does not use kmem or nlist parsing, so this reasoning is no longer valid. .It Fl b Specify operation as a stand alone daemon. +.It Fl h +Hide the actual information about the user by providing an opaque +token instead. This token is entered into the local system logs +so that the administrator can later discover who the real user was. .It Fl t Ar seconds Specifies an idle timeout in seconds where a daemon running in "wait" mode will timeout and exit. The default is no timeout. diff --git a/libexec/identd/identd.c b/libexec/identd/identd.c index 95357a06482..2d8f14504f1 100644 --- a/libexec/identd/identd.c +++ b/libexec/identd/identd.c @@ -45,6 +45,7 @@ int other_flag = 0; int unknown_flag = 0; int number_flag = 0; int noident_flag = 0; +int token_flag = 0; int lport = 0; int fport = 0; @@ -59,6 +60,16 @@ static int child_pid; static int syslog_facility = LOG_DAEMON; #endif +void +usage() +{ + fprintf(stderr, + "identd [-i | -w | -b] [-t seconds] [-u uid] [-g gid] [-p port]\n" + "\t[-a address] [-c charset] [-noelVvmNdh]\n"); + exit(1); +} + + /* * Return the name of the connecting host, or the IP number as a string. */ @@ -94,7 +105,7 @@ main(argc, argv) int argc; char *argv[]; { - int i, len; + int len; struct sockaddr_in sin; struct in_addr laddr, faddr; struct timeval tv; @@ -106,14 +117,18 @@ main(argc, argv) char *bind_address = NULL; int set_uid = 0; int set_gid = 0; - int opt_count = 0; /* Count of option flags */ + extern char *optarg; + extern int optind; + int ch; /* * Parse the command line arguments */ - for (i = 1; i < argc && argv[i][0] == '-'; i++) { - opt_count++; - switch (argv[i][1]) { + while ((ch = getopt(argc, argv, "hbwit:p:a:u:g:c:r:loenVvdmN")) != -1) { + switch (ch) { + case 'h': + token_flag = 1; + break; case 'b': /* Start as standalone daemon */ background_flag = 1; break; @@ -124,44 +139,44 @@ main(argc, argv) background_flag = 0; break; case 't': - timeout = atoi(argv[i] + 2); + timeout = atoi(optarg); break; case 'p': - portno = argv[i] + 2; + portno = optarg; break; case 'a': - bind_address = argv[i] + 2; + bind_address = optarg; break; case 'u': - if (isdigit(argv[i][2])) { - set_uid = atoi(argv[i] + 2); + if (isdigit(optarg[0])) { + set_uid = atoi(optarg); break; } - pwd = getpwnam(argv[i] + 2); + pwd = getpwnam(optarg); if (!pwd) - ERROR1("no such user (%s) for -u option", argv[i] + 2); + ERROR1("no such user (%s) for -u option", optarg); else { set_uid = pwd->pw_uid; if (setgid == 0) - set_gid = pwd->pw_gid; + set_gid = pwd->pw_gid; } break; case 'g': - if (isdigit(argv[i][2])) { - set_gid = atoi(argv[i] + 2); + if (isdigit(optarg[0])) { + set_gid = atoi(optarg); break; } - grp = getgrnam(argv[i] + 2); + grp = getgrnam(optarg); if (!grp) - ERROR1("no such group (%s) for -g option", argv[i] + 2); + ERROR1("no such group (%s) for -g option", optarg); else set_gid = grp->gr_gid; break; case 'c': - charset_name = argv[i] + 2; + charset_name = optarg; break; case 'r': - indirect_host = argv[i] + 2; + indirect_host = optarg; break; case 'l': /* Use the Syslog daemon for logging */ syslog_flag++; @@ -191,6 +206,8 @@ main(argc, argv) case 'N': /* Enable users ".noident" files */ noident_flag++; break; + default: + usage(); } } @@ -231,9 +248,10 @@ main(argc, argv) hp = gethostbyname(bind_address); if (!hp) - ERROR1("no such address (%s) for -a switch", bind_address); - - memcpy(&addr.sin_addr, hp->h_addr, sizeof(addr.sin_addr)); + ERROR1("no such address (%s) for -a switch", + bind_address); + memcpy(&addr.sin_addr, hp->h_addr, + sizeof(addr.sin_addr)); } } diff --git a/libexec/identd/identd.h b/libexec/identd/identd.h index 94c8edcde45..f2203438c9c 100644 --- a/libexec/identd/identd.h +++ b/libexec/identd/identd.h @@ -1,5 +1,5 @@ /* -** $Id: identd.h,v 1.2 1997/07/23 20:36:28 kstailey Exp $ +** $Id: identd.h,v 1.3 1998/09/16 20:22:15 deraadt Exp $ ** ** identd.h Common variables for the Pidentd daemon ** @@ -27,6 +27,7 @@ extern int other_flag; extern int unknown_flag; extern int number_flag; extern int noident_flag; +extern int token_flag; extern char *charset_name; extern char *indirect_host; diff --git a/libexec/identd/parse.c b/libexec/identd/parse.c index f65905a3241..88740021a01 100644 --- a/libexec/identd/parse.c +++ b/libexec/identd/parse.c @@ -51,6 +51,23 @@ check_noident(homedir) return 0; } +static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */ + "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; + +static void to64 __P((char *, u_int32_t, int)); + +static void +to64(s, v, n) + char *s; + u_int32_t v; + int n; +{ + while (--n >= 0) { + *s++ = itoa64[v&0x3f]; + v >>= 6; + } +} + /* * Returns 0 on timeout, -1 on error, #bytes read on success. */ @@ -240,6 +257,29 @@ parse(fd, laddr, faddr) return 0; } + if (token_flag) { + char token[21]; + char *s = token; + + memset(token, 0, sizeof token); + to64(s, arc4random(), 4); + to64(s + 4, arc4random(), 4); + to64(s + 8, arc4random(), 4); + to64(s + 12, arc4random(), 4); + to64(s + 16, arc4random(), 4); + + syslog(LOG_NOTICE, "token %s == uid %u (%s)", token, uid, + pw->pw_name); + n = snprintf(buf, sizeof(buf), + "%d , %d : USERID : OTHER%s%s :%s\r\n", + lport, fport, charset_name ? " , " : "", + charset_name ? charset_name : "", token); + if (timed_write(fd, buf, n, IO_TIMEOUT) != n && syslog_flag) { + syslog(LOG_NOTICE, "write to %s: %m", gethost(faddr)); + return 1; + } + return 0; + } if (number_flag) { n = snprintf(buf, sizeof(buf), "%d , %d : USERID : OTHER%s%s :%d\r\n", |