16 changed files with 399 additions and 0 deletions
@ -0,0 +1 @@ |
|||
DIST oidentd-2.0.8.tar.gz 212354 SHA256 a54cbed187281f8d5a301d1d8fd5cb0f30bfb13a5a8e9ab752ace76c1010fb6f SHA512 86229a4ef9892121c25a7140616e180f862ca34b73ea3ad9f0fbb008f657abb17e9f14c2c25ae14c14bfc14bf1ea10b50fd68318631a9c52227bbfd6e6d43288 WHIRLPOOL ac36130273ec6a4fc7f715a9518f99445c3f4af50b03e647846b152800940fd8f83222b78b7a12385a0c722a8d89b6bdbc557812d0b64e3253aa3231f95215cb |
@ -0,0 +1,4 @@ |
|||
# oidentd start-up options |
|||
USER="nobody" |
|||
GROUP="nobody" |
|||
OPTIONS="" |
@ -0,0 +1,40 @@ |
|||
#!/sbin/openrc-run |
|||
# Copyright 1999-2004 Gentoo Foundation |
|||
# Distributed under the terms of the GNU General Public License v2 |
|||
|
|||
depend() { |
|||
need net |
|||
} |
|||
|
|||
check_config() { |
|||
if [ -z "${USER}" ] |
|||
then |
|||
eerror "Please set \$USER in /etc/conf.d/oidentd!" |
|||
return 1 |
|||
fi |
|||
if [ -z "${GROUP}" ] |
|||
then |
|||
eerror "Please set \$GROUP in /etc/conf.d/oidentd!" |
|||
return 1 |
|||
fi |
|||
|
|||
if [ "$(sysctl -n security.bsd.see_other_uids 2>/dev/null)" = "0" ]; then |
|||
eerror "${SVCNAME} cannot work if the sysctl security.bsd.see_other_uids is 0" |
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
|
|||
start() { |
|||
check_config || return 1 |
|||
ebegin "Starting oidentd" |
|||
OPTIONS="${OPTIONS} -u ${USER} -g ${GROUP}" |
|||
start-stop-daemon --start --quiet --exec /usr/sbin/oidentd -- $OPTIONS |
|||
eend $? |
|||
} |
|||
|
|||
stop() { |
|||
ebegin "Stopping oidentd" |
|||
start-stop-daemon --stop --quiet --exec /usr/sbin/oidentd |
|||
eend $? |
|||
} |
@ -0,0 +1,17 @@ |
|||
Patch to bind to ipv6 socket as well |
|||
Patch supplied by Fabian Knittel <fabian.knittel@avona.com> |
|||
--- oidentd-2.0.8/src/oidentd_inet_util.c 2006-05-22 02:31:19.000000000 +0200
|
|||
+++ oidentd-2.0.8/src/oidentd_inet_util.c 2010-03-01 20:26:11.000000000 +0100
|
|||
@@ -60,6 +60,12 @@
|
|||
#ifdef WANT_IPV6 |
|||
case AF_INET6: |
|||
SIN6(ai->ai_addr)->sin6_port = listen_port; |
|||
+
|
|||
+ if (setsockopt(listenfd, IPPROTO_IPV6, IPV6_V6ONLY, &one,
|
|||
+ sizeof(one)) != 0) {
|
|||
+ debug("setsockopt IPV6_V6ONLY: %s", strerror(errno));
|
|||
+ return (-1);
|
|||
+ }
|
|||
break; |
|||
#endif |
|||
|
@ -0,0 +1,25 @@ |
|||
Description: Fix a failure to build with gcc5. |
|||
Bug: http://bugs.debian.org/778035 |
|||
|
|||
--- a/src/oidentd_util.c 2015-07-03 05:56:24.000000000 -0400
|
|||
+++ b/src/oidentd_util.c 2015-07-03 05:56:47.671378000 -0400
|
|||
@@ -75,7 +75,7 @@
|
|||
** PRNG functions on systems whose libraries provide them.) |
|||
*/ |
|||
|
|||
-inline int randval(int i) {
|
|||
+extern __attribute__ ((gnu_inline)) int randval(int i) {
|
|||
/* Per _Numerical Recipes in C_: */ |
|||
return ((double) i * rand() / (RAND_MAX+1.0)); |
|||
} |
|||
--- a/src/oidentd_util.h 2015-07-03 05:56:32.000000000 -0400
|
|||
+++ b/src/oidentd_util.h 2015-07-03 05:56:53.835378000 -0400
|
|||
@@ -58,7 +58,7 @@
|
|||
int find_group(const char *temp_group, gid_t *gid); |
|||
|
|||
int random_seed(void); |
|||
-inline int randval(int i);
|
|||
+extern __attribute__ ((gnu_inline)) int randval(int i);
|
|||
|
|||
#ifndef HAVE_SNPRINTF |
|||
int snprintf(char *str, size_t n, char const *fmt, ...); |
@ -0,0 +1,52 @@ |
|||
From 612f1d85dd59fc39b124392df38586769ebc8add Mon Sep 17 00:00:00 2001 |
|||
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> |
|||
Date: Fri, 11 Mar 2016 10:00:59 +0100 |
|||
Subject: [PATCH] Log Linux core_init failures as normal error |
|||
MIME-Version: 1.0 |
|||
Content-Type: text/plain; charset=UTF-8 |
|||
Content-Transfer-Encoding: 8bit |
|||
|
|||
Opening Linux conntracking table file failure for different reason than |
|||
missing the file is fatal for deamon initizalization. But the failure |
|||
was logged inly in debugging build. |
|||
|
|||
This patch makes the fatal error visible in normal log. |
|||
|
|||
https://bugzilla.redhat.com/show_bug.cgi?id=1316308 |
|||
Signed-off-by: Petr Písař <ppisar@redhat.com> |
|||
---
|
|||
src/kernel/linux.c | 6 +++--- |
|||
1 file changed, 3 insertions(+), 3 deletions(-) |
|||
|
|||
diff --git a/src/kernel/linux.c b/src/kernel/linux.c
|
|||
index 8bf265f..9103dbf 100644
|
|||
--- a/src/kernel/linux.c
|
|||
+++ b/src/kernel/linux.c
|
|||
@@ -73,21 +73,21 @@ bool core_init(void) {
|
|||
masq_fp = fopen(MASQFILE, "r"); |
|||
if (masq_fp == NULL) { |
|||
if (errno != ENOENT) { |
|||
- debug("fopen: %s: %s", MASQFILE, strerror(errno));
|
|||
+ o_log(NORMAL, "fopen: %s: %s", MASQFILE, strerror(errno));
|
|||
return false; |
|||
} |
|||
|
|||
masq_fp = fopen(CONNTRACK, "r"); |
|||
if (masq_fp == NULL) { |
|||
if (errno != ENOENT) { |
|||
- debug("fopen: %s: %s", CONNTRACK, strerror(errno));
|
|||
+ o_log(NORMAL, "fopen: %s: %s", CONNTRACK, strerror(errno));
|
|||
return false; |
|||
} |
|||
|
|||
masq_fp = fopen(NFCONNTRACK, "r"); |
|||
if (masq_fp == NULL) { |
|||
if (errno != ENOENT) { |
|||
- debug("fopen: %s: %s", NFCONNTRACK, strerror(errno));
|
|||
+ o_log(NORMAL, "fopen: %s: %s", NFCONNTRACK, strerror(errno));
|
|||
return false; |
|||
} |
|||
masq_fp = fopen("/dev/null", "r"); |
|||
--
|
|||
2.5.0 |
|||
|
@ -0,0 +1,43 @@ |
|||
--- oidentd-2.0.8/src/kernel/linux.c 2006-05-22 06:58:53.000000000 +0300
|
|||
+++ oidentd-2.0.8/src/kernel/linux.c 2007-07-11 21:28:56.000000000 +0300
|
|||
@@ -48,6 +48,7 @@
|
|||
#define CFILE6 "/proc/net/tcp6" |
|||
#define MASQFILE "/proc/net/ip_masquerade" |
|||
#define CONNTRACK "/proc/net/ip_conntrack" |
|||
+#define NFCONNTRACK "/proc/net/nf_conntrack"
|
|||
|
|||
static int netlink_sock; |
|||
extern struct sockaddr_storage proxy; |
|||
@@ -82,7 +83,15 @@
|
|||
debug("fopen: %s: %s", CONNTRACK, strerror(errno)); |
|||
return false; |
|||
} |
|||
- masq_fp = fopen("/dev/null", "r");
|
|||
+
|
|||
+ masq_fp = fopen(NFCONNTRACK, "r");
|
|||
+ if (masq_fp == NULL) {
|
|||
+ if (errno != ENOENT) {
|
|||
+ debug("fopen: %s: %s", NFCONNTRACK, strerror(errno));
|
|||
+ return false;
|
|||
+ }
|
|||
+ masq_fp = fopen("/dev/null", "r");
|
|||
+ }
|
|||
} |
|||
|
|||
netfilter = true; |
|||
@@ -367,6 +376,15 @@
|
|||
&nport_temp, &mport_temp); |
|||
} |
|||
|
|||
+ if (ret != 21) {
|
|||
+ ret = sscanf(buf,
|
|||
+ "%*15s %*d %15s %*d %*d ESTABLISHED src=%d.%d.%d.%d dst=%d.%d.%d.%d sport=%d dport=%d packets=%*d bytes=%*d src=%d.%d.%d.%d dst=%d.%d.%d.%d sport=%d dport=%d",
|
|||
+ proto, &l1, &l2, &l3, &l4, &r1, &r2, &r3, &r4,
|
|||
+ &masq_lport_temp, &masq_fport_temp,
|
|||
+ &nl1, &nl2, &nl3, &nl4, &nr1, &nr2, &nr3, &nr4,
|
|||
+ &nport_temp, &mport_temp);
|
|||
+ }
|
|||
+
|
|||
if (ret != 21) |
|||
continue; |
|||
|
@ -0,0 +1,41 @@ |
|||
From 20a63ad8a90c36397cceedd34887298890dbafa3 Mon Sep 17 00:00:00 2001 |
|||
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> |
|||
Date: Fri, 11 Mar 2016 10:38:10 +0100 |
|||
Subject: [PATCH] Linux: Do not open conntracking table if masquerading is not |
|||
enabled |
|||
MIME-Version: 1.0 |
|||
Content-Type: text/plain; charset=UTF-8 |
|||
Content-Transfer-Encoding: 8bit |
|||
|
|||
The contracking table was always opened. This is unnecessary because |
|||
the table is used only when masquerading feature is requested on run |
|||
time. |
|||
|
|||
This patch skips opening the conntracking table on Linux if |
|||
masquerading is not requested. |
|||
|
|||
https://bugzilla.redhat.com/show_bug.cgi?id=1316308 |
|||
Signed-off-by: Petr Písař <ppisar@redhat.com> |
|||
---
|
|||
src/kernel/linux.c | 5 +++++ |
|||
1 file changed, 5 insertions(+) |
|||
|
|||
diff --git a/src/kernel/linux.c b/src/kernel/linux.c
|
|||
index 9103dbf..859f554 100644
|
|||
--- a/src/kernel/linux.c
|
|||
+++ b/src/kernel/linux.c
|
|||
@@ -70,6 +70,11 @@ bool netfilter;
|
|||
*/ |
|||
bool core_init(void) { |
|||
#ifdef MASQ_SUPPORT |
|||
+ if (!opt_enabled(MASQ)) {
|
|||
+ masq_fp = NULL;
|
|||
+ return true;
|
|||
+ }
|
|||
+
|
|||
masq_fp = fopen(MASQFILE, "r"); |
|||
if (masq_fp == NULL) { |
|||
if (errno != ENOENT) { |
|||
--
|
|||
2.5.0 |
|||
|
@ -0,0 +1,22 @@ |
|||
# Configuration for oidentd |
|||
# see oidentd.conf(5) |
|||
# |
|||
default { |
|||
default { |
|||
deny spoof |
|||
deny spoof_all |
|||
deny spoof_privport |
|||
allow random |
|||
allow random_numeric |
|||
allow numeric |
|||
deny hide |
|||
} |
|||
} |
|||
|
|||
# you may want to hide root connections |
|||
#user "root" { |
|||
# default { |
|||
# force reply "UNKNOWN" |
|||
# } |
|||
#} |
|||
|
@ -0,0 +1,9 @@ |
|||
[Unit] |
|||
Description=TCP/IP IDENT protocol server |
|||
|
|||
[Service] |
|||
ExecStart=/usr/sbin/oidentd -i -S -u nobody -g nobody |
|||
ExecReload=/bin/kill -HUP $MAINPID |
|||
|
|||
[Install] |
|||
WantedBy=multi-user.target |
@ -0,0 +1,10 @@ |
|||
[Unit] |
|||
Description=Ident (RFC 1413) socket |
|||
Conflicts=oidentd.service |
|||
|
|||
[Socket] |
|||
ListenStream=113 |
|||
Accept=yes |
|||
|
|||
[Install] |
|||
WantedBy=sockets.target |
@ -0,0 +1,7 @@ |
|||
[Unit] |
|||
Description=Ident (RFC 1413) per-connection server |
|||
|
|||
[Service] |
|||
ExecStart=/usr/sbin/oidentd -I -S -u nobody -g nobody |
|||
ExecReload=/bin/kill -HUP $MAINPID |
|||
StandardInput=socket |
@ -0,0 +1,10 @@ |
|||
# oident masquarded connections configuration |
|||
|
|||
# use this file if your host is masquarading connections for several |
|||
# hosts and you want to return a reply based on the hostname of |
|||
# the originating machine |
|||
# add "-f" to OIDENT_OPTIONS in /etc/conf.d/oidentd if you want |
|||
# to forward ident requests to the real host |
|||
|
|||
# add hosts in the following format, see oidentd_masq.conf(5) for details: |
|||
# <ip or host>[/mask] <username> <os> |
@ -0,0 +1,10 @@ |
|||
<?xml version="1.0" encoding="UTF-8"?> |
|||
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
|||
<pkgmetadata> |
|||
<use> |
|||
<flag name="masquerade">Enable support for masqueraded/NAT connections</flag> |
|||
</use> |
|||
<upstream> |
|||
<remote-id type="sourceforge">ojnk</remote-id> |
|||
</upstream> |
|||
</pkgmetadata> |
@ -0,0 +1,53 @@ |
|||
# Copyright 1999-2017 Gentoo Foundation |
|||
# Distributed under the terms of the GNU General Public License v2 |
|||
|
|||
EAPI=5 |
|||
|
|||
inherit eutils systemd |
|||
|
|||
DESCRIPTION="Another (RFC1413 compliant) ident daemon" |
|||
HOMEPAGE="http://ojnk.sourceforge.net/" |
|||
SRC_URI="mirror://sourceforge/ojnk/${P}.tar.gz" |
|||
|
|||
LICENSE="GPL-2" |
|||
SLOT="0" |
|||
KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ~s390 ~sh sparc x86 ~x86-fbsd" |
|||
IUSE="debug ipv6 masquerade" |
|||
|
|||
PATCHES=( |
|||
"${FILESDIR}/${P}-masquerading.patch" |
|||
"${FILESDIR}/${P}-bind-to-ipv6-too.patch" |
|||
"${FILESDIR}/${P}-gcc5.patch" |
|||
) |
|||
|
|||
src_prepare() { |
|||
epatch -p1 "${PATCHES[@]}" |
|||
} |
|||
|
|||
src_configure() { |
|||
econf \ |
|||
$(use_enable debug) \ |
|||
$(use_enable ipv6) \ |
|||
$(use_enable masquerade masq) \ |
|||
$(use_enable masquerade nat) |
|||
} |
|||
|
|||
src_install() { |
|||
default |
|||
|
|||
dodoc AUTHORS ChangeLog README TODO NEWS \ |
|||
"${FILESDIR}"/${PN}_masq.conf "${FILESDIR}"/${PN}.conf |
|||
|
|||
newinitd "${FILESDIR}"/${PN}-2.0.7-init ${PN} |
|||
newconfd "${FILESDIR}"/${PN}-2.0.7-confd ${PN} |
|||
|
|||
systemd_newunit "${FILESDIR}"/${PN}_at.service ${PN}@.service |
|||
systemd_dounit "${FILESDIR}"/${PN}.socket |
|||
systemd_dounit "${FILESDIR}"/${PN}.service |
|||
} |
|||
|
|||
pkg_postinst() { |
|||
echo |
|||
elog "Example configuration files are in /usr/share/doc/${PF}" |
|||
echo |
|||
} |
@ -0,0 +1,55 @@ |
|||
# Copyright 1999-2017 Gentoo Foundation |
|||
# Distributed under the terms of the GNU General Public License v2 |
|||
|
|||
EAPI=6 |
|||
|
|||
inherit systemd |
|||
|
|||
DESCRIPTION="Another (RFC1413 compliant) ident daemon" |
|||
HOMEPAGE="http://ojnk.sourceforge.net/" |
|||
SRC_URI="mirror://sourceforge/ojnk/${P}.tar.gz" |
|||
|
|||
LICENSE="GPL-2" |
|||
SLOT="0" |
|||
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~s390 ~sh ~sparc ~x86 ~x86-fbsd" |
|||
IUSE="debug ipv6 masquerade selinux" |
|||
|
|||
DEPEND="" |
|||
|
|||
RDEPEND="${DEPEND} |
|||
selinux? ( sec-policy/selinux-oident )" |
|||
|
|||
DOCS=( AUTHORS ChangeLog README TODO NEWS "${FILESDIR}"/${PN}_masq.conf "${FILESDIR}"/${PN}.conf ) |
|||
|
|||
PATCHES=( |
|||
"${FILESDIR}/${P}-masquerading.patch" |
|||
"${FILESDIR}/${P}-bind-to-ipv6-too.patch" |
|||
"${FILESDIR}/${P}-gcc5.patch" |
|||
"${FILESDIR}/${P}-log-conntrack-fails.patch" |
|||
"${FILESDIR}/${P}-no-conntrack-masquerading.patch" |
|||
) |
|||
|
|||
src_configure() { |
|||
econf \ |
|||
$(use_enable debug) \ |
|||
$(use_enable ipv6) \ |
|||
$(use_enable masquerade masq) \ |
|||
$(use_enable masquerade nat) |
|||
} |
|||
|
|||
src_install() { |
|||
default |
|||
|
|||
newinitd "${FILESDIR}"/${PN}-2.0.7-init ${PN} |
|||
newconfd "${FILESDIR}"/${PN}-2.0.7-confd ${PN} |
|||
|
|||
systemd_newunit "${FILESDIR}"/${PN}_at.service ${PN}@.service |
|||
systemd_dounit "${FILESDIR}"/${PN}.socket |
|||
systemd_dounit "${FILESDIR}"/${PN}.service |
|||
} |
|||
|
|||
pkg_postinst() { |
|||
echo |
|||
elog "Example configuration files are in /usr/share/doc/${PF}" |
|||
echo |
|||
} |
Loading…
Reference in new issue