diff --git a/net-misc/oidentd/Manifest b/net-misc/oidentd/Manifest new file mode 100644 index 0000000..10b8dce --- /dev/null +++ b/net-misc/oidentd/Manifest @@ -0,0 +1 @@ +DIST oidentd-2.2.1.tar.gz 253531 BLAKE2B e851d1898b82e10b882cf35e3b6a3fa3d660ce2a2628030909037df667c521b4e53c2569448619747cd2663b5bcb453d3d2b135caaee60f1ee00c476ac63ddf7 SHA512 adc49dc9ba0f6691856823cb41120aa7bb25c698c829ef4c226bcd9b8737a7f917fb2780b1447bd3de107b3825ba3f89f6017f877885815ee3e53f49707af20f diff --git a/net-misc/oidentd/files/oidentd-2.0.7-init b/net-misc/oidentd/files/oidentd-2.0.7-init new file mode 100644 index 0000000..5b1ae44 --- /dev/null +++ b/net-misc/oidentd/files/oidentd-2.0.7-init @@ -0,0 +1,40 @@ +#!/sbin/openrc-run +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + need net +} + +check_config() { + if [ -z "${USER}" ] + then + eerror "Please set \$USER in /etc/conf.d/oidentd!" + return 1 + fi + if [ -z "${GROUP}" ] + then + eerror "Please set \$GROUP in /etc/conf.d/oidentd!" + return 1 + fi + + if [ "$(sysctl -n security.bsd.see_other_uids 2>/dev/null)" = "0" ]; then + eerror "${SVCNAME} cannot work if the sysctl security.bsd.see_other_uids is 0" + return 1 + fi +} + + +start() { + check_config || return 1 + ebegin "Starting oidentd" + OPTIONS="${OPTIONS} -u ${USER} -g ${GROUP}" + start-stop-daemon --start --quiet --exec /usr/sbin/oidentd -- $OPTIONS + eend $? +} + +stop() { + ebegin "Stopping oidentd" + start-stop-daemon --stop --quiet --exec /usr/sbin/oidentd + eend $? +} diff --git a/net-misc/oidentd/files/oidentd-2.0.8-bind-to-ipv6-too.patch b/net-misc/oidentd/files/oidentd-2.0.8-bind-to-ipv6-too.patch new file mode 100644 index 0000000..2652622 --- /dev/null +++ b/net-misc/oidentd/files/oidentd-2.0.8-bind-to-ipv6-too.patch @@ -0,0 +1,17 @@ +Patch to bind to ipv6 socket as well +Patch supplied by Fabian Knittel +--- oidentd-2.0.8/src/oidentd_inet_util.c 2006-05-22 02:31:19.000000000 +0200 ++++ oidentd-2.0.8.new/src/oidentd_inet_util.c 2010-03-01 20:26:11.000000000 +0100 +@@ -60,6 +60,12 @@ + #ifdef WANT_IPV6 + case AF_INET6: + SIN6(ai->ai_addr)->sin6_port = listen_port; ++ ++ if (setsockopt(listenfd, IPPROTO_IPV6, IPV6_V6ONLY, &one, ++ sizeof(one)) != 0) { ++ debug("setsockopt IPV6_V6ONLY: %s", strerror(errno)); ++ return (-1); ++ } + break; + #endif + diff --git a/net-misc/oidentd/files/oidentd-2.0.8-gcc5.patch b/net-misc/oidentd/files/oidentd-2.0.8-gcc5.patch new file mode 100644 index 0000000..a401a65 --- /dev/null +++ b/net-misc/oidentd/files/oidentd-2.0.8-gcc5.patch @@ -0,0 +1,25 @@ +Description: Fix a failure to build with gcc5. +Bug: http://bugs.debian.org/778035 + +--- a/src/oidentd_util.c 2015-07-03 05:56:24.000000000 -0400 ++++ b/src/oidentd_util.c 2015-07-03 05:56:47.671378000 -0400 +@@ -75,7 +75,7 @@ + ** PRNG functions on systems whose libraries provide them.) + */ + +-inline int randval(int i) { ++extern __attribute__ ((gnu_inline)) int randval(int i) { + /* Per _Numerical Recipes in C_: */ + return ((double) i * rand() / (RAND_MAX+1.0)); + } +--- a/src/oidentd_util.h 2015-07-03 05:56:32.000000000 -0400 ++++ b/src/oidentd_util.h 2015-07-03 05:56:53.835378000 -0400 +@@ -58,7 +58,7 @@ + int find_group(const char *temp_group, gid_t *gid); + + int random_seed(void); +-inline int randval(int i); ++extern __attribute__ ((gnu_inline)) int randval(int i); + + #ifndef HAVE_SNPRINTF + int snprintf(char *str, size_t n, char const *fmt, ...); diff --git a/net-misc/oidentd/files/oidentd-2.0.8-log-conntrack-fails.patch b/net-misc/oidentd/files/oidentd-2.0.8-log-conntrack-fails.patch new file mode 100644 index 0000000..d29479e --- /dev/null +++ b/net-misc/oidentd/files/oidentd-2.0.8-log-conntrack-fails.patch @@ -0,0 +1,52 @@ +From 612f1d85dd59fc39b124392df38586769ebc8add Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Fri, 11 Mar 2016 10:00:59 +0100 +Subject: [PATCH] Log Linux core_init failures as normal error +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Opening Linux conntracking table file failure for different reason than +missing the file is fatal for deamon initizalization. But the failure +was logged inly in debugging build. + +This patch makes the fatal error visible in normal log. + +https://bugzilla.redhat.com/show_bug.cgi?id=1316308 +Signed-off-by: Petr Písař +--- + src/kernel/linux.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/kernel/linux.c b/src/kernel/linux.c +index 8bf265f..9103dbf 100644 +--- a/src/kernel/linux.c ++++ b/src/kernel/linux.c +@@ -73,21 +73,21 @@ bool core_init(void) { + masq_fp = fopen(MASQFILE, "r"); + if (masq_fp == NULL) { + if (errno != ENOENT) { +- debug("fopen: %s: %s", MASQFILE, strerror(errno)); ++ o_log(NORMAL, "fopen: %s: %s", MASQFILE, strerror(errno)); + return false; + } + + masq_fp = fopen(CONNTRACK, "r"); + if (masq_fp == NULL) { + if (errno != ENOENT) { +- debug("fopen: %s: %s", CONNTRACK, strerror(errno)); ++ o_log(NORMAL, "fopen: %s: %s", CONNTRACK, strerror(errno)); + return false; + } + + masq_fp = fopen(NFCONNTRACK, "r"); + if (masq_fp == NULL) { + if (errno != ENOENT) { +- debug("fopen: %s: %s", NFCONNTRACK, strerror(errno)); ++ o_log(NORMAL, "fopen: %s: %s", NFCONNTRACK, strerror(errno)); + return false; + } + masq_fp = fopen("/dev/null", "r"); +-- +2.5.0 + diff --git a/net-misc/oidentd/files/oidentd-2.0.8-masquerading.patch b/net-misc/oidentd/files/oidentd-2.0.8-masquerading.patch new file mode 100644 index 0000000..191e9b9 --- /dev/null +++ b/net-misc/oidentd/files/oidentd-2.0.8-masquerading.patch @@ -0,0 +1,43 @@ +--- oidentd.orig/src/kernel/linux.c 2006-05-22 06:58:53.000000000 +0300 ++++ oidentd-2.0.8/src/kernel/linux.c 2007-07-11 21:28:56.000000000 +0300 +@@ -48,6 +48,7 @@ + #define CFILE6 "/proc/net/tcp6" + #define MASQFILE "/proc/net/ip_masquerade" + #define CONNTRACK "/proc/net/ip_conntrack" ++#define NFCONNTRACK "/proc/net/nf_conntrack" + + static int netlink_sock; + extern struct sockaddr_storage proxy; +@@ -82,7 +83,15 @@ + debug("fopen: %s: %s", CONNTRACK, strerror(errno)); + return false; + } +- masq_fp = fopen("/dev/null", "r"); ++ ++ masq_fp = fopen(NFCONNTRACK, "r"); ++ if (masq_fp == NULL) { ++ if (errno != ENOENT) { ++ debug("fopen: %s: %s", NFCONNTRACK, strerror(errno)); ++ return false; ++ } ++ masq_fp = fopen("/dev/null", "r"); ++ } + } + + netfilter = true; +@@ -367,6 +376,15 @@ + &nport_temp, &mport_temp); + } + ++ if (ret != 21) { ++ ret = sscanf(buf, ++ "%*15s %*d %15s %*d %*d ESTABLISHED src=%d.%d.%d.%d dst=%d.%d.%d.%d sport=%d dport=%d packets=%*d bytes=%*d src=%d.%d.%d.%d dst=%d.%d.%d.%d sport=%d dport=%d", ++ proto, &l1, &l2, &l3, &l4, &r1, &r2, &r3, &r4, ++ &masq_lport_temp, &masq_fport_temp, ++ &nl1, &nl2, &nl3, &nl4, &nr1, &nr2, &nr3, &nr4, ++ &nport_temp, &mport_temp); ++ } ++ + if (ret != 21) + continue; + diff --git a/net-misc/oidentd/files/oidentd-2.0.8-no-conntrack-masquerading.patch b/net-misc/oidentd/files/oidentd-2.0.8-no-conntrack-masquerading.patch new file mode 100644 index 0000000..92ef025 --- /dev/null +++ b/net-misc/oidentd/files/oidentd-2.0.8-no-conntrack-masquerading.patch @@ -0,0 +1,41 @@ +From 20a63ad8a90c36397cceedd34887298890dbafa3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Fri, 11 Mar 2016 10:38:10 +0100 +Subject: [PATCH] Linux: Do not open conntracking table if masquerading is not + enabled +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The contracking table was always opened. This is unnecessary because +the table is used only when masquerading feature is requested on run +time. + +This patch skips opening the conntracking table on Linux if +masquerading is not requested. + +https://bugzilla.redhat.com/show_bug.cgi?id=1316308 +Signed-off-by: Petr Písař +--- + src/kernel/linux.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/kernel/linux.c b/src/kernel/linux.c +index 9103dbf..859f554 100644 +--- a/src/kernel/linux.c ++++ b/src/kernel/linux.c +@@ -70,6 +70,11 @@ bool netfilter; + */ + bool core_init(void) { + #ifdef MASQ_SUPPORT ++ if (!opt_enabled(MASQ)) { ++ masq_fp = NULL; ++ return true; ++ } ++ + masq_fp = fopen(MASQFILE, "r"); + if (masq_fp == NULL) { + if (errno != ENOENT) { +-- +2.5.0 + diff --git a/net-misc/oidentd/files/oidentd-2.2.2-confd b/net-misc/oidentd/files/oidentd-2.2.2-confd new file mode 100644 index 0000000..215b62d --- /dev/null +++ b/net-misc/oidentd/files/oidentd-2.2.2-confd @@ -0,0 +1,4 @@ +# oidentd start-up options +USER="oidentd" +GROUP="oidentd" +OPTIONS="" diff --git a/net-misc/oidentd/files/oidentd.conf b/net-misc/oidentd/files/oidentd.conf new file mode 100644 index 0000000..03b28d8 --- /dev/null +++ b/net-misc/oidentd/files/oidentd.conf @@ -0,0 +1,22 @@ +# Configuration for oidentd +# see oidentd.conf(5) +# +default { + default { + deny spoof + deny spoof_all + deny spoof_privport + allow random + allow random_numeric + allow numeric + deny hide + } +} + +# you may want to hide root connections +#user "root" { +# default { +# force reply "UNKNOWN" +# } +#} + diff --git a/net-misc/oidentd/files/oidentd.service b/net-misc/oidentd/files/oidentd.service new file mode 100644 index 0000000..bf159d8 --- /dev/null +++ b/net-misc/oidentd/files/oidentd.service @@ -0,0 +1,9 @@ +[Unit] +Description=TCP/IP IDENT protocol server + +[Service] +ExecStart=/usr/sbin/oidentd -i -S -u nobody -g nobody +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target diff --git a/net-misc/oidentd/files/oidentd.service-r1 b/net-misc/oidentd/files/oidentd.service-r1 new file mode 100644 index 0000000..af426ee --- /dev/null +++ b/net-misc/oidentd/files/oidentd.service-r1 @@ -0,0 +1,9 @@ +[Unit] +Description=TCP/IP IDENT protocol server + +[Service] +ExecStart=/usr/sbin/oidentd -i -S -u oidentd -g oidentd +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target diff --git a/net-misc/oidentd/files/oidentd.socket b/net-misc/oidentd/files/oidentd.socket new file mode 100644 index 0000000..63df703 --- /dev/null +++ b/net-misc/oidentd/files/oidentd.socket @@ -0,0 +1,10 @@ +[Unit] +Description=Ident (RFC 1413) socket +Conflicts=oidentd.service + +[Socket] +ListenStream=113 +Accept=yes + +[Install] +WantedBy=sockets.target diff --git a/net-misc/oidentd/files/oidentd_at.service b/net-misc/oidentd/files/oidentd_at.service new file mode 100644 index 0000000..ac03a94 --- /dev/null +++ b/net-misc/oidentd/files/oidentd_at.service @@ -0,0 +1,7 @@ +[Unit] +Description=Ident (RFC 1413) per-connection server + +[Service] +ExecStart=/usr/sbin/oidentd -I -S -u nobody -g nobody +ExecReload=/bin/kill -HUP $MAINPID +StandardInput=socket diff --git a/net-misc/oidentd/files/oidentd_at.service-r1 b/net-misc/oidentd/files/oidentd_at.service-r1 new file mode 100644 index 0000000..dac0e70 --- /dev/null +++ b/net-misc/oidentd/files/oidentd_at.service-r1 @@ -0,0 +1,7 @@ +[Unit] +Description=Ident (RFC 1413) per-connection server + +[Service] +ExecStart=/usr/sbin/oidentd -I -S -u oidentd -g oidentd +ExecReload=/bin/kill -HUP $MAINPID +StandardInput=socket diff --git a/net-misc/oidentd/files/oidentd_masq.conf b/net-misc/oidentd/files/oidentd_masq.conf new file mode 100644 index 0000000..6811288 --- /dev/null +++ b/net-misc/oidentd/files/oidentd_masq.conf @@ -0,0 +1,10 @@ +# oident masquarded connections configuration + +# use this file if your host is masquarading connections for several +# hosts and you want to return a reply based on the hostname of +# the originating machine +# add "-f" to OIDENT_OPTIONS in /etc/conf.d/oidentd if you want +# to forward ident requests to the real host + +# add hosts in the following format, see oidentd_masq.conf(5) for details: +# [/mask] diff --git a/net-misc/oidentd/metadata.xml b/net-misc/oidentd/metadata.xml new file mode 100644 index 0000000..3be9f1f --- /dev/null +++ b/net-misc/oidentd/metadata.xml @@ -0,0 +1,18 @@ + + + + + Dessa@gmake.de + Robert Förster + + + proxy-maint@gentoo.org + Proxy Maintainers + + + Enable support for masqueraded/NAT connections + + + ojnk + + diff --git a/net-misc/oidentd/oidentd-2.2.2.ebuild b/net-misc/oidentd/oidentd-2.2.2.ebuild new file mode 100644 index 0000000..8f100f5 --- /dev/null +++ b/net-misc/oidentd/oidentd-2.2.2.ebuild @@ -0,0 +1,55 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit linux-info systemd user + +DESCRIPTION="Another (RFC1413 compliant) ident daemon" +HOMEPAGE="http://oidentd.janikrabe.com/" +SRC_URI="https://ftp.janikrabe.com/pub/${PN}/releases/${PV}/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~s390 ~sh ~sparc ~x86 ~x86-fbsd" +IUSE="debug ipv6 masquerade selinux" + +DEPEND="masquerade? ( + net-libs/libnetfilter_conntrack + sys-libs/libcap-ng )" + +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-oident )" + +DOCS=( AUTHORS ChangeLog README NEWS ) + +pkg_setup() { + local CONFIG_CHECK="~INET_TCP_DIAG" + + if use kernel_linux; then + linux-info_pkg_setup + fi + + enewgroup oidentd + enewuser oidentd -1 -1 -1 oidentd + +} + +src_configure() { + econf \ + $(use_enable debug) \ + $(use_enable ipv6) \ + $(use_enable masquerade masq) \ + $(use_enable masquerade nat) +} + +src_install() { + default + + newinitd "${FILESDIR}"/${PN}-2.0.7-init ${PN} + newconfd "${FILESDIR}"/${PN}-2.0.7-confd ${PN} + + systemd_newunit "${FILESDIR}"/${PN}_at.service ${PN}@.service + systemd_dounit "${FILESDIR}"/${PN}.socket + systemd_dounit "${FILESDIR}"/${PN}.service +}