Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

import of pidentd 2.1.2, by Peter Eriksson <pen@lysator.liu.se>. need…

…s clennup
  • Loading branch information...
commit 9e7bb999e3714990fa78510e9aa9e2a06d04734d 1 parent a2bca40
cgd authored
52 libexec/identd/CREDITS
View
@@ -0,0 +1,52 @@
+Credits go to (I've probably forgot someone - please don't hesitate
+to tell me!) for helping making Pidentd what it is:
+
+Casper Dik <casper@fwi.uva.nl>, Math & CS Faculty, U. of Amsterdam, NL
+ (Added support for SunOS 5 (Solaris 2))
+
+Dave Shield <D.T.Shield@compsci.liverpool.ac.uk>, CS Dept. Liverpool U., UK
+ (Added support for HP9K HPUX 8.*)
+
+Jan L. Peterson <jlp@phred.math.byu.edu>, Math Dept. BYU, USA
+ (Added support for MIPS RISC/os and fixed a few other things)
+
+Fletcher Mattox <fletcher@cs.utexas.edu>, University of Texas, USA
+ (Added support for HP9K HP-UX 7.*)
+
+Mark Monnin <mgrmem@nextwork.rose-hulman.edu>, Rose-Hulman Inst. of Tech, USA
+ (Added support for DEC Ultrix 4.*)
+
+Simon Leinen <simon@lia.di.epfl.ch>, Switzerland
+ (Added support for Silicon Graphics IRIX 4.*)
+
+Frank Maas <maas@dutiws.tudelft.nl>, Delft Univ. of Technology, The Netherlands
+ (Added support for Sequent Dynix 3.*)
+
+Andrew Herbert <andrewh@molly.cs.monash.edu.au>, Monash University, Australia
+ (Added support for System V/Release 4)
+
+David Bennet <ddt@gu.uwa.edu.au>, Australia
+ (Added support for 386BSD)
+
+Fishman M. Shmuel <fms@ccgr.technion.ac.il>, Technion Inst. of Tech., Israel
+ (Added support for Convex & 4.3BSDtahoe (then heavily hacked by me))
+
+Bradley E. Smith <brad@bradley.bradley.edu>, Bradley University, USA
+ (Added support for AT&T's own version of SVR4)
+
+RenE J.V. Bertin <bertin@neuretD.biol.ruu.nl>, Uni. of Utrecht, The Netherlands
+ (Added support for Apple A/UX 2.*)
+
+Douglas Lee Schales <Doug.Schales@sc.tamu.edu>, Texas A&M University, USA
+ (Added support for Cray UNICOS 6.*)
+
+Don Hazlewood <haz@dali.math.swt.edu>, SW Texas State U., USA
+ (Added support for A/UX 3.*)
+
+ Nigel Metheringham <nigelm@ohm.york.ac.uk>, University of York, UK
+ (Added support for NeXT, SunOS 3.*, corrections for MIPS)
+
+----------------------------------------------------------------------------
+Peter Eriksson <pen@lysator.liu.se>, Lysator, Linkoping University, Sweden.
+ (Original code for Sun SunOS 4.* and Sequent Dynix 2.*)
+
10 libexec/identd/Makefile
View
@@ -0,0 +1,10 @@
+# $Id: Makefile,v 1.1.1.1 1994/02/04 21:41:32 cgd Exp $
+
+PROG= identd
+SRCS= config.c identd.c netbsd.c parse.c proxy.c version.c
+MAN8= identd.0
+
+LDADD= -lkvm
+DPADD= ${LIBKVM}
+
+.include <bsd.prog.mk>
129 libexec/identd/README
View
@@ -0,0 +1,129 @@
+ pidentd
+
+ ("Peter's Ident Daemon" or is it "Portable Ident Daemon"?)
+
+ Peter Eriksson <pen@lysator.liu.se>
+
+
+This program is released into the public domain and can be used by
+anyone who wants to. Vendors may include it into their distributions
+if they want to without any restrictions. (Although it would be nice
+to be notified by email if someone decides to do that, and/or a note
+somewhere about who wrote this program. Like in the man-page or so.. :-)
+
+This is a program that implements the RFC1413 identification server. It
+was very much inspired by Dan Bernstein's original 'authd' (but unlike
+that program doesn't use 'netstat' to get some of the information) It
+uses the kernel information directly. (And is due to that fact a lot
+faster). Dan has now written another version of the 'authd' daemon that
+uses his 'kstuff' to read the kernel information. Unlike that daemon,
+this will use only normally available kernel access functions (and is due
+to that more limited in the different machines it support). Please note
+that this daemon used to be called pauthd but has changed name to better
+reflect what it does (and to conform to the new RFC).
+
+This daemon has been tested on the following machines/OS (please report
+to me if you've tested a newer version, or if your machine/OS isn't among
+the ones below):
+
+Machine Operating System Pidentd version
+---------------------- ---------------------- --------------------------
+ Sequent Balance Dynix 3.0.14 2.1beta.12
+ Sequent Symmetry Dynix 3.1.2 2.1beta.3
+ Sun 3/50 SunOS 3.5 2.1beta.8.1 (3)
+ Sun 386i SunOS 4.0.2 1.9beta
+ Sun 2/120 SunOS 4.0.3 2.1beta.10
+ Sun 3/280 SunOS 4.1.1 2.1beta.12
+ Sun 4/380 SunOS 4.1.3 2.1beta.12
+ Sun SS1/41 SunOS 5.1 2.1beta.11
+ HP 9000/375 HP-UX 7.0 2.1beta.10.1 (1)
+ HP 9000/300 HP-UX 8.0 2.1beta.12
+ HP 9000/340 HP-UX 8.0 2.1beta.10.1
+ HP 9000/360 HP-UX 8.0 2.1beta.10.1
+ HP 9000/710 HP-UX 8.07 2.1beta.10.1
+ HP 9000/720 HP-UX 8.07 2.1beta.10.1
+ HP 9000/715 HP-UX 9.0 2.1beta.9.1
+ HP 9000/827 HP-UX 8.02 2.1beta.8.1
+ HP 9000/834 HP-UX 7.0 2.0beta.4
+ HP 9000/835 HP-UX 8.00 2.1beta.10.1
+ MIPS RISC/OS 4.5x 2.1beta.8.1
+ DECstation 2100 Ultrix 4.2-96 2.1beta.2 (2)
+ DECstation 5000/133 Ultrix 4.2 2.1beta.9.1 (2) [?]
+ DEC VAXstation 2000 Ultrix-32 3.1 2.1beta.12 (2) [?]
+ DEC VAX vs3520 Ultrix 3.0 2.1beta.9.1 (2) [?]
+ DEC VAX 11/780 4.3BSD Reno 2.1beta.12 (2)
+ i486-PC UHC SVR4 2.0 2.0beta.4 (2)
+ i486-PC Dell SVR4 2.2 2.0beta.4 (2)
+ i486-PC ESIX SVR4 4.0.4 2.1beta.2 (2)
+ i486-PC 386BSD 0.1 2.1beta.3 (2)
+ Cray UNICOS 6.0.12 2.1beta.7
+ NeXT NeXTSTEP 2.1 2.1beta.9.1 (3)
+ NeXT NeXTSTEP 3.0 2.1beta.9.1 (3)
+ Pyramid 90x dualPort OSx 4.1 2.1beta.12
+ Silicon Graphics IRIX 4 2.1beta.10
+
+Notes:
+ 1) HP-UX 7.0 doesn't support running streams based services from
+ Inetd with the "wait" option (and the "-w" flag to Pidentd).
+
+ It also has problems with starting stuff as user "sys" from Inetd.
+ (It doesn't correctly set the group id to "sys") so I suggest you
+ either starts it as user "root" and use the "-u" and "-g" flags
+ to setuid and setgid itself to user "sys", group "sys", or do a
+ 'chgrp sys in.identd' and then a 'chmod g+s in.identd' and start
+ it as user "sys" from Inetd.
+
+ 2) These systems also doesn't support running streams based
+ services from Inetd with the "wait" option.
+
+ 3) See notes in the READMEs/README.<machine-type> specific files.
+
+
+Please let me know if you find any bugs, or have ported it to other
+machines (and care to share the changes with me and the world!).
+
+See the manual page for information about the various command line
+options that are available.
+
+NOTE: One should NOT use the -d option when using it for normal use!
+
+If you intend to create or modify daemons that use the IDENT protocol
+then you may wish to get the "libident" library that contains some
+functions to implement the client side of this protocol. It is available
+as "libident-*.tar.Z" in "pub/ident/libs" at "ftp.lysator.liu.se".
+
+There is a mailing list for users of the IDENT(RFC1413)/TAP protocol called
+'ident-users@lysator.liu.se' that you may want to consider joining.
+Send mail to the address 'ident-users-request@lysator.liu.se' to
+join it. This list is intended for generic discussions on using this
+protocol and it's associated tools.
+
+If you only want to receive news about new (non-alpha/beta) releases of
+Pidentd then you can join the 'ident-announce@lysator.liu.se' mailing
+list. Send mail to the address 'ident-announce-request@lysator.liu.se' to
+join it. No discussions will take place on this list.
+
+I also run a small mailing list for people who wants to act as testers
+of new alpha/beta-versions of Pidentd. If you wish to join, please send
+mail to the address 'pidentd-testers-request@lysator.liu.se'. (I can always
+use more testers, so don't hesitate :-)
+
+It's a human (namely me :-) that reads the letters sent to *-request.
+Please include the full email address to which to wish to have the
+letters sent.
+
+I'm grateful for success/failure stories about installing/compiling this
+daemon...
+
+Information of interrest:
+
+ 1. Machine and operating system type and version.
+ 2. Command line flags.
+ 3. Inetd.conf configuration.
+ 4. Did it work, or not. And if not - what did it report to the
+ syslog file? (You'll have to add the "-l" option and probably
+ reconfigure your Syslogd). If you use the "-d" option then
+ you can see a verbose error if you Telnet into it directly and
+ send it a query manually. (See the INSTALL file for more information).
+
+/Peter Eriksson <pen@lysator.liu.se>, 5 April 1993
46 libexec/identd/config.c
View
@@ -0,0 +1,46 @@
+/*
+** config.c This file handles the config file
+**
+** This program is in the public domain and may be used freely by anyone
+** who wants to.
+**
+** Last update: 6 Dec 1992
+**
+** Please send bug fixes/bug reports to: Peter Eriksson <pen@lysator.liu.se>
+*/
+
+#include <stdio.h>
+#include <errno.h>
+
+#include "error.h"
+#include "identd.h"
+#include "paths.h"
+
+
+int parse_config(path, silent_flag)
+ char *path;
+ int silent_flag;
+{
+ FILE *fp;
+
+ if (!path)
+ path = PATH_CONFIG;
+
+ fp = fopen(path, "r");
+ if (!fp)
+ {
+ if (silent_flag)
+ return 0;
+
+ ERROR1("error opening %s", path);
+ }
+
+ /*
+ ** Code should go here to parse the config file data.
+ ** For now we just ignore the contents...
+ */
+
+
+ fclose(fp);
+ return 0;
+}
42 libexec/identd/error.h
View
@@ -0,0 +1,42 @@
+/*
+** error.h Error handling macros
+**
+** This program is in the public domain and may be used freely by anyone
+** who wants to.
+**
+** Last update: 19 Aug 1992
+**
+** Please send bug fixes/bug reports to: Peter Eriksson <pen@lysator.liu.se>
+*/
+
+#ifndef __ERROR_H__
+#define __ERROR_H__
+
+#include <syslog.h>
+
+#define ERROR(fmt) \
+ ((syslog_flag ? (syslog(LOG_ERR, fmt),0) : 0), \
+ (debug_flag ? (fprintf(stderr, "%d , %d : ERROR : X-DBG : ", \
+ lport, fport), \
+ fprintf(stderr, fmt), perror(": "), 0) : \
+ (printf("%d , %d : ERROR : UNKNOWN-ERROR\r\n", lport, fport), 0)), \
+ fflush(stdout), fflush(stderr), exit(1), 0)
+
+
+#define ERROR1(fmt,v1) \
+ ((syslog_flag ? (syslog(LOG_ERR, fmt, v1),0) : 0), \
+ (debug_flag ? (fprintf(stderr, "%d , %d : ERROR : X-DBG : ", \
+ lport, fport), \
+ fprintf(stderr, fmt, v1), perror(": "), 0) : \
+ (printf("%d , %d : ERROR : UNKNOWN-ERROR\r\n", lport, fport), 0)), \
+ fflush(stdout), fflush(stderr), exit(1), 0)
+
+#define ERROR2(fmt,v1,v2) \
+ ((syslog_flag ? (syslog(LOG_ERR, fmt, v1, v2),0) : 0), \
+ (debug_flag ? (fprintf(stderr, "%d , %d : ERROR : X-DBG : ", \
+ lport, fport), \
+ fprintf(stderr, fmt, v1, v2), perror(": "), 0) : \
+ (printf("%d , %d : ERROR : UNKNOWN-ERROR\r\n", lport, fport), 0)), \
+ fflush(stdout), fflush(stderr), exit(1), 0)
+
+#endif
265 libexec/identd/identd.8
View
@@ -0,0 +1,265 @@
+.\" @(#)identd.8 1.9 92/02/11 Lysator
+.\" Copyright (c) 1992 Peter Eriksson, Lysator, Linkoping University.
+.\" This software has been released into the public domain.
+.\"
+.TH IDENTD 8 "27 May 1992"
+.SH NAME
+identd, in.identd \- TCP/IP IDENT protocol server
+.SH SYNOPSIS
+.B /usr/sbin/in.identd
+.RB [ \-i | \-w | \-b ]
+.RB [ \-t<seconds> ]
+.RB [ \-u<uid> ]
+.RB [ \-g<gid> ]
+.RB [ \-p<port> ]
+.RB [ \-a<address> ]
+.RB [ \-c<charset> ]
+.RB [ \-n ]
+.RB [ \-o ]
+.RB [ \-e ]
+.RB [ \-l ]
+.RB [ \-V ]
+.RB [ \-m ]
+.RB [ \-N ]
+.RB [ \-d ]
+.RB [ kernelfile [ kmemfile ] ]
+.SH DESCRIPTION
+.IX "identd daemon" "" \fLidentd\fP daemon"
+.B identd
+is a server which implements the
+.SM TCP/IP
+proposed standard
+.SM IDENT
+user identification protocol as specified in the
+.SM RFC\s0 1413
+document.
+.PP
+.B identd
+operates by looking up specific
+.SM TCP/IP
+connections and returning the user name of the
+process owning the connection.
+.SH ARGUMENTS
+The
+.B -i
+flag, which is the default mode, should be used when starting the
+daemon from
+.B inetd
+with the "nowait" option in the
+.B /etc/inetd.conf
+file. Use of this mode will make
+.B inetd
+start one
+.B identd
+daemon for each connection request.
+.PP
+The
+.B -w
+flag should be used when starting the daemon from
+.B inetd
+with the "wait" option in the
+.B /etc/inetd.conf
+file . This is the prefered mode of
+operation since that will start a copy of
+.B identd
+at the first connection request and then
+.B identd
+will handle subsequent requests
+without having to do the nlist lookup in the kernel file for
+every request as in the
+.B -i
+mode above. The
+.B identd
+daemon will run either forever, until a bug
+makes it crash or a timeout, as specified by the
+.B -t
+flag, occurs.
+.PP
+The
+.B -b
+flag can be used to make the daemon run in standalone mode without
+the assistance from
+.B inetd.
+This mode is the least prefered mode since
+a bug or any other fatal condition in the server will make it terminate
+and it will then have to be restarted manually. Other than that is has the
+same advantage as the
+.B -w
+mode in that it parses the nlist only once.
+.PP
+The
+.B -t<seconds>
+option is used to specify the timeout limit. This is the number
+of seconds a server started with the
+.B -w
+flag will wait for new connections before terminating. The server is
+automatically restarted by
+.B inetd
+whenever a new connection is requested
+if it has terminated. A suitable value for this is 120 (2 minutes), if
+used. It defaults to no timeout (ie, will wait forever, or until a
+fatal condition occurs in the server).
+.PP
+The
+.B -u<uid>
+option is used to specify a user id number which the
+.B ident
+server should
+switch to after binding itself to the
+.SM TCP/IP
+port if using the
+.B -b
+mode of operation.
+.PP
+The
+.B -g<gid>
+option is used to specify a group id number which the
+.B ident
+server should
+switch to after binding itself to the
+.SM TCP/IP
+port if using the
+.B -b
+mode of operation.
+.PP
+The
+.B -p<port>
+option is used to specify an alternative port number to bind to if using
+the
+.B -b
+mode of operation. It can be specified by name or by number. Defaults to the
+.SM IDENT
+port (113).
+.PP
+The
+.B -a<address>
+option is used to specify the local address to bind the socket to if using
+the
+.B -b
+mode of operation. Can only be specified by IP address and not by domain
+name. Defaults to the
+.SM INADDR_ANY
+address which normally means all local addresses.
+.PP
+The
+.B -V
+flag makes
+.B identd
+display the version number and the exit.
+.PP
+The
+.B -l
+flag tells
+.B identd
+to use the System logging daemon
+.B syslogd
+for logging purposes.
+.PP
+The
+.B -o
+flag tells
+.B identd
+to not reveal the operating system type it is run on and to instead
+always return "OTHER".
+.PP
+The
+.B -e
+flag tells
+.B identd
+to always return "UNKNOWN-ERROR" instead of the "NO-USER" or
+"INVALID-PORT" errors.
+.PP
+The
+.B -c<charset>
+flags tells
+.B identd
+to add the optional (according to the IDENT protocol) character set
+designator to the reply generated. <charset> should be a valid character
+set as described in the MIME RFC in upper case characters.
+.PP
+The
+.B -n
+flags tells
+.B identd
+to always return user numbers instead of user names if you wish to
+keep the user names a secret.
+.PP
+The
+.B -N
+flag makes
+.B identd
+check for a file ".noident" in each homedirectory for a user which the
+daemon is about to return the user name for. It that file exists then the
+daemon will give the error
+.B HIDDEN-USER
+instead of the normal USERID response.
+.PP
+.B -m
+flag makes
+.B identd
+use a mode of operation that will allow multiple requests to be
+processed per session. Each request is specified one per line and
+the responses will be returned one per line. The connection will not
+be closed until the connecting part closes it's end of the line.
+PLEASE NOTE THAT THIS MODE VIOLATES THE PROTOCOL SPECIFICATION AS
+IT CURRENTLY STANDS.
+.PP
+The
+.B -d
+flag enables some debugging code that normally should NOT
+be enabled since that breaks the protocol and may reveal information
+that should not be available to outsiders.
+.PP
+.B kernelfile
+defaults to the normally running kernel file.
+.PP
+.B kmemfile
+defaults to the memory space of the normally running kernel.
+.SH INSTALLATION
+.B identd
+is invoked either by the internet server (see
+.BR inetd (8C)
+) for requests to connect to the
+.SM IDENT
+port as indicated by the
+.B /etc/services
+file (see
+.BR services (5)
+) when using the
+.B -w
+or
+.B -i
+modes of operation or started manually by using the
+.B -b
+mode of operation.
+.SH EXAMPLES
+Assuming the server is located in
+.B /usr/etc/in.identd
+one can put either:
+.PP
+ident stream tcp wait sys /usr/etc/in.identd in.identd -w -t120
+.PP
+or:
+.PP
+ident stream tcp nowait sys /usr/etc/in.identd in.identd -i
+.PP
+into the
+.B /etc/inetd.conf
+file. User "sys" should have enough rights to READ the kernel
+but NOT to write to it.
+.PP
+To start it using the
+.B -b
+mode of operation one can put a line like this into the
+.B /etc/rc.local
+file:
+.PP
+/usr/etc/in.identd -b -u2 -g2
+.PP
+This will make it run in the background as user 2, group 2 (user "sys",
+group "kmem" on SunOS 4.1.1).
+.SH SEE ALSO
+.BR authuser (3)
+.BR inetd.conf (5)
+.SH BUGS
+The handling of fatal errors could be better.
629 libexec/identd/identd.c
View
@@ -0,0 +1,629 @@
+/*
+** identd.c A TCP/IP link identification protocol server
+**
+** This program is in the public domain and may be used freely by anyone
+** who wants to.
+**
+** Last update: 22 April 1993
+**
+** Please send bug fixes/bug reports to: Peter Eriksson <pen@lysator.liu.se>
+*/
+
+#if defined(IRIX) || defined(SVR4) || defined(NeXT)
+# define SIGRETURN_TYPE void
+# define SIGRETURN_TYPE_IS_VOID
+#else
+# define SIGRETURN_TYPE int
+#endif
+
+#ifdef SVR4
+# define STRNET
+#endif
+
+#include <stdio.h>
+#include <ctype.h>
+#include <errno.h>
+#include <netdb.h>
+#include <signal.h>
+#include <fcntl.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+#ifndef _AUX_SOURCE
+# include <sys/file.h>
+#endif
+#include <sys/time.h>
+#include <sys/wait.h>
+
+#include <pwd.h>
+#include <grp.h>
+
+#include <netinet/in.h>
+
+#ifndef HPUX7
+# include <arpa/inet.h>
+#endif
+
+#if defined(MIPS) || defined(BSD43)
+extern int errno;
+#endif
+
+#include "identd.h"
+#include "error.h"
+
+/* Antique unixes do not have these things defined... */
+#ifndef FD_SETSIZE
+# define FD_SETSIZE 256
+#endif
+
+#ifndef FD_SET
+# ifndef NFDBITS
+# define NFDBITS (sizeof(int) * NBBY) /* bits per mask */
+# endif
+# define FD_SET(n, p) ((p)->fds_bits[(n)/NFDBITS] |= (1 << ((n) % NFDBITS)))
+#endif
+
+#ifndef FD_ZERO
+# define FD_ZERO(p) bzero((char *)(p), sizeof(*(p)))
+#endif
+
+extern char *version;
+
+extern void *calloc();
+extern void *malloc();
+
+
+char *path_unix = NULL;
+char *path_kmem = NULL;
+
+int verbose_flag = 0;
+int debug_flag = 0;
+int syslog_flag = 0;
+int multi_flag = 0;
+int other_flag = 0;
+int unknown_flag = 0;
+int number_flag = 0;
+int noident_flag = 0;
+
+int lport = 0;
+int fport = 0;
+
+char *charset_name = NULL;
+char *indirect_host = NULL;
+char *indirect_password = NULL;
+
+static int child_pid;
+
+#ifdef LOG_DAEMON
+static int syslog_facility = LOG_DAEMON;
+#endif
+
+/*
+** The structure passing convention for GCC is incompatible with
+** Suns own C compiler, so we define our own inet_ntoa() function.
+** (This should only affect GCC version 1 I think, a well, this works
+** for version 2 also so why bother.. :-)
+*/
+#if defined(__GNUC__) && defined(__sparc__)
+
+#ifdef inet_ntoa
+#undef inet_ntoa
+#endif
+
+char *inet_ntoa(ad)
+ struct in_addr ad;
+{
+ unsigned long int s_ad;
+ int a, b, c, d;
+ static char addr[20];
+
+ s_ad = ad.s_addr;
+ d = s_ad % 256;
+ s_ad /= 256;
+ c = s_ad % 256;
+ s_ad /= 256;
+ b = s_ad % 256;
+ a = s_ad / 256;
+ sprintf(addr, "%d.%d.%d.%d", a, b, c, d);
+
+ return addr;
+}
+#endif
+
+
+/*
+** Return the name of the connecting host, or the IP number as a string.
+*/
+char *gethost(addr)
+ struct in_addr *addr;
+{
+ struct hostent *hp;
+
+
+ hp = gethostbyaddr((char *) addr, sizeof(struct in_addr), AF_INET);
+ if (hp)
+ return hp->h_name;
+ else
+ return inet_ntoa(*addr);
+}
+
+#ifdef USE_SIGALARM
+/*
+** Exit cleanly after our time's up.
+*/
+static SIGRETURN_TYPE
+alarm_handler()
+{
+ if (syslog_flag)
+ syslog(LOG_DEBUG, "SIGALRM triggered, exiting");
+
+ exit(0);
+}
+#endif
+
+
+#if !defined(hpux) && !defined(__hpux) && !defined(SVR4) || defined(_CRAY)
+/*
+** This is used to clean up zombie child processes
+** if the -w or -b options are used.
+*/
+static SIGRETURN_TYPE
+child_handler()
+{
+#if defined(IRIX) || defined(NeXT)
+ union wait status;
+#else
+ int status;
+#endif
+
+ while (wait3(&status, WNOHANG, NULL) > 0)
+ ;
+
+#ifndef SIGRETURN_TYPE_IS_VOID
+ return 0;
+#endif
+}
+#endif
+
+
+char *clearmem(bp, len)
+ char *bp;
+ int len;
+{
+ char *cp;
+
+ cp = bp;
+ while (len-- > 0)
+ *cp++ = 0;
+
+ return bp;
+}
+
+
+/*
+** Main entry point into this daemon
+*/
+int main(argc,argv)
+ int argc;
+ char *argv[];
+{
+ int i, len;
+ struct sockaddr_in sin;
+ struct in_addr laddr, faddr;
+#ifndef USE_SIGALARM
+ struct timeval tv;
+#endif
+
+ int background_flag = 0;
+ int timeout = 0;
+ char *portno = "113";
+ char *bind_address = NULL;
+ int set_uid = 0;
+ int set_gid = 0;
+ int inhibit_default_config = 0;
+ int opt_count = 0; /* Count of option flags */
+
+#ifdef __convex__
+ argc--; /* get rid of extra argument passed by inetd */
+#endif
+
+ /*
+ ** Prescan the arguments for "-f<config-file>" switches
+ */
+ inhibit_default_config = 0;
+ for (i = 1; i < argc && argv[i][0] == '-'; i++)
+ if (argv[i][1] == 'f')
+ inhibit_default_config = 1;
+
+ /*
+ ** Parse the default config file - if it exists
+ */
+ if (!inhibit_default_config)
+ parse_config(NULL, 1);
+
+ /*
+ ** Parse the command line arguments
+ */
+ for (i = 1; i < argc && argv[i][0] == '-'; i++) {
+ opt_count++;
+ switch (argv[i][1])
+ {
+ case 'b': /* Start as standalone daemon */
+ background_flag = 1;
+ break;
+
+ case 'w': /* Start from Inetd, wait mode */
+ background_flag = 2;
+ break;
+
+ case 'i': /* Start from Inetd, nowait mode */
+ background_flag = 0;
+ break;
+
+ case 't':
+ timeout = atoi(argv[i]+2);
+ break;
+
+ case 'p':
+ portno = argv[i]+2;
+ break;
+
+ case 'a':
+ bind_address = argv[i]+2;
+ break;
+
+ case 'u':
+ if (isdigit(argv[i][2]))
+ set_uid = atoi(argv[i]+2);
+ else
+ {
+ struct passwd *pwd;
+
+ pwd = getpwnam(argv[i]+2);
+ if (!pwd)
+ ERROR1("no such user (%s) for -u option", argv[i]+2);
+ else
+ {
+ set_uid = pwd->pw_uid;
+ set_gid = pwd->pw_gid;
+ }
+ }
+ break;
+
+ case 'g':
+ if (isdigit(argv[i][2]))
+ set_gid = atoi(argv[i]+2);
+ else
+ {
+ struct group *grp;
+
+ grp = getgrnam(argv[i]+2);
+ if (!grp)
+ ERROR1("no such group (%s) for -g option", argv[i]+2);
+ else
+ set_gid = grp->gr_gid;
+ }
+ break;
+
+ case 'c':
+ charset_name = argv[i]+2;
+ break;
+
+ case 'r':
+ indirect_host = argv[i]+2;
+ break;
+
+ case 'l': /* Use the Syslog daemon for logging */
+ syslog_flag++;
+ break;
+
+ case 'o':
+ other_flag = 1;
+ break;
+
+ case 'e':
+ unknown_flag = 1;
+ break;
+
+ case 'n':
+ number_flag = 1;
+ break;
+
+ case 'V': /* Give version of this daemon */
+ printf("[in.identd, version %s]\r\n", version);
+ exit(0);
+ break;
+
+ case 'v': /* Be verbose */
+ verbose_flag++;
+ break;
+
+ case 'd': /* Enable debugging */
+ debug_flag++;
+ break;
+
+ case 'm': /* Enable multiline queries */
+ multi_flag++;
+ break;
+
+ case 'N': /* Enable users ".noident" files */
+ noident_flag++;
+ break;
+ }
+ }
+
+#if defined(_AUX_SOURCE) || defined (SUNOS35)
+ /* A/UX 2.0* & SunOS 3.5 calls us with an argument XXXXXXXX.YYYY
+ ** where XXXXXXXXX is the hexadecimal version of the callers
+ ** IP number, and YYYY is the port/socket or something.
+ ** It seems to be impossible to pass arguments to a daemon started
+ ** by inetd.
+ **
+ ** Just in case it is started from something else, then we only
+ ** skip the argument if no option flags have been seen.
+ */
+ if (opt_count == 0)
+ argc--;
+#endif
+
+ /*
+ ** Path to kernel namelist file specified on command line
+ */
+ if (i < argc)
+ path_unix = argv[i++];
+
+ /*
+ ** Path to kernel memory device specified on command line
+ */
+ if (i < argc)
+ path_kmem = argv[i++];
+
+
+ /*
+ ** Open the kernel memory device and read the nlist table
+ */
+ if (k_open() < 0)
+ ERROR("main: k_open");
+
+ /*
+ ** Do the special handling needed for the "-b" flag
+ */
+ if (background_flag == 1)
+ {
+ struct sockaddr_in addr;
+ struct servent *sp;
+ int fd;
+
+
+ if (fork())
+ exit(0);
+
+ close(0);
+ close(1);
+ close(2);
+
+ if (fork())
+ exit(0);
+
+ fd = socket(AF_INET, SOCK_STREAM, 0);
+ if (fd == -1)
+ ERROR("main: socket");
+
+ if (fd != 0)
+ dup2(fd, 0);
+
+ clearmem(&addr, sizeof(addr));
+
+ addr.sin_family = AF_INET;
+ if (bind_address == NULL)
+ addr.sin_addr.s_addr = htonl(INADDR_ANY);
+ else
+ {
+ if (isdigit(bind_address[0]))
+ addr.sin_addr.s_addr = inet_addr(bind_address);
+ else
+ {
+ struct hostent *hp;
+
+ hp = gethostbyname(bind_address);
+ if (!hp)
+ ERROR1("no such address (%s) for -a switch", bind_address);
+
+ /* This is ugly, should use memcpy() or bcopy() but... */
+ addr.sin_addr.s_addr = * (unsigned long *) (hp->h_addr);
+ }
+ }
+
+ if (isdigit(portno[0]))
+ addr.sin_port = htons(atoi(portno));
+ else
+ {
+ sp = getservbyname(portno, "tcp");
+ if (sp == NULL)
+ ERROR1("main: getservbyname: %s", portno);
+ addr.sin_port = sp->s_port;
+ }
+
+ if (bind(0, (struct sockaddr *) &addr, sizeof(addr)) < 0)
+ ERROR("main: bind");
+
+ if (listen(0, 3) < 0)
+ ERROR("main: listen");
+ }
+
+ if (set_gid)
+ if (setgid(set_gid) == -1)
+ ERROR("main: setgid");
+
+ if (set_uid)
+ if (setuid(set_uid) == -1)
+ ERROR("main: setuid");
+
+ /*
+ ** Do some special handling if the "-b" or "-w" flags are used
+ */
+ if (background_flag)
+ {
+ int nfds, fd;
+ fd_set read_set;
+
+
+ /*
+ ** Set up the SIGCHLD signal child termination handler so
+ ** that we can avoid zombie processes hanging around and
+ ** handle childs terminating before being able to complete the
+ ** handshake.
+ */
+#if (defined(SVR4) || defined(hpux) || defined(__hpux) || \
+ defined(_CRAY) || defined(_AUX_SOURCE))
+ signal(SIGCHLD, SIG_IGN);
+#else
+ signal(SIGCHLD, (SIGRETURN_TYPE (*)()) child_handler);
+#endif
+
+ /*
+ ** Loop and dispatch client handling processes
+ */
+ do
+ {
+#ifdef USE_SIGALARM
+ /*
+ ** Terminate if we've been idle for 'timeout' seconds
+ */
+ if (background_flag == 2 && timeout)
+ {
+ signal(SIGALRM, alarm_handler);
+ alarm(timeout);
+ }
+#endif
+
+ /*
+ ** Wait for a connection request to occur.
+ ** Ignore EINTR (Interrupted System Call).
+ */
+ do
+ {
+ FD_ZERO(&read_set);
+ FD_SET(0, &read_set);
+
+#ifndef USE_SIGALARM
+ if (timeout)
+ {
+ tv.tv_sec = timeout;
+ tv.tv_usec = 0;
+ nfds = select(FD_SETSIZE, &read_set, NULL, NULL, &tv);
+ }
+ else
+#endif
+
+ nfds = select(FD_SETSIZE, &read_set, NULL, NULL, NULL);
+ } while (nfds < 0 && errno == EINTR);
+
+ /*
+ ** An error occured in select? Just die
+ */
+ if (nfds < 0)
+ ERROR("main: select");
+
+ /*
+ ** Timeout limit reached. Exit nicely
+ */
+ if (nfds == 0)
+ exit(0);
+
+#ifdef USE_SIGALARM
+ /*
+ ** Disable the alarm timeout
+ */
+ alarm(0);
+#endif
+
+ /*
+ ** Accept the new client
+ */
+ fd = accept(0, NULL, NULL);
+ if (fd == -1)
+ ERROR1("main: accept. errno = %d", errno);
+
+ /*
+ ** And fork, then close the fd if we are the parent.
+ */
+ child_pid = fork();
+ } while (child_pid && (close(fd), 1));
+
+ /*
+ ** We are now in child, the parent has returned to "do" above.
+ */
+ if (dup2(fd, 0) == -1)
+ ERROR("main: dup2: failed fd 0");
+
+ if (dup2(fd, 1) == -1)
+ ERROR("main: dup2: failed fd 1");
+
+ if (dup2(fd, 2) == -1)
+ ERROR("main: dup2: failed fd 2");
+ }
+
+ /*
+ ** Get foreign internet address
+ */
+ len = sizeof(sin);
+ if (getpeername(0, (struct sockaddr *) &sin, &len) == -1)
+ {
+ /*
+ ** A user has tried to start us from the command line or
+ ** the network link died, in which case this message won't
+ ** reach to other end anyway, so lets give the poor user some
+ ** errors.
+ */
+ perror("in.identd: getpeername()");
+ exit(1);
+ }
+
+ faddr = sin.sin_addr;
+
+
+ /*
+ ** Open the connection to the Syslog daemon if requested
+ */
+ if (syslog_flag)
+ {
+#ifdef LOG_DAEMON
+ openlog("identd", LOG_PID, syslog_facility);
+#else
+ openlog("identd", LOG_PID);
+#endif
+
+ syslog(LOG_INFO, "Connection from %s", gethost(&faddr));
+ }
+
+
+ /*
+ ** Get local internet address
+ */
+ len = sizeof(sin);
+#ifdef ATTSVR4
+ if (t_getsockname(0, (struct sockaddr *) &sin, &len) == -1)
+#else
+ if (getsockname(0, (struct sockaddr *) &sin, &len) == -1)
+#endif
+ {
+ /*
+ ** We can just die here, because if this fails then the
+ ** network has died and we haven't got anyone to return
+ ** errors to.
+ */
+ exit(1);
+ }
+ laddr = sin.sin_addr;
+
+
+ /*
+ ** Get the local/foreign port pair from the luser
+ */
+ parse(stdin, &laddr, &faddr);
+
+ exit(0);
+}
43 libexec/identd/identd.h
View
@@ -0,0 +1,43 @@
+/*
+** identd.h Common variables for the Pidentd daemon
+**
+** This program is in the public domain and may be used freely by anyone
+** who wants to.
+**
+** Last update: 6 Dec 1992
+**
+** Please send bug fixes/bug reports to: Peter Eriksson <pen@lysator.liu.se>
+*/
+
+#ifndef __IDENTD_H__
+#define __IDENTD_H__
+
+extern char *version;
+
+extern char *path_unix;
+extern char *path_kmem;
+
+extern int verbose_flag;
+extern int debug_flag;
+extern int syslog_flag;
+extern int multi_flag;
+extern int other_flag;
+extern int unknown_flag;
+extern int number_flag;
+extern int noident_flag;
+
+extern char *charset_name;
+extern char *indirect_host;
+extern char *indirect_password;
+
+extern int lport;
+extern int fport;
+
+extern char *gethost();
+
+extern int k_open();
+extern int k_getuid();
+extern int parse();
+extern int parse_config();
+
+#endif
235 libexec/identd/netbsd.c
View
@@ -0,0 +1,235 @@
+/*
+** kernel/386bsd.c Low level kernel access functions for 386BSD
+**
+** This program is in the public domain and may be used freely by anyone
+** who wants to.
+**
+** Last update: 17 March 1993
+**
+** Please send bug fixes/bug reports to: Peter Eriksson <pen@lysator.liu.se>
+*/
+
+#include <stdio.h>
+#include <errno.h>
+#include <ctype.h>
+#include <nlist.h>
+#include <pwd.h>
+#include <signal.h>
+#include <syslog.h>
+
+#include "kvm.h"
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/param.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+
+#include <sys/socketvar.h>
+
+#define KERNEL
+
+#include <sys/file.h>
+
+#undef KERNEL
+#include <sys/kinfo.h>
+
+#include <fcntl.h>
+
+#include <sys/user.h>
+
+#include <sys/wait.h>
+
+#include <net/if.h>
+#include <net/route.h>
+#include <netinet/in.h>
+
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
+
+#include <netinet/in_pcb.h>
+
+#include <netinet/tcp.h>
+#include <netinet/ip_var.h>
+#include <netinet/tcp_timer.h>
+#include <netinet/tcp_var.h>
+
+#include <arpa/inet.h>
+
+#include "identd.h"
+#include "error.h"
+
+
+extern void *calloc();
+extern void *malloc();
+
+
+struct nlist nl[] =
+{
+#define N_FILE 0
+#define N_NFILE 1
+#define N_TCB 2
+
+ { "_filehead" },
+ { "_nfiles" },
+ { "_tcb" },
+ { "" }
+};
+
+
+static struct file *xfile;
+static int nfile;
+
+static struct inpcb tcb;
+
+
+int k_open()
+{
+ int kd;
+
+ /*
+ ** Open the kernel memory device
+ */
+ if ((kd = kvm_openfiles(path_unix, path_kmem, NULL)))
+ ERROR("main: kvm_open");
+
+ /*
+ ** Extract offsets to the needed variables in the kernel
+ */
+ if (kvm_nlist(nl) < 0)
+ ERROR("main: kvm_nlist");
+
+ return 0;
+}
+
+
+/*
+** Get a piece of kernel memory with error handling.
+** Returns 1 if call succeeded, else 0 (zero).
+*/
+static int getbuf(addr, buf, len, what)
+ long addr;
+ char *buf;
+ int len;
+ char *what;
+{
+ if (kvm_read(addr, buf, len) < 0)
+ {
+ if (syslog_flag)
+ syslog(LOG_ERR, "getbuf: kvm_read(%08x, %d) - %s : %m",
+ addr, len, what);
+
+ return 0;
+ }
+
+ return 1;
+}
+
+
+
+/*
+** Traverse the inpcb list until a match is found.
+** Returns NULL if no match.
+*/
+static struct socket *
+ getlist(pcbp, faddr, fport, laddr, lport)
+ struct inpcb *pcbp;
+ struct in_addr *faddr;
+ int fport;
+ struct in_addr *laddr;
+ int lport;
+{
+ struct inpcb *head;
+
+ if (!pcbp)
+ return NULL;
+
+
+ head = pcbp->inp_prev;
+ do
+ {
+ if ( pcbp->inp_faddr.s_addr == faddr->s_addr &&
+ pcbp->inp_laddr.s_addr == laddr->s_addr &&
+ pcbp->inp_fport == fport &&
+ pcbp->inp_lport == lport )
+ return pcbp->inp_socket;
+ } while (pcbp->inp_next != head &&
+ getbuf((long) pcbp->inp_next,
+ pcbp,
+ sizeof(struct inpcb),
+ "tcblist"));
+
+ return NULL;
+}
+
+
+
+/*
+** Return the user number for the connection owner
+*/
+int k_getuid(faddr, fport, laddr, lport, uid)
+ struct in_addr *faddr;
+ int fport;
+ struct in_addr *laddr;
+ int lport;
+ int *uid;
+{
+ long addr;
+ struct socket *sockp;
+ int i;
+ struct ucred ucb;
+
+ /* -------------------- FILE DESCRIPTOR TABLE -------------------- */
+ if (!getbuf(nl[N_NFILE].n_value, &nfile, sizeof(nfile), "nfile"))
+ return -1;
+
+ if (!getbuf(nl[N_FILE].n_value, &addr, sizeof(addr), "&file"))
+ return -1;
+
+ {
+ int siz = (nfile+10)*sizeof(struct file);
+ xfile = (struct file *) calloc(nfile+10, sizeof(struct file));
+ if (!xfile)
+ ERROR2("k_getuid: calloc(%d,%d)", nfile+10, sizeof(struct file));
+
+ if (!getkerninfo(KINFO_FILE, xfile, &siz, 0))
+ {
+ ERROR("k_getuid: getkerninfo");
+ return -1;
+ }
+ xfile = (struct file *)((char *)xfile + sizeof(filehead));
+ }
+
+ /* -------------------- TCP PCB LIST -------------------- */
+ if (!getbuf(nl[N_TCB].n_value, &tcb, sizeof(tcb), "tcb"))
+ return -1;
+
+ tcb.inp_prev = (struct inpcb *) nl[N_TCB].n_value;
+ sockp = getlist(&tcb, faddr, fport, laddr, lport);
+
+ if (!sockp)
+ return -1;
+
+ /*
+ ** Locate the file descriptor that has the socket in question
+ ** open so that we can get the 'ucred' information
+ */
+ for (i = 0; i < nfile; i++)
+ {
+ if (xfile[i].f_count == 0)
+ continue;
+
+ if (xfile[i].f_type == DTYPE_SOCKET &&
+ (struct socket *) xfile[i].f_data == sockp)
+ {
+ if (!getbuf(xfile[i].f_cred, &ucb, sizeof(ucb), "ucb"))
+ return -1;
+
+ *uid = ucb.cr_uid;
+ return 0;
+ }
+ }
+
+ return -1;
+}
+
399 libexec/identd/parse.c
View
@@ -0,0 +1,399 @@
+/*
+** parse.c This file contains the protocol parser
+**
+** This program is in the public domain and may be used freely by anyone
+** who wants to.
+**
+** Last update: 6 Dec 1992
+**
+** Please send bug fixes/bug reports to: Peter Eriksson <pen@lysator.liu.se>
+*/
+
+#include <stdio.h>
+#include <errno.h>
+#include <ctype.h>
+#include <pwd.h>
+
+#include <sys/types.h>
+#include <netinet/in.h>
+
+#ifndef HPUX7
+# include <arpa/inet.h>
+#endif
+
+#ifdef HAVE_KVM
+# include <kvm.h>
+#else
+# include "kvm.h"
+#endif
+
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#if defined(MIPS) || defined(BSD43)
+extern int errno;
+#endif
+
+#include "identd.h"
+#include "error.h"
+
+extern void *malloc();
+
+/*
+** This function will eat whitespace characters until
+** either a non-whitespace character is read, or EOF
+** occurs. This function is only used if the "-m" option
+** is enabled.
+*/
+static int eat_whitespace()
+{
+ int c;
+
+
+ while ((c = getchar()) != EOF &&
+ !(c == '\r' || c == '\n'))
+ ;
+
+ if (c != EOF)
+ while ((c = getchar()) != EOF &&
+ (c == ' ' || c == '\t' || c == '\n' || c == '\r'))
+ ;
+
+ if (c != EOF)
+ ungetc(c, stdin);
+
+ return (c != EOF);
+}
+
+
+#ifdef INCLUDE_EXTENSIONS
+/*
+** Validate an indirect request
+*/
+static int valid_fhost(faddr, password)
+ struct in_addr *faddr;
+ char *password;
+{
+ if (indirect_host == NULL)
+ return 0;
+
+ if (strcmp(indirect_host, "*") != 0)
+ {
+ if (isdigit(indirect_host[0]))
+ {
+ if (strcmp(inet_ntoa(*faddr), indirect_host))
+ {
+ syslog(LOG_NOTICE, "valid_fhost: Access Denied for: %s",
+ gethost(faddr));
+ return 0;
+ }
+ }
+ else
+ {
+ if (strcmp(gethost(faddr), indirect_host))
+ {
+ syslog(LOG_NOTICE, "valid_fhost: Access Denied for: %s",
+ gethost(faddr));
+ return 0;
+ }
+ }
+ }
+
+ if (indirect_password == NULL)
+ return 1;
+
+ if (strcmp(password, indirect_password))
+ {
+ syslog(LOG_NOTICE, "valid_fhost: Invalid password from: %s",
+ gethost(faddr));
+ return 0;
+ }
+
+ return 1;
+}
+#endif
+
+/*
+** A small routine to check for the existance of the ".noident"
+** file in a users home directory.
+*/
+static int check_noident(homedir)
+ char *homedir;
+{
+ char *tmp_path;
+ struct stat sbuf;
+ int rcode;
+
+
+ if (!homedir)
+ return 0;
+
+ tmp_path = (char *) malloc(strlen(homedir) + sizeof("/.noident") + 1);
+ if (!tmp_path)
+ return 0;
+
+ strcpy(tmp_path, homedir);
+ strcat(tmp_path, "/.noident");
+
+ rcode = stat(tmp_path, &sbuf);
+ free(tmp_path);
+
+ return (rcode == 0);
+}
+
+
+int parse(fp, laddr, faddr)
+ FILE *fp;
+ struct in_addr *laddr, *faddr;
+{
+ int uid, try, rcode;
+ struct passwd *pwp;
+ char lhostaddr[16];
+ char fhostaddr[16];
+ char password[33];
+#ifdef INCLUDE_EXTENSIONS
+ char arg[33];
+ int c;
+#endif
+ struct in_addr laddr2;
+ struct in_addr faddr2;
+
+
+ if (debug_flag && syslog_flag)
+ syslog(LOG_DEBUG, "In function parse()");
+
+ /*
+ ** Get the local/foreign port pair from the luser
+ */
+ do
+ {
+ if (debug_flag && syslog_flag)
+ syslog(LOG_DEBUG, " Before fscanf()");
+
+ faddr2 = *faddr;
+ laddr2 = *laddr;
+ lport = fport = 0;
+ lhostaddr[0] = fhostaddr[0] = password[0] = '\0';
+
+ /* Read query from client */
+ rcode = fscanf(fp, " %d , %d", &lport, &fport);
+
+#ifdef INCLUDE_EXTENSIONS
+ /*
+ ** Do additional parsing in case of extended request
+ */
+ if (rcode == 0)
+ {
+ rcode = fscanf(fp, "%32[^ \t\n\r:]", arg);
+
+ /* Skip leading space up to EOF, EOL or non-space char */
+ while ((c = getc(fp)) == ' ' || c == '\t')
+ ;
+
+ if (rcode <= 0)
+ {
+ printf("%d , %d : ERROR : %s\r\n",
+ lport, fport,
+ unknown_flag ? "UNKNOWN-ERROR" : "X-INVALID-REQUEST");
+ continue;
+ }
+
+ /*
+ ** Non-standard extended request, returns with Pidentd
+ ** version information
+ */
+ if (strcmp(arg, "VERSION") == 0)
+ {
+ printf("%d , %d : ERROR : X-VERSION : %s\r\n", lport, fport,
+ version);
+ continue;
+ }
+
+ /*
+ ** Non-standard extended proxy request
+ */
+ else if (strcmp(arg, "PROXY") == 0 && c == ':')
+ {
+ /* We have a colon char, check for port numbers */
+ rcode = fscanf(fp, " %d , %d : %15[0-9.] , %15[0-9.]",
+ &lport, &fport, fhostaddr, lhostaddr);
+
+ if (!(rcode == 3 || rcode == 4))
+ {
+ printf("%d , %d : ERROR : %s\r\n",
+ lport, fport,
+ unknown_flag ? "UNKNOWN-ERROR" : "X-INVALID-REQUEST");
+ continue;
+ }
+
+ if (rcode == 4)
+ laddr2.s_addr = inet_addr(lhostaddr);
+
+ faddr2.s_addr = inet_addr(fhostaddr);
+
+ proxy(&laddr2, &faddr2, lport, fport, NULL);
+ continue;
+ }
+
+ /*
+ ** Non-standard extended remote indirect request
+ */
+ else if (strcmp(arg, "REMOTE") == 0 && c == ':')
+ {
+ /* We have a colon char, check for port numbers */
+ rcode = fscanf(fp, " %d , %d", &lport, &fport);
+
+ /* Skip leading space up to EOF, EOL or non-space char */
+ while ((c = getc(fp)) == ' ' || c == '\t')
+ ;
+
+ if (rcode != 2 || c != ':')
+ {
+ printf("%d , %d : ERROR : %s\r\n",
+ lport, fport,
+ unknown_flag ? "UNKNOWN-ERROR" : "X-INVALID-REQUEST");
+ continue;
+ }
+
+ /* We have a colon char, check for addr and password */
+ rcode = fscanf(fp, " %15[0-9.] , %32[^ \t\r\n]",
+ fhostaddr, password);
+ if (rcode > 0)
+ rcode += 2;
+ else
+ {
+ printf("%d , %d : ERROR : %s\r\n",
+ lport, fport,
+ unknown_flag ? "UNKNOWN-ERROR" : "X-INVALID-REQUEST");
+ continue;
+ }
+
+ /*
+ ** Verify that the host originating the indirect request
+ ** is allowed to do that
+ */
+ if (!valid_fhost(faddr, password))
+ {
+ printf("%d , %d : ERROR : %s\r\n",
+ lport, fport,
+ unknown_flag ? "UNKNOWN-ERROR" : "X-ACCESS-DENIED");
+ continue;
+ }
+
+ faddr2.s_addr = inet_addr(fhostaddr);
+ }
+
+ else
+ {
+ printf("%d , %d : ERROR : %s\r\n",
+ lport, fport,
+ unknown_flag ? "UNKNOWN-ERROR" : "X-INVALID-REQUEST");
+ continue;
+ }
+ }
+#endif /* EXTENSIONS */
+
+ if (rcode < 2 || lport < 1 || lport > 65535 || fport < 1 || fport > 65535)
+ {
+ if (syslog_flag && rcode > 0)
+ syslog(LOG_NOTICE, "scanf: invalid-port(s): %d , %d from %s",
+ lport, fport, gethost(faddr));
+
+ printf("%d , %d : ERROR : %s\r\n",
+ lport, fport,
+ unknown_flag ? "UNKNOWN-ERROR" : "INVALID-PORT");
+ continue;
+ }
+
+ if (debug_flag && syslog_flag)
+ syslog(LOG_DEBUG, " After fscanf(), before k_getuid()");
+
+ /*
+ ** Next - get the specific TCP connection and return the
+ ** uid - user number.
+ **
+ ** Try to fetch the information 5 times incase the
+ ** kernel changed beneath us and we missed or took
+ ** a fault.
+ */
+ for (try = 0;
+ (try < 5 &&
+ k_getuid(&faddr2, htons(fport), laddr, htons(lport), &uid) == -1);
+ try++)
+ ;
+
+ if (try >= 5)
+ {
+ if (syslog_flag)
+ syslog(LOG_DEBUG, "Returned: %d , %d : NO-USER", lport, fport);
+
+ printf("%d , %d : ERROR : %s\r\n",
+ lport, fport,
+ unknown_flag ? "UNKNOWN-ERROR" : "NO-USER");
+ continue;
+ }
+
+ if (try > 0 && syslog_flag)
+ syslog(LOG_NOTICE, "k_getuid retries: %d", try);
+
+ if (debug_flag && syslog_flag)
+ syslog(LOG_DEBUG, " After k_getuid(), before getpwuid()");
+
+ /*
+ ** Then we should try to get the username. If that fails we
+ ** return it as an OTHER identifier
+ */
+ pwp = getpwuid(uid);
+
+ if (!pwp)
+ {
+ if (syslog_flag)
+ syslog(LOG_WARNING, "getpwuid() could not map uid (%d) to name",
+ uid);
+
+ printf("%d , %d : USERID : OTHER%s%s : %d\r\n",
+ lport, fport,
+ charset_name ? " , " : "",
+ charset_name ? charset_name : "",
+ uid);
+ continue;
+ }
+
+ /*
+ ** Hey! We finally made it!!!
+ */
+ if (syslog_flag)
+ syslog(LOG_DEBUG, "Successful lookup: %d , %d : %s\n",
+ lport, fport, pwp->pw_name);
+
+ if (noident_flag && check_noident(pwp->pw_dir))
+ {
+ if (syslog_flag)
+ syslog(LOG_NOTICE, "User %s requested HIDDEN-USER for host %s: %d, %d",
+ pwp->pw_name,
+ gethost(faddr),
+ lport, fport);
+
+ printf("%d , %d : ERROR : HIDDEN-USER\r\n",
+ lport, fport);
+ continue;
+ }
+
+ if (number_flag)
+ printf("%d , %d : USERID : OTHER%s%s : %d\r\n",
+ lport, fport,
+ charset_name ? " , " : "",
+ charset_name ? charset_name : "",
+ uid);
+ else
+ printf("%d , %d : USERID : %s%s%s : %s\r\n",
+ lport, fport,
+ other_flag ? "OTHER" : "UNIX",
+ charset_name ? " , " : "",
+ charset_name ? charset_name : "",
+ pwp->pw_name);
+
+ } while(fflush(stdout), fflush(stderr), multi_flag && eat_whitespace());
+
+ return 0;
+}
62 libexec/identd/paths.h
View
@@ -0,0 +1,62 @@
+/*
+** paths.h Common path definitions for the in.identd daemon
+**
+** Last update: 11 Dec 1992
+**
+** Please send bug fixes/bug reports to: Peter Eriksson <pen@lysator.liu.se>
+*/
+
+#ifdef SEQUENT
+# define _PATH_UNIX "/dynix"
+#endif
+
+#if defined(MIPS) || defined(IRIX)
+# define _PATH_UNIX "/unix"
+#endif
+
+#if defined(hpux) || defined(__hpux)
+# define _PATH_UNIX "/hp-ux"
+#endif
+
+#ifdef SOLARIS
+# define _PATH_UNIX "/dev/ksyms"
+#else
+# ifdef SVR4
+# define _PATH_UNIX "/stand/unix"
+# endif
+#endif
+
+#ifdef BSD43
+# define _PATH_SWAP "/dev/drum"
+# define _PATH_MEM "/dev/mem"
+#endif
+
+#ifdef _AUX_SOURCE
+# define _PATH_UNIX "/unix"
+#endif
+
+#ifdef _CRAY
+# define _PATH_UNIX "/unicos"
+# define _PATH_MEM "/dev/mem"
+#endif
+
+#ifdef NeXT
+# define _PATH_UNIX "/mach"
+#endif
+
+
+/*
+ * Some defaults...
+ */
+#ifndef _PATH_KMEM
+# define _PATH_KMEM "/dev/kmem"
+#endif
+
+#ifndef _PATH_UNIX
+# define _PATH_UNIX "/vmunix"
+#endif
+
+
+#ifndef PATH_CONFIG
+# define PATH_CONFIG "/etc/identd.conf"
+#endif
98 libexec/identd/proxy.c
View
@@ -0,0 +1,98 @@
+/*
+** proxy.c This file implements the proxy() call.
+**
+** This program is in the public domain and may be used freely by anyone
+** who wants to.
+**
+** Last update: 12 Dec 1992
+**
+** Please send bug fixes/bug reports to: Peter Eriksson <pen@lysator.liu.se>
+*/
+
+#include <stdio.h>
+#include <errno.h>
+
+#include "identd.h"
+
+
+#ifdef INCLUDE_PROXY
+#include <sys/types.h>
+#include <sys/time.h>
+#include <netinet/in.h>
+
+#include <ident.h>
+#endif
+
+
+/*
+** This function should establish a connection to a remote IDENT
+** server and query it for the information associated with the
+** specified connection and the return that to the caller.
+**
+** Should there be three different timeouts (Connection Establishment,
+** Query Transmit and Query Receive)?
+*/
+int proxy(laddr, faddr, lport, fport, timeout)
+ struct in_addr *laddr;
+ struct in_addr *faddr;
+ int lport;
+ int fport;
+ struct timeval *timeout;
+{
+#ifndef INCLUDE_PROXY
+ printf("%d , %d : ERROR : %s\r\n",
+ lport, fport,
+ unknown_flag ? "UNKNOWN-ERROR" : "X-NOT-YET-IMPLEMENTED");
+
+ return -1;
+#else
+ id_t *idp;
+ char *answer;
+ char *opsys;
+ char *charset;
+
+ idp = id_open(laddr, faddr, timeout);
+ if (!idp)
+ {
+ printf("%d , %d : ERROR : %s\r\n",
+ lport, fport,
+ unknown_flag ? "UNKNOWN-ERROR" : "X-CONNECTION-REFUSED");
+ return -1;
+ }
+
+ if (id_query(idp, lport, fport, timeout) < 0)
+ {
+ printf("%d , %d : ERROR : %s\r\n",
+ lport, fport,
+ unknown_flag ? "UNKNOWN-ERROR" : "X-TRANSMIT-QUERY-ERROR");
+ id_close(idp);
+ return -1;
+ }
+
+ switch (id_parse(idp, timeout, &lport, &fport, &answer, &opsys, &charset))
+ {
+ case 1:
+ printf("%d , %d : USERID : %s %s%s : %s\r\n",
+ lport, fport,
+ opsys,
+ charset ? "," : "",
+ charset ? charset : "",
+ answer);
+ break;
+
+ case 2:
+ printf("%d , %d : ERROR : %s\r\n",
+ lport, fport, answer);
+ break;
+
+ case 0: /* More to parse - fix this later! */
+ case -1: /* Internal error */
+ default:
+ printf("%d , %d : ERROR : %s\r\n",
+ lport, fport,
+ unknown_flag ? "UNKNOWN-ERROR" : "X-PARSE-REPLY-ERROR");
+ }
+
+ id_close(idp);
+#endif
+}
1  libexec/identd/version.c
View
@@ -0,0 +1 @@
+char *version = "2.1.2";
Please sign in to comment.
Something went wrong with that request. Please try again.