aboutsummaryrefslogtreecommitdiffstats
path: root/security/pidentd
diff options
context:
space:
mode:
authordinoex <dinoex@FreeBSD.org>2004-03-06 17:33:13 +0800
committerdinoex <dinoex@FreeBSD.org>2004-03-06 17:33:13 +0800
commit2ac303d15f20b01833ecaa3c0193f0f68c14047f (patch)
treeb87e54e20df0fec4a18afad00ac3050b8894d122 /security/pidentd
parentf403c8d7fbfa7ccc8b4f1124079a9e3f75a92415 (diff)
downloadfreebsd-ports-gnome-2ac303d15f20b01833ecaa3c0193f0f68c14047f.tar.gz
freebsd-ports-gnome-2ac303d15f20b01833ecaa3c0193f0f68c14047f.tar.zst
freebsd-ports-gnome-2ac303d15f20b01833ecaa3c0193f0f68c14047f.zip
- update to 3.0.16
- use PLIST_FILES - add missing manpage idecrypt.8
Diffstat (limited to 'security/pidentd')
-rw-r--r--security/pidentd/Makefile41
-rw-r--r--security/pidentd/distinfo8
-rw-r--r--security/pidentd/files/idecrypt.894
-rw-r--r--security/pidentd/files/patch-ab67
-rw-r--r--security/pidentd/files/patch-ac79
-rw-r--r--security/pidentd/files/patch-ai19
-rw-r--r--security/pidentd/files/patch-ak16
-rw-r--r--security/pidentd/files/patch-al104
-rw-r--r--security/pidentd/pkg-plist2
9 files changed, 116 insertions, 314 deletions
diff --git a/security/pidentd/Makefile b/security/pidentd/Makefile
index 897ffb398240..ae4b92b1de0d 100644
--- a/security/pidentd/Makefile
+++ b/security/pidentd/Makefile
@@ -6,7 +6,7 @@
#
PORTNAME= pidentd
-PORTVERSION= 2.8.5
+PORTVERSION= 3.0.16
CATEGORIES= security ipv6
MASTER_SITES= ftp://ftp.lysator.liu.se/pub/ident/servers/ \
ftp://ftp.fu-berlin.de/unix/security/ident/servers/
@@ -15,38 +15,33 @@ PATCH_SITES= http://www.imasy.or.jp/~ume/ipv6/ \
http://home.jp.FreeBSD.org/~ume/ipv6/ \
${MASTER_SITE_LOCAL}
PATCH_SITE_SUBDIR= dinoex
-PATCHFILES= pidentd-2.8.5-ipv6-1.5.diff.gz
-PATCH_DIST_STRIP= -p2
+PATCHFILES= pidentd-${PORTVERSION}-ipv6-20040227.diff.gz
+PATCH_DIST_STRIP= -p0
MAINTAINER= dinoex@FreeBSD.org
COMMENT= An RFC1413 identification server
-ALL_TARGET= freebsd
-MAKE_ENV= REALPREFIX=${PREFIX}
+USE_REINPLACE= yes
+GNU_CONFIGURE= yes
MAN8= identd.8 idecrypt.8
+PLIST_FILES= sbin/ibench sbin/identd sbin/idecrypt sbin/ikeygen
.if defined(WITH_DES)
USE_OPENSSL= yes
+CFLAGS+= -DINCLUDE_CRYPT -DOPENSSL_DES_LIBDES_COMPATIBILITY
+LDFLAGS+= -L${OPENSSLLIB} -lcrypto
.endif
-.include <bsd.port.pre.mk>
+post-extract:
+ ${CP} ${FILESDIR}/idecrypt.8 ${WRKSRC}/doc/idecrypt.8
-.if ${OSVERSION} >= 400014
-ADD_GDEFS+= -DINET6 -D__ss_family=ss_family -D__ss_len=ss_len
-.endif
-
-# Uncomment to activate the use of verifiable "cookies". The idea is to be
-# able to detect fake "logs" intended to get your innocent users in trouble.
-# Naturally, since it uses libcrypto, you must have OpenSSL installed.
-#WITH_DES= yes
+post-patch:
+ @${REINPLACE_CMD} \
+ -e "s| /etc/identd.conf| ${PREFIX}/etc/identd.conf|" \
+ -e "s| /etc/identd.key| ${PREFIX}/etc/identd.key|" \
+ ${WRKSRC}/doc/identd.8 ${WRKSRC}/doc/idecrypt.8
-.if defined(WITH_DES)
-ADD_GDEFS+= -DINCLUDE_CRYPT -DOPENSSL_DES_LIBDES_COMPATIBILITY \
- -I${OPENSSLINC} -I${OPENSSLINC}/openssl
-ADD_GLIBS= -L${OPENSSLLIB} -lcrypto
-.endif
-.if defined(WITH_DES) || ${OSVERSION} >= 400014
-MAKE_ENV+= ADD_GDEFS="${ADD_GDEFS}" ADD_GLIBS="${ADD_GLIBS}"
-.endif
+post-install:
+ ${INSTALL_MAN} -m 644 ${WRKSRC}/doc/idecrypt.8 ${MANPREFIX}/man/man8/
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
diff --git a/security/pidentd/distinfo b/security/pidentd/distinfo
index 9c774a3cf56d..e41bb12a1013 100644
--- a/security/pidentd/distinfo
+++ b/security/pidentd/distinfo
@@ -1,4 +1,4 @@
-MD5 (pidentd-2.8.5.tar.gz) = 15d3d8b7ad9433b91634618b1f7b6417
-SIZE (pidentd-2.8.5.tar.gz) = 121835
-MD5 (pidentd-2.8.5-ipv6-1.5.diff.gz) = a8bf86a6f00611c0e3f7e1e153c73d7d
-SIZE (pidentd-2.8.5-ipv6-1.5.diff.gz) = 9635
+MD5 (pidentd-3.0.16.tar.gz) = 207ea2b786f3ea732f30ec4d531b9827
+SIZE (pidentd-3.0.16.tar.gz) = 118728
+MD5 (pidentd-3.0.16-ipv6-20040227.diff.gz) = b1e9830fd2fb1b26d1063c714c4a6d81
+SIZE (pidentd-3.0.16-ipv6-20040227.diff.gz) = 14406
diff --git a/security/pidentd/files/idecrypt.8 b/security/pidentd/files/idecrypt.8
new file mode 100644
index 000000000000..f5de49dfdd34
--- /dev/null
+++ b/security/pidentd/files/idecrypt.8
@@ -0,0 +1,94 @@
+.TH IDECRYPT 8 "19 May 1996"
+.SH NAME
+idecrypt \- Decrypt tokens obtained from identd
+.SH SYNOPSIS
+.B idecrypt
+.SH DESCRIPTION
+.B idecrypt
+is a utility for decrypting the encrypted tokens that
+.BR identd (8)
+provided instead of usernames when it is
+run in encrypted-token mode (that is, with the
+.B \-C
+flag).
+.PP
+.B idecrypt
+reads up to 1024 lines from the
+.B /etc/identd.key
+file, converting each line to a DES key using
+.BR des_string_to_key (3).
+It then reads standard input, searching for encrypted tokens
+in the format produced by
+.BR identd (8),
+decrypts the tokens if possible, and copies all unrecognised text from
+standard input to standard output without modification.
+.PP
+If more than one key appears in the key file, then
+.BR identd (8)
+will use the first key for encryption, and
+.B idecrypt
+will attempt to use all the keys for decryption.
+This allows new keys to be used by
+.BR identd (8)
+without losing the ability for
+.B idecrypt
+to decrypt old tokens (until there are more than 1024 keys in the key file).
+.PP
+Each encrypted token consists of 32 base64 characters, enclosed in
+square brackets. To make it easier to process logs generated by
+versions of
+.B tcpd (8)
+that convert the square brackets to underlines,
+.B idecrypt
+permits underline characters instead of square brackets
+in its input.
+.PP
+.BR idecrypt 's
+output from decrypting each token is a human readable string
+containing the timestamp (displayed as a local time in
+.BR ctime (3)
+format), the numeric uid, the local IP address, the local port number,
+the remote IP address and the remote port number.
+.SH EXAMPLE
+Suppose that the local host has IP address 10.2.3.4, the local
+.B /etc/identd.key
+file contains
+.PP
+foobar
+.PP
+and the local host is running the
+.BR identd (8)
+server in encrypted-token mode.
+.PP
+Now, if a local user
+with uid 501 telnets to a remote host with IP address 10.9.8.7,
+the remote host may choose to make an ident query back to the
+local host, in order to obtain some information to be logged for
+possible use later. The local
+.BR identd (8)
+might send the following encrypted token to the remote host
+instead of sending a username:
+.PP
+[aALdNYxh2496K4DDTel2Nk0Jzj5mRbok]
+.PP
+If the administrator of the remote host later provides the administrator
+of the local host with a copy of the encrypted token, and if
+the secret key has not been removed from the local
+.B /etc/identd.key
+file, then the administrator of the local host can run
+.B idecrypt
+and can provide the encrypted token in standard input.
+.PP
+.B idecrypt
+will then print the following decrypted information:
+.PP
+Sun May 19 00:25:23 1996 501 10.2.3.4 2304 10.9.8.7 23
+.PP
+This represents the time the encrypted token was created,
+the local user id, the local IP address and port number, and the
+remote IP address and port number.
+.SH SEE ALSO
+.BR identd (8)
+.BR tcpd (8)
+.SH BUGS
+The handling of fatal errors could be better.
diff --git a/security/pidentd/files/patch-ab b/security/pidentd/files/patch-ab
deleted file mode 100644
index b3444e66ba5e..000000000000
--- a/security/pidentd/files/patch-ab
+++ /dev/null
@@ -1,67 +0,0 @@
---- Makefile.orig Tue Jul 29 05:01:22 1997
-+++ Makefile Mon May 4 11:59:30 1998
-@@ -16,9 +16,9 @@
- MAKE=make
-
- # set this to 'in.' if you like Sun's prefix on internet daemons
--PREFIX=in.
-+PREFIX=
-
--DESTROOT=/usr/local
-+DESTROOT=${REALPREFIX}
-
- # set this to '/share' if your man pages are in /usr/share
- #SHARE=/share
-@@ -33,7 +33,7 @@
- MANSECT=8
- MANDIR=$(MANROOT)/man$(MANSECT)
-
--INSTALL=aux/install-sh -c
-+INSTALL=/usr/bin/install -c
-
-
- # NEXTSTEP 3.x Multi-Architecture-Binary (FAT) compiles
-@@ -57,14 +57,14 @@
- # GDEFS=-DINCLUDE_EXTENSIONS -DINCLUDE_PROXY -DINCLUDE_CRYPT \
- # -DSTRONG_LOG -DALLOW_FORMAT \
- #
--GDEFS=-DINCLUDE_EXTENSIONS -DSTRONG_LOG -DALLOW_FORMAT \
-- -DDPATH_CONFIG='\"$(CONFDIR)/identd.conf\"' \
-+GDEFS=-DINCLUDE_EXTENSIONS -DSTRONG_LOG -DALLOW_FORMAT $(ADD_GDEFS) \
-+ -DPATH_CONFIG='\"$(CONFDIR)/identd.conf\"' \
- -DPATH_DESKEY='\"$(CONFDIR)/identd.key\"'
-
- # GLIBS=-lident -ldes
--GLIBS=
-+GLIBS= $(ADD_GLIBS)
-
--CFLAGS=-O
-+#CFLAGS=-O
- #LDFLAGS=-L$(DESTROOT)/lib
-
- all:
-@@ -573,18 +573,18 @@
- mv $@-t $@
- chmod 755 $@
-
--install: $(PREFIX)identd identd.$(MANSECT) identconn itest idecrypt
-+install: $(PREFIX)identd identd.$(MANSECT) idecrypt # identconn itest
- $(INSTALL) -m 644 identd.$(MANSECT) $(MANDIR)
- if [ -n "$(PREFIX)" ] ; then \
- rm -f $(MANDIR)/$(PREFIX)identd.$(MANSECT) ; \
- echo ".so `basename $(MANDIR)`/identd.$(MANSECT)" > $(MANDIR)/$(PREFIX)identd.$(MANSECT) ; \
- fi
-- $(INSTALL) -m 755 $(PREFIX)identd $(DESTDIR)
-- $(INSTALL) -m 755 identconn $(DESTROOT)/bin
-+ $(INSTALL) -s -m 755 $(PREFIX)identd $(DESTDIR)
-+# $(INSTALL) -m 755 identconn $(DESTROOT)/bin
- $(INSTALL) -m 644 idecrypt.man $(MANDIR)/idecrypt.$(MANSECT)
-- $(INSTALL) -m 755 idecrypt $(DESTDIR)/idecrypt
-- @echo "The following command will fail it you are not Root."
-- -$(INSTALL) -o root -g kmem -m 2555 itest $(DESTROOT)/bin
-+ $(INSTALL) -s -m 755 idecrypt $(DESTDIR)/idecrypt
-+# @echo "The following command will fail it you are not Root."
-+# -$(INSTALL) -o root -g kmem -m 2555 itest $(DESTROOT)/bin
-
-
- tests:
diff --git a/security/pidentd/files/patch-ac b/security/pidentd/files/patch-ac
deleted file mode 100644
index 72da063d8545..000000000000
--- a/security/pidentd/files/patch-ac
+++ /dev/null
@@ -1,79 +0,0 @@
---- identd.man.orig Mon Jul 28 23:01:22 1997
-+++ identd.man Tue Sep 29 18:40:47 1998
-@@ -4,9 +4,9 @@
- .\"
- .TH IDENTD 8 "27 May 1992"
- .SH NAME
--identd, in.identd \- TCP/IP IDENT protocol server
-+identd \- TCP/IP IDENT protocol server
- .SH SYNOPSIS
--.B xDESTDIRx/[in.]identd
-+.B !!PREFIX!!/sbin/identd
- .RB [ \-i | \-w | \-b ]
- .RB [ \-t<seconds> ]
- .RB [ \-u<uid> ]
-@@ -205,7 +205,7 @@
- If the
- .I keyfile
- is not specified, it defaults to
--.BR /etc/identd.key .
-+.BR !!PREFIX!!/etc/identd.key .
- .PP
- The
- .B \-n
-@@ -322,14 +322,14 @@
- mode of operation.
- .SH EXAMPLES
- Assuming the server is located in
--.B /usr/etc/in.identd
-+.B !!PREFIX!!/sbin/identd
- one can put either:
- .PP
--ident stream tcp wait sys /usr/etc/in.identd in.identd -w -t120
-+ident stream tcp wait sys !!PREFIX!!/sbin/identd identd -w -t120
- .PP
- or:
- .PP
--ident stream tcp nowait sys /usr/etc/in.identd in.identd -i
-+ident stream tcp nowait sys !!PREFIX!!/sbin/identd identd -i
- .PP
- into the
- .B /etc/inetd.conf
-@@ -342,7 +342,7 @@
- .B /etc/rc.local
- file:
- .PP
--/usr/etc/in.identd -b -u2 -g2
-+!!PREFIX!!/sbin/identd -b -u2 -g2
- .PP
- This will make it run in the background as user 2, group 2 (user "sys",
- group "kmem" on SunOS 4.1.1).
---- idecrypt.man.orig Tue Sep 29 19:00:01 1998
-+++ idecrypt.man Tue Sep 29 19:01:05 1998
-@@ -14,7 +14,7 @@
- .PP
- .B idecrypt
- reads up to 1024 lines from the
--.B /etc/identd.key
-+.B !!PREFIX!!/etc/identd.key
- file, converting each line to a DES key using
- .BR des_string_to_key (3).
- It then reads standard input, searching for encrypted tokens
-@@ -51,7 +51,7 @@
- the remote IP address and the remote port number.
- .SH EXAMPLE
- Suppose that the local host has IP address 10.2.3.4, the local
--.B /etc/identd.key
-+.B !!PREFIX!!/etc/identd.key
- file contains
- .PP
- foobar
-@@ -74,7 +74,7 @@
- If the administrator of the remote host later provides the administrator
- of the local host with a copy of the encrypted token, and if
- the secret key has not been removed from the local
--.B /etc/identd.key
-+.B !!PREFIX!!/etc/identd.key
- file, then the administrator of the local host can run
- .B idecrypt
- and can provide the encrypted token in standard input.
diff --git a/security/pidentd/files/patch-ai b/security/pidentd/files/patch-ai
deleted file mode 100644
index 8f730ae08a76..000000000000
--- a/security/pidentd/files/patch-ai
+++ /dev/null
@@ -1,19 +0,0 @@
-*** src/Makefile.orig Mon Sep 1 15:47:04 1997
---- src/Makefile Mon Sep 1 15:47:11 1997
-***************
-*** 18,24 ****
- mv $(PREFIX)identd ..
-
- idecrypt: idecrypt.o crypto.o
-! $(CC) $(LDFLAGS) -o idecrypt idecrypt.o crypto.o
- mv idecrypt ..
-
- identd.o: identd.c identd.h error.h crypto.h Makefile
---- 18,24 ----
- mv $(PREFIX)identd ..
-
- idecrypt: idecrypt.o crypto.o
-! $(CC) $(LDFLAGS) -o idecrypt idecrypt.o crypto.o $(LIBS)
- mv idecrypt ..
-
- identd.o: identd.c identd.h error.h crypto.h Makefile
diff --git a/security/pidentd/files/patch-ak b/security/pidentd/files/patch-ak
deleted file mode 100644
index 08893afd3f85..000000000000
--- a/security/pidentd/files/patch-ak
+++ /dev/null
@@ -1,16 +0,0 @@
---- src/freebsd.c.orig Wed Jul 14 15:23:56 1999
-+++ src/freebsd.c Wed Jul 14 15:24:51 1999
-@@ -1,3 +1,8 @@
-+#include <osreldate.h>
-+#if __FreeBSD_version >= 400007 || (__FreeBSD_version < 400000 && \
-+ __FreeBSD_version >= 320002)
-+#include "freebsd-sysctl.c"
-+#else
- /*
- ** freebsd.c Low level kernel access functions for FreeBSD 2.x
- **
-@@ -306,3 +310,4 @@
-
- return -1;
- }
-+#endif
diff --git a/security/pidentd/files/patch-al b/security/pidentd/files/patch-al
deleted file mode 100644
index 9d0bdcf670b4..000000000000
--- a/security/pidentd/files/patch-al
+++ /dev/null
@@ -1,104 +0,0 @@
-
-$FreeBSD$
-
---- src/freebsd-sysctl.c.orig Thu Aug 29 21:20:05 2002
-+++ src/freebsd-sysctl.c Thu Aug 29 21:24:03 2002
-@@ -0,0 +1,98 @@
-+#include <sys/param.h>
-+#include <sys/types.h>
-+#include <sys/socket.h>
-+#include <sys/sysctl.h>
-+#include <sys/ucred.h>
-+
-+#include <netinet/in.h>
-+
-+int
-+k_open(void) {
-+
-+ return 0;
-+}
-+
-+#ifdef INET6
-+int k_getuid(struct sockaddr *faddr, int fport, struct sockaddr *laddr,
-+ int lport, int *uid) {
-+ struct sockaddr_in sin[2];
-+ struct sockaddr_in6 sin6[2];
-+ struct xucred uc;
-+ size_t oldlen = sizeof(uc);
-+ struct sockaddr *sa;
-+ int salen;
-+ char *ctlname;
-+
-+ if (faddr->sa_family != laddr->sa_family)
-+ return -1;
-+ if (faddr->sa_family == AF_INET) {
-+ sin[0].sin_family = sin[1].sin_family = AF_INET;
-+ sin[0].sin_len = sin[1].sin_len = sizeof(struct sockaddr_in);
-+ memcpy(&sin[0].sin_addr,
-+ &((struct sockaddr_in *)laddr)->sin_addr,
-+ sizeof(struct in_addr));
-+ memcpy(&sin[1].sin_addr,
-+ &((struct sockaddr_in *)faddr)->sin_addr,
-+ sizeof(struct in_addr));
-+ sin[0].sin_port = (u_int16_t)lport;
-+ sin[1].sin_port = (u_int16_t)fport;
-+ sa = (struct sockaddr *)sin;
-+ salen = sizeof(sin);
-+ ctlname = "net.inet.tcp.getcred";
-+ } else if (IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)faddr)->sin6_addr)) {
-+ sin[0].sin_family = sin[1].sin_family = AF_INET;
-+ sin[0].sin_len = sin[1].sin_len = sizeof(struct sockaddr_in);
-+ memcpy(&sin[0].sin_addr,
-+ &((struct sockaddr_in6 *)laddr)->sin6_addr.s6_addr[12],
-+ sizeof(struct in_addr));
-+ memcpy(&sin[1].sin_addr,
-+ &((struct sockaddr_in6 *)faddr)->sin6_addr.s6_addr[12],
-+ sizeof(struct in_addr));
-+ sin[0].sin_port = (u_int16_t)lport;
-+ sin[1].sin_port = (u_int16_t)fport;
-+ sa = (struct sockaddr *)sin;
-+ salen = sizeof(sin);
-+ ctlname = "net.inet.tcp.getcred";
-+ } else {
-+ sin6[0].sin6_family = sin6[1].sin6_family = AF_INET6;
-+ sin6[0].sin6_len = sin6[1].sin6_len
-+ = sizeof(struct sockaddr_in6);
-+ memcpy(&sin6[0].sin6_addr,
-+ &((struct sockaddr_in6 *)laddr)->sin6_addr,
-+ sizeof(struct in6_addr));
-+ memcpy(&sin6[1].sin6_addr,
-+ &((struct sockaddr_in6 *)faddr)->sin6_addr,
-+ sizeof(struct in6_addr));
-+ sin6[0].sin6_port = (u_int16_t)lport;
-+ sin6[1].sin6_port = (u_int16_t)fport;
-+ sa = (struct sockaddr *)sin6;
-+ salen = sizeof(sin6);
-+ ctlname = "net.inet6.tcp6.getcred";
-+ }
-+
-+ if (sysctlbyname(ctlname, &uc, &oldlen, sa, salen))
-+ return -1;
-+
-+ *uid = uc.cr_uid;
-+ return 0;
-+}
-+#else
-+int k_getuid(struct in_addr *faddr, int fport, struct in_addr *laddr,
-+ int lport, int *uid) {
-+ struct sockaddr_in sin[2];
-+ struct xucred uc;
-+ size_t oldlen = sizeof(uc);
-+
-+ sin[0].sin_addr.s_addr = laddr->s_addr;
-+ sin[1].sin_addr.s_addr = faddr->s_addr;
-+ sin[0].sin_port = (u_short)lport;
-+ sin[1].sin_port = (u_short)fport;
-+
-+ if (sysctlbyname("net.inet.tcp.getcred", &uc, &oldlen, sin,
-+ sizeof(sin)))
-+ return -1;
-+
-+ *uid = uc.cr_uid;
-+ return 0;
-+}
-+#endif
diff --git a/security/pidentd/pkg-plist b/security/pidentd/pkg-plist
deleted file mode 100644
index 2ffb7c7f8df4..000000000000
--- a/security/pidentd/pkg-plist
+++ /dev/null
@@ -1,2 +0,0 @@
-sbin/identd
-sbin/idecrypt