diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2013-12-04 20:46:40 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2013-12-04 20:46:40 +0000 |
| commit | cb37b25ef5df70cfe4dc1dbf964fb790ce9e7373 (patch) | |
| tree | 1825d3c9a6f85ab21dffe7222a6bd46f1ec98458 | |
| parent | 4a9076ec665f22c9c0540bba27b05eae1b8b7aee (diff) | |
we now use the rewritten usr.sbin/identd
| -rw-r--r-- | libexec/identd/CREDITS | 52 | ||||
| -rw-r--r-- | libexec/identd/Makefile | 9 | ||||
| -rw-r--r-- | libexec/identd/identd.8 | 211 | ||||
| -rw-r--r-- | libexec/identd/identd.c | 516 | ||||
| -rw-r--r-- | libexec/identd/identd.h | 48 | ||||
| -rw-r--r-- | libexec/identd/openbsd.c | 107 | ||||
| -rw-r--r-- | libexec/identd/parse.c | 573 |
7 files changed, 0 insertions, 1516 deletions
diff --git a/libexec/identd/CREDITS b/libexec/identd/CREDITS deleted file mode 100644 index c117a03ecf0..00000000000 --- a/libexec/identd/CREDITS +++ /dev/null @@ -1,52 +0,0 @@ -Credits go to (I've probably forgot someone - please don't hesitate -to tell me!) for helping making Pidentd what it is: - -Casper Dik <casper@fwi.uva.nl>, Math & CS Faculty, U. of Amsterdam, NL - (Added support for SunOS 5 (Solaris 2)) - -Dave Shield <D.T.Shield@compsci.liverpool.ac.uk>, CS Dept. Liverpool U., UK - (Added support for HP9K HPUX 8.*) - -Jan L. Peterson <jlp@phred.math.byu.edu>, Math Dept. BYU, USA - (Added support for MIPS RISC/os and fixed a few other things) - -Fletcher Mattox <fletcher@cs.utexas.edu>, University of Texas, USA - (Added support for HP9K HP-UX 7.*) - -Mark Monnin <mgrmem@nextwork.rose-hulman.edu>, Rose-Hulman Inst. of Tech, USA - (Added support for DEC Ultrix 4.*) - -Simon Leinen <simon@lia.di.epfl.ch>, Switzerland - (Added support for Silicon Graphics IRIX 4.*) - -Frank Maas <maas@dutiws.tudelft.nl>, Delft Univ. of Technology, The Netherlands - (Added support for Sequent Dynix 3.*) - -Andrew Herbert <andrewh@molly.cs.monash.edu.au>, Monash University, Australia - (Added support for System V/Release 4) - -David Bennet <ddt@gu.uwa.edu.au>, Australia - (Added support for 386BSD) - -Fishman M. Shmuel <fms@ccgr.technion.ac.il>, Technion Inst. of Tech., Israel - (Added support for Convex & 4.3BSDtahoe (then heavily hacked by me)) - -Bradley E. Smith <brad@bradley.bradley.edu>, Bradley University, USA - (Added support for AT&T's own version of SVR4) - -RenE J.V. Bertin <bertin@neuretD.biol.ruu.nl>, Uni. of Utrecht, The Netherlands - (Added support for Apple A/UX 2.*) - -Douglas Lee Schales <Doug.Schales@sc.tamu.edu>, Texas A&M University, USA - (Added support for Cray UNICOS 6.*) - -Don Hazlewood <haz@dali.math.swt.edu>, SW Texas State U., USA - (Added support for A/UX 3.*) - - Nigel Metheringham <nigelm@ohm.york.ac.uk>, University of York, UK - (Added support for NeXT, SunOS 3.*, corrections for MIPS) - ----------------------------------------------------------------------------- -Peter Eriksson <pen@lysator.liu.se>, Lysator, Linkoping University, Sweden. - (Original code for Sun SunOS 4.* and Sequent Dynix 2.*) - diff --git a/libexec/identd/Makefile b/libexec/identd/Makefile deleted file mode 100644 index 7ee1e633b43..00000000000 --- a/libexec/identd/Makefile +++ /dev/null @@ -1,9 +0,0 @@ -# $OpenBSD: Makefile,v 1.8 2003/06/28 01:05:21 deraadt Exp $ - -PROG= identd -SRCS= identd.c openbsd.c parse.c -MAN= identd.8 - -CFLAGS+= -Wall - -.include <bsd.prog.mk> diff --git a/libexec/identd/identd.8 b/libexec/identd/identd.8 deleted file mode 100644 index 4a64890096e..00000000000 --- a/libexec/identd/identd.8 +++ /dev/null @@ -1,211 +0,0 @@ -.\" $OpenBSD: identd.8,v 1.32 2013/07/16 07:15:39 jmc Exp $ -.\" -.\" Copyright (c) 1997, Jason Downs. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS -.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -.\" DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, -.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -.\" CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" @(#)identd.8 1.9 92/02/11 Lysator -.\" Copyright (c) 1992 Peter Eriksson, Lysator, Linkoping University. -.\" This software has been released into the public domain. -.\" -.Dd $Mdocdate: July 16 2013 $ -.Dt IDENTD 8 -.Os -.Sh NAME -.Nm identd -.Nd TCP/IP IDENT protocol server -.Sh SYNOPSIS -.Nm identd -.Bk -words -.Op Fl 46deHhlmNnoUv -.Op Fl b | i | w -.Op Fl a Ar address -.Op Fl c Ar charset -.Op Fl p Ar port -.Op Fl t Ar seconds -.Ek -.Sh DESCRIPTION -.Nm -is a server which implements the TCP/IP proposed standard -IDENT user identification protocol -as specified in the RFC 1413 document. -.Pp -.Nm -operates by looking up specific TCP/IP -connections and returning the user name of the -process owning the connection. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl 4 -When -.Fl b -is specified, forces -.Nm -to use IPv4 addresses only. -.It Fl 6 -When -.Fl b -is specified, forces -.Nm -to use IPv6 addresses only. -.It Fl a Ar address -Specify a local IP address in dotted quad format -to bind the listen socket to if running as a stand-alone daemon. -By default the daemon listens on all local IP addresses. -.It Fl b -Specify operation as a stand-alone daemon. -.It Fl c Ar charset -Specify an optional character set designator to be included in replies. -.Ar charset -should be a valid character set as described in the -MIME RFC in upper case characters. -.It Fl d -This flag enables some debugging code that normally should NOT -be enabled since that breaks the protocol and may reveal information -that should not be available to outsiders. -.It Fl e -Always return -.Dq UNKNOWN-ERROR -instead of the -.Dq NO-USER -or -.Dq INVALID-PORT -errors. -.It Fl H -Hide information about non-existent users (e.g., connections through NAT) as -well as existing users. -Implies -.Fl h . -.It Fl h -Hide the actual information about the user by providing an opaque -token instead. -This token is entered into the local system logs -so that the administrator can later discover who the real user was. -.It Fl i -Tells -.Nm identd -to run as a process started from -.Xr inetd 8 -with the "nowait" option in the -.Pa /etc/inetd.conf -file. -Use of this mode will make -.Xr inetd 8 -start one -.Nm -daemon for each connection request. -This is the default mode of operation. -.It Fl l -Use -.Xr syslogd 8 -for logging purposes. -.It Fl m -Allow multiple requests to be processed per session. -Each request is specified one per line and the responses will be returned -one per line. -The connection will not be closed until the client closes its end of -the connection. -PLEASE NOTE THAT THIS MODE VIOLATES THE PROTOCOL SPECIFICATION AS -IT CURRENTLY STANDS. -.It Fl N -When replying with a user name or ID, first -check for a file -.Pa .noident -in the user's home directory. -If this file is accessible, return -.Dq HIDDEN-USER -instead of the normal USERID response. -.It Fl n -Always return UID numbers instead of usernames. -.It Fl o -Do not reveal operating system type; -always return -.Dq OTHER -instead. -.It Fl p Ar port -Specify an alternative port number or service name -on which to listen when running as a stand-alone daemon. -Default is "auth" (113). -.It Fl t Ar seconds -Specifies an idle timeout in seconds where a daemon running in -"wait" mode will timeout and exit. -The default is no timeout. -.It Fl U -When replying with a user name or ID, first -check for a file -.Pa .ident -in the user's home directory. -If this file is accessible, return -at most 20 characters of the first line of the file -instead of the normal USERID response. -.It Fl v -Log every request to syslog if -.Fl l -above is specified. -.It Fl w -Tells -.Nm identd -to run as a process started from -.Xr inetd 8 -with the "wait" option in the -.Pa /etc/inetd.conf -file. -This mode of operation will start a copy of -.Nm -at the first connection request and then -.Nm -will handle subsequent requests. -Previous versions listed this as the preferred mode of -operation due to the initial overhead of parsing the kernel nlist. -This version does not use kmem or nlist parsing, so this reasoning -is no longer valid. -.El -.Sh SEE ALSO -.Xr inetd.conf 5 -.Sh NOTES -.Nm -uses the -.Li LOG_DAEMON -.Xr syslogd 8 -facility to log messages. -.Pp -Unlike previous versions of -.Nm identd , -this version uses -.Xr sysctl 3 -to obtain information from the kernel instead of parsing kmem. -This version does not require privilege beyond what is needed to bind -the listen port if running as a stand-alone daemon. -.Sh BUGS -Since -.Nm identd -should typically not be run as a privileged user or group, -.Pa .ident -files for use when running with the -.Fl U -flag will need to be world accessible. -The same applies for -.Pa .noident -files when running with the -.Fl N -flag. diff --git a/libexec/identd/identd.c b/libexec/identd/identd.c deleted file mode 100644 index 92a6ad14b72..00000000000 --- a/libexec/identd/identd.c +++ /dev/null @@ -1,516 +0,0 @@ -/* $OpenBSD: identd.c,v 1.53 2013/03/11 21:24:24 deraadt Exp $ */ - -/* - * This program is in the public domain and may be used freely by anyone - * who wants to. - * - * Please send bug fixes/bug reports to: Peter Eriksson <pen@lysator.liu.se> - */ - -#include <sys/types.h> -#include <sys/ioctl.h> -#include <sys/socket.h> -#include <sys/file.h> -#include <sys/time.h> -#include <sys/wait.h> - -#include <netinet/in.h> -#include <arpa/inet.h> - -#include <stdio.h> -#include <stdlib.h> -#include <poll.h> -#include <string.h> -#include <stdarg.h> -#include <ctype.h> -#include <errno.h> -#include <netdb.h> -#include <syslog.h> -#include <signal.h> -#include <fcntl.h> -#include <unistd.h> -#include <pwd.h> -#include <grp.h> - -#include "identd.h" - -extern char *__progname; - -int af = PF_UNSPEC; - -int verbose_flag; -int debug_flag; -int syslog_flag; -int multi_flag; -int unknown_flag; -int number_flag; -int noident_flag; -int userident_flag; -int token_flag; -int no_user_token_flag; - -int lport; -int fport; - -const char *opsys_name = "UNIX"; -const char *charset_sep = ""; -char *charset_name = ""; - -static pid_t child_pid; - -void usage(void); -void sigchld(int); -char * gethost(struct sockaddr_storage *ss); - -void -usage(void) -{ - syslog(LOG_ERR, - "usage: %s [-46deHhlmNnoUv] [-b | -i | -w] [-a address] [-c charset] " - "[-p port] [-t seconds]", __progname); - exit(2); -} - -/* - * Return the name of the connecting host, or the IP number as a string. - */ -char * -gethost4_addr(struct in_addr *addr) -{ - struct hostent *hp; - - hp = gethostbyaddr(addr, sizeof(struct in_addr), AF_INET); - if (hp) - return hp->h_name; - return inet_ntoa(*addr); -} - -char * -gethost(struct sockaddr_storage *ss) -{ - if (ss->ss_family == AF_INET6) - return (gethost6((struct sockaddr_in6 *)ss)); - return (gethost4((struct sockaddr_in *)ss)); -} - -char * -gethost4(struct sockaddr_in *sin) -{ - struct hostent *hp; - - hp = gethostbyaddr(&sin->sin_addr, sizeof(struct in_addr), AF_INET); - if (hp) - return hp->h_name; - return inet_ntoa(sin->sin_addr); -} - -/* - * Return the name of the connecting host, or the IP number as a string. - */ -char * -gethost6(struct sockaddr_in6 *addr) -{ - static char hbuf[2][NI_MAXHOST]; - const int niflags = NI_NUMERICHOST; - static int bb = 0; - int err; - - bb = (bb+1)%2; - err = getnameinfo((struct sockaddr *)addr, addr->sin6_len, - hbuf[bb], sizeof(hbuf[bb]), NULL, 0, niflags); - if (err != 0) { - syslog(LOG_ERR, "getnameinfo failed (%s)", gai_strerror(err)); - strlcpy(hbuf[bb], "UNKNOWN", sizeof(hbuf[bb])); - } - return(hbuf[bb]); -} - -volatile sig_atomic_t alarm_fired; - -/* - * Exit cleanly after our time's up. - */ -/* ARGSUSED */ -static void -alarm_handler(int notused) -{ - alarm_fired = 1; -} - -/* - * Main entry point into this daemon - */ -int -main(int argc, char *argv[]) -{ - struct sockaddr_storage sa, sa2; - struct sockaddr_in *sin; - struct sockaddr_in6 *sin6; - struct in_addr laddr, faddr; - struct in6_addr laddr6, faddr6; - struct passwd *pwd; - struct pollfd *pfds = NULL; - int i, n = 0, background_flag = 0, timeout = 0, ch; - char *portno = "auth"; - char *bind_address = NULL; - uid_t set_uid = 0; - gid_t set_gid = 0; - extern char *optarg; - socklen_t len; - const char *errstr; - - openlog(__progname, LOG_PID, LOG_DAEMON); - - /* runs as _identd */ - if (getuid() == 0) { - if ((pwd = getpwnam(DEFAULT_UID)) == NULL) - error("no such user %s", DEFAULT_UID); - set_uid = pwd->pw_uid; - set_gid = pwd->pw_gid; - } - - /* - * Parse the command line arguments - */ - while ((ch = getopt(argc, argv, "46hHbwit:p:a:u:g:c:loenvdmNU")) != -1) { - switch (ch) { - case '4': - af = AF_INET; - break; - case '6': - af = AF_INET6; - break; - case 'h': - token_flag = 1; - break; - case 'H': - no_user_token_flag = token_flag = 1; - break; - case 'b': /* Start as standalone daemon */ - background_flag = 1; - break; - case 'w': /* Start from Inetd, wait mode */ - background_flag = 2; - break; - case 'i': /* Start from Inetd, nowait mode */ - background_flag = 0; - break; - case 't': - timeout = strtonum(optarg, 0, 100000000, &errstr); - if (errstr) - error("timeout is %s: %s", errstr, optarg); - break; - case 'p': - portno = optarg; - break; - case 'a': - bind_address = optarg; - break; - case 'c': - charset_name = optarg; - charset_sep = " , "; - break; - case 'l': /* Use the Syslog daemon for logging */ - syslog_flag++; - break; - case 'o': - opsys_name = "OTHER"; - break; - case 'e': - unknown_flag = 1; - break; - case 'n': - number_flag = 1; - break; - case 'v': /* Be verbose */ - verbose_flag++; - break; - case 'd': /* Enable debugging */ - debug_flag++; - break; - case 'm': /* Enable multiline queries */ - multi_flag++; - break; - case 'N': /* Enable users ".noident" files */ - noident_flag++; - break; - case 'U': /* Enable user ".ident" files */ - userident_flag++; - break; - default: - usage(); - } - } - - /* - * Do the special handling needed for the "-b" flag - */ - if (background_flag == 1) { - struct addrinfo hints, *res, *res0; - int true = 1; - - if (daemon(0, 0) != 0) - exit(0); - - memset(&hints, 0, sizeof(hints)); - hints.ai_socktype = SOCK_STREAM; - hints.ai_family = af; - hints.ai_flags = AI_PASSIVE; - if (getaddrinfo(bind_address, portno, &hints, &res0) != 0) - error("main: getaddrinfo"); - - i = 0; - for (res = res0; res; res = res->ai_next) - i++; - - pfds = calloc(i, sizeof(pfds[0])); - if (!pfds) { - freeaddrinfo(res0); - error("main: calloc"); - } - - i = 0; - for (res = res0; res; res = res->ai_next) { - if ((pfds[i].fd = socket(res->ai_family, res->ai_socktype, - res->ai_protocol)) < 0) - continue; - - if (setsockopt(pfds[i].fd, SOL_SOCKET, SO_REUSEADDR, - (void *)&true, sizeof(true))) { - close(pfds[i].fd); - continue; - } - -#ifdef IPV6_V6ONLY - if (res->ai_family == AF_INET6) - (void)setsockopt(pfds[i].fd, IPPROTO_IPV6, - IPV6_V6ONLY, (void *)&true, sizeof(true)); -#endif - - if (bind(pfds[i].fd, res->ai_addr, res->ai_addrlen)) { - close(pfds[i].fd); - continue; - } - - if (listen(pfds[i].fd, 3)) { - close(pfds[i].fd); - continue; - } - - pfds[i].events = POLLIN; - i++; - } - freeaddrinfo(res0); - - if (i == 0) - error("main: socket"); - - n = i; - } - - /* - * Do the special handling needed for the "-w" flag - */ - if (background_flag == 2) { - pfds = calloc(1, sizeof(pfds[0])); - if (!pfds) - error("main: calloc"); - - pfds[0].fd = 0; - pfds[0].events = POLLIN; - n = 1; - } - - if (set_gid) - if (setresgid(set_gid, set_gid, set_gid) == -1) - error("main: setegid"); - if (set_uid) - if (setresuid(set_uid, set_uid, set_uid) == -1) - error("main: seteuid"); - /* - * Do some special handling if the "-b" or "-w" flags are used - */ - if (background_flag) { - int fd = 0; - - signal(SIGCHLD, sigchld); - - /* - * Loop and dispatch client handling processes - */ - do { - /* - * Terminate if we've been idle for 'timeout' seconds - */ - if (background_flag == 2 && timeout) { - signal(SIGALRM, alarm_handler); - alarm(timeout); - } - - /* - * Wait for a connection request to occur. - * Ignore EINTR (Interrupted System Call). - */ - do { - if (alarm_fired) { - if (syslog_flag) - syslog(LOG_DEBUG, - "SIGALRM triggered, exiting"); - exit(0); - } - - if (timeout) - i = poll(pfds, n, timeout * 1000); - else - i = poll(pfds, n, INFTIM); - } while (i < 0 && errno == EINTR); - - /* - * An error occurred in poll? Just die - */ - if (i < 0) - error("main: poll"); - - /* - * Timeout limit reached. Exit nicely - */ - if (i == 0) - exit(0); - - /* - * Disable the alarm timeout - */ - alarm(0); - - for (i = 0; i < n; i++) { - if ((pfds[i].revents & POLLIN) == 0) - continue; - - /* - * Accept the new client - */ - fd = accept(pfds[i].fd, NULL, NULL); - if (fd == -1) { - if (errno == EWOULDBLOCK || - errno == EINTR || - errno == ECONNABORTED) - continue; - error("main: accept. errno = %d", errno); - } - - /* - * Fork a child, parent continues - */ - child_pid = fork(); - if (child_pid == 0) - break; - - close(fd); - } - } while (child_pid != 0); - - /* - * We are now in child, the parent has returned to "do" above. - */ - if (dup2(fd, 0) == -1) - error("main: dup2: failed fd 0"); - - if (dup2(fd, 1) == -1) - error("main: dup2: failed fd 1"); - - if (dup2(fd, 2) == -1) - error("main: dup2: failed fd 2"); - } - - /* - * Get foreign internet address - */ - len = sizeof(sa); - if (getpeername(0, (struct sockaddr *) &sa, &len) == -1) { - /* - * A user has tried to start us from the command line or - * the network link died, in which case this message won't - * reach to other end anyway, so lets give the poor user some - * errors. - */ - perror("identd: getpeername()"); - exit(1); - } - if (sa.ss_family == AF_INET6) { - sin6 = (struct sockaddr_in6 *)&sa; - faddr6 = sin6->sin6_addr; - } else { - sin = (struct sockaddr_in *)&sa; - faddr = sin->sin_addr; - } - - /* - * Open the connection to the Syslog daemon if requested - */ - if (syslog_flag) - syslog(LOG_INFO, "Connection from %s", gethost(&sa)); - - /* - * Get local internet address - */ - len = sizeof(sa2); - if (getsockname(0, (struct sockaddr *) &sa2, &len) == -1) { - /* - * We can just die here, because if this fails then the - * network has died and we haven't got anyone to return - * errors to. - */ - exit(1); - } - /* are we v4 or v6? */ - if (sa2.ss_family == AF_INET6) { - sin6 = (struct sockaddr_in6 *)&sa2; - laddr6 = sin6->sin6_addr; - /* - * Get the local/foreign port pair from the luser - */ - parse6(STDIN_FILENO, (struct sockaddr_in6 *)&sa2, - (struct sockaddr_in6 *)&sa); - } else { - sin = (struct sockaddr_in *)&sa2; - laddr = sin->sin_addr; - /* - * Get the local/foreign port pair from the luser - */ - parse(STDIN_FILENO, &laddr, &faddr); - } - - exit(0); -} - -void -error(char *fmt, ...) -{ - va_list ap, ap2; - - va_start(ap, fmt); - - if (syslog_flag) { - va_copy(ap2, ap); - vsyslog(LOG_ERR, fmt, ap2); - va_end(ap2); - } - if (debug_flag) { - fprintf(stderr, "%d , %d : ERROR : X-DBG : ", lport, fport); - vfprintf(stderr, fmt, ap); - perror(": "); - } else - printf("%d , %d : ERROR : UNKNOWN-ERROR\r\n", lport, fport); - va_end(ap); - exit(1); -} - -void -sigchld(int signo) -{ - pid_t pid; - - do { - pid = waitpid(-1, NULL, WNOHANG); - } while (pid > 0 || (pid == -1 && errno == EINTR)); -} diff --git a/libexec/identd/identd.h b/libexec/identd/identd.h deleted file mode 100644 index 941ac4a7456..00000000000 --- a/libexec/identd/identd.h +++ /dev/null @@ -1,48 +0,0 @@ -/* $OpenBSD: identd.h,v 1.17 2004/09/16 08:25:05 deraadt Exp $*/ - -/* -** -** identd.h Common variables for the Pidentd daemon -** -** This program is in the public domain and may be used freely by anyone -** who wants to. -** -** Last update: 6 Dec 1992 -** -** Please send bug fixes/bug reports to: Peter Eriksson <pen@lysator.liu.se> -*/ - -#ifndef __IDENTD_H__ -#define __IDENTD_H__ - -#define DEFAULT_UID "_identd" - -extern int verbose_flag; -extern int debug_flag; -extern int syslog_flag; -extern int multi_flag; -extern int unknown_flag; -extern int number_flag; -extern int noident_flag; -extern int token_flag; -extern int no_user_token_flag; -extern int userident_flag; - -extern const char *opsys_name; -extern const char *charset_sep; -extern char *charset_name; - -extern int lport; -extern int fport; - -int parse(int, struct in_addr *, struct in_addr *); -int parse6(int, struct sockaddr_in6 *, struct sockaddr_in6 *); -char *gethost4(struct sockaddr_in *); -char *gethost4_addr(struct in_addr *); -char *gethost6(struct sockaddr_in6 *); -int k_getuid(struct in_addr *, int, struct in_addr *, int, uid_t *); -int k_getuid6(struct sockaddr_in6 *, int, struct sockaddr_in6 *, - int, uid_t *); -void error(char *fmt, ...); - -#endif diff --git a/libexec/identd/openbsd.c b/libexec/identd/openbsd.c deleted file mode 100644 index 37824401943..00000000000 --- a/libexec/identd/openbsd.c +++ /dev/null @@ -1,107 +0,0 @@ -/* $OpenBSD: openbsd.c,v 1.21 2006/11/10 20:44:07 mk Exp $ */ - -/* - * This program is in the public domain and may be used freely by anyone - * who wants to. - * - * Please send bug fixes/bug reports to: Peter Eriksson <pen@lysator.liu.se> - * - * This version eliminates the kmem search in favour of a kernel sysctl to - * get the user id associated with a connection - Bob Beck <beck@obtuse.com> - */ - -#include <sys/param.h> -#include <sys/socket.h> -#include <sys/socketvar.h> -#include <sys/sysctl.h> - -#include <stdio.h> -#include <string.h> -#include <errno.h> -#include <syslog.h> - -#include <netinet/in.h> -#include <netinet/in_systm.h> -#include <netinet/tcp.h> -#include <netinet/ip_var.h> -#include <netinet/tcp_timer.h> -#include <netinet/tcp_var.h> - -#include <arpa/inet.h> - -#include "identd.h" - -/* - * Return the user number for the connection owner - */ -int -k_getuid(struct in_addr *faddr, int fport, struct in_addr *laddr, - int lport, uid_t *uid) -{ - int mib[] = { CTL_NET, PF_INET, IPPROTO_TCP, TCPCTL_IDENT }; - struct sockaddr_in *fin, *lin; - struct tcp_ident_mapping tir; - int err = 0; - size_t i; - - memset(&tir, 0, sizeof (tir)); - tir.faddr.ss_len = (sizeof (struct sockaddr_storage) & 0xff); - tir.laddr.ss_len = (sizeof (struct sockaddr_storage) &0xff); - tir.faddr.ss_family = AF_INET; - tir.laddr.ss_family = AF_INET; - fin = (struct sockaddr_in *) &tir.faddr; - lin = (struct sockaddr_in *) &tir.laddr; - - memcpy(&fin->sin_addr, faddr, sizeof (struct in_addr)); - memcpy(&lin->sin_addr, laddr, sizeof (struct in_addr)); - fin->sin_port = fport; - lin->sin_port = lport; - i = sizeof (tir); - err = sysctl(mib, sizeof (mib) / sizeof (int), &tir, &i, NULL, 0); - if (!err && tir.ruid != -1) { - *uid = tir.ruid; - return (0); - } - if (err == -1) - syslog(LOG_DEBUG, "sysctl failed (%m)"); - - return (-1); -} - -/* - * Return the user number for the connection owner - * New minty IPv6 version. - */ -int -k_getuid6(struct sockaddr_in6 *faddr, int fport, struct sockaddr_in6 *laddr, - int lport, uid_t *uid) -{ - int mib[] = { CTL_NET, PF_INET, IPPROTO_TCP, TCPCTL_IDENT }; - struct sockaddr_in6 *fin, *lin; - struct tcp_ident_mapping tir; - int err = 0; - size_t i; - - memset(&tir, 0, sizeof (tir)); - fin = (struct sockaddr_in6 *) &tir.faddr; - lin = (struct sockaddr_in6 *) &tir.laddr; - - if (faddr->sin6_len > sizeof(tir.faddr)) - return -1; - memcpy(fin, faddr, faddr->sin6_len); - if (laddr->sin6_len > sizeof(tir.laddr)) - return -1; - memcpy(lin, laddr, laddr->sin6_len); - fin->sin6_port = fport; - lin->sin6_port = lport; - i = sizeof (tir); - err = sysctl(mib, sizeof (mib) / sizeof (int), &tir, &i, NULL, 0); - if (!err && tir.ruid != -1) { - *uid = tir.ruid; - return (0); - } - if (err == -1) - syslog(LOG_DEBUG, "sysctl failed (%m)"); - - return (-1); -} diff --git a/libexec/identd/parse.c b/libexec/identd/parse.c deleted file mode 100644 index 36067f57a22..00000000000 --- a/libexec/identd/parse.c +++ /dev/null @@ -1,573 +0,0 @@ -/* $OpenBSD: parse.c,v 1.47 2013/11/27 21:25:25 deraadt Exp $ */ - -/* - * This program is in the public domain and may be used freely by anyone - * who wants to. - * - * Please send bug fixes/bug reports to: Peter Eriksson <pen@lysator.liu.se> - */ - -#include <sys/param.h> -#include <sys/types.h> -#include <sys/file.h> -#include <sys/stat.h> -#include <sys/socket.h> -#include <netinet/in.h> - -#include <stdio.h> -#include <poll.h> -#include <stdlib.h> -#include <string.h> -#include <syslog.h> -#include <errno.h> -#include <ctype.h> -#include <pwd.h> -#include <unistd.h> - -#include "identd.h" - -#define IO_TIMEOUT 30 /* Timeout I/O operations after N seconds */ - -int check_noident(char *); -ssize_t timed_read(int, void *, size_t, time_t); -ssize_t timed_write(int, const void *, size_t, time_t); -int getuserident(char *homedir, char *buf, int len); -void gentoken(char *, int); - -/* - * A small routine to check for the existence of the ".noident" - * file in a users home directory. - */ -int -check_noident(char *homedir) -{ - char path[MAXPATHLEN]; - struct stat st; - int n; - - if (!homedir) - return 0; - if ((n = snprintf(path, sizeof(path), "%s/.noident", homedir)) - >= sizeof(path) || n < 0) - return 0; - if (stat(path, &st) == 0) - return 1; - return 0; -} - -/* - * A small routine to check for the existence of the ".ident" - * file in a users home directory, and return its contents. - */ -int -getuserident(char *homedir, char *buf, int len) -{ - char path[MAXPATHLEN]; - int fd, nread, n; - struct stat st; - - if (len == 0) - return 0; - if (!homedir) - return 0; - if ((n = snprintf(path, sizeof path, "%s/.ident", homedir)) - >= sizeof(path) || n < 0) - return 0; - if ((fd = open(path, O_RDONLY|O_NONBLOCK|O_NOFOLLOW, 0)) < 0) - return 0; - if (fstat(fd, &st) != 0 || !S_ISREG(st.st_mode)) { - close(fd); - return 0; - } - - if ((nread = read(fd, buf, len - 1)) <= 0) { - close(fd); - return 0; - } - buf[nread] = '\0'; - - /* remove illegal characters */ - buf[strcspn(buf, "\r\n")] = '\0'; - - close(fd); - return 1; -} - -static char token0cnv[] = "abcdefghijklmnopqrstuvwxyz"; -static char tokencnv[] = "abcdefghijklmnopqrstuvwxyz0123456789"; - -void -gentoken(char *buf, int len) -{ - char *p; - - if (len == 0) - return; - for (p = buf; len > 1; p++, len--) { - if (p == buf) - *p = token0cnv[arc4random_uniform(sizeof(token0cnv)-1)]; - else - *p = tokencnv[arc4random_uniform(sizeof(tokencnv)-1)]; - } - *p = '\0'; -} - -/* - * Returns 0 on timeout, -1 on error, #bytes read on success. - */ -ssize_t -timed_read(int fd, void *buf, size_t siz, time_t timeout) -{ - struct timeval tv, start, after, duration, tmp; - int err, tot = 0, i, r; - struct pollfd rfd[1]; - char *p = buf; - - tv.tv_sec = timeout; - tv.tv_usec = 0; - - while (1) { - rfd[0].fd = fd; - rfd[0].events = POLLIN; - rfd[0].revents = 0; - - gettimeofday(&start, NULL); - if ((err = poll(rfd, 1, tv.tv_sec * 1000 + - tv.tv_usec / 1000)) <= 0) - return err; - r = read(fd, p, siz - tot); - if (r == -1 || r == 0) - return (r); - for (i = 0; i < r; i++) - if (p[i] == '\r' || p[i] == '\n') { - tot += r; - return (tot); - } - gettimeofday(&after, NULL); - timersub(&start, &after, &duration); - timersub(&tv, &duration, &tmp); - tv = tmp; - if (tv.tv_sec < 0 || !timerisset(&tv)) - return (tot); - tot += r; - p += r; - } -} - -/* - * Returns 0 on timeout, -1 on error, #bytes read on success. - */ -ssize_t -timed_write(int fd, const void *buf, size_t siz, time_t timeout) -{ - struct pollfd wfd[2]; - struct timeval tv; - int err; - - wfd[0].fd = fd; - wfd[0].events = POLLOUT; - wfd[0].revents = 0; - - tv.tv_sec = timeout; - tv.tv_usec = 0; - - if ((err = poll(wfd, 1, tv.tv_sec * 1000 + - tv.tv_usec / 1000)) <= 0) - return err; - return (write(fd, buf, siz)); -} - -int -parse(int fd, struct in_addr *laddr, struct in_addr *faddr) -{ - char token[21], buf[BUFSIZ], *p; - struct in_addr laddr2, faddr2; - struct passwd *pw; - uid_t uid; - int n; - - if (debug_flag && syslog_flag) - syslog(LOG_DEBUG, "In function parse(), from %s to %s", - gethost4_addr(faddr), gethost4_addr(laddr)); - - faddr2 = *faddr; - laddr2 = *laddr; - lport = fport = 0; - - /* Read query from client */ - if ((n = timed_read(fd, buf, sizeof(buf) - 1, IO_TIMEOUT)) <= 0) { - if (syslog_flag) - syslog(LOG_NOTICE, - n ? "read from %s: %m" : "read from %s: EOF", - gethost4_addr(faddr)); - if ((n = snprintf(buf, sizeof(buf), - "%d , %d : ERROR : UNKNOWN-ERROR\r\n", lport, fport)) - >= sizeof(buf) || n < 0) - n = strlen(buf); - if (timed_write(fd, buf, n, IO_TIMEOUT) != n && syslog_flag) { - syslog(LOG_NOTICE, "write to %s: %m", gethost4_addr(faddr)); - return 1; - } - return 0; - } - buf[n] = '\0'; - - /* Pull out local and remote ports */ - p = buf; - while (isspace((unsigned char)*p)) - p++; - if ((p = strtok(p, " \t,"))) { - lport = atoi(p); - if ((p = strtok(NULL, " \t,"))) - fport = atoi(p); - } - - if (lport < 1 || lport > 65535 || fport < 1 || fport > 65535) { - if (syslog_flag) - syslog(LOG_NOTICE, - "scanf: invalid-port(s): %d , %d from %s", - lport, fport, gethost4_addr(faddr)); - if ((n = snprintf(buf, sizeof(buf), "%d , %d : ERROR : %s\r\n", - lport, fport, unknown_flag ? "UNKNOWN-ERROR" : - "INVALID-PORT")) >= sizeof(buf) || n < 0) - n = strlen(buf); - if (timed_write(fd, buf, n, IO_TIMEOUT) != n && syslog_flag) { - syslog(LOG_NOTICE, "write to %s: %m", gethost4_addr(faddr)); - return 1; - } - return 0; - } - if (syslog_flag && verbose_flag) - syslog(LOG_NOTICE, "request for (%d,%d) from %s", - lport, fport, gethost4_addr(faddr)); - - if (debug_flag && syslog_flag) - syslog(LOG_DEBUG, " After fscanf(), before k_getuid()"); - - /* - * Next - get the specific TCP connection and return the - * uid - user number. - */ - if (k_getuid(&faddr2, htons(fport), laddr, htons(lport), &uid) == -1) { - if (no_user_token_flag) { - gentoken(token, sizeof token); - syslog(LOG_NOTICE, "token %s == NO USER", token); - if ((n = snprintf(buf, sizeof(buf), - "%d , %d : USERID : %s%s%s :%s\r\n", lport, fport, - opsys_name, charset_sep, charset_name, token)) - >= sizeof(buf) || n < 0) - n = strlen(buf); - if (timed_write(fd, buf, n, IO_TIMEOUT) != n && - syslog_flag) { - syslog(LOG_NOTICE, "write to %s: %m", - gethost4_addr(faddr)); - return 1; - } - return 0; - } - if (syslog_flag) - syslog(LOG_DEBUG, "Returning: %d , %d : NO-USER", - lport, fport); - if ((n = snprintf(buf, sizeof(buf), "%d , %d : ERROR : %s\r\n", - lport, fport, unknown_flag ? "UNKNOWN-ERROR" : "NO-USER")) - >= sizeof(buf) || n < 0) - n = strlen(buf); - if (timed_write(fd, buf, n, IO_TIMEOUT) != n && syslog_flag) { - syslog(LOG_NOTICE, "write to %s: %m", gethost4_addr(faddr)); - return 1; - } - return 0; - } - if (debug_flag && syslog_flag) - syslog(LOG_DEBUG, " After k_getuid(), before getpwuid()"); - - pw = getpwuid(uid); - if (!pw) { - if (syslog_flag) - syslog(LOG_WARNING, - "getpwuid() could not map uid (%u) to name", - uid); - if ((n = snprintf(buf, sizeof(buf), - "%d , %d : USERID : %s%s%s :%u\r\n", - lport, fport, opsys_name, charset_sep, charset_name, uid)) - >= sizeof(buf) || n < 0) - n = strlen(buf); - if (timed_write(fd, buf, n, IO_TIMEOUT) != n && syslog_flag) { - syslog(LOG_NOTICE, "write to %s: %m", gethost4_addr(faddr)); - return 1; - } - return 0; - } - - if (syslog_flag) - syslog(LOG_DEBUG, "Successful lookup: %d , %d : %s", - lport, fport, pw->pw_name); - - if (noident_flag && check_noident(pw->pw_dir)) { - if (syslog_flag && verbose_flag) - syslog(LOG_NOTICE, - "user %s requested HIDDEN-USER for host %s: %d, %d", - pw->pw_name, gethost4_addr(faddr), lport, fport); - if ((n = snprintf(buf, sizeof(buf), - "%d , %d : ERROR : HIDDEN-USER\r\n", lport, fport)) - >= sizeof(buf) || n < 0) - n = strlen(buf); - if (timed_write(fd, buf, n, IO_TIMEOUT) != n && syslog_flag) { - syslog(LOG_NOTICE, "write to %s: %m", gethost4_addr(faddr)); - return 1; - } - return 0; - } - - if (userident_flag && getuserident(pw->pw_dir, token, sizeof token)) { - syslog(LOG_NOTICE, "token \"%s\" == uid %u (%s)", - token, uid, pw->pw_name); - if ((n = snprintf(buf, sizeof(buf), - "%d , %d : USERID : %s%s%s :%s\r\n", lport, fport, - opsys_name, charset_sep, charset_name, token)) - >= sizeof(buf) || n < 0) - n = strlen(buf); - if (timed_write(fd, buf, n, IO_TIMEOUT) != n && syslog_flag) { - syslog(LOG_NOTICE, "write to %s: %m", gethost4_addr(faddr)); - return 1; - } - return 0; - } - - if (token_flag) { - gentoken(token, sizeof token); - syslog(LOG_NOTICE, "token %s == uid %u (%s)", token, uid, - pw->pw_name); - if ((n = snprintf(buf, sizeof(buf), - "%d , %d : USERID : %s%s%s :%s\r\n", lport, fport, - opsys_name, charset_sep, charset_name, token)) - >= sizeof(buf) || n < 0) - n = strlen(buf); - if (timed_write(fd, buf, n, IO_TIMEOUT) != n && syslog_flag) { - syslog(LOG_NOTICE, "write to %s: %m", gethost4_addr(faddr)); - return 1; - } - return 0; - } - - if (number_flag) { - if ((n = snprintf(buf, sizeof(buf), - "%d , %d : USERID : %s%s%s :%u\r\n", - lport, fport, opsys_name, charset_sep, charset_name, uid)) - >= sizeof(buf) || n < 0) - n = strlen(buf); - if (timed_write(fd, buf, n, IO_TIMEOUT) != n && syslog_flag) { - syslog(LOG_NOTICE, "write to %s: %m", gethost4_addr(faddr)); - return 1; - } - return 0; - } - if ((n = snprintf(buf, sizeof(buf), "%d , %d : USERID : %s%s%s :%s\r\n", - lport, fport, opsys_name, charset_sep, charset_name, pw->pw_name)) - >= sizeof(buf) || n < 0) - n = strlen(buf); - if (timed_write(fd, buf, n, IO_TIMEOUT) != n && syslog_flag) { - syslog(LOG_NOTICE, "write to %s: %m", gethost4_addr(faddr)); - return 1; - } - return 0; -} - - -/* Parse, a-la IPv6 */ -int -parse6(int fd, struct sockaddr_in6 *laddr, struct sockaddr_in6 *faddr) -{ - char token[21], buf[BUFSIZ], *p; - struct sockaddr_in6 laddr2, faddr2; - struct passwd *pw; - uid_t uid; - int n; - - if (debug_flag && syslog_flag) - syslog(LOG_DEBUG, "In function parse6(), from %s to %s", - gethost6(faddr), gethost6(laddr)); - - faddr2 = *faddr; - laddr2 = *laddr; - lport = fport = 0; - - /* Read query from client */ - if ((n = timed_read(fd, buf, sizeof(buf) - 1, IO_TIMEOUT)) <= 0) { - if (syslog_flag) - syslog(LOG_NOTICE, - n ? "read from %s: %m" : "read from %s: EOF", - gethost6(faddr)); - if ((n = snprintf(buf, sizeof(buf), - "%d , %d : ERROR : UNKNOWN-ERROR\r\n", lport, fport)) - >= sizeof(buf) || n < 0) - n = strlen(buf); - if (timed_write(fd, buf, n, IO_TIMEOUT) != n && syslog_flag) { - syslog(LOG_NOTICE, "write to %s: %m", gethost6(faddr)); - return 1; - } - return 0; - } - buf[n] = '\0'; - - /* Pull out local and remote ports */ - p = buf; - while (isspace((unsigned char)*p)) - p++; - if ((p = strtok(p, " \t,"))) { - lport = atoi(p); - if ((p = strtok(NULL, " \t,"))) - fport = atoi(p); - } - - if (lport < 1 || lport > 65535 || fport < 1 || fport > 65535) { - if (syslog_flag) - syslog(LOG_NOTICE, - "scanf: invalid-port(s): %d , %d from %s", - lport, fport, gethost6(faddr)); - if ((n = snprintf(buf, sizeof(buf), "%d , %d : ERROR : %s\r\n", - lport, fport, unknown_flag ? "UNKNOWN-ERROR" : - "INVALID-PORT")) >= sizeof(buf) || n < 0) - n = strlen(buf); - if (timed_write(fd, buf, n, IO_TIMEOUT) != n && syslog_flag) { - syslog(LOG_NOTICE, "write to %s: %m", gethost6(faddr)); - return 1; - } - return 0; - } - if (syslog_flag && verbose_flag) - syslog(LOG_NOTICE, "request for (%d,%d) from %s", - lport, fport, gethost6(faddr)); - - if (debug_flag && syslog_flag) - syslog(LOG_DEBUG, " After fscanf(), before k_getuid6()"); - - /* - * Next - get the specific TCP connection and return the - * uid - user number. - */ - if (k_getuid6(&faddr2, htons(fport), laddr, htons(lport), &uid) == -1) { - if (no_user_token_flag) { - gentoken(token, sizeof token); - syslog(LOG_NOTICE, "token %s == NO USER", token); - if ((n = snprintf(buf, sizeof(buf), - "%d , %d : USERID : %s%s%s :%s\r\n", lport, fport, - opsys_name, charset_sep, charset_name, token)) - >= sizeof(buf) || n < 0) - n = strlen(buf); - if (timed_write(fd, buf, n, IO_TIMEOUT) != n && - syslog_flag) { - syslog(LOG_NOTICE, "write to %s: %m", - gethost6(faddr)); - return 1; - } - return 0; - } - if (syslog_flag) - syslog(LOG_DEBUG, "Returning: %d , %d : NO-USER", - lport, fport); - if ((n = snprintf(buf, sizeof(buf), "%d , %d : ERROR : %s\r\n", - lport, fport, unknown_flag ? "UNKNOWN-ERROR" : "NO-USER")) - >= sizeof(buf) || n < 0) - n = strlen(buf); - if (timed_write(fd, buf, n, IO_TIMEOUT) != n && syslog_flag) { - syslog(LOG_NOTICE, "write to %s: %m", gethost6(faddr)); - return 1; - } - return 0; - } - if (debug_flag && syslog_flag) - syslog(LOG_DEBUG, " After k_getuid6(), before getpwuid()"); - - pw = getpwuid(uid); - if (!pw) { - if (syslog_flag) - syslog(LOG_WARNING, - "getpwuid() could not map uid (%u) to name", - uid); - if ((n = snprintf(buf, sizeof(buf), - "%d , %d : USERID : %s%s%s :%u\r\n", - lport, fport, opsys_name, charset_sep, charset_name, uid)) - >= sizeof(buf) || n < 0) - n = strlen(buf); - if (timed_write(fd, buf, n, IO_TIMEOUT) != n && syslog_flag) { - syslog(LOG_NOTICE, "write to %s: %m", gethost6(faddr)); - return 1; - } - return 0; - } - - if (syslog_flag) - syslog(LOG_DEBUG, "Successful lookup: %d , %d : %s", - lport, fport, pw->pw_name); - - if (noident_flag && check_noident(pw->pw_dir)) { - if (syslog_flag && verbose_flag) - syslog(LOG_NOTICE, - "user %s requested HIDDEN-USER for host %s: %d, %d", - pw->pw_name, gethost6(faddr), lport, fport); - if ((n = snprintf(buf, sizeof(buf), - "%d , %d : ERROR : HIDDEN-USER\r\n", lport, fport)) - >= sizeof(buf) || n < 0) - n = strlen(buf); - if (timed_write(fd, buf, n, IO_TIMEOUT) != n && syslog_flag) { - syslog(LOG_NOTICE, "write to %s: %m", gethost6(faddr)); - return 1; - } - return 0; - } - - if (userident_flag && getuserident(pw->pw_dir, token, sizeof token)) { - syslog(LOG_NOTICE, "token \"%s\" == uid %u (%s)", - token, uid, pw->pw_name); - if ((n = snprintf(buf, sizeof(buf), - "%d , %d : USERID : %s%s%s :%s\r\n", lport, fport, - opsys_name, charset_sep, charset_name, token)) - >= sizeof(buf) || n < 0) - n = strlen(buf); - if (timed_write(fd, buf, n, IO_TIMEOUT) != n && syslog_flag) { - syslog(LOG_NOTICE, "write to %s: %m", gethost6(faddr)); - return 1; - } - return 0; - } - - if (token_flag) { - gentoken(token, sizeof token); - syslog(LOG_NOTICE, "token %s == uid %u (%s)", token, uid, - pw->pw_name); - if ((n = snprintf(buf, sizeof(buf), - "%d , %d : USERID : %s%s%s :%s\r\n", lport, fport, - opsys_name, charset_sep, charset_name, token)) - >= sizeof(buf) || n < 0) - n = strlen(buf); - if (timed_write(fd, buf, n, IO_TIMEOUT) != n && syslog_flag) { - syslog(LOG_NOTICE, "write to %s: %m", gethost6(faddr)); - return 1; - } - return 0; - } - - if (number_flag) { - if ((n = snprintf(buf, sizeof(buf), - "%d , %d : USERID : %s%s%s :%u\r\n", - lport, fport, opsys_name, charset_sep, charset_name, uid)) - >= sizeof(buf) || n < 0) - n = strlen(buf); - if (timed_write(fd, buf, n, IO_TIMEOUT) != n && syslog_flag) { - syslog(LOG_NOTICE, "write to %s: %m", gethost6(faddr)); - return 1; - } - return 0; - } - - if ((n = snprintf(buf, sizeof(buf), "%d , %d : USERID : %s%s%s :%s\r\n", - lport, fport, opsys_name, charset_sep, charset_name, pw->pw_name)) - >= sizeof(buf) || n < 0) - n = strlen(buf); - if (timed_write(fd, buf, n, IO_TIMEOUT) != n && syslog_flag) { - syslog(LOG_NOTICE, "write to %s: %m", gethost6(faddr)); - return 1; - } - return 0; -} |