mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-23 04:23:08 +00:00
- update to 3.0.16
- use PLIST_FILES - add missing manpage idecrypt.8
This commit is contained in:
parent
a0f23fccb4
commit
ceffc4e4f7
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=103081
@ -6,7 +6,7 @@
|
||||
#
|
||||
|
||||
PORTNAME= pidentd
|
||||
PORTVERSION= 2.8.5
|
||||
PORTVERSION= 3.0.16
|
||||
CATEGORIES= security ipv6
|
||||
MASTER_SITES= ftp://ftp.lysator.liu.se/pub/ident/servers/ \
|
||||
ftp://ftp.fu-berlin.de/unix/security/ident/servers/
|
||||
@ -15,38 +15,33 @@ PATCH_SITES= http://www.imasy.or.jp/~ume/ipv6/ \
|
||||
http://home.jp.FreeBSD.org/~ume/ipv6/ \
|
||||
${MASTER_SITE_LOCAL}
|
||||
PATCH_SITE_SUBDIR= dinoex
|
||||
PATCHFILES= pidentd-2.8.5-ipv6-1.5.diff.gz
|
||||
PATCH_DIST_STRIP= -p2
|
||||
PATCHFILES= pidentd-${PORTVERSION}-ipv6-20040227.diff.gz
|
||||
PATCH_DIST_STRIP= -p0
|
||||
|
||||
MAINTAINER= dinoex@FreeBSD.org
|
||||
COMMENT= An RFC1413 identification server
|
||||
|
||||
ALL_TARGET= freebsd
|
||||
MAKE_ENV= REALPREFIX=${PREFIX}
|
||||
USE_REINPLACE= yes
|
||||
GNU_CONFIGURE= yes
|
||||
MAN8= identd.8 idecrypt.8
|
||||
PLIST_FILES= sbin/ibench sbin/identd sbin/idecrypt sbin/ikeygen
|
||||
|
||||
.if defined(WITH_DES)
|
||||
USE_OPENSSL= yes
|
||||
CFLAGS+= -DINCLUDE_CRYPT -DOPENSSL_DES_LIBDES_COMPATIBILITY
|
||||
LDFLAGS+= -L${OPENSSLLIB} -lcrypto
|
||||
.endif
|
||||
|
||||
.include <bsd.port.pre.mk>
|
||||
post-extract:
|
||||
${CP} ${FILESDIR}/idecrypt.8 ${WRKSRC}/doc/idecrypt.8
|
||||
|
||||
.if ${OSVERSION} >= 400014
|
||||
ADD_GDEFS+= -DINET6 -D__ss_family=ss_family -D__ss_len=ss_len
|
||||
.endif
|
||||
post-patch:
|
||||
@${REINPLACE_CMD} \
|
||||
-e "s| /etc/identd.conf| ${PREFIX}/etc/identd.conf|" \
|
||||
-e "s| /etc/identd.key| ${PREFIX}/etc/identd.key|" \
|
||||
${WRKSRC}/doc/identd.8 ${WRKSRC}/doc/idecrypt.8
|
||||
|
||||
# Uncomment to activate the use of verifiable "cookies". The idea is to be
|
||||
# able to detect fake "logs" intended to get your innocent users in trouble.
|
||||
# Naturally, since it uses libcrypto, you must have OpenSSL installed.
|
||||
#WITH_DES= yes
|
||||
post-install:
|
||||
${INSTALL_MAN} -m 644 ${WRKSRC}/doc/idecrypt.8 ${MANPREFIX}/man/man8/
|
||||
|
||||
.if defined(WITH_DES)
|
||||
ADD_GDEFS+= -DINCLUDE_CRYPT -DOPENSSL_DES_LIBDES_COMPATIBILITY \
|
||||
-I${OPENSSLINC} -I${OPENSSLINC}/openssl
|
||||
ADD_GLIBS= -L${OPENSSLLIB} -lcrypto
|
||||
.endif
|
||||
.if defined(WITH_DES) || ${OSVERSION} >= 400014
|
||||
MAKE_ENV+= ADD_GDEFS="${ADD_GDEFS}" ADD_GLIBS="${ADD_GLIBS}"
|
||||
.endif
|
||||
|
||||
.include <bsd.port.post.mk>
|
||||
.include <bsd.port.mk>
|
||||
|
@ -1,4 +1,4 @@
|
||||
MD5 (pidentd-2.8.5.tar.gz) = 15d3d8b7ad9433b91634618b1f7b6417
|
||||
SIZE (pidentd-2.8.5.tar.gz) = 121835
|
||||
MD5 (pidentd-2.8.5-ipv6-1.5.diff.gz) = a8bf86a6f00611c0e3f7e1e153c73d7d
|
||||
SIZE (pidentd-2.8.5-ipv6-1.5.diff.gz) = 9635
|
||||
MD5 (pidentd-3.0.16.tar.gz) = 207ea2b786f3ea732f30ec4d531b9827
|
||||
SIZE (pidentd-3.0.16.tar.gz) = 118728
|
||||
MD5 (pidentd-3.0.16-ipv6-20040227.diff.gz) = b1e9830fd2fb1b26d1063c714c4a6d81
|
||||
SIZE (pidentd-3.0.16-ipv6-20040227.diff.gz) = 14406
|
||||
|
94
security/pidentd/files/idecrypt.8
Normal file
94
security/pidentd/files/idecrypt.8
Normal file
@ -0,0 +1,94 @@
|
||||
.TH IDECRYPT 8 "19 May 1996"
|
||||
.SH NAME
|
||||
idecrypt \- Decrypt tokens obtained from identd
|
||||
.SH SYNOPSIS
|
||||
.B idecrypt
|
||||
.SH DESCRIPTION
|
||||
.B idecrypt
|
||||
is a utility for decrypting the encrypted tokens that
|
||||
.BR identd (8)
|
||||
provided instead of usernames when it is
|
||||
run in encrypted-token mode (that is, with the
|
||||
.B \-C
|
||||
flag).
|
||||
.PP
|
||||
.B idecrypt
|
||||
reads up to 1024 lines from the
|
||||
.B /etc/identd.key
|
||||
file, converting each line to a DES key using
|
||||
.BR des_string_to_key (3).
|
||||
It then reads standard input, searching for encrypted tokens
|
||||
in the format produced by
|
||||
.BR identd (8),
|
||||
decrypts the tokens if possible, and copies all unrecognised text from
|
||||
standard input to standard output without modification.
|
||||
.PP
|
||||
If more than one key appears in the key file, then
|
||||
.BR identd (8)
|
||||
will use the first key for encryption, and
|
||||
.B idecrypt
|
||||
will attempt to use all the keys for decryption.
|
||||
This allows new keys to be used by
|
||||
.BR identd (8)
|
||||
without losing the ability for
|
||||
.B idecrypt
|
||||
to decrypt old tokens (until there are more than 1024 keys in the key file).
|
||||
.PP
|
||||
Each encrypted token consists of 32 base64 characters, enclosed in
|
||||
square brackets. To make it easier to process logs generated by
|
||||
versions of
|
||||
.B tcpd (8)
|
||||
that convert the square brackets to underlines,
|
||||
.B idecrypt
|
||||
permits underline characters instead of square brackets
|
||||
in its input.
|
||||
.PP
|
||||
.BR idecrypt 's
|
||||
output from decrypting each token is a human readable string
|
||||
containing the timestamp (displayed as a local time in
|
||||
.BR ctime (3)
|
||||
format), the numeric uid, the local IP address, the local port number,
|
||||
the remote IP address and the remote port number.
|
||||
.SH EXAMPLE
|
||||
Suppose that the local host has IP address 10.2.3.4, the local
|
||||
.B /etc/identd.key
|
||||
file contains
|
||||
.PP
|
||||
foobar
|
||||
.PP
|
||||
and the local host is running the
|
||||
.BR identd (8)
|
||||
server in encrypted-token mode.
|
||||
.PP
|
||||
Now, if a local user
|
||||
with uid 501 telnets to a remote host with IP address 10.9.8.7,
|
||||
the remote host may choose to make an ident query back to the
|
||||
local host, in order to obtain some information to be logged for
|
||||
possible use later. The local
|
||||
.BR identd (8)
|
||||
might send the following encrypted token to the remote host
|
||||
instead of sending a username:
|
||||
.PP
|
||||
[aALdNYxh2496K4DDTel2Nk0Jzj5mRbok]
|
||||
.PP
|
||||
If the administrator of the remote host later provides the administrator
|
||||
of the local host with a copy of the encrypted token, and if
|
||||
the secret key has not been removed from the local
|
||||
.B /etc/identd.key
|
||||
file, then the administrator of the local host can run
|
||||
.B idecrypt
|
||||
and can provide the encrypted token in standard input.
|
||||
.PP
|
||||
.B idecrypt
|
||||
will then print the following decrypted information:
|
||||
.PP
|
||||
Sun May 19 00:25:23 1996 501 10.2.3.4 2304 10.9.8.7 23
|
||||
.PP
|
||||
This represents the time the encrypted token was created,
|
||||
the local user id, the local IP address and port number, and the
|
||||
remote IP address and port number.
|
||||
.SH SEE ALSO
|
||||
.BR identd (8)
|
||||
.BR tcpd (8)
|
||||
.SH BUGS
|
||||
The handling of fatal errors could be better.
|
@ -1,67 +0,0 @@
|
||||
--- Makefile.orig Tue Jul 29 05:01:22 1997
|
||||
+++ Makefile Mon May 4 11:59:30 1998
|
||||
@@ -16,9 +16,9 @@
|
||||
MAKE=make
|
||||
|
||||
# set this to 'in.' if you like Sun's prefix on internet daemons
|
||||
-PREFIX=in.
|
||||
+PREFIX=
|
||||
|
||||
-DESTROOT=/usr/local
|
||||
+DESTROOT=${REALPREFIX}
|
||||
|
||||
# set this to '/share' if your man pages are in /usr/share
|
||||
#SHARE=/share
|
||||
@@ -33,7 +33,7 @@
|
||||
MANSECT=8
|
||||
MANDIR=$(MANROOT)/man$(MANSECT)
|
||||
|
||||
-INSTALL=aux/install-sh -c
|
||||
+INSTALL=/usr/bin/install -c
|
||||
|
||||
|
||||
# NEXTSTEP 3.x Multi-Architecture-Binary (FAT) compiles
|
||||
@@ -57,14 +57,14 @@
|
||||
# GDEFS=-DINCLUDE_EXTENSIONS -DINCLUDE_PROXY -DINCLUDE_CRYPT \
|
||||
# -DSTRONG_LOG -DALLOW_FORMAT \
|
||||
#
|
||||
-GDEFS=-DINCLUDE_EXTENSIONS -DSTRONG_LOG -DALLOW_FORMAT \
|
||||
- -DDPATH_CONFIG='\"$(CONFDIR)/identd.conf\"' \
|
||||
+GDEFS=-DINCLUDE_EXTENSIONS -DSTRONG_LOG -DALLOW_FORMAT $(ADD_GDEFS) \
|
||||
+ -DPATH_CONFIG='\"$(CONFDIR)/identd.conf\"' \
|
||||
-DPATH_DESKEY='\"$(CONFDIR)/identd.key\"'
|
||||
|
||||
# GLIBS=-lident -ldes
|
||||
-GLIBS=
|
||||
+GLIBS= $(ADD_GLIBS)
|
||||
|
||||
-CFLAGS=-O
|
||||
+#CFLAGS=-O
|
||||
#LDFLAGS=-L$(DESTROOT)/lib
|
||||
|
||||
all:
|
||||
@@ -573,18 +573,18 @@
|
||||
mv $@-t $@
|
||||
chmod 755 $@
|
||||
|
||||
-install: $(PREFIX)identd identd.$(MANSECT) identconn itest idecrypt
|
||||
+install: $(PREFIX)identd identd.$(MANSECT) idecrypt # identconn itest
|
||||
$(INSTALL) -m 644 identd.$(MANSECT) $(MANDIR)
|
||||
if [ -n "$(PREFIX)" ] ; then \
|
||||
rm -f $(MANDIR)/$(PREFIX)identd.$(MANSECT) ; \
|
||||
echo ".so `basename $(MANDIR)`/identd.$(MANSECT)" > $(MANDIR)/$(PREFIX)identd.$(MANSECT) ; \
|
||||
fi
|
||||
- $(INSTALL) -m 755 $(PREFIX)identd $(DESTDIR)
|
||||
- $(INSTALL) -m 755 identconn $(DESTROOT)/bin
|
||||
+ $(INSTALL) -s -m 755 $(PREFIX)identd $(DESTDIR)
|
||||
+# $(INSTALL) -m 755 identconn $(DESTROOT)/bin
|
||||
$(INSTALL) -m 644 idecrypt.man $(MANDIR)/idecrypt.$(MANSECT)
|
||||
- $(INSTALL) -m 755 idecrypt $(DESTDIR)/idecrypt
|
||||
- @echo "The following command will fail it you are not Root."
|
||||
- -$(INSTALL) -o root -g kmem -m 2555 itest $(DESTROOT)/bin
|
||||
+ $(INSTALL) -s -m 755 idecrypt $(DESTDIR)/idecrypt
|
||||
+# @echo "The following command will fail it you are not Root."
|
||||
+# -$(INSTALL) -o root -g kmem -m 2555 itest $(DESTROOT)/bin
|
||||
|
||||
|
||||
tests:
|
@ -1,79 +0,0 @@
|
||||
--- identd.man.orig Mon Jul 28 23:01:22 1997
|
||||
+++ identd.man Tue Sep 29 18:40:47 1998
|
||||
@@ -4,9 +4,9 @@
|
||||
.\"
|
||||
.TH IDENTD 8 "27 May 1992"
|
||||
.SH NAME
|
||||
-identd, in.identd \- TCP/IP IDENT protocol server
|
||||
+identd \- TCP/IP IDENT protocol server
|
||||
.SH SYNOPSIS
|
||||
-.B xDESTDIRx/[in.]identd
|
||||
+.B !!PREFIX!!/sbin/identd
|
||||
.RB [ \-i | \-w | \-b ]
|
||||
.RB [ \-t<seconds> ]
|
||||
.RB [ \-u<uid> ]
|
||||
@@ -205,7 +205,7 @@
|
||||
If the
|
||||
.I keyfile
|
||||
is not specified, it defaults to
|
||||
-.BR /etc/identd.key .
|
||||
+.BR !!PREFIX!!/etc/identd.key .
|
||||
.PP
|
||||
The
|
||||
.B \-n
|
||||
@@ -322,14 +322,14 @@
|
||||
mode of operation.
|
||||
.SH EXAMPLES
|
||||
Assuming the server is located in
|
||||
-.B /usr/etc/in.identd
|
||||
+.B !!PREFIX!!/sbin/identd
|
||||
one can put either:
|
||||
.PP
|
||||
-ident stream tcp wait sys /usr/etc/in.identd in.identd -w -t120
|
||||
+ident stream tcp wait sys !!PREFIX!!/sbin/identd identd -w -t120
|
||||
.PP
|
||||
or:
|
||||
.PP
|
||||
-ident stream tcp nowait sys /usr/etc/in.identd in.identd -i
|
||||
+ident stream tcp nowait sys !!PREFIX!!/sbin/identd identd -i
|
||||
.PP
|
||||
into the
|
||||
.B /etc/inetd.conf
|
||||
@@ -342,7 +342,7 @@
|
||||
.B /etc/rc.local
|
||||
file:
|
||||
.PP
|
||||
-/usr/etc/in.identd -b -u2 -g2
|
||||
+!!PREFIX!!/sbin/identd -b -u2 -g2
|
||||
.PP
|
||||
This will make it run in the background as user 2, group 2 (user "sys",
|
||||
group "kmem" on SunOS 4.1.1).
|
||||
--- idecrypt.man.orig Tue Sep 29 19:00:01 1998
|
||||
+++ idecrypt.man Tue Sep 29 19:01:05 1998
|
||||
@@ -14,7 +14,7 @@
|
||||
.PP
|
||||
.B idecrypt
|
||||
reads up to 1024 lines from the
|
||||
-.B /etc/identd.key
|
||||
+.B !!PREFIX!!/etc/identd.key
|
||||
file, converting each line to a DES key using
|
||||
.BR des_string_to_key (3).
|
||||
It then reads standard input, searching for encrypted tokens
|
||||
@@ -51,7 +51,7 @@
|
||||
the remote IP address and the remote port number.
|
||||
.SH EXAMPLE
|
||||
Suppose that the local host has IP address 10.2.3.4, the local
|
||||
-.B /etc/identd.key
|
||||
+.B !!PREFIX!!/etc/identd.key
|
||||
file contains
|
||||
.PP
|
||||
foobar
|
||||
@@ -74,7 +74,7 @@
|
||||
If the administrator of the remote host later provides the administrator
|
||||
of the local host with a copy of the encrypted token, and if
|
||||
the secret key has not been removed from the local
|
||||
-.B /etc/identd.key
|
||||
+.B !!PREFIX!!/etc/identd.key
|
||||
file, then the administrator of the local host can run
|
||||
.B idecrypt
|
||||
and can provide the encrypted token in standard input.
|
@ -1,19 +0,0 @@
|
||||
*** src/Makefile.orig Mon Sep 1 15:47:04 1997
|
||||
--- src/Makefile Mon Sep 1 15:47:11 1997
|
||||
***************
|
||||
*** 18,24 ****
|
||||
mv $(PREFIX)identd ..
|
||||
|
||||
idecrypt: idecrypt.o crypto.o
|
||||
! $(CC) $(LDFLAGS) -o idecrypt idecrypt.o crypto.o
|
||||
mv idecrypt ..
|
||||
|
||||
identd.o: identd.c identd.h error.h crypto.h Makefile
|
||||
--- 18,24 ----
|
||||
mv $(PREFIX)identd ..
|
||||
|
||||
idecrypt: idecrypt.o crypto.o
|
||||
! $(CC) $(LDFLAGS) -o idecrypt idecrypt.o crypto.o $(LIBS)
|
||||
mv idecrypt ..
|
||||
|
||||
identd.o: identd.c identd.h error.h crypto.h Makefile
|
@ -1,16 +0,0 @@
|
||||
--- src/freebsd.c.orig Wed Jul 14 15:23:56 1999
|
||||
+++ src/freebsd.c Wed Jul 14 15:24:51 1999
|
||||
@@ -1,3 +1,8 @@
|
||||
+#include <osreldate.h>
|
||||
+#if __FreeBSD_version >= 400007 || (__FreeBSD_version < 400000 && \
|
||||
+ __FreeBSD_version >= 320002)
|
||||
+#include "freebsd-sysctl.c"
|
||||
+#else
|
||||
/*
|
||||
** freebsd.c Low level kernel access functions for FreeBSD 2.x
|
||||
**
|
||||
@@ -306,3 +310,4 @@
|
||||
|
||||
return -1;
|
||||
}
|
||||
+#endif
|
@ -1,104 +0,0 @@
|
||||
|
||||
$FreeBSD$
|
||||
|
||||
--- src/freebsd-sysctl.c.orig Thu Aug 29 21:20:05 2002
|
||||
+++ src/freebsd-sysctl.c Thu Aug 29 21:24:03 2002
|
||||
@@ -0,0 +1,98 @@
|
||||
+#include <sys/param.h>
|
||||
+#include <sys/types.h>
|
||||
+#include <sys/socket.h>
|
||||
+#include <sys/sysctl.h>
|
||||
+#include <sys/ucred.h>
|
||||
+
|
||||
+#include <netinet/in.h>
|
||||
+
|
||||
+int
|
||||
+k_open(void) {
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+#ifdef INET6
|
||||
+int k_getuid(struct sockaddr *faddr, int fport, struct sockaddr *laddr,
|
||||
+ int lport, int *uid) {
|
||||
+ struct sockaddr_in sin[2];
|
||||
+ struct sockaddr_in6 sin6[2];
|
||||
+ struct xucred uc;
|
||||
+ size_t oldlen = sizeof(uc);
|
||||
+ struct sockaddr *sa;
|
||||
+ int salen;
|
||||
+ char *ctlname;
|
||||
+
|
||||
+ if (faddr->sa_family != laddr->sa_family)
|
||||
+ return -1;
|
||||
+ if (faddr->sa_family == AF_INET) {
|
||||
+ sin[0].sin_family = sin[1].sin_family = AF_INET;
|
||||
+ sin[0].sin_len = sin[1].sin_len = sizeof(struct sockaddr_in);
|
||||
+ memcpy(&sin[0].sin_addr,
|
||||
+ &((struct sockaddr_in *)laddr)->sin_addr,
|
||||
+ sizeof(struct in_addr));
|
||||
+ memcpy(&sin[1].sin_addr,
|
||||
+ &((struct sockaddr_in *)faddr)->sin_addr,
|
||||
+ sizeof(struct in_addr));
|
||||
+ sin[0].sin_port = (u_int16_t)lport;
|
||||
+ sin[1].sin_port = (u_int16_t)fport;
|
||||
+ sa = (struct sockaddr *)sin;
|
||||
+ salen = sizeof(sin);
|
||||
+ ctlname = "net.inet.tcp.getcred";
|
||||
+ } else if (IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)faddr)->sin6_addr)) {
|
||||
+ sin[0].sin_family = sin[1].sin_family = AF_INET;
|
||||
+ sin[0].sin_len = sin[1].sin_len = sizeof(struct sockaddr_in);
|
||||
+ memcpy(&sin[0].sin_addr,
|
||||
+ &((struct sockaddr_in6 *)laddr)->sin6_addr.s6_addr[12],
|
||||
+ sizeof(struct in_addr));
|
||||
+ memcpy(&sin[1].sin_addr,
|
||||
+ &((struct sockaddr_in6 *)faddr)->sin6_addr.s6_addr[12],
|
||||
+ sizeof(struct in_addr));
|
||||
+ sin[0].sin_port = (u_int16_t)lport;
|
||||
+ sin[1].sin_port = (u_int16_t)fport;
|
||||
+ sa = (struct sockaddr *)sin;
|
||||
+ salen = sizeof(sin);
|
||||
+ ctlname = "net.inet.tcp.getcred";
|
||||
+ } else {
|
||||
+ sin6[0].sin6_family = sin6[1].sin6_family = AF_INET6;
|
||||
+ sin6[0].sin6_len = sin6[1].sin6_len
|
||||
+ = sizeof(struct sockaddr_in6);
|
||||
+ memcpy(&sin6[0].sin6_addr,
|
||||
+ &((struct sockaddr_in6 *)laddr)->sin6_addr,
|
||||
+ sizeof(struct in6_addr));
|
||||
+ memcpy(&sin6[1].sin6_addr,
|
||||
+ &((struct sockaddr_in6 *)faddr)->sin6_addr,
|
||||
+ sizeof(struct in6_addr));
|
||||
+ sin6[0].sin6_port = (u_int16_t)lport;
|
||||
+ sin6[1].sin6_port = (u_int16_t)fport;
|
||||
+ sa = (struct sockaddr *)sin6;
|
||||
+ salen = sizeof(sin6);
|
||||
+ ctlname = "net.inet6.tcp6.getcred";
|
||||
+ }
|
||||
+
|
||||
+ if (sysctlbyname(ctlname, &uc, &oldlen, sa, salen))
|
||||
+ return -1;
|
||||
+
|
||||
+ *uid = uc.cr_uid;
|
||||
+ return 0;
|
||||
+}
|
||||
+#else
|
||||
+int k_getuid(struct in_addr *faddr, int fport, struct in_addr *laddr,
|
||||
+ int lport, int *uid) {
|
||||
+ struct sockaddr_in sin[2];
|
||||
+ struct xucred uc;
|
||||
+ size_t oldlen = sizeof(uc);
|
||||
+
|
||||
+ sin[0].sin_addr.s_addr = laddr->s_addr;
|
||||
+ sin[1].sin_addr.s_addr = faddr->s_addr;
|
||||
+ sin[0].sin_port = (u_short)lport;
|
||||
+ sin[1].sin_port = (u_short)fport;
|
||||
+
|
||||
+ if (sysctlbyname("net.inet.tcp.getcred", &uc, &oldlen, sin,
|
||||
+ sizeof(sin)))
|
||||
+ return -1;
|
||||
+
|
||||
+ *uid = uc.cr_uid;
|
||||
+ return 0;
|
||||
+}
|
||||
+#endif
|
@ -1,2 +0,0 @@
|
||||
sbin/identd
|
||||
sbin/idecrypt
|
Loading…
Reference in New Issue
Block a user