--- pidentd-3.0.19.ds1.orig/INSTALL +++ pidentd-3.0.19.ds1/INSTALL @@ -75,7 +75,7 @@ ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.y.z.tar.gz -The libcrypto library is actually the prefered one since it includes +The libcrypto library is actually the preferred one since it includes a good random DES key generator which is used (if found) by the Ikeygen program. --- pidentd-3.0.19.ds1.orig/doc/identd.8 +++ pidentd-3.0.19.ds1/doc/identd.8 @@ -2,11 +2,11 @@ .\" Copyright (c) 1992-1999 Peter Eriksson, Lysator, Linkoping University. .\" This manual page is released into the public domain." .\" -.TH identd 1 "8 Jan 1999" +.TH identd 8 "8 Jan 1999" .SH NAME -identd, in.identd \- TCP/IP IDENT protocol server +identd \- TCP/IP IDENT protocol server .SH SYNOPSIS -.B [in.]identd [options] +.B identd [options] .SH DESCRIPTION .IX "identd daemon" "" \fLidentd\fP daemon" .B Identd @@ -111,7 +111,7 @@ Directs .B identd to check for a file ".noident" in each home directory for the user which -the daemon is about to return the user name for. It that file exists then +the daemon is about to return the user name for. If that file exists then the daemon will give the error .B HIDDEN-USER instead of the normal USERID response. @@ -134,7 +134,7 @@ the responses will be returned one per line. The connection will not be closed until the connecting part closes it's end of the line. .SH INSTALLATION -The prefered way to start +The preferred way to start .B identd depends on how it was built. .PP @@ -193,7 +193,9 @@ pairs. .TP 10 .B syslog:facility = FACILITY -Set which facility to use when sending syslog messages. +Set which facility to use when sending syslog messages. See +.BR syslog.conf (5) +for more information. .TP 10 .B server:user = USER Set what user (and group, from the passwd database) the daemon @@ -254,8 +256,10 @@ Define the operating system returned in replies. Default: "UNIX" .TP 10 .B result:syslog-level = LEVEL -If set to anything other than "none", all request replies till -be sent to the syslog service with the specificed severity level. +If set to anything other than "none", all requested replies will +be sent to the syslog service with the specified severity level. See +.BR syslog.conf (5) +for more information. Default: none .TP 10 .B result:encrypt = YES/NO @@ -287,16 +291,16 @@ Contains the default configuration options for .B identd. .TP -.B /etc/identd.pid -Contains (if enabled) the process number of the -.B identd -daemon. -.TP .B /etc/identd.key If compiled with .I DES encryption enabled, the 1024 first bytes of this file is used to specify the secret key for encrypting replies. +.TP +.B /var/run/identd/identd.pid +Contains (if enabled) the process number of the +.B identd +daemon. .SH AVAILABILITY The daemon is free software. You can redistribute it and/or modify it as you wish - as long as you don't claim that you wrote @@ -320,7 +324,5 @@ , .BR ikeygen (8) , -.BR authuser (3) -, .BR inetd.conf (5) , --- pidentd-3.0.19.ds1.orig/etc/identd.conf +++ pidentd-3.0.19.ds1/etc/identd.conf @@ -1,4 +1,4 @@ -# /usr/local/etc/identd.conf - an example configuration file +# /etc/identd.conf - an example configuration file #-- The syslog facility for error messages @@ -18,7 +18,7 @@ # server:backlog = 256 #-- Where to write the file containing our process id -# server:pid-file = "/etc/identd.pid" +# server:pid-file = "/var/run/identd/identd.pid" #-- Maximum number of concurrent requests allowed (0 = unlimited) # server:max-requests = 0 @@ -28,7 +28,7 @@ #-- Enable some protocol extensions like "VERSION" or "QUIT" protocol:extensions = enabled -#-- Allow multiple queries per connection. This slightly breaks RFC1413 +#-- Allow multiple queries per connection protocol:multiquery = enabled #-- Timeout in seconds since connection or last query. Zero = disable --- pidentd-3.0.19.ds1.orig/src/server.c +++ pidentd-3.0.19.ds1/src/server.c @@ -15,11 +15,14 @@ #include "config.h" #include +#include #include #include #include #include #include +#include +#include #include "pidentd.h" @@ -115,10 +118,29 @@ int server_run(void) { + struct pollfd ufds[1]; int fd; - + int timeout = request_timeout <= 0 ? -1 : request_timeout * 1000; + int retval; + + if (fcntl(listen_sock, F_SETFL, O_NONBLOCK) == -1) + { + syslog(LOG_ERR, "fcntl() failed: %m"); + return -1; + } + + ufds[0].fd = listen_sock; + ufds[0].events = POLLIN; while (1) { + if ((retval = s_poll(ufds, 1, timeout)) == -1) + { + syslog(LOG_ERR, "poll() failed: %m"); + return -1; + } + else if (retval == 0) + break; + fd = s_accept(listen_sock, NULL, NULL); if (fd < 0) { @@ -139,4 +161,8 @@ request_run(fd, 0); } + + if (debug) + fprintf(stderr, "accept() timed out\n"); + exit(0); } --- pidentd-3.0.19.ds1.orig/src/k_linux.c +++ pidentd-3.0.19.ds1/src/k_linux.c @@ -17,15 +17,28 @@ #include #include #include +#include #include #include #include #include +#include #include +#include +#include +#include + #include "pidentd.h" +struct kainfo +{ + int nlfd; + __u32 seq; + FILE *proc_net_tcp; +}; + /* ** Make sure we are running on a supported OS version */ @@ -39,23 +52,85 @@ int ka_open(void **misc) { - FILE *fp; + struct kainfo *kp; + + kp = s_malloc(sizeof(*kp)); + kp->seq = 0; + kp->nlfd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_INET_DIAG); + if (kp->nlfd >= 0) + goto out; - while ((fp = fopen("/proc/net/tcp", "r")) == NULL && errno == EINTR) - ; + syslog(LOG_INFO, "netlink failed, fallback to /proc/net/tcp: %m"); + kp->proc_net_tcp = fopen("/proc/net/tcp", "r"); - if (fp == NULL) + if (kp->proc_net_tcp == NULL) { syslog(LOG_ERR, "fopen(\"/proc/net/tcp\", \"r\"): %m"); return -1; } - *misc = (void *) fp; +out: + *misc = (void *) kp; return 0; } +static int +netlink_lookup(struct kainfo *kip, struct kernel *kp) +{ + int status; + struct { + struct nlmsghdr nlh; + union { + struct inet_diag_req req; + struct inet_diag_msg rsp; + } u; + } buf; + struct sockaddr_nl addr; + + memset(&buf, 0, sizeof(buf)); + buf.nlh.nlmsg_len = NLMSG_ALIGN(NLMSG_LENGTH(sizeof(buf.u.req))); + buf.nlh.nlmsg_type = TCPDIAG_GETSOCK; + buf.nlh.nlmsg_flags = NLM_F_REQUEST; + buf.nlh.nlmsg_seq = ++kip->seq; + buf.u.req.idiag_family = AF_INET; + + buf.u.req.id.idiag_dport = kp->remote.sin_port; + buf.u.req.id.idiag_sport = kp->local.sin_port; + buf.u.req.id.idiag_dst[0] = kp->remote.sin_addr.s_addr; + buf.u.req.id.idiag_src[0] = kp->local.sin_addr.s_addr; + buf.u.req.id.idiag_cookie[0] = INET_DIAG_NOCOOKIE; + buf.u.req.id.idiag_cookie[1] = INET_DIAG_NOCOOKIE; + + status = write(kip->nlfd, &buf, buf.nlh.nlmsg_len); + if (status < 0) { + syslog(LOG_ERR, "netlink_lookup: write failed: %m"); + return 3; + } + + do { + socklen_t alen = sizeof(addr); + status = recvfrom(kip->nlfd, &buf, sizeof(buf), 0, + (void *)&addr, &alen); + if (status < 0) { + if (errno == ENOBUFS) + return -1; + syslog(LOG_ERR, "netlink_lookup: recvfrom failed: %m"); + return 3; + } + } while (addr.nl_pid || buf.nlh.nlmsg_seq != kip->seq); + + if (buf.nlh.nlmsg_type != TCPDIAG_GETSOCK) + return 0; + if (buf.u.rsp.idiag_state != TCP_ESTABLISHED) + return 0; + + kp->euid = buf.u.rsp.idiag_uid; + return 1; +} + + int ka_lookup(void *vp, struct kernel *kp) { @@ -66,6 +141,9 @@ int r_lport, r_rport, mylport, myrport; int euid; int nra; + int status; + unsigned long ino; + struct kainfo *kip; /* * PSz 11 Dec 02 @@ -94,23 +172,28 @@ * * Should we skip lines with just ino, or both uid and ino, zero? */ - unsigned long int ino; - + + kip = (struct kainfo *)vp; + kp->ruid = NO_UID; + + if (kip->nlfd >= 0) + return netlink_lookup(kip, kp); + r_rport = ntohs(kp->remote.sin_port); r_lport = ntohs(kp->local.sin_port); r_raddr = kp->remote.sin_addr.s_addr; r_laddr = kp->local.sin_addr.s_addr; - fp = (FILE *) vp; + fp = kip->proc_net_tcp; - kp->ruid = NO_UID; rewind(fp); /* eat header */ if (fgets(buf, sizeof(buf)-1,fp) == NULL) return -1; + status = 0; while (fgets(buf, sizeof(buf)-1, fp) != NULL) { nra = sscanf(buf, "%d: %lX:%x %lX:%x %x %lX:%lX %x:%lX %lx %d %ld %lu", @@ -119,9 +202,10 @@ &euid, &dummy, &ino); if (nra >= 12) { - if (myladdr == r_laddr && mylport == r_lport && - myraddr == r_raddr && myrport == r_rport) + if (myladdr == r_laddr && mylport == r_lport) { + if (myraddr != r_raddr || myrport != r_rport || !ino) + continue; if (nra >= 14 && euid == 0 && ino == 0) { /* * Both uid and ino are zero: not even a socket? @@ -131,11 +215,11 @@ continue; } kp->euid = euid; - return 1; + status = 1; } } } - return -1; + return status; } --- pidentd-3.0.19.ds1.orig/src/request.c +++ pidentd-3.0.19.ds1/src/request.c @@ -98,6 +98,13 @@ switch (kp->status) { + case 2: + send_error(fd, + local_port, remote_port, + "HIDDEN-USER", + remote_addr); + break; + case 1: send_result(fd, kp); break; @@ -188,8 +195,9 @@ got = s_read(rp->fd, buf+len, sizeof(buf)-len-1); if (got < 0) { - syslog(LOG_ERR, "request_thread: read(%d, ..., %d) failed: %m", - rp->fd, sizeof(buf)-len-1); + if (debug) + fprintf(stderr, "request_thread: read(%d, ..., %d) failed: %s", + rp->fd, sizeof(buf)-len-1, strerror(errno)); goto Exit; } --- pidentd-3.0.19.ds1.orig/src/pidentd.h +++ pidentd-3.0.19.ds1/src/pidentd.h @@ -42,7 +42,7 @@ #endif #ifndef PATH_PIDFILE -#define PATH_PIDFILE "/etc/identd.pid" +#define PATH_PIDFILE "/var/run/identd/identd.pid" #endif #ifndef PATH_CFGFILE --- pidentd-3.0.19.ds1.orig/src/main.c +++ pidentd-3.0.19.ds1/src/main.c @@ -377,7 +377,12 @@ { if (!debug && pidfile_path != NULL) pidfile_create(pidfile_path); - + + if (listen_sock < 0) + { + request_timeout = 0; + } + if (server_init() < 0) { if (debug) --- pidentd-3.0.19.ds1.orig/src/kernel.c +++ pidentd-3.0.19.ds1/src/kernel.c @@ -107,7 +107,7 @@ if (debug) fprintf(stderr, "ka_lookup(), attempt = %d, status = %d\n", attempt, kp->status); - if (kp->status > 0) + if (kp->status >= 0) break; if (attempt > 2 && (attempt & 1) == 1) --- pidentd-3.0.19.ds1.orig/src/safeio.h +++ pidentd-3.0.19.ds1/src/safeio.h @@ -15,6 +15,8 @@ #ifndef PIDENTD_SAFEIO_H #define PIDENTD_SAFEIO_H +#include + extern void s_abort(void); extern int s_open(const char *path, int oflag, ...); @@ -37,4 +39,5 @@ size_t bufsize, const char *format, ...); +extern int s_poll(struct pollfd *, unsigned int, int); #endif --- pidentd-3.0.19.ds1.orig/src/safeio.c +++ pidentd-3.0.19.ds1/src/safeio.c @@ -327,3 +327,18 @@ return retcode; } + + + +int +s_poll(struct pollfd *ufds, + unsigned int nfds, + int timeout) +{ + int code; + + while ((code = poll(ufds, nfds, timeout)) == -1 && errno == EINTR) + ; + + return code; +} --- pidentd-3.0.19.ds1.orig/debian/copyright +++ pidentd-3.0.19.ds1/debian/copyright @@ -0,0 +1,25 @@ +This package is maintained by Anibal Monsalve Salazar + +This package was split from netstd by Herbert Xu herbert@debian.org on +Thu, 26 Aug 1999 15:09:16 +1000 + +netstd was created by Peter Tobias tobias@et-inf.fho-emden.de on +Wed, 20 Jul 1994 17:23:21 +0200. + +It was downloaded from ftp://ftp.lysator.liu.se/pub/ident/servers/. + +Web Page: + http://www.lysator.liu.se/~pen/pidentd/ + http://freshmeat.net/projects/pidentd/ + +Copyright: + +Copyright (c) 1997-1999 Peter Eriksson + +This program is free software; you can redistribute it and/or modify it as you +wish - as long as you don't claim that you wrote it. + +This program is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +FOR A PARTICULAR PURPOSE. + --- pidentd-3.0.19.ds1.orig/debian/changelog +++ pidentd-3.0.19.ds1/debian/changelog @@ -0,0 +1,267 @@ +pidentd (3.0.19.ds1-5) unstable; urgency=low + + * Priority is optional; closes: #416570, #492060 + * Standards-Version is 3.8.0 + * Fix description-contains-homepage + + -- Anibal Monsalve Salazar Tue, 23 Sep 2008 19:49:46 +1000 + +pidentd (3.0.19.ds1-4) unstable; urgency=high + + * Change identd from /var/run back to /var/run/identd. + Closes: #438554, #427409, #430336, #430711. + + -- Anibal Monsalve Salazar Sun, 19 Aug 2007 18:27:08 +1000 + +pidentd (3.0.19.ds1-3) unstable; urgency=low + + * Sinchronise with ubuntu. + + -- Anibal Monsalve Salazar Sat, 19 May 2007 19:25:14 +1000 + +pidentd (3.0.19.ds1-2) unstable; urgency=low + + * Acknowledge NMU. Closes: #417040. + * Fixed the following lintian errors: + - outdated-autotools-helper-file aux/config.guess 2003-01-03 + - outdated-autotools-helper-file aux/config.sub 2003-01-03 + * Set debhelper >= 5. + + -- Anibal Monsalve Salazar Fri, 18 May 2007 18:58:28 +1000 + +pidentd (3.0.19.ds1-1.2) unstable; urgency=high + + * Non-maintainer upload. + * Fix broken use of -a in test in postrm. + + -- Luk Claes Fri, 18 May 2007 00:38:49 +0200 + +pidentd (3.0.19.ds1-1.1) unstable; urgency=high + + * Non-maintainer upload during BSP. + * Fix unconditional use of deluser in postrm (Closes: #417040). + * Depend on update-inetd as it is used in prerm and postinst. + * Fix broken changelog entries. + + -- Luk Claes Thu, 17 May 2007 02:19:59 +0200 + +pidentd (3.0.19.ds1-1ubuntu1) feisty; urgency=low + + [ Lionel Porcheron ] + * debian/control: Add update-inetd to pidentd's dependencies + (Closes Ubuntu: #76127). + * debian/control: Add openbsd-inetd | inet-superserver dependencies + as pidentd needs an inet server to work + * debian/pidentd.postinst: change identd home from /var/run/identd + to /var/run (Closes Ubuntu: #74968) + * change Build Dep linux-kernel-headers in linux-libc-dev (cause FTBFS) + + [ Michael Bienia ] + * change the path from /var/run/identd/identd.pid to /var/run/identd.pid + also in: + - doc/identd.8 + - etc/identd.conf + - src/pidentd.h + - debian/pidentd.prerm + + -- Michael Bienia Thu, 21 Dec 2006 01:31:46 +0100 + +pidentd (3.0.19.ds1-1) unstable; urgency=low + + * New upstream release. + * Fixed "Since version 2.6.16.20-1 of linux-kernel-headers, + tcp_diag.h was renamed as inet_diag.h", closes: 374749. + * Removed doc/rfc1413.txt. + * Fixed identd man page typos, closes: #337184. + Patch by A Costa . + * Set Standards-Version to 3.7.2. + + -- Anibal Monsalve Salazar Wed, 21 Jun 2006 16:38:40 +1000 + +pidentd (3.0.18-3) unstable; urgency=low + + * Documented in README.Debian the problem of pidentd which requires + CONFIG_IP_TCPDIAG to be configured in the kernel, closes: #305926. + * Fixed "pidentd postrm and prerm are #!/bin/sh scripts but use command -v", + closes: #292995. + + -- Anibal Monsalve Salazar Thu, 12 May 2005 23:31:51 +1000 + +pidentd (3.0.18-2) unstable; urgency=low + + * Ported previuos patches to new upstream version. + Fixed "Config file didn't specify a suitable path for pid file" (Closes: #291180). + Fixed "New version is DoS-able and doesn't work well on load" (Closes: #291636). + Patches by Toni Timonen + * New maintainer's email address. + + -- Anibal Monsalve Salazar Thu, 03 Feb 2005 23:11:20 +1100 + +pidentd (3.0.18-1) unstable; urgency=low + + * New upstream release. + * Removed doc/rfc1413.txt. + + -- Anibal Monsalve Salazar Sat, 15 Jan 2005 23:10:06 +1100 + +pidentd (3.0.16-8) unstable; urgency=low + + * Added pidentd web page to debian/{control,copyright}. + + -- Anibal Monsalve Salazar Fri, 25 Jun 2004 09:00:34 +1000 + +pidentd (3.0.16-7) unstable; urgency=low + + * New maintainer (closes: #255921). + * Changed short descriptions in debian/control to fix lintian warning messages. + + -- Anibal Monsalve Salazar Fri, 25 Jun 2004 09:00:34 +1000 + +pidentd (3.0.16-6) unstable; urgency=low + + * QA upload. + * Package orphaned (see #255921). + * Maintainer set to QA team. + + -- Francesco Paolo Lovergine Wed, 23 Jun 2004 21:32:58 +0200 + +pidentd (3.0.16-5) unstable; urgency=low + + * Removed Paul Szabo copyright from k_linux.c as requested. + * Removed bogus checks in k_linux.c. + * Only accept netlink messages from the kernel. + * Recover from netlink overruns. + * Use one buffer for netlink req/rsp. + + -- Herbert Xu Wed, 8 Oct 2003 22:14:06 +1000 + +pidentd (3.0.16-4) unstable; urgency=low + + * Use colon separator for chown in postinst. + * Added TCPDIAG support based on patch from Paul Szabo (closes: #208290). + + -- Herbert Xu Tue, 7 Oct 2003 19:38:37 +1000 + +pidentd (3.0.16-3) unstable; urgency=low + + * Rebuilt against libssl 0.9.7 (closes: #189505). + + -- Herbert Xu Thu, 8 May 2003 20:20:08 +1000 + +pidentd (3.0.16-2) unstable; urgency=low + + * Build pidentd-des in binary-indep target (closes: #174388). + + -- Herbert Xu Sun, 26 Jan 2003 14:29:54 +1100 + +pidentd (3.0.16-1) unstable; urgency=low + + * New upstream release. + * Updated dependency on debhelper. + * Do not show bogus TCP connections (closes: #173251). + * Use files from autotools-dev instead of automake. + + -- Herbert Xu Sun, 22 Dec 2002 16:58:14 +1100 + +pidentd (3.0.14-1) unstable; urgency=low + + * New upstream release. + * United pidentd and pidentd-des. + + -- Herbert Xu Sun, 27 Oct 2002 22:01:01 +1100 + +pidentd (3.0.12-4) unstable; urgency=low + + * Removed comment about RFC compliance from identd.conf (closes: #107595). + + -- Herbert Xu Sun, 2 Sep 2001 11:23:29 +1000 + +pidentd (3.0.12-3) unstable; urgency=low + + * Check uid before dropping privileges (Shane Wegner, closes: #96150). + + -- Herbert Xu Thu, 3 May 2001 19:11:18 +1000 + +pidentd (3.0.12-2) unstable; urgency=low + + * Build-depend on libssl-dev (closes: #90387). + + -- Herbert Xu Tue, 20 Mar 2001 21:44:51 +1100 + +pidentd (3.0.12-1) unstable; urgency=low + + * New upstream release. + * Only attempt to open /proc/net/tcp once (closes: #86988). + * Don't show sockets whose local port is being listened on (closes: #74718). + * Recompiled with latest libssl (closes: #82099). + + -- Herbert Xu Fri, 23 Feb 2001 07:47:20 +1100 + +pidentd (3.0.11-3) unstable; urgency=low + + * Reinstated the Replaces netstd header which got lost when pidentd-des was + created (closes: #77152). + + -- Herbert Xu Thu, 16 Nov 2000 21:33:20 +1100 + +pidentd (3.0.11-2) unstable; urgency=low + + * Added links to syslog.conf(5) in identd(8) (closes: #68407). + + -- Herbert Xu Tue, 4 Jul 2000 13:41:05 +1000 + +pidentd (3.0.11-1) unstable; urgency=low + + * New upstream release. + * Added missing build dependency on debhelper (closes: #66008). + + -- Herbert Xu Tue, 4 Jul 2000 13:41:05 +1000 + +pidentd (3.0.10-1) unstable; urgency=low + + * New upstream release. + * Added the pidentd-des package which supports encryption (closes: #57103). + * Provide ident-server and conflict with it (closes: #58239). + + -- Herbert Xu Fri, 28 Apr 2000 20:51:31 +1000 + +pidentd (3.0.7-3) frozen unstable; urgency=low + + * Always use the latest copies of config.* from automake. + * Explicitly say --without-des as some Alpha systems have RAND_bytes in + libcrypto without des.h. + * Both of the above are needed for the autobuilder on Alpha (closes: #62211). + + -- Herbert Xu Wed, 12 Apr 2000 16:19:33 +1000 + +pidentd (3.0.7-2) frozen unstable; urgency=low + + * Check for the existence of user identd before trying to remove it + (closes: #55064). + * Always create /var/run/pidentd (closes: #56475). + + -- Herbert Xu Sat, 18 Mar 2000 19:39:14 +1100 + +pidentd (3.0.7-1) unstable; urgency=low + + * New upstream release. + * Added missing --pattern argument in postinst. + * Fixed some anomalies when cohabitating with other identd's. + * Added a chown in postinst for /var/run/identd (closes: #49246). + * Don't log read errors as it really confuses people (closes: #49254). + + -- Herbert Xu Sat, 6 Nov 1999 10:16:22 +1100 + +pidentd (3.0.4-2) unstable; urgency=low + + * Only enable ident entry if no others are active (fixes #45240). + * Removed incorrect checks for EINTR on f* calls (fixes #44854). + + -- Herbert Xu Fri, 17 Sep 1999 10:56:21 +1000 + +pidentd (3.0.4-1) unstable; urgency=low + + * Initial Release (fixes #28740, #30366, #33208, #40869). + + -- Herbert Xu Thu, 26 Aug 1999 15:05:53 +1000 + --- pidentd-3.0.19.ds1.orig/debian/compat +++ pidentd-3.0.19.ds1/debian/compat @@ -0,0 +1 @@ +5 --- pidentd-3.0.19.ds1.orig/debian/idecrypt.dirs +++ pidentd-3.0.19.ds1/debian/idecrypt.dirs @@ -0,0 +1,2 @@ +usr/sbin +usr/share/man/man8 --- pidentd-3.0.19.ds1.orig/debian/rules +++ pidentd-3.0.19.ds1/debian/rules @@ -0,0 +1,114 @@ +#!/usr/bin/make -f +# Adapted for pidentd. +# Copyright 1999-2002 by Herbert Xu. +# Copyright 2004-2005 by Anibal Monsalve Salazar. +# Sample debian/rules that uses debhelper. GNU copyright 1997 by Joey Hess. + +# Uncomment this to turn on verbose mode. +export DH_VERBOSE=1 + +# This has to be exported to make some magic below work. +export DH_OPTIONS + +package := pidentd + +configure: configure-stamp +configure-stamp: + dh_testdir + + cd aux; \ + for i in config.*; do \ + [ -f $$i.old ] && continue; \ + mv $$i $$i.old; \ + cp /usr/share/misc/$$i .; \ + done + +ifneq "$(wildcard /usr/share/misc/config.sub)" "" + cp -f /usr/share/misc/config.sub aux/config.sub +endif +ifneq "$(wildcard /usr/share/misc/config.guess)" "" + cp -f /usr/share/misc/config.guess aux/config.guess +endif + + ./configure --with-des \ + --with-des-includes=/usr/include/openssl \ + --mandir='$${prefix}/share/man' \ + --sysconfdir=/etc + + touch configure-stamp + +build: configure + dh_testdir + $(MAKE) + +clean: + dh_testdir + dh_testroot + rm -f configure-stamp + + if [ -f Makefile ]; then $(MAKE) distclean; fi + + cd aux; \ + set *.old; \ + if [ -f "$$1" ]; then \ + for i; do \ + mv $$i $${i%.old}; \ + done; \ + fi +ifneq "$(wildcard /usr/share/misc/config.sub)" "" + rm -f aux/config.sub +endif +ifneq "$(wildcard /usr/share/misc/config.guess)" "" + rm -f aux/config.guess +endif + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + $(MAKE) prefix=`pwd`/debian/$(package)/usr install + rm debian/$(package)/usr/sbin/ibench + cp etc/identd.conf debian/$(package)/etc + cp debian/ikeygen.8 debian/$(package)/usr/share/man/man8 + + mv debian/$(package)/usr/sbin/idecrypt debian/idecrypt/usr/sbin + cp debian/idecrypt.8 debian/idecrypt/usr/share/man/man8 + +# This single target is used to build all the packages, all at once, or +# one at a time. So keep in mind: any options passed to commands here will +# affect _all_ packages. Anything you want to only affect one package +# should be put in another target, such as the install target. +binary-common: + dh_testdir + dh_testroot + dh_installchangelogs + dh_installdocs + dh_installexamples + dh_installmenu + dh_installman +ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) + dh_strip +endif + dh_link + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +# Build architecture-independent files here. +binary-indep: install + $(MAKE) -f debian/rules DH_OPTIONS=-i binary-common + +# Build architecture-dependent files here. +binary-arch: install + $(MAKE) -f debian/rules DH_OPTIONS=-a binary-common + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary binary-common install \ + configure --- pidentd-3.0.19.ds1.orig/debian/idecrypt.8 +++ pidentd-3.0.19.ds1/debian/idecrypt.8 @@ -0,0 +1,50 @@ +.\" $Id: idecrypt.8,v 1.1 2000/04/28 22:44:01 herbert Exp $ +.\" Copyright (c) 2000 Herbert Xu +.\" This manual page is released into the public domain." +.TH idecrypt 8 "28 Apr 2000" +.SH NAME +idecrypt \- Encrypted IDENT response decryption utility +.SH SYNOPSIS +.B idecrypt +[\fIfile\fR]... +.SH DESCRIPTION +.B Idecrypt +decrypts authentication tokens returned by an +.BR identd (8) +server that supports encryption. The tokens can be supplied in +.IR file , +or from the standard input. The decrypted tokens are displayed +on the standard output. +.PP +This program will attempt to decrypt a token with all +the keys stored in the key file until it succeeds (or have tried +all the keys). +.SH FILES +.TP +.B /etc/identd.key +If compiled with +.I DES +encryption enabled, the 1024 first bytes of this file is used to specify +the secret key for encrypting replies. +.SH AVAILABILITY +The daemon is free software. You can redistribute it and/or +modify it as you wish - as long as you don't claim that you wrote +it. +.PP +The source code for the latest version of the daemon can always be +FTP'd from one of the following addresses: +.TP 12 +.B Main site: +ftp://ftp.lysator.liu.se/pub/ident/servers/ +.TP 12 +.B Mirror: +ftp://ftp.uu.net/networking/ident/servers/ +.PP +The author can be contacted at: +.TP 12 +.B Email: +.B Peter Eriksson +.SH "SEE ALSO" +.BR identd (8) +, +.BR ikeygen (8) --- pidentd-3.0.19.ds1.orig/debian/pidentd.docs +++ pidentd-3.0.19.ds1/debian/pidentd.docs @@ -0,0 +1,5 @@ +BUGS +FAQ +KNOWNBUGS +README +Y2K --- pidentd-3.0.19.ds1.orig/debian/control +++ pidentd-3.0.19.ds1/debian/control @@ -0,0 +1,39 @@ +Source: pidentd +Section: net +Priority: standard +Maintainer: Anibal Monsalve Salazar +Standards-Version: 3.8.0 +Build-Depends: autotools-dev, debhelper (>= 5), libssl-dev, linux-libc-dev (>= 2.6.16) +Homepage: http://www.lysator.liu.se/~pen/pidentd/ + +Package: pidentd +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, netbase, adduser, passwd, update-inetd, openbsd-inetd | inet-superserver +Provides: ident-server +Conflicts: ident-server +Replaces: netstd, pidentd-des (<< 3.0.14) +Priority: standard +Section: net +Description: TCP/IP IDENT protocol server with DES support + Identd is a server which implements the TCP/IP proposed standard IDENT user + identification protocol as specified in the RFC 1413 document. + . + This package has been built with DES support. + +Package: idecrypt +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Replaces: pidentd-des (<< 3.0.14) +Priority: optional +Section: utils +Description: decrypt an encrypted response from pidentd + This package contains the idecrypt(8) utility which is used to decrypt + encrypted responses from a pidentd server with DES encryption turned on. + +Package: pidentd-des +Architecture: all +Depends: pidentd (>= 3.0.14), idecrypt +Priority: optional +Description: compatibility package for pidentd + This package exists so that users of the pidentd-des package can upgrade to + the new pidentd which replaces it. You can remove this package. --- pidentd-3.0.19.ds1.orig/debian/pidentd.postinst +++ pidentd-3.0.19.ds1/debian/pidentd.postinst @@ -0,0 +1,40 @@ +#!/bin/sh -e +# $Id: pidentd.postinst,v 1.3 2003/08/14 10:46:05 herbert Exp $ + +if ! id -u identd >/dev/null 2>&1; then + adduser --quiet --system --home /var/run/identd identd +fi +# It is possible that we already have an identd user but no /var/run/pidentd. +mkdir -p /var/run/identd +chown identd:nogroup /var/run/identd +chmod 755 /var/run/identd + +enable_if_alone() { + if ! grep -q ^ident /etc/inetd.conf; then + update-inetd --pattern /usr/sbin/identd --enable ident + fi +} + +case "$1" in +abort-upgrade | abort-deconfigure | abort-remove) + enable_if_alone + ;; +configure) + if [ ! -f /etc/identd.key ]; then + ikeygen + fi + chown identd /etc/identd.key + if grep -q /usr/sbin/identd /etc/inetd.conf; then + enable_if_alone + else + idententry="ident stream tcp wait identd /usr/sbin/identd identd" + update-inetd --group INFO --add "$idententry" + fi + ;; +*) + printf "$0: incorrect arguments: $*\n" >&2 + exit 1 + ;; +esac + +#DEBHELPER# --- pidentd-3.0.19.ds1.orig/debian/pidentd.prerm +++ pidentd-3.0.19.ds1/debian/pidentd.prerm @@ -0,0 +1,11 @@ +#!/bin/sh -e + +# If netbase is not installed, then we don't need to do the remove. +#if command -v update-inetd >/dev/null 2>&1; then +if test -x /usr/sbin/update-inetd >/dev/null 2>&1; then + /usr/sbin/update-inetd --pattern /usr/sbin/identd --disable ident +fi + +kill `cat /var/run/identd/identd.pid 2>/dev/null` 2>/dev/null || true + +#DEBHELPER# --- pidentd-3.0.19.ds1.orig/debian/pidentd.postrm +++ pidentd-3.0.19.ds1/debian/pidentd.postrm @@ -0,0 +1,27 @@ +#!/bin/sh -e + +case "$1" in +abort-install | remove | abort-upgrade | upgrade | failed-upgrade | disappear) + ;; +purge) + rm -f /etc/identd.key + if [ ! -x /usr/sbin/identd -a -x /usr/sbin/userdel ]; then + if id -u identd >/dev/null 2>&1; then + /usr/sbin/userdel -r identd + fi + # If netbase is not installed, then we don't need to do the + # remove. + #if command -v update-inetd >/dev/null 2>&1; then + if test -x /usr/sbin/update-inetd >/dev/null 2>&1; then + /usr/sbin/update-inetd --remove \ + "ident .* /usr/sbin/identd" + fi + fi + ;; +*) + echo "$0: incorrect arguments: $*" >&2 + exit 1 + ;; +esac + +#DEBHELPER# --- pidentd-3.0.19.ds1.orig/debian/pidentd.dirs +++ pidentd-3.0.19.ds1/debian/pidentd.dirs @@ -0,0 +1 @@ +etc --- pidentd-3.0.19.ds1.orig/debian/README.Debian +++ pidentd-3.0.19.ds1/debian/README.Debian @@ -0,0 +1,45 @@ +If you get the "netlink_lookup: write failed: Connection +refused" message, please read the following lines. + +Please refer to http://bugs.debian.org/305926 and + http://bugs.debian.org/339317 + +Costas Tavernarakis + + pident always fails on 2.6.11.7 with "netlink_lookup: + write failed: Connection refused". Have not tried many + kernel versions, it works on debian kernels and 2.6.8.1. + +And Daniel Kraft + + I had the same problem with pidentd and found that it + apparently tries to use a NETLINK-socket with "protocol" + NETLINK_TCPDIAG, probably to inquire about the "owners" + of tcp connections. For this to work, the kernel needs + to have CONFIG_IP_TCPDIAG, called "IP: TCP socket + monitoring interface" in the networking options section + of the kernel configuration. I had configured that as a + module, not knowing what it was needed for; obviously it + does not load automatically on demand, but after loading + it manually, the error with pidentd is gone. + +Olivier Berger + + Refering to bug 305926 and the additions in README.Debian, + I think it would be interesting to explicitly mention the + module name (tcp_diag) in the README. + +Roland Stigge + + The kernel option is called CONFIG_INET_TCP_DIAG, or + CONFIG_INET_DIAG, in 2.6.15. The module is called tcp_diag, + as Oliver mentioned. But it's not loaded by default, at + least not with the current Debian default setting and stock + kernel. + +vj + + netlink_lookup: write failed: Connection refused still + occurs, the module tcp_diag needs to be loaded. It is a + module in the default 2.6.16 .config, CONFIG_INET_DIAG. + Loading it solves the error. --- pidentd-3.0.19.ds1.orig/debian/ikeygen.8 +++ pidentd-3.0.19.ds1/debian/ikeygen.8 @@ -0,0 +1,59 @@ +.\" $Id: ikeygen.8,v 1.1 2000/04/28 22:44:01 herbert Exp $ +.\" Copyright (c) 2000 Herbert Xu +.\" This manual page is released into the public domain." +.TH ikeygen 8 "28 Apr 2000" +.SH NAME +ikeygen \- Generate a random DES key +.SH SYNOPSIS +.B idecrypt +.RB [ -h ] +.RB [ -V ] +.RB [ -v ] +[\fB-i\fIfile\fR] +.RI [ keyfile ] +.SH DESCRIPTION +.B Ikeygen +generates a random DES key that is suitable for uses with +.BR identd (8). +If +.I keyfile +is not specified, the default location of +.B /etc/identd.key +will be used. +.SH OPTIONS +.TP 10 +.B \-h +Display the available command line options. +.TP 10 +.B \-V +Displays the version and OS version it was compiled for, and then exit. +.TP 10. +.B \-v +Be verbose. +.TP 10. +.BI \-i file +Use the key found in +.I file +instead of generating a new one. +.SH AVAILABILITY +The daemon is free software. You can redistribute it and/or +modify it as you wish - as long as you don't claim that you wrote +it. +.PP +The source code for the latest version of the daemon can always be +FTP'd from one of the following addresses: +.TP 12 +.B Main site: +ftp://ftp.lysator.liu.se/pub/ident/servers/ +.TP 12 +.B Mirror: +ftp://ftp.uu.net/networking/ident/servers/ +.PP +The author can be contacted at: +.TP 12 +.B Email: +.B Peter Eriksson +.SH "SEE ALSO" +.BR idecrypt (8) +, +.BR identd (8)