1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-24 04:33:24 +00:00

- update to 3.0.16

- use PLIST_FILES
- add missing manpage idecrypt.8
This commit is contained in:
Dirk Meyer 2004-03-06 09:33:13 +00:00
parent a0f23fccb4
commit ceffc4e4f7
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=103081
9 changed files with 116 additions and 314 deletions

View File

@ -6,7 +6,7 @@
#
PORTNAME= pidentd
PORTVERSION= 2.8.5
PORTVERSION= 3.0.16
CATEGORIES= security ipv6
MASTER_SITES= ftp://ftp.lysator.liu.se/pub/ident/servers/ \
ftp://ftp.fu-berlin.de/unix/security/ident/servers/
@ -15,38 +15,33 @@ PATCH_SITES= http://www.imasy.or.jp/~ume/ipv6/ \
http://home.jp.FreeBSD.org/~ume/ipv6/ \
${MASTER_SITE_LOCAL}
PATCH_SITE_SUBDIR= dinoex
PATCHFILES= pidentd-2.8.5-ipv6-1.5.diff.gz
PATCH_DIST_STRIP= -p2
PATCHFILES= pidentd-${PORTVERSION}-ipv6-20040227.diff.gz
PATCH_DIST_STRIP= -p0
MAINTAINER= dinoex@FreeBSD.org
COMMENT= An RFC1413 identification server
ALL_TARGET= freebsd
MAKE_ENV= REALPREFIX=${PREFIX}
USE_REINPLACE= yes
GNU_CONFIGURE= yes
MAN8= identd.8 idecrypt.8
PLIST_FILES= sbin/ibench sbin/identd sbin/idecrypt sbin/ikeygen
.if defined(WITH_DES)
USE_OPENSSL= yes
CFLAGS+= -DINCLUDE_CRYPT -DOPENSSL_DES_LIBDES_COMPATIBILITY
LDFLAGS+= -L${OPENSSLLIB} -lcrypto
.endif
.include <bsd.port.pre.mk>
post-extract:
${CP} ${FILESDIR}/idecrypt.8 ${WRKSRC}/doc/idecrypt.8
.if ${OSVERSION} >= 400014
ADD_GDEFS+= -DINET6 -D__ss_family=ss_family -D__ss_len=ss_len
.endif
post-patch:
@${REINPLACE_CMD} \
-e "s| /etc/identd.conf| ${PREFIX}/etc/identd.conf|" \
-e "s| /etc/identd.key| ${PREFIX}/etc/identd.key|" \
${WRKSRC}/doc/identd.8 ${WRKSRC}/doc/idecrypt.8
# Uncomment to activate the use of verifiable "cookies". The idea is to be
# able to detect fake "logs" intended to get your innocent users in trouble.
# Naturally, since it uses libcrypto, you must have OpenSSL installed.
#WITH_DES= yes
post-install:
${INSTALL_MAN} -m 644 ${WRKSRC}/doc/idecrypt.8 ${MANPREFIX}/man/man8/
.if defined(WITH_DES)
ADD_GDEFS+= -DINCLUDE_CRYPT -DOPENSSL_DES_LIBDES_COMPATIBILITY \
-I${OPENSSLINC} -I${OPENSSLINC}/openssl
ADD_GLIBS= -L${OPENSSLLIB} -lcrypto
.endif
.if defined(WITH_DES) || ${OSVERSION} >= 400014
MAKE_ENV+= ADD_GDEFS="${ADD_GDEFS}" ADD_GLIBS="${ADD_GLIBS}"
.endif
.include <bsd.port.post.mk>
.include <bsd.port.mk>

View File

@ -1,4 +1,4 @@
MD5 (pidentd-2.8.5.tar.gz) = 15d3d8b7ad9433b91634618b1f7b6417
SIZE (pidentd-2.8.5.tar.gz) = 121835
MD5 (pidentd-2.8.5-ipv6-1.5.diff.gz) = a8bf86a6f00611c0e3f7e1e153c73d7d
SIZE (pidentd-2.8.5-ipv6-1.5.diff.gz) = 9635
MD5 (pidentd-3.0.16.tar.gz) = 207ea2b786f3ea732f30ec4d531b9827
SIZE (pidentd-3.0.16.tar.gz) = 118728
MD5 (pidentd-3.0.16-ipv6-20040227.diff.gz) = b1e9830fd2fb1b26d1063c714c4a6d81
SIZE (pidentd-3.0.16-ipv6-20040227.diff.gz) = 14406

View File

@ -0,0 +1,94 @@
.TH IDECRYPT 8 "19 May 1996"
.SH NAME
idecrypt \- Decrypt tokens obtained from identd
.SH SYNOPSIS
.B idecrypt
.SH DESCRIPTION
.B idecrypt
is a utility for decrypting the encrypted tokens that
.BR identd (8)
provided instead of usernames when it is
run in encrypted-token mode (that is, with the
.B \-C
flag).
.PP
.B idecrypt
reads up to 1024 lines from the
.B /etc/identd.key
file, converting each line to a DES key using
.BR des_string_to_key (3).
It then reads standard input, searching for encrypted tokens
in the format produced by
.BR identd (8),
decrypts the tokens if possible, and copies all unrecognised text from
standard input to standard output without modification.
.PP
If more than one key appears in the key file, then
.BR identd (8)
will use the first key for encryption, and
.B idecrypt
will attempt to use all the keys for decryption.
This allows new keys to be used by
.BR identd (8)
without losing the ability for
.B idecrypt
to decrypt old tokens (until there are more than 1024 keys in the key file).
.PP
Each encrypted token consists of 32 base64 characters, enclosed in
square brackets. To make it easier to process logs generated by
versions of
.B tcpd (8)
that convert the square brackets to underlines,
.B idecrypt
permits underline characters instead of square brackets
in its input.
.PP
.BR idecrypt 's
output from decrypting each token is a human readable string
containing the timestamp (displayed as a local time in
.BR ctime (3)
format), the numeric uid, the local IP address, the local port number,
the remote IP address and the remote port number.
.SH EXAMPLE
Suppose that the local host has IP address 10.2.3.4, the local
.B /etc/identd.key
file contains
.PP
foobar
.PP
and the local host is running the
.BR identd (8)
server in encrypted-token mode.
.PP
Now, if a local user
with uid 501 telnets to a remote host with IP address 10.9.8.7,
the remote host may choose to make an ident query back to the
local host, in order to obtain some information to be logged for
possible use later. The local
.BR identd (8)
might send the following encrypted token to the remote host
instead of sending a username:
.PP
[aALdNYxh2496K4DDTel2Nk0Jzj5mRbok]
.PP
If the administrator of the remote host later provides the administrator
of the local host with a copy of the encrypted token, and if
the secret key has not been removed from the local
.B /etc/identd.key
file, then the administrator of the local host can run
.B idecrypt
and can provide the encrypted token in standard input.
.PP
.B idecrypt
will then print the following decrypted information:
.PP
Sun May 19 00:25:23 1996 501 10.2.3.4 2304 10.9.8.7 23
.PP
This represents the time the encrypted token was created,
the local user id, the local IP address and port number, and the
remote IP address and port number.
.SH SEE ALSO
.BR identd (8)
.BR tcpd (8)
.SH BUGS
The handling of fatal errors could be better.

View File

@ -1,67 +0,0 @@
--- Makefile.orig Tue Jul 29 05:01:22 1997
+++ Makefile Mon May 4 11:59:30 1998
@@ -16,9 +16,9 @@
MAKE=make
# set this to 'in.' if you like Sun's prefix on internet daemons
-PREFIX=in.
+PREFIX=
-DESTROOT=/usr/local
+DESTROOT=${REALPREFIX}
# set this to '/share' if your man pages are in /usr/share
#SHARE=/share
@@ -33,7 +33,7 @@
MANSECT=8
MANDIR=$(MANROOT)/man$(MANSECT)
-INSTALL=aux/install-sh -c
+INSTALL=/usr/bin/install -c
# NEXTSTEP 3.x Multi-Architecture-Binary (FAT) compiles
@@ -57,14 +57,14 @@
# GDEFS=-DINCLUDE_EXTENSIONS -DINCLUDE_PROXY -DINCLUDE_CRYPT \
# -DSTRONG_LOG -DALLOW_FORMAT \
#
-GDEFS=-DINCLUDE_EXTENSIONS -DSTRONG_LOG -DALLOW_FORMAT \
- -DDPATH_CONFIG='\"$(CONFDIR)/identd.conf\"' \
+GDEFS=-DINCLUDE_EXTENSIONS -DSTRONG_LOG -DALLOW_FORMAT $(ADD_GDEFS) \
+ -DPATH_CONFIG='\"$(CONFDIR)/identd.conf\"' \
-DPATH_DESKEY='\"$(CONFDIR)/identd.key\"'
# GLIBS=-lident -ldes
-GLIBS=
+GLIBS= $(ADD_GLIBS)
-CFLAGS=-O
+#CFLAGS=-O
#LDFLAGS=-L$(DESTROOT)/lib
all:
@@ -573,18 +573,18 @@
mv $@-t $@
chmod 755 $@
-install: $(PREFIX)identd identd.$(MANSECT) identconn itest idecrypt
+install: $(PREFIX)identd identd.$(MANSECT) idecrypt # identconn itest
$(INSTALL) -m 644 identd.$(MANSECT) $(MANDIR)
if [ -n "$(PREFIX)" ] ; then \
rm -f $(MANDIR)/$(PREFIX)identd.$(MANSECT) ; \
echo ".so `basename $(MANDIR)`/identd.$(MANSECT)" > $(MANDIR)/$(PREFIX)identd.$(MANSECT) ; \
fi
- $(INSTALL) -m 755 $(PREFIX)identd $(DESTDIR)
- $(INSTALL) -m 755 identconn $(DESTROOT)/bin
+ $(INSTALL) -s -m 755 $(PREFIX)identd $(DESTDIR)
+# $(INSTALL) -m 755 identconn $(DESTROOT)/bin
$(INSTALL) -m 644 idecrypt.man $(MANDIR)/idecrypt.$(MANSECT)
- $(INSTALL) -m 755 idecrypt $(DESTDIR)/idecrypt
- @echo "The following command will fail it you are not Root."
- -$(INSTALL) -o root -g kmem -m 2555 itest $(DESTROOT)/bin
+ $(INSTALL) -s -m 755 idecrypt $(DESTDIR)/idecrypt
+# @echo "The following command will fail it you are not Root."
+# -$(INSTALL) -o root -g kmem -m 2555 itest $(DESTROOT)/bin
tests:

View File

@ -1,79 +0,0 @@
--- identd.man.orig Mon Jul 28 23:01:22 1997
+++ identd.man Tue Sep 29 18:40:47 1998
@@ -4,9 +4,9 @@
.\"
.TH IDENTD 8 "27 May 1992"
.SH NAME
-identd, in.identd \- TCP/IP IDENT protocol server
+identd \- TCP/IP IDENT protocol server
.SH SYNOPSIS
-.B xDESTDIRx/[in.]identd
+.B !!PREFIX!!/sbin/identd
.RB [ \-i | \-w | \-b ]
.RB [ \-t<seconds> ]
.RB [ \-u<uid> ]
@@ -205,7 +205,7 @@
If the
.I keyfile
is not specified, it defaults to
-.BR /etc/identd.key .
+.BR !!PREFIX!!/etc/identd.key .
.PP
The
.B \-n
@@ -322,14 +322,14 @@
mode of operation.
.SH EXAMPLES
Assuming the server is located in
-.B /usr/etc/in.identd
+.B !!PREFIX!!/sbin/identd
one can put either:
.PP
-ident stream tcp wait sys /usr/etc/in.identd in.identd -w -t120
+ident stream tcp wait sys !!PREFIX!!/sbin/identd identd -w -t120
.PP
or:
.PP
-ident stream tcp nowait sys /usr/etc/in.identd in.identd -i
+ident stream tcp nowait sys !!PREFIX!!/sbin/identd identd -i
.PP
into the
.B /etc/inetd.conf
@@ -342,7 +342,7 @@
.B /etc/rc.local
file:
.PP
-/usr/etc/in.identd -b -u2 -g2
+!!PREFIX!!/sbin/identd -b -u2 -g2
.PP
This will make it run in the background as user 2, group 2 (user "sys",
group "kmem" on SunOS 4.1.1).
--- idecrypt.man.orig Tue Sep 29 19:00:01 1998
+++ idecrypt.man Tue Sep 29 19:01:05 1998
@@ -14,7 +14,7 @@
.PP
.B idecrypt
reads up to 1024 lines from the
-.B /etc/identd.key
+.B !!PREFIX!!/etc/identd.key
file, converting each line to a DES key using
.BR des_string_to_key (3).
It then reads standard input, searching for encrypted tokens
@@ -51,7 +51,7 @@
the remote IP address and the remote port number.
.SH EXAMPLE
Suppose that the local host has IP address 10.2.3.4, the local
-.B /etc/identd.key
+.B !!PREFIX!!/etc/identd.key
file contains
.PP
foobar
@@ -74,7 +74,7 @@
If the administrator of the remote host later provides the administrator
of the local host with a copy of the encrypted token, and if
the secret key has not been removed from the local
-.B /etc/identd.key
+.B !!PREFIX!!/etc/identd.key
file, then the administrator of the local host can run
.B idecrypt
and can provide the encrypted token in standard input.

View File

@ -1,19 +0,0 @@
*** src/Makefile.orig Mon Sep 1 15:47:04 1997
--- src/Makefile Mon Sep 1 15:47:11 1997
***************
*** 18,24 ****
mv $(PREFIX)identd ..
idecrypt: idecrypt.o crypto.o
! $(CC) $(LDFLAGS) -o idecrypt idecrypt.o crypto.o
mv idecrypt ..
identd.o: identd.c identd.h error.h crypto.h Makefile
--- 18,24 ----
mv $(PREFIX)identd ..
idecrypt: idecrypt.o crypto.o
! $(CC) $(LDFLAGS) -o idecrypt idecrypt.o crypto.o $(LIBS)
mv idecrypt ..
identd.o: identd.c identd.h error.h crypto.h Makefile

View File

@ -1,16 +0,0 @@
--- src/freebsd.c.orig Wed Jul 14 15:23:56 1999
+++ src/freebsd.c Wed Jul 14 15:24:51 1999
@@ -1,3 +1,8 @@
+#include <osreldate.h>
+#if __FreeBSD_version >= 400007 || (__FreeBSD_version < 400000 && \
+ __FreeBSD_version >= 320002)
+#include "freebsd-sysctl.c"
+#else
/*
** freebsd.c Low level kernel access functions for FreeBSD 2.x
**
@@ -306,3 +310,4 @@
return -1;
}
+#endif

View File

@ -1,104 +0,0 @@
$FreeBSD$
--- src/freebsd-sysctl.c.orig Thu Aug 29 21:20:05 2002
+++ src/freebsd-sysctl.c Thu Aug 29 21:24:03 2002
@@ -0,0 +1,98 @@
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/sysctl.h>
+#include <sys/ucred.h>
+
+#include <netinet/in.h>
+
+int
+k_open(void) {
+
+ return 0;
+}
+
+#ifdef INET6
+int k_getuid(struct sockaddr *faddr, int fport, struct sockaddr *laddr,
+ int lport, int *uid) {
+ struct sockaddr_in sin[2];
+ struct sockaddr_in6 sin6[2];
+ struct xucred uc;
+ size_t oldlen = sizeof(uc);
+ struct sockaddr *sa;
+ int salen;
+ char *ctlname;
+
+ if (faddr->sa_family != laddr->sa_family)
+ return -1;
+ if (faddr->sa_family == AF_INET) {
+ sin[0].sin_family = sin[1].sin_family = AF_INET;
+ sin[0].sin_len = sin[1].sin_len = sizeof(struct sockaddr_in);
+ memcpy(&sin[0].sin_addr,
+ &((struct sockaddr_in *)laddr)->sin_addr,
+ sizeof(struct in_addr));
+ memcpy(&sin[1].sin_addr,
+ &((struct sockaddr_in *)faddr)->sin_addr,
+ sizeof(struct in_addr));
+ sin[0].sin_port = (u_int16_t)lport;
+ sin[1].sin_port = (u_int16_t)fport;
+ sa = (struct sockaddr *)sin;
+ salen = sizeof(sin);
+ ctlname = "net.inet.tcp.getcred";
+ } else if (IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)faddr)->sin6_addr)) {
+ sin[0].sin_family = sin[1].sin_family = AF_INET;
+ sin[0].sin_len = sin[1].sin_len = sizeof(struct sockaddr_in);
+ memcpy(&sin[0].sin_addr,
+ &((struct sockaddr_in6 *)laddr)->sin6_addr.s6_addr[12],
+ sizeof(struct in_addr));
+ memcpy(&sin[1].sin_addr,
+ &((struct sockaddr_in6 *)faddr)->sin6_addr.s6_addr[12],
+ sizeof(struct in_addr));
+ sin[0].sin_port = (u_int16_t)lport;
+ sin[1].sin_port = (u_int16_t)fport;
+ sa = (struct sockaddr *)sin;
+ salen = sizeof(sin);
+ ctlname = "net.inet.tcp.getcred";
+ } else {
+ sin6[0].sin6_family = sin6[1].sin6_family = AF_INET6;
+ sin6[0].sin6_len = sin6[1].sin6_len
+ = sizeof(struct sockaddr_in6);
+ memcpy(&sin6[0].sin6_addr,
+ &((struct sockaddr_in6 *)laddr)->sin6_addr,
+ sizeof(struct in6_addr));
+ memcpy(&sin6[1].sin6_addr,
+ &((struct sockaddr_in6 *)faddr)->sin6_addr,
+ sizeof(struct in6_addr));
+ sin6[0].sin6_port = (u_int16_t)lport;
+ sin6[1].sin6_port = (u_int16_t)fport;
+ sa = (struct sockaddr *)sin6;
+ salen = sizeof(sin6);
+ ctlname = "net.inet6.tcp6.getcred";
+ }
+
+ if (sysctlbyname(ctlname, &uc, &oldlen, sa, salen))
+ return -1;
+
+ *uid = uc.cr_uid;
+ return 0;
+}
+#else
+int k_getuid(struct in_addr *faddr, int fport, struct in_addr *laddr,
+ int lport, int *uid) {
+ struct sockaddr_in sin[2];
+ struct xucred uc;
+ size_t oldlen = sizeof(uc);
+
+ sin[0].sin_addr.s_addr = laddr->s_addr;
+ sin[1].sin_addr.s_addr = faddr->s_addr;
+ sin[0].sin_port = (u_short)lport;
+ sin[1].sin_port = (u_short)fport;
+
+ if (sysctlbyname("net.inet.tcp.getcred", &uc, &oldlen, sin,
+ sizeof(sin)))
+ return -1;
+
+ *uid = uc.cr_uid;
+ return 0;
+}
+#endif

View File

@ -1,2 +0,0 @@
sbin/identd
sbin/idecrypt