diff options
author | dinoex <dinoex@FreeBSD.org> | 2004-03-06 17:33:13 +0800 |
---|---|---|
committer | dinoex <dinoex@FreeBSD.org> | 2004-03-06 17:33:13 +0800 |
commit | 2ac303d15f20b01833ecaa3c0193f0f68c14047f (patch) | |
tree | b87e54e20df0fec4a18afad00ac3050b8894d122 /security/pidentd | |
parent | f403c8d7fbfa7ccc8b4f1124079a9e3f75a92415 (diff) | |
download | freebsd-ports-gnome-2ac303d15f20b01833ecaa3c0193f0f68c14047f.tar.gz freebsd-ports-gnome-2ac303d15f20b01833ecaa3c0193f0f68c14047f.tar.zst freebsd-ports-gnome-2ac303d15f20b01833ecaa3c0193f0f68c14047f.zip |
- update to 3.0.16
- use PLIST_FILES
- add missing manpage idecrypt.8
Diffstat (limited to 'security/pidentd')
-rw-r--r-- | security/pidentd/Makefile | 41 | ||||
-rw-r--r-- | security/pidentd/distinfo | 8 | ||||
-rw-r--r-- | security/pidentd/files/idecrypt.8 | 94 | ||||
-rw-r--r-- | security/pidentd/files/patch-ab | 67 | ||||
-rw-r--r-- | security/pidentd/files/patch-ac | 79 | ||||
-rw-r--r-- | security/pidentd/files/patch-ai | 19 | ||||
-rw-r--r-- | security/pidentd/files/patch-ak | 16 | ||||
-rw-r--r-- | security/pidentd/files/patch-al | 104 | ||||
-rw-r--r-- | security/pidentd/pkg-plist | 2 |
9 files changed, 116 insertions, 314 deletions
diff --git a/security/pidentd/Makefile b/security/pidentd/Makefile index 897ffb398240..ae4b92b1de0d 100644 --- a/security/pidentd/Makefile +++ b/security/pidentd/Makefile @@ -6,7 +6,7 @@ # PORTNAME= pidentd -PORTVERSION= 2.8.5 +PORTVERSION= 3.0.16 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.lysator.liu.se/pub/ident/servers/ \ ftp://ftp.fu-berlin.de/unix/security/ident/servers/ @@ -15,38 +15,33 @@ PATCH_SITES= http://www.imasy.or.jp/~ume/ipv6/ \ http://home.jp.FreeBSD.org/~ume/ipv6/ \ ${MASTER_SITE_LOCAL} PATCH_SITE_SUBDIR= dinoex -PATCHFILES= pidentd-2.8.5-ipv6-1.5.diff.gz -PATCH_DIST_STRIP= -p2 +PATCHFILES= pidentd-${PORTVERSION}-ipv6-20040227.diff.gz +PATCH_DIST_STRIP= -p0 MAINTAINER= dinoex@FreeBSD.org COMMENT= An RFC1413 identification server -ALL_TARGET= freebsd -MAKE_ENV= REALPREFIX=${PREFIX} +USE_REINPLACE= yes +GNU_CONFIGURE= yes MAN8= identd.8 idecrypt.8 +PLIST_FILES= sbin/ibench sbin/identd sbin/idecrypt sbin/ikeygen .if defined(WITH_DES) USE_OPENSSL= yes +CFLAGS+= -DINCLUDE_CRYPT -DOPENSSL_DES_LIBDES_COMPATIBILITY +LDFLAGS+= -L${OPENSSLLIB} -lcrypto .endif -.include <bsd.port.pre.mk> +post-extract: + ${CP} ${FILESDIR}/idecrypt.8 ${WRKSRC}/doc/idecrypt.8 -.if ${OSVERSION} >= 400014 -ADD_GDEFS+= -DINET6 -D__ss_family=ss_family -D__ss_len=ss_len -.endif - -# Uncomment to activate the use of verifiable "cookies". The idea is to be -# able to detect fake "logs" intended to get your innocent users in trouble. -# Naturally, since it uses libcrypto, you must have OpenSSL installed. -#WITH_DES= yes +post-patch: + @${REINPLACE_CMD} \ + -e "s| /etc/identd.conf| ${PREFIX}/etc/identd.conf|" \ + -e "s| /etc/identd.key| ${PREFIX}/etc/identd.key|" \ + ${WRKSRC}/doc/identd.8 ${WRKSRC}/doc/idecrypt.8 -.if defined(WITH_DES) -ADD_GDEFS+= -DINCLUDE_CRYPT -DOPENSSL_DES_LIBDES_COMPATIBILITY \ - -I${OPENSSLINC} -I${OPENSSLINC}/openssl -ADD_GLIBS= -L${OPENSSLLIB} -lcrypto -.endif -.if defined(WITH_DES) || ${OSVERSION} >= 400014 -MAKE_ENV+= ADD_GDEFS="${ADD_GDEFS}" ADD_GLIBS="${ADD_GLIBS}" -.endif +post-install: + ${INSTALL_MAN} -m 644 ${WRKSRC}/doc/idecrypt.8 ${MANPREFIX}/man/man8/ -.include <bsd.port.post.mk> +.include <bsd.port.mk> diff --git a/security/pidentd/distinfo b/security/pidentd/distinfo index 9c774a3cf56d..e41bb12a1013 100644 --- a/security/pidentd/distinfo +++ b/security/pidentd/distinfo @@ -1,4 +1,4 @@ -MD5 (pidentd-2.8.5.tar.gz) = 15d3d8b7ad9433b91634618b1f7b6417 -SIZE (pidentd-2.8.5.tar.gz) = 121835 -MD5 (pidentd-2.8.5-ipv6-1.5.diff.gz) = a8bf86a6f00611c0e3f7e1e153c73d7d -SIZE (pidentd-2.8.5-ipv6-1.5.diff.gz) = 9635 +MD5 (pidentd-3.0.16.tar.gz) = 207ea2b786f3ea732f30ec4d531b9827 +SIZE (pidentd-3.0.16.tar.gz) = 118728 +MD5 (pidentd-3.0.16-ipv6-20040227.diff.gz) = b1e9830fd2fb1b26d1063c714c4a6d81 +SIZE (pidentd-3.0.16-ipv6-20040227.diff.gz) = 14406 diff --git a/security/pidentd/files/idecrypt.8 b/security/pidentd/files/idecrypt.8 new file mode 100644 index 000000000000..f5de49dfdd34 --- /dev/null +++ b/security/pidentd/files/idecrypt.8 @@ -0,0 +1,94 @@ +.TH IDECRYPT 8 "19 May 1996" +.SH NAME +idecrypt \- Decrypt tokens obtained from identd +.SH SYNOPSIS +.B idecrypt +.SH DESCRIPTION +.B idecrypt +is a utility for decrypting the encrypted tokens that +.BR identd (8) +provided instead of usernames when it is +run in encrypted-token mode (that is, with the +.B \-C +flag). +.PP +.B idecrypt +reads up to 1024 lines from the +.B /etc/identd.key +file, converting each line to a DES key using +.BR des_string_to_key (3). +It then reads standard input, searching for encrypted tokens +in the format produced by +.BR identd (8), +decrypts the tokens if possible, and copies all unrecognised text from +standard input to standard output without modification. +.PP +If more than one key appears in the key file, then +.BR identd (8) +will use the first key for encryption, and +.B idecrypt +will attempt to use all the keys for decryption. +This allows new keys to be used by +.BR identd (8) +without losing the ability for +.B idecrypt +to decrypt old tokens (until there are more than 1024 keys in the key file). +.PP +Each encrypted token consists of 32 base64 characters, enclosed in +square brackets. To make it easier to process logs generated by +versions of +.B tcpd (8) +that convert the square brackets to underlines, +.B idecrypt +permits underline characters instead of square brackets +in its input. +.PP +.BR idecrypt 's +output from decrypting each token is a human readable string +containing the timestamp (displayed as a local time in +.BR ctime (3) +format), the numeric uid, the local IP address, the local port number, +the remote IP address and the remote port number. +.SH EXAMPLE +Suppose that the local host has IP address 10.2.3.4, the local +.B /etc/identd.key +file contains +.PP +foobar +.PP +and the local host is running the +.BR identd (8) +server in encrypted-token mode. +.PP +Now, if a local user +with uid 501 telnets to a remote host with IP address 10.9.8.7, +the remote host may choose to make an ident query back to the +local host, in order to obtain some information to be logged for +possible use later. The local +.BR identd (8) +might send the following encrypted token to the remote host +instead of sending a username: +.PP +[aALdNYxh2496K4DDTel2Nk0Jzj5mRbok] +.PP +If the administrator of the remote host later provides the administrator +of the local host with a copy of the encrypted token, and if +the secret key has not been removed from the local +.B /etc/identd.key +file, then the administrator of the local host can run +.B idecrypt +and can provide the encrypted token in standard input. +.PP +.B idecrypt +will then print the following decrypted information: +.PP +Sun May 19 00:25:23 1996 501 10.2.3.4 2304 10.9.8.7 23 +.PP +This represents the time the encrypted token was created, +the local user id, the local IP address and port number, and the +remote IP address and port number. +.SH SEE ALSO +.BR identd (8) +.BR tcpd (8) +.SH BUGS +The handling of fatal errors could be better. diff --git a/security/pidentd/files/patch-ab b/security/pidentd/files/patch-ab deleted file mode 100644 index b3444e66ba5e..000000000000 --- a/security/pidentd/files/patch-ab +++ /dev/null @@ -1,67 +0,0 @@ ---- Makefile.orig Tue Jul 29 05:01:22 1997 -+++ Makefile Mon May 4 11:59:30 1998 -@@ -16,9 +16,9 @@ - MAKE=make - - # set this to 'in.' if you like Sun's prefix on internet daemons --PREFIX=in. -+PREFIX= - --DESTROOT=/usr/local -+DESTROOT=${REALPREFIX} - - # set this to '/share' if your man pages are in /usr/share - #SHARE=/share -@@ -33,7 +33,7 @@ - MANSECT=8 - MANDIR=$(MANROOT)/man$(MANSECT) - --INSTALL=aux/install-sh -c -+INSTALL=/usr/bin/install -c - - - # NEXTSTEP 3.x Multi-Architecture-Binary (FAT) compiles -@@ -57,14 +57,14 @@ - # GDEFS=-DINCLUDE_EXTENSIONS -DINCLUDE_PROXY -DINCLUDE_CRYPT \ - # -DSTRONG_LOG -DALLOW_FORMAT \ - # --GDEFS=-DINCLUDE_EXTENSIONS -DSTRONG_LOG -DALLOW_FORMAT \ -- -DDPATH_CONFIG='\"$(CONFDIR)/identd.conf\"' \ -+GDEFS=-DINCLUDE_EXTENSIONS -DSTRONG_LOG -DALLOW_FORMAT $(ADD_GDEFS) \ -+ -DPATH_CONFIG='\"$(CONFDIR)/identd.conf\"' \ - -DPATH_DESKEY='\"$(CONFDIR)/identd.key\"' - - # GLIBS=-lident -ldes --GLIBS= -+GLIBS= $(ADD_GLIBS) - --CFLAGS=-O -+#CFLAGS=-O - #LDFLAGS=-L$(DESTROOT)/lib - - all: -@@ -573,18 +573,18 @@ - mv $@-t $@ - chmod 755 $@ - --install: $(PREFIX)identd identd.$(MANSECT) identconn itest idecrypt -+install: $(PREFIX)identd identd.$(MANSECT) idecrypt # identconn itest - $(INSTALL) -m 644 identd.$(MANSECT) $(MANDIR) - if [ -n "$(PREFIX)" ] ; then \ - rm -f $(MANDIR)/$(PREFIX)identd.$(MANSECT) ; \ - echo ".so `basename $(MANDIR)`/identd.$(MANSECT)" > $(MANDIR)/$(PREFIX)identd.$(MANSECT) ; \ - fi -- $(INSTALL) -m 755 $(PREFIX)identd $(DESTDIR) -- $(INSTALL) -m 755 identconn $(DESTROOT)/bin -+ $(INSTALL) -s -m 755 $(PREFIX)identd $(DESTDIR) -+# $(INSTALL) -m 755 identconn $(DESTROOT)/bin - $(INSTALL) -m 644 idecrypt.man $(MANDIR)/idecrypt.$(MANSECT) -- $(INSTALL) -m 755 idecrypt $(DESTDIR)/idecrypt -- @echo "The following command will fail it you are not Root." -- -$(INSTALL) -o root -g kmem -m 2555 itest $(DESTROOT)/bin -+ $(INSTALL) -s -m 755 idecrypt $(DESTDIR)/idecrypt -+# @echo "The following command will fail it you are not Root." -+# -$(INSTALL) -o root -g kmem -m 2555 itest $(DESTROOT)/bin - - - tests: diff --git a/security/pidentd/files/patch-ac b/security/pidentd/files/patch-ac deleted file mode 100644 index 72da063d8545..000000000000 --- a/security/pidentd/files/patch-ac +++ /dev/null @@ -1,79 +0,0 @@ ---- identd.man.orig Mon Jul 28 23:01:22 1997 -+++ identd.man Tue Sep 29 18:40:47 1998 -@@ -4,9 +4,9 @@ - .\" - .TH IDENTD 8 "27 May 1992" - .SH NAME --identd, in.identd \- TCP/IP IDENT protocol server -+identd \- TCP/IP IDENT protocol server - .SH SYNOPSIS --.B xDESTDIRx/[in.]identd -+.B !!PREFIX!!/sbin/identd - .RB [ \-i | \-w | \-b ] - .RB [ \-t<seconds> ] - .RB [ \-u<uid> ] -@@ -205,7 +205,7 @@ - If the - .I keyfile - is not specified, it defaults to --.BR /etc/identd.key . -+.BR !!PREFIX!!/etc/identd.key . - .PP - The - .B \-n -@@ -322,14 +322,14 @@ - mode of operation. - .SH EXAMPLES - Assuming the server is located in --.B /usr/etc/in.identd -+.B !!PREFIX!!/sbin/identd - one can put either: - .PP --ident stream tcp wait sys /usr/etc/in.identd in.identd -w -t120 -+ident stream tcp wait sys !!PREFIX!!/sbin/identd identd -w -t120 - .PP - or: - .PP --ident stream tcp nowait sys /usr/etc/in.identd in.identd -i -+ident stream tcp nowait sys !!PREFIX!!/sbin/identd identd -i - .PP - into the - .B /etc/inetd.conf -@@ -342,7 +342,7 @@ - .B /etc/rc.local - file: - .PP --/usr/etc/in.identd -b -u2 -g2 -+!!PREFIX!!/sbin/identd -b -u2 -g2 - .PP - This will make it run in the background as user 2, group 2 (user "sys", - group "kmem" on SunOS 4.1.1). ---- idecrypt.man.orig Tue Sep 29 19:00:01 1998 -+++ idecrypt.man Tue Sep 29 19:01:05 1998 -@@ -14,7 +14,7 @@ - .PP - .B idecrypt - reads up to 1024 lines from the --.B /etc/identd.key -+.B !!PREFIX!!/etc/identd.key - file, converting each line to a DES key using - .BR des_string_to_key (3). - It then reads standard input, searching for encrypted tokens -@@ -51,7 +51,7 @@ - the remote IP address and the remote port number. - .SH EXAMPLE - Suppose that the local host has IP address 10.2.3.4, the local --.B /etc/identd.key -+.B !!PREFIX!!/etc/identd.key - file contains - .PP - foobar -@@ -74,7 +74,7 @@ - If the administrator of the remote host later provides the administrator - of the local host with a copy of the encrypted token, and if - the secret key has not been removed from the local --.B /etc/identd.key -+.B !!PREFIX!!/etc/identd.key - file, then the administrator of the local host can run - .B idecrypt - and can provide the encrypted token in standard input. diff --git a/security/pidentd/files/patch-ai b/security/pidentd/files/patch-ai deleted file mode 100644 index 8f730ae08a76..000000000000 --- a/security/pidentd/files/patch-ai +++ /dev/null @@ -1,19 +0,0 @@ -*** src/Makefile.orig Mon Sep 1 15:47:04 1997 ---- src/Makefile Mon Sep 1 15:47:11 1997 -*************** -*** 18,24 **** - mv $(PREFIX)identd .. - - idecrypt: idecrypt.o crypto.o -! $(CC) $(LDFLAGS) -o idecrypt idecrypt.o crypto.o - mv idecrypt .. - - identd.o: identd.c identd.h error.h crypto.h Makefile ---- 18,24 ---- - mv $(PREFIX)identd .. - - idecrypt: idecrypt.o crypto.o -! $(CC) $(LDFLAGS) -o idecrypt idecrypt.o crypto.o $(LIBS) - mv idecrypt .. - - identd.o: identd.c identd.h error.h crypto.h Makefile diff --git a/security/pidentd/files/patch-ak b/security/pidentd/files/patch-ak deleted file mode 100644 index 08893afd3f85..000000000000 --- a/security/pidentd/files/patch-ak +++ /dev/null @@ -1,16 +0,0 @@ ---- src/freebsd.c.orig Wed Jul 14 15:23:56 1999 -+++ src/freebsd.c Wed Jul 14 15:24:51 1999 -@@ -1,3 +1,8 @@ -+#include <osreldate.h> -+#if __FreeBSD_version >= 400007 || (__FreeBSD_version < 400000 && \ -+ __FreeBSD_version >= 320002) -+#include "freebsd-sysctl.c" -+#else - /* - ** freebsd.c Low level kernel access functions for FreeBSD 2.x - ** -@@ -306,3 +310,4 @@ - - return -1; - } -+#endif diff --git a/security/pidentd/files/patch-al b/security/pidentd/files/patch-al deleted file mode 100644 index 9d0bdcf670b4..000000000000 --- a/security/pidentd/files/patch-al +++ /dev/null @@ -1,104 +0,0 @@ - -$FreeBSD$ - ---- src/freebsd-sysctl.c.orig Thu Aug 29 21:20:05 2002 -+++ src/freebsd-sysctl.c Thu Aug 29 21:24:03 2002 -@@ -0,0 +1,98 @@ -+#include <sys/param.h> -+#include <sys/types.h> -+#include <sys/socket.h> -+#include <sys/sysctl.h> -+#include <sys/ucred.h> -+ -+#include <netinet/in.h> -+ -+int -+k_open(void) { -+ -+ return 0; -+} -+ -+#ifdef INET6 -+int k_getuid(struct sockaddr *faddr, int fport, struct sockaddr *laddr, -+ int lport, int *uid) { -+ struct sockaddr_in sin[2]; -+ struct sockaddr_in6 sin6[2]; -+ struct xucred uc; -+ size_t oldlen = sizeof(uc); -+ struct sockaddr *sa; -+ int salen; -+ char *ctlname; -+ -+ if (faddr->sa_family != laddr->sa_family) -+ return -1; -+ if (faddr->sa_family == AF_INET) { -+ sin[0].sin_family = sin[1].sin_family = AF_INET; -+ sin[0].sin_len = sin[1].sin_len = sizeof(struct sockaddr_in); -+ memcpy(&sin[0].sin_addr, -+ &((struct sockaddr_in *)laddr)->sin_addr, -+ sizeof(struct in_addr)); -+ memcpy(&sin[1].sin_addr, -+ &((struct sockaddr_in *)faddr)->sin_addr, -+ sizeof(struct in_addr)); -+ sin[0].sin_port = (u_int16_t)lport; -+ sin[1].sin_port = (u_int16_t)fport; -+ sa = (struct sockaddr *)sin; -+ salen = sizeof(sin); -+ ctlname = "net.inet.tcp.getcred"; -+ } else if (IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)faddr)->sin6_addr)) { -+ sin[0].sin_family = sin[1].sin_family = AF_INET; -+ sin[0].sin_len = sin[1].sin_len = sizeof(struct sockaddr_in); -+ memcpy(&sin[0].sin_addr, -+ &((struct sockaddr_in6 *)laddr)->sin6_addr.s6_addr[12], -+ sizeof(struct in_addr)); -+ memcpy(&sin[1].sin_addr, -+ &((struct sockaddr_in6 *)faddr)->sin6_addr.s6_addr[12], -+ sizeof(struct in_addr)); -+ sin[0].sin_port = (u_int16_t)lport; -+ sin[1].sin_port = (u_int16_t)fport; -+ sa = (struct sockaddr *)sin; -+ salen = sizeof(sin); -+ ctlname = "net.inet.tcp.getcred"; -+ } else { -+ sin6[0].sin6_family = sin6[1].sin6_family = AF_INET6; -+ sin6[0].sin6_len = sin6[1].sin6_len -+ = sizeof(struct sockaddr_in6); -+ memcpy(&sin6[0].sin6_addr, -+ &((struct sockaddr_in6 *)laddr)->sin6_addr, -+ sizeof(struct in6_addr)); -+ memcpy(&sin6[1].sin6_addr, -+ &((struct sockaddr_in6 *)faddr)->sin6_addr, -+ sizeof(struct in6_addr)); -+ sin6[0].sin6_port = (u_int16_t)lport; -+ sin6[1].sin6_port = (u_int16_t)fport; -+ sa = (struct sockaddr *)sin6; -+ salen = sizeof(sin6); -+ ctlname = "net.inet6.tcp6.getcred"; -+ } -+ -+ if (sysctlbyname(ctlname, &uc, &oldlen, sa, salen)) -+ return -1; -+ -+ *uid = uc.cr_uid; -+ return 0; -+} -+#else -+int k_getuid(struct in_addr *faddr, int fport, struct in_addr *laddr, -+ int lport, int *uid) { -+ struct sockaddr_in sin[2]; -+ struct xucred uc; -+ size_t oldlen = sizeof(uc); -+ -+ sin[0].sin_addr.s_addr = laddr->s_addr; -+ sin[1].sin_addr.s_addr = faddr->s_addr; -+ sin[0].sin_port = (u_short)lport; -+ sin[1].sin_port = (u_short)fport; -+ -+ if (sysctlbyname("net.inet.tcp.getcred", &uc, &oldlen, sin, -+ sizeof(sin))) -+ return -1; -+ -+ *uid = uc.cr_uid; -+ return 0; -+} -+#endif diff --git a/security/pidentd/pkg-plist b/security/pidentd/pkg-plist deleted file mode 100644 index 2ffb7c7f8df4..000000000000 --- a/security/pidentd/pkg-plist +++ /dev/null @@ -1,2 +0,0 @@ -sbin/identd -sbin/idecrypt |