[net-misc/oidentd] version bump

This commit is contained in:
Robert Förster 2018-03-07 21:05:02 +01:00
parent b3bce0c2be
commit 0ea4af747c
17 changed files with 370 additions and 0 deletions

View File

@ -0,0 +1 @@
DIST oidentd-2.2.1.tar.gz 253531 BLAKE2B e851d1898b82e10b882cf35e3b6a3fa3d660ce2a2628030909037df667c521b4e53c2569448619747cd2663b5bcb453d3d2b135caaee60f1ee00c476ac63ddf7 SHA512 adc49dc9ba0f6691856823cb41120aa7bb25c698c829ef4c226bcd9b8737a7f917fb2780b1447bd3de107b3825ba3f89f6017f877885815ee3e53f49707af20f

View File

@ -0,0 +1,40 @@
#!/sbin/openrc-run
# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
depend() {
need net
}
check_config() {
if [ -z "${USER}" ]
then
eerror "Please set \$USER in /etc/conf.d/oidentd!"
return 1
fi
if [ -z "${GROUP}" ]
then
eerror "Please set \$GROUP in /etc/conf.d/oidentd!"
return 1
fi
if [ "$(sysctl -n security.bsd.see_other_uids 2>/dev/null)" = "0" ]; then
eerror "${SVCNAME} cannot work if the sysctl security.bsd.see_other_uids is 0"
return 1
fi
}
start() {
check_config || return 1
ebegin "Starting oidentd"
OPTIONS="${OPTIONS} -u ${USER} -g ${GROUP}"
start-stop-daemon --start --quiet --exec /usr/sbin/oidentd -- $OPTIONS
eend $?
}
stop() {
ebegin "Stopping oidentd"
start-stop-daemon --stop --quiet --exec /usr/sbin/oidentd
eend $?
}

View File

@ -0,0 +1,17 @@
Patch to bind to ipv6 socket as well
Patch supplied by Fabian Knittel <fabian.knittel@avona.com>
--- oidentd-2.0.8/src/oidentd_inet_util.c 2006-05-22 02:31:19.000000000 +0200
+++ oidentd-2.0.8.new/src/oidentd_inet_util.c 2010-03-01 20:26:11.000000000 +0100
@@ -60,6 +60,12 @@
#ifdef WANT_IPV6
case AF_INET6:
SIN6(ai->ai_addr)->sin6_port = listen_port;
+
+ if (setsockopt(listenfd, IPPROTO_IPV6, IPV6_V6ONLY, &one,
+ sizeof(one)) != 0) {
+ debug("setsockopt IPV6_V6ONLY: %s", strerror(errno));
+ return (-1);
+ }
break;
#endif

View File

@ -0,0 +1,25 @@
Description: Fix a failure to build with gcc5.
Bug: http://bugs.debian.org/778035
--- a/src/oidentd_util.c 2015-07-03 05:56:24.000000000 -0400
+++ b/src/oidentd_util.c 2015-07-03 05:56:47.671378000 -0400
@@ -75,7 +75,7 @@
** PRNG functions on systems whose libraries provide them.)
*/
-inline int randval(int i) {
+extern __attribute__ ((gnu_inline)) int randval(int i) {
/* Per _Numerical Recipes in C_: */
return ((double) i * rand() / (RAND_MAX+1.0));
}
--- a/src/oidentd_util.h 2015-07-03 05:56:32.000000000 -0400
+++ b/src/oidentd_util.h 2015-07-03 05:56:53.835378000 -0400
@@ -58,7 +58,7 @@
int find_group(const char *temp_group, gid_t *gid);
int random_seed(void);
-inline int randval(int i);
+extern __attribute__ ((gnu_inline)) int randval(int i);
#ifndef HAVE_SNPRINTF
int snprintf(char *str, size_t n, char const *fmt, ...);

View File

@ -0,0 +1,52 @@
From 612f1d85dd59fc39b124392df38586769ebc8add Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Fri, 11 Mar 2016 10:00:59 +0100
Subject: [PATCH] Log Linux core_init failures as normal error
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Opening Linux conntracking table file failure for different reason than
missing the file is fatal for deamon initizalization. But the failure
was logged inly in debugging build.
This patch makes the fatal error visible in normal log.
https://bugzilla.redhat.com/show_bug.cgi?id=1316308
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
src/kernel/linux.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/kernel/linux.c b/src/kernel/linux.c
index 8bf265f..9103dbf 100644
--- a/src/kernel/linux.c
+++ b/src/kernel/linux.c
@@ -73,21 +73,21 @@ bool core_init(void) {
masq_fp = fopen(MASQFILE, "r");
if (masq_fp == NULL) {
if (errno != ENOENT) {
- debug("fopen: %s: %s", MASQFILE, strerror(errno));
+ o_log(NORMAL, "fopen: %s: %s", MASQFILE, strerror(errno));
return false;
}
masq_fp = fopen(CONNTRACK, "r");
if (masq_fp == NULL) {
if (errno != ENOENT) {
- debug("fopen: %s: %s", CONNTRACK, strerror(errno));
+ o_log(NORMAL, "fopen: %s: %s", CONNTRACK, strerror(errno));
return false;
}
masq_fp = fopen(NFCONNTRACK, "r");
if (masq_fp == NULL) {
if (errno != ENOENT) {
- debug("fopen: %s: %s", NFCONNTRACK, strerror(errno));
+ o_log(NORMAL, "fopen: %s: %s", NFCONNTRACK, strerror(errno));
return false;
}
masq_fp = fopen("/dev/null", "r");
--
2.5.0

View File

@ -0,0 +1,43 @@
--- oidentd.orig/src/kernel/linux.c 2006-05-22 06:58:53.000000000 +0300
+++ oidentd-2.0.8/src/kernel/linux.c 2007-07-11 21:28:56.000000000 +0300
@@ -48,6 +48,7 @@
#define CFILE6 "/proc/net/tcp6"
#define MASQFILE "/proc/net/ip_masquerade"
#define CONNTRACK "/proc/net/ip_conntrack"
+#define NFCONNTRACK "/proc/net/nf_conntrack"
static int netlink_sock;
extern struct sockaddr_storage proxy;
@@ -82,7 +83,15 @@
debug("fopen: %s: %s", CONNTRACK, strerror(errno));
return false;
}
- masq_fp = fopen("/dev/null", "r");
+
+ masq_fp = fopen(NFCONNTRACK, "r");
+ if (masq_fp == NULL) {
+ if (errno != ENOENT) {
+ debug("fopen: %s: %s", NFCONNTRACK, strerror(errno));
+ return false;
+ }
+ masq_fp = fopen("/dev/null", "r");
+ }
}
netfilter = true;
@@ -367,6 +376,15 @@
&nport_temp, &mport_temp);
}
+ if (ret != 21) {
+ ret = sscanf(buf,
+ "%*15s %*d %15s %*d %*d ESTABLISHED src=%d.%d.%d.%d dst=%d.%d.%d.%d sport=%d dport=%d packets=%*d bytes=%*d src=%d.%d.%d.%d dst=%d.%d.%d.%d sport=%d dport=%d",
+ proto, &l1, &l2, &l3, &l4, &r1, &r2, &r3, &r4,
+ &masq_lport_temp, &masq_fport_temp,
+ &nl1, &nl2, &nl3, &nl4, &nr1, &nr2, &nr3, &nr4,
+ &nport_temp, &mport_temp);
+ }
+
if (ret != 21)
continue;

View File

@ -0,0 +1,41 @@
From 20a63ad8a90c36397cceedd34887298890dbafa3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Fri, 11 Mar 2016 10:38:10 +0100
Subject: [PATCH] Linux: Do not open conntracking table if masquerading is not
enabled
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The contracking table was always opened. This is unnecessary because
the table is used only when masquerading feature is requested on run
time.
This patch skips opening the conntracking table on Linux if
masquerading is not requested.
https://bugzilla.redhat.com/show_bug.cgi?id=1316308
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
src/kernel/linux.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/kernel/linux.c b/src/kernel/linux.c
index 9103dbf..859f554 100644
--- a/src/kernel/linux.c
+++ b/src/kernel/linux.c
@@ -70,6 +70,11 @@ bool netfilter;
*/
bool core_init(void) {
#ifdef MASQ_SUPPORT
+ if (!opt_enabled(MASQ)) {
+ masq_fp = NULL;
+ return true;
+ }
+
masq_fp = fopen(MASQFILE, "r");
if (masq_fp == NULL) {
if (errno != ENOENT) {
--
2.5.0

View File

@ -0,0 +1,4 @@
# oidentd start-up options
USER="oidentd"
GROUP="oidentd"
OPTIONS=""

View File

@ -0,0 +1,22 @@
# Configuration for oidentd
# see oidentd.conf(5)
#
default {
default {
deny spoof
deny spoof_all
deny spoof_privport
allow random
allow random_numeric
allow numeric
deny hide
}
}
# you may want to hide root connections
#user "root" {
# default {
# force reply "UNKNOWN"
# }
#}

View File

@ -0,0 +1,9 @@
[Unit]
Description=TCP/IP IDENT protocol server
[Service]
ExecStart=/usr/sbin/oidentd -i -S -u nobody -g nobody
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,9 @@
[Unit]
Description=TCP/IP IDENT protocol server
[Service]
ExecStart=/usr/sbin/oidentd -i -S -u oidentd -g oidentd
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,10 @@
[Unit]
Description=Ident (RFC 1413) socket
Conflicts=oidentd.service
[Socket]
ListenStream=113
Accept=yes
[Install]
WantedBy=sockets.target

View File

@ -0,0 +1,7 @@
[Unit]
Description=Ident (RFC 1413) per-connection server
[Service]
ExecStart=/usr/sbin/oidentd -I -S -u nobody -g nobody
ExecReload=/bin/kill -HUP $MAINPID
StandardInput=socket

View File

@ -0,0 +1,7 @@
[Unit]
Description=Ident (RFC 1413) per-connection server
[Service]
ExecStart=/usr/sbin/oidentd -I -S -u oidentd -g oidentd
ExecReload=/bin/kill -HUP $MAINPID
StandardInput=socket

View File

@ -0,0 +1,10 @@
# oident masquarded connections configuration
# use this file if your host is masquarading connections for several
# hosts and you want to return a reply based on the hostname of
# the originating machine
# add "-f" to OIDENT_OPTIONS in /etc/conf.d/oidentd if you want
# to forward ident requests to the real host
# add hosts in the following format, see oidentd_masq.conf(5) for details:
# <ip or host>[/mask] <username> <os>

View File

@ -0,0 +1,18 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>Dessa@gmake.de</email>
<name>Robert Förster</name>
</maintainer>
<maintainer type="project">
<email>proxy-maint@gentoo.org</email>
<name>Proxy Maintainers</name>
</maintainer>
<use>
<flag name="masquerade">Enable support for masqueraded/NAT connections</flag>
</use>
<upstream>
<remote-id type="sourceforge">ojnk</remote-id>
</upstream>
</pkgmetadata>

View File

@ -0,0 +1,55 @@
# Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
EAPI=6
inherit linux-info systemd user
DESCRIPTION="Another (RFC1413 compliant) ident daemon"
HOMEPAGE="http://oidentd.janikrabe.com/"
SRC_URI="https://ftp.janikrabe.com/pub/${PN}/releases/${PV}/${P}.tar.gz"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
IUSE="debug ipv6 masquerade selinux"
DEPEND="masquerade? (
net-libs/libnetfilter_conntrack
sys-libs/libcap-ng )"
RDEPEND="${DEPEND}
selinux? ( sec-policy/selinux-oident )"
DOCS=( AUTHORS ChangeLog README NEWS )
pkg_setup() {
local CONFIG_CHECK="~INET_TCP_DIAG"
if use kernel_linux; then
linux-info_pkg_setup
fi
enewgroup oidentd
enewuser oidentd -1 -1 -1 oidentd
}
src_configure() {
econf \
$(use_enable debug) \
$(use_enable ipv6) \
$(use_enable masquerade masq) \
$(use_enable masquerade nat)
}
src_install() {
default
newinitd "${FILESDIR}"/${PN}-2.0.7-init ${PN}
newconfd "${FILESDIR}"/${PN}-2.0.7-confd ${PN}
systemd_newunit "${FILESDIR}"/${PN}_at.service ${PN}@.service
systemd_dounit "${FILESDIR}"/${PN}.socket
systemd_dounit "${FILESDIR}"/${PN}.service
}