Add support for user specified tokens to identd. Based on a patch

from rjmooney@wall.st w/ minor tweakage by Theo and myself.

4 files changed, 108 insertions, 13 deletions

diff --git a/libexec/identd/identd.8 b/libexec/identd/identd.8
index e9e7c3c926a..7c2bb6ff41a 100644
--- a/libexec/identd/identd.8
+++ b/libexec/identd/identd.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: identd.8,v 1.16 2000/11/08 19:37:37 aaron Exp $
+.\"	$OpenBSD: identd.8,v 1.17 2001/04/13 20:16:53 millert Exp $
 .\"
 .\" Copyright (c) 1997, Jason Downs.  All rights reserved.
 .\"
@@ -49,7 +49,7 @@
 .Op Fl p Ar port
 .Op Fl a Ar address
 .Op Fl c Ar charset
-.Op Fl noelVvmNdh
+.Op Fl noelVvmNUdh
 .Sh DESCRIPTION
 .Nm
 is a server which implements the
@@ -171,6 +171,14 @@ in the user's home directory.
 If this file is accessible, return
 .Dq HIDDEN-USER
 instead of the normal USERID response.
+.It Fl U
+When replying with a user name or ID, first
+check for a file
+.Pa .ident
+in the user's home directory.
+If this file is accessible, return
+the contents of the file 
+instead of the normal USERID response.
 .It Fl m
 Allow multiple requests to be processed per session.
 Each request is specified one per line and the responses will be returned
@@ -204,7 +212,12 @@ the listen port if running as a standalone daemon.
 Since
 .Nm identd
 should typically not be run as a privileged user or group,
-.Pa .noident
+.Pa .ident
 files for use when running with the
-.Fl N
+.Fl U
 flag will need to be world accessible.
+The same applies for
+.Pa .noident
+files when running with the 
+.Fl N
+flag.
diff --git a/libexec/identd/identd.c b/libexec/identd/identd.c
index ebe6eaebb00..541fcc8985c 100644
--- a/libexec/identd/identd.c
+++ b/libexec/identd/identd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: identd.c,v 1.16 2001/03/28 21:48:31 fgsch Exp $	*/
+/*	$OpenBSD: identd.c,v 1.17 2001/04/13 20:16:53 millert Exp $	*/
 
 /*
  * This program is in the public domain and may be used freely by anyone
@@ -45,6 +45,7 @@ int     other_flag = 0;
 int     unknown_flag = 0;
 int     number_flag = 0;
 int     noident_flag = 0;
+int	userident_flag = 0;
 int	token_flag = 0;
 
 int     lport = 0;
@@ -65,7 +66,7 @@ usage()
 {
 	syslog(LOG_ERR,
 	    "identd [-i | -w | -b] [-t seconds] [-u uid] [-g gid] [-p port] "
-	    "[-a address] [-c charset] [-noelVvmNdh]");
+	    "[-a address] [-c charset] [-noelVvmNUdh]");
 	exit(2);
 }
 
@@ -152,7 +153,7 @@ main(argc, argv)
 	/*
 	 * Parse the command line arguments
 	 */
-	while ((ch = getopt(argc, argv, "hbwit:p:a:u:g:c:r:loenVvdmN")) != -1) {
+	while ((ch = getopt(argc, argv, "hbwit:p:a:u:g:c:r:loenVvdmNU")) != -1) {
 		switch (ch) {
 		case 'h':
 			token_flag = 1;
@@ -219,7 +220,7 @@ main(argc, argv)
 			number_flag = 1;
 			break;
 		case 'V':	/* Give version of this daemon */
-			printf("[in.identd, version %s]\r\n", version);
+			printf("[identd version %s]\r\n", version);
 			exit(0);
 			break;
 		case 'v':	/* Be verbose */
@@ -234,6 +235,9 @@ main(argc, argv)
 		case 'N':	/* Enable users ".noident" files */
 			noident_flag++;
 			break;
+		case 'U':	/* Enable user ".ident" files */
+			userident_flag++;
+			break;
 		default:
 			usage();
 		}
diff --git a/libexec/identd/identd.h b/libexec/identd/identd.h
index 073a5929557..ef049d1cbee 100644
--- a/libexec/identd/identd.h
+++ b/libexec/identd/identd.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: identd.h,v 1.6 2001/01/28 19:34:29 niklas Exp $*/
+/*	$OpenBSD: identd.h,v 1.7 2001/04/13 20:16:53 millert Exp $*/
 
 /*
 **
@@ -29,6 +29,7 @@ extern int unknown_flag;
 extern int number_flag;
 extern int noident_flag;
 extern int token_flag;
+extern int userident_flag;
 
 extern char *charset_name;
 extern char *indirect_host;
diff --git a/libexec/identd/parse.c b/libexec/identd/parse.c
index 1e9e45d8317..61756c4ced8 100644
--- a/libexec/identd/parse.c
+++ b/libexec/identd/parse.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.c,v 1.20 2001/01/28 19:34:29 niklas Exp $	*/
+/*	$OpenBSD: parse.c,v 1.21 2001/04/13 20:16:53 millert Exp $	*/
 
 /*
  * This program is in the public domain and may be used freely by anyone
@@ -36,7 +36,7 @@ ssize_t timed_write __P((int, const void *, size_t, time_t));
 void gentoken __P((char *, int));
 
 /*
- * A small routine to check for the existance of the ".noident"
+ * A small routine to check for the existence of the ".noident"
  * file in a users home directory.
  */
 int
@@ -55,6 +55,45 @@ check_noident(homedir)
 	return 0;
 }
 
+/*
+ * A small routine to check for the existence of the ".ident"
+ * file in a users home directory, and return its contents.
+ */
+int
+getuserident(homedir, buf, len)
+	char *homedir, *buf;
+	int len;
+{
+	char   path[MAXPATHLEN];
+	struct stat st;
+	int    fd, nread;
+	char   *p;
+
+	if (len == 0)
+		return 0;
+	if (!homedir)
+		return 0;
+	if (snprintf(path, sizeof path, "%s/.ident", homedir) >= sizeof(path))
+		return 0;
+	if ((fd = open(path, O_RDONLY|O_NONBLOCK|O_NOFOLLOW, 0)) < 0)
+		return 0;
+	if (fstat(fd, &st) != 0 || !S_ISREG(st.st_mode))
+		return 0;
+
+	if ((nread = read(fd, buf, len - 1)) <= 0) {
+		close(fd);
+		return 0;
+	}
+	buf[nread] = '\0';
+
+	/* remove illegal characters */
+	if ((p = strpbrk(buf, "\r\n")))
+		*p = '\0';
+
+	close(fd);
+	return 1;
+}
+
 static char token0cnv[] = "abcdefghijklmnopqrstuvwxyz";
 static char tokencnv[] = "abcdefghijklmnopqrstuvwxyz0123456789";
 
@@ -215,7 +254,6 @@ parse(fd, laddr, faddr)
 	/*
 	 * Next - get the specific TCP connection and return the
 	 * uid - user number.
-	 *
 	 */
 	if (k_getuid(&faddr2, htons(fport), laddr,
 	    htons(lport), &uid) == -1) {
@@ -268,6 +306,26 @@ parse(fd, laddr, faddr)
 		return 0;
 	}
 
+	if (userident_flag) {
+                char token[21];
+                
+                if (getuserident(pw->pw_dir, token, sizeof token)) {
+	                syslog(LOG_NOTICE, "token \"%s\" == uid %u (%s)",
+			    token, uid, pw->pw_name);
+	                n = snprintf(buf, sizeof(buf),
+        	            "%d , %d : USERID : OTHER%s%s :%s\r\n",
+	                    lport, fport, charset_name ? " , " : "",
+	                    charset_name ? charset_name : "", token);
+	                if (timed_write(fd, buf, n, IO_TIMEOUT) != n &&
+			    syslog_flag) {
+	                        syslog(LOG_NOTICE, "write to %s: %m",
+				    gethost(faddr));
+	                        return 1;
+	                }
+	                return 0;
+		}
+	}
+
 	if (token_flag) {
 		char token[21];
 
@@ -376,7 +434,6 @@ parse6(fd, laddr, faddr)
 	/*
 	 * Next - get the specific TCP connection and return the
 	 * uid - user number.
-	 *
 	 */
 	if (k_getuid6(&faddr2, htons(fport), laddr,
 	    htons(lport), &uid) == -1) {
@@ -429,6 +486,26 @@ parse6(fd, laddr, faddr)
 		return 0;
 	}
 
+	if (userident_flag) {
+                char token[21];
+                
+                if (getuserident(pw->pw_dir, token, sizeof(token))) {
+	                syslog(LOG_NOTICE, "token \"%s\" == uid %u (%s)",
+			    token, uid, pw->pw_name);
+	                n = snprintf(buf, sizeof(buf),
+        	            "%d , %d : USERID : OTHER%s%s :%s\r\n",
+	                    lport, fport, charset_name ? " , " : "",
+	                    charset_name ? charset_name : "", token);
+	                if (timed_write(fd, buf, n, IO_TIMEOUT) != n &&
+			    syslog_flag) {
+	                        syslog(LOG_NOTICE, "write to %s: %m",
+				    gethost6(faddr));
+	                        return 1;
+	                }
+	                return 0;
+		}
+	}
+
 	if (token_flag) {
 		char token[21];