reinit the tree, so we can have metadata

12 files changed, 280 insertions, 0 deletions

diff --git a/net-misc/oidentd/files/oidentd-2.0.7-confd b/net-misc/oidentd/files/oidentd-2.0.7-confd
new file mode 100644
index 000000000000..3116889e67e2
--- /dev/null
+++ b/net-misc/oidentd/files/oidentd-2.0.7-confd
@@ -0,0 +1,4 @@
+# oidentd start-up options
+USER="nobody"
+GROUP="nobody"
+OPTIONS=""
diff --git a/net-misc/oidentd/files/oidentd-2.0.7-init b/net-misc/oidentd/files/oidentd-2.0.7-init
new file mode 100644
index 000000000000..5b1ae44089d0
--- /dev/null
+++ b/net-misc/oidentd/files/oidentd-2.0.7-init
@@ -0,0 +1,40 @@
+#!/sbin/openrc-run
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+    need net
+}
+
+check_config() {
+	if [ -z "${USER}" ]
+	then
+		eerror "Please set \$USER in /etc/conf.d/oidentd!"
+		return 1
+	fi
+	if [ -z "${GROUP}" ]
+	then
+		eerror "Please set \$GROUP in /etc/conf.d/oidentd!"
+		return 1
+	fi
+
+	if [ "$(sysctl -n security.bsd.see_other_uids 2>/dev/null)" = "0" ]; then
+		eerror "${SVCNAME} cannot work if the sysctl security.bsd.see_other_uids is 0"
+		return 1
+	fi
+}
+
+
+start() {
+	check_config || return 1
+	ebegin "Starting oidentd"
+	OPTIONS="${OPTIONS} -u ${USER} -g ${GROUP}"
+	start-stop-daemon --start --quiet --exec /usr/sbin/oidentd -- $OPTIONS
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping oidentd"
+	start-stop-daemon --stop --quiet --exec /usr/sbin/oidentd
+	eend $?
+}
diff --git a/net-misc/oidentd/files/oidentd-2.0.8-bind-to-ipv6-too.patch b/net-misc/oidentd/files/oidentd-2.0.8-bind-to-ipv6-too.patch
new file mode 100644
index 000000000000..2652622cdd4f
--- /dev/null
+++ b/net-misc/oidentd/files/oidentd-2.0.8-bind-to-ipv6-too.patch
@@ -0,0 +1,17 @@
+Patch to bind to ipv6 socket as well
+Patch supplied by Fabian Knittel <fabian.knittel@avona.com>
+--- oidentd-2.0.8/src/oidentd_inet_util.c	2006-05-22 02:31:19.000000000 +0200
++++ oidentd-2.0.8.new/src/oidentd_inet_util.c	2010-03-01 20:26:11.000000000 +0100
+@@ -60,6 +60,12 @@
+ #ifdef WANT_IPV6
+ 		case AF_INET6:
+ 			SIN6(ai->ai_addr)->sin6_port = listen_port;
++
++			if (setsockopt(listenfd, IPPROTO_IPV6, IPV6_V6ONLY, &one,
++							sizeof(one)) != 0) {
++				debug("setsockopt IPV6_V6ONLY: %s", strerror(errno));
++				return (-1);
++			}
+ 			break;
+ #endif
+ 
diff --git a/net-misc/oidentd/files/oidentd-2.0.8-gcc5.patch b/net-misc/oidentd/files/oidentd-2.0.8-gcc5.patch
new file mode 100644
index 000000000000..a401a65d9bc6
--- /dev/null
+++ b/net-misc/oidentd/files/oidentd-2.0.8-gcc5.patch
@@ -0,0 +1,25 @@
+Description: Fix a failure to build with gcc5.
+Bug: http://bugs.debian.org/778035
+
+--- a/src/oidentd_util.c	2015-07-03 05:56:24.000000000 -0400
++++ b/src/oidentd_util.c	2015-07-03 05:56:47.671378000 -0400
+@@ -75,7 +75,7 @@
+ ** PRNG functions on systems whose libraries provide them.)
+ */
+ 
+-inline int randval(int i) {
++extern __attribute__ ((gnu_inline)) int randval(int i) {
+ 	/* Per _Numerical Recipes in C_: */
+ 	return ((double) i * rand() / (RAND_MAX+1.0));
+ }
+--- a/src/oidentd_util.h	2015-07-03 05:56:32.000000000 -0400
++++ b/src/oidentd_util.h	2015-07-03 05:56:53.835378000 -0400
+@@ -58,7 +58,7 @@
+ int find_group(const char *temp_group, gid_t *gid);
+ 
+ int random_seed(void);
+-inline int randval(int i);
++extern __attribute__ ((gnu_inline)) int randval(int i);
+ 
+ #ifndef HAVE_SNPRINTF
+ 	int snprintf(char *str, size_t n, char const *fmt, ...);
diff --git a/net-misc/oidentd/files/oidentd-2.0.8-log-conntrack-fails.patch b/net-misc/oidentd/files/oidentd-2.0.8-log-conntrack-fails.patch
new file mode 100644
index 000000000000..d29479ec0284
--- /dev/null
+++ b/net-misc/oidentd/files/oidentd-2.0.8-log-conntrack-fails.patch
@@ -0,0 +1,52 @@
+From 612f1d85dd59fc39b124392df38586769ebc8add Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Fri, 11 Mar 2016 10:00:59 +0100
+Subject: [PATCH] Log Linux core_init failures as normal error
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Opening Linux conntracking table file failure for different reason than
+missing the file is fatal for deamon initizalization. But the failure
+was logged inly in debugging build.
+
+This patch makes the fatal error visible in normal log.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1316308
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ src/kernel/linux.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/kernel/linux.c b/src/kernel/linux.c
+index 8bf265f..9103dbf 100644
+--- a/src/kernel/linux.c
++++ b/src/kernel/linux.c
+@@ -73,21 +73,21 @@ bool core_init(void) {
+ 	masq_fp = fopen(MASQFILE, "r");
+ 	if (masq_fp == NULL) {
+ 		if (errno != ENOENT) {
+-			debug("fopen: %s: %s", MASQFILE, strerror(errno));
++			o_log(NORMAL, "fopen: %s: %s", MASQFILE, strerror(errno));
+ 			return false;
+ 		}
+ 
+ 		masq_fp = fopen(CONNTRACK, "r");
+ 		if (masq_fp == NULL) {
+ 			if (errno != ENOENT) {
+-				debug("fopen: %s: %s", CONNTRACK, strerror(errno));
++				o_log(NORMAL, "fopen: %s: %s", CONNTRACK, strerror(errno));
+ 				return false;
+ 			}
+ 
+ 			masq_fp = fopen(NFCONNTRACK, "r");
+ 			if (masq_fp == NULL) {
+ 				if (errno != ENOENT) {
+-					debug("fopen: %s: %s", NFCONNTRACK, strerror(errno));
++					o_log(NORMAL, "fopen: %s: %s", NFCONNTRACK, strerror(errno));
+ 					return false;
+ 				}
+ 				masq_fp = fopen("/dev/null", "r");
+-- 
+2.5.0
+
diff --git a/net-misc/oidentd/files/oidentd-2.0.8-masquerading.patch b/net-misc/oidentd/files/oidentd-2.0.8-masquerading.patch
new file mode 100644
index 000000000000..191e9b95e64d
--- /dev/null
+++ b/net-misc/oidentd/files/oidentd-2.0.8-masquerading.patch
@@ -0,0 +1,43 @@
+--- oidentd.orig/src/kernel/linux.c	2006-05-22 06:58:53.000000000 +0300
++++ oidentd-2.0.8/src/kernel/linux.c	2007-07-11 21:28:56.000000000 +0300
+@@ -48,6 +48,7 @@
+ #define CFILE6		"/proc/net/tcp6"
+ #define MASQFILE	"/proc/net/ip_masquerade"
+ #define CONNTRACK	"/proc/net/ip_conntrack"
++#define NFCONNTRACK	"/proc/net/nf_conntrack"
+ 
+ static int netlink_sock;
+ extern struct sockaddr_storage proxy;
+@@ -82,7 +83,15 @@
+ 				debug("fopen: %s: %s", CONNTRACK, strerror(errno));
+ 				return false;
+ 			}
+-			masq_fp = fopen("/dev/null", "r");
++
++			masq_fp = fopen(NFCONNTRACK, "r");
++			if (masq_fp == NULL) {
++				if (errno != ENOENT) {
++					debug("fopen: %s: %s", NFCONNTRACK, strerror(errno));
++					return false;
++				}
++				masq_fp = fopen("/dev/null", "r");
++			}
+ 		}
+ 
+ 		netfilter = true;
+@@ -367,6 +376,15 @@
+ 				&nport_temp, &mport_temp);
+ 			}
+ 
++			if (ret != 21) {
++				ret = sscanf(buf,
++					"%*15s %*d %15s %*d %*d ESTABLISHED src=%d.%d.%d.%d dst=%d.%d.%d.%d sport=%d dport=%d packets=%*d bytes=%*d src=%d.%d.%d.%d dst=%d.%d.%d.%d sport=%d dport=%d",
++				proto, &l1, &l2, &l3, &l4, &r1, &r2, &r3, &r4,
++				&masq_lport_temp, &masq_fport_temp,
++				&nl1, &nl2, &nl3, &nl4, &nr1, &nr2, &nr3, &nr4,
++				&nport_temp, &mport_temp);
++			}
++
+ 			if (ret != 21)
+ 				continue;
+ 
diff --git a/net-misc/oidentd/files/oidentd-2.0.8-no-conntrack-masquerading.patch b/net-misc/oidentd/files/oidentd-2.0.8-no-conntrack-masquerading.patch
new file mode 100644
index 000000000000..92ef02523160
--- /dev/null
+++ b/net-misc/oidentd/files/oidentd-2.0.8-no-conntrack-masquerading.patch
@@ -0,0 +1,41 @@
+From 20a63ad8a90c36397cceedd34887298890dbafa3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Fri, 11 Mar 2016 10:38:10 +0100
+Subject: [PATCH] Linux: Do not open conntracking table if masquerading is not
+ enabled
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The contracking table was always opened. This is unnecessary because
+the table is used only when masquerading feature is requested on run
+time.
+
+This patch skips opening the conntracking table on Linux if
+masquerading is not requested.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1316308
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ src/kernel/linux.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/kernel/linux.c b/src/kernel/linux.c
+index 9103dbf..859f554 100644
+--- a/src/kernel/linux.c
++++ b/src/kernel/linux.c
+@@ -70,6 +70,11 @@ bool netfilter;
+ */
+ bool core_init(void) {
+ #ifdef MASQ_SUPPORT
++	if (!opt_enabled(MASQ)) {
++	    masq_fp = NULL;
++	    return true;
++	}
++
+ 	masq_fp = fopen(MASQFILE, "r");
+ 	if (masq_fp == NULL) {
+ 		if (errno != ENOENT) {
+-- 
+2.5.0
+
diff --git a/net-misc/oidentd/files/oidentd.conf b/net-misc/oidentd/files/oidentd.conf
new file mode 100644
index 000000000000..03b28d827802
--- /dev/null
+++ b/net-misc/oidentd/files/oidentd.conf
@@ -0,0 +1,22 @@
+# Configuration for oidentd
+# see oidentd.conf(5)
+# 
+default {
+	default {
+		deny spoof
+		deny spoof_all
+		deny spoof_privport
+		allow random
+		allow random_numeric
+		allow numeric
+		deny hide
+	}
+}
+
+# you may want to hide root connections
+#user "root" {
+#	default {
+#		force reply "UNKNOWN"
+#	}
+#}
+
diff --git a/net-misc/oidentd/files/oidentd.service b/net-misc/oidentd/files/oidentd.service
new file mode 100644
index 000000000000..bf159d855b8d
--- /dev/null
+++ b/net-misc/oidentd/files/oidentd.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=TCP/IP IDENT protocol server
+
+[Service]
+ExecStart=/usr/sbin/oidentd -i -S -u nobody -g nobody
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-misc/oidentd/files/oidentd.socket b/net-misc/oidentd/files/oidentd.socket
new file mode 100644
index 000000000000..63df7036e543
--- /dev/null
+++ b/net-misc/oidentd/files/oidentd.socket
@@ -0,0 +1,10 @@
+[Unit]
+Description=Ident (RFC 1413) socket
+Conflicts=oidentd.service
+
+[Socket]
+ListenStream=113
+Accept=yes
+
+[Install]
+WantedBy=sockets.target
diff --git a/net-misc/oidentd/files/oidentd_at.service b/net-misc/oidentd/files/oidentd_at.service
new file mode 100644
index 000000000000..ac03a94d6c8a
--- /dev/null
+++ b/net-misc/oidentd/files/oidentd_at.service
@@ -0,0 +1,7 @@
+[Unit]
+Description=Ident (RFC 1413) per-connection server
+
+[Service]
+ExecStart=/usr/sbin/oidentd -I -S -u nobody -g nobody
+ExecReload=/bin/kill -HUP $MAINPID
+StandardInput=socket
diff --git a/net-misc/oidentd/files/oidentd_masq.conf b/net-misc/oidentd/files/oidentd_masq.conf
new file mode 100644
index 000000000000..6811288ff4cf
--- /dev/null
+++ b/net-misc/oidentd/files/oidentd_masq.conf
@@ -0,0 +1,10 @@
+# oident masquarded connections configuration
+
+# use this file if your host is masquarading connections for several
+# hosts and you want to return a reply based on the hostname of
+# the originating machine
+# add "-f" to OIDENT_OPTIONS in /etc/conf.d/oidentd if you want
+# to forward ident requests to the real host
+
+# add hosts in the following format, see oidentd_masq.conf(5) for details:
+# <ip or host>[/mask] <username> <os>