Add "identify" daemon wrapper. Allows one to add ident lookup and logging

to arbitrary daemons (like telnetd or fingerd).

7 files changed, 172 insertions, 0 deletions

diff --git a/security/identify/Makefile b/security/identify/Makefile
new file mode 100644
index 000000000000..99f262cf16a9
--- /dev/null
+++ b/security/identify/Makefile
@@ -0,0 +1,17 @@
+# New ports collection makefile for:	identify
+# Version required:	0.7
+# Date created:		13 March 1999
+# Whom:			nsayer@quack.kfu.com
+#
+# $Id:$
+#
+
+DISTNAME=	identify-0.7
+CATEGORIES=	devel net security
+MASTER_SITES=	ftp://ftp.lysator.liu.se/pub/ident/tools/
+
+MAINTAINER=	nsayer@quack.kfu.com
+
+BUILD_DEPEND=	${PORTSDIR}/security/libident
+
+.include <bsd.port.mk>
diff --git a/security/identify/distinfo b/security/identify/distinfo
new file mode 100644
index 000000000000..6f8acddc9882
--- /dev/null
+++ b/security/identify/distinfo
@@ -0,0 +1 @@
+MD5 (identify-0.7.tar.gz) = d3a20abd96027e2d5ac2de0de842e9a1
diff --git a/security/identify/files/patch-aa b/security/identify/files/patch-aa
new file mode 100644
index 000000000000..7338d0a1fa8d
--- /dev/null
+++ b/security/identify/files/patch-aa
@@ -0,0 +1,16 @@
+--- Makefile.orig	Mon Jul 20 09:01:27 1992
++++ Makefile	Fri Apr  2 10:50:40 1999
+@@ -1,2 +1,11 @@
+-identify: identify.c
+-	$(CC) -o identify identify.c -lauthuser
++
++CFLAGS+= -I/usr/local/include -L/usr/local/lib
++
++all: identify
++
++install: identify
++	install identify ${PREFIX}/libexec
++	install README ${PREFIX}/share/doc/identify
++
++identify: identify.o
++	$(CC) $(CFLAGS) -o identify identify.o -lident
diff --git a/security/identify/files/patch-ab b/security/identify/files/patch-ab
new file mode 100644
index 000000000000..bd6878e20238
--- /dev/null
+++ b/security/identify/files/patch-ab
@@ -0,0 +1,132 @@
+--- identify.c.orig	Tue Feb  2 01:51:57 1993
++++ identify.c	Fri Apr  2 10:57:28 1999
+@@ -11,7 +11,7 @@
+ #include <stdio.h>
+ #include <signal.h>
+ #include <syslog.h>
+-#include <authuser.h>
++#include <ident.h>
+ #include <netdb.h>
+ #include <sys/types.h>
+ #include <netinet/in.h>
+@@ -33,57 +33,43 @@
+ int noidentify = 0;
+ int bits = 0;
+ int reject_flag = 0;
+-unsigned long inlocal;
+-unsigned long inremote;
++struct in_addr inlocal;
++struct in_addr inremote;
+ int timeout = 120;
+-int rtimeout = 30;
+-
+-static char *host_address(ad)
+-  unsigned long ad;
+-{
+-  int a, b, c, d;
+-  static char addr[20];
+-  
+-  d = ad % 256;
+-  ad /= 256;
+-  c = ad % 256;
+-  ad /= 256;
+-  b = ad % 256;
+-  a = ad / 256;
+-  sprintf(addr, "%d.%d.%d.%d", a, b, c, d);
+-  
+-  return addr;
+-}
+-
+ 
+ char *ident_get_identifier(fd, host, len)
+   int fd;
+   char *host;
+   int len;
+ {
+-  unsigned short local;
+-  unsigned short remote;
+-
++  struct sockaddr_in sa;
++  int l;
+ 
+-  if (auth_fd2(fd, &inlocal, &inremote,
+-	       &local, &remote) == -1)
++  l=sizeof(sa);
++  if (getsockname(fd,(struct sockaddr *)&sa,&l)<0)
+   {
+     if (debug)
+-      perror("auth_fd2");
+-    
++      perror("getsockname()");
+     return NULL;
+   }
++  inlocal=sa.sin_addr;
++  if (getpeername(fd,(struct sockaddr *)&sa,&l)<0)
++  {
++    if (debug)
++      perror("getpeername()");
++    return NULL;
++  }
++  inremote=sa.sin_addr;
+ 
+   if (host)
+   {
+     struct hostent *hp;
+ 
+-  
+-    hp = gethostbyaddr(&inremote,sizeof(struct in_addr),AF_INET);
++    hp = gethostbyaddr((const char *)&inremote,sizeof(struct in_addr),AF_INET);
+     if (hp)
+       strncpy(host, hp->h_name, len);
+     else
+-      strncpy(host, host_address(inremote), len);
++      strncpy(host, inet_ntoa(inremote), len);
+     
+     host[len] = '\0';
+   }
+@@ -91,16 +77,7 @@
+   if (noidentify)
+     return NULL;
+   else
+-    if (timeout)
+-    {
+-	if (rtimeout)
+-	    return auth_tcpuser4(inlocal, inremote, local, remote, timeout,
+-				 rtimeout);
+-	else
+-	    return auth_tcpuser3(inlocal, inremote, local, remote, timeout);
+-    }
+-    else
+-      return auth_tcpuser2(inlocal, inremote, local, remote);
++    return ident_id(fd,timeout);
+ }
+ 
+ 
+@@ -128,10 +105,6 @@
+ 	timeout = atoi(argv[i]+2);
+ 	break;
+ 	
+-      case 'T':
+-	rtimeout = atoi(argv[i]+2);
+-	break;
+-	
+       case 'R':
+ 	if (!argv[i][2])
+ 	  reject_flag = 1;
+@@ -241,13 +214,13 @@
+     }
+   }
+ 
+-  if ((bits && (inremote >> bits != inlocal >> bits)) ||
++  if ((bits && (htonl(inremote.s_addr) >> bits != htonl(inlocal.s_addr) >> bits)) ||
+       (reject_flag && !id))
+   {
+     if (id)
+-      syslog(priority, "Rejecting from %s@%s", id, host_address(inremote));
++      syslog(priority, "Rejecting from %s@%s", id, inet_ntoa(inremote));
+     else
+-      syslog(priority, "Rejecting from %s", host_address(inremote));
++      syslog(priority, "Rejecting from %s", inet_ntoa(inremote));
+     exit(1);
+   }
+   
diff --git a/security/identify/pkg-comment b/security/identify/pkg-comment
new file mode 100644
index 000000000000..cf38e474c8ae
--- /dev/null
+++ b/security/identify/pkg-comment
@@ -0,0 +1 @@
+Client side ident protocol daemon wrapper
diff --git a/security/identify/pkg-descr b/security/identify/pkg-descr
new file mode 100644
index 000000000000..488fd7499d0b
--- /dev/null
+++ b/security/identify/pkg-descr
@@ -0,0 +1,3 @@
+This is a wrapper for daemons that live under inetd. It will do
+an ident lookup and log the result, handing off the file descriptor
+to the real daemon first.
diff --git a/security/identify/pkg-plist b/security/identify/pkg-plist
new file mode 100644
index 000000000000..706f6eb75a25
--- /dev/null
+++ b/security/identify/pkg-plist
@@ -0,0 +1,2 @@
+libexec/identify
+share/doc/identify/README