diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
commit | 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch) | |
tree | ba5f07bf3f9d22d82e54a462313f5d244036c768 /net-misc/oidentd/files |
reinit the tree, so we can have metadata
Diffstat (limited to 'net-misc/oidentd/files')
-rw-r--r-- | net-misc/oidentd/files/oidentd-2.0.7-confd | 4 | ||||
-rw-r--r-- | net-misc/oidentd/files/oidentd-2.0.7-init | 40 | ||||
-rw-r--r-- | net-misc/oidentd/files/oidentd-2.0.8-bind-to-ipv6-too.patch | 17 | ||||
-rw-r--r-- | net-misc/oidentd/files/oidentd-2.0.8-gcc5.patch | 25 | ||||
-rw-r--r-- | net-misc/oidentd/files/oidentd-2.0.8-log-conntrack-fails.patch | 52 | ||||
-rw-r--r-- | net-misc/oidentd/files/oidentd-2.0.8-masquerading.patch | 43 | ||||
-rw-r--r-- | net-misc/oidentd/files/oidentd-2.0.8-no-conntrack-masquerading.patch | 41 | ||||
-rw-r--r-- | net-misc/oidentd/files/oidentd.conf | 22 | ||||
-rw-r--r-- | net-misc/oidentd/files/oidentd.service | 9 | ||||
-rw-r--r-- | net-misc/oidentd/files/oidentd.socket | 10 | ||||
-rw-r--r-- | net-misc/oidentd/files/oidentd_at.service | 7 | ||||
-rw-r--r-- | net-misc/oidentd/files/oidentd_masq.conf | 10 |
12 files changed, 280 insertions, 0 deletions
diff --git a/net-misc/oidentd/files/oidentd-2.0.7-confd b/net-misc/oidentd/files/oidentd-2.0.7-confd new file mode 100644 index 000000000000..3116889e67e2 --- /dev/null +++ b/net-misc/oidentd/files/oidentd-2.0.7-confd @@ -0,0 +1,4 @@ +# oidentd start-up options +USER="nobody" +GROUP="nobody" +OPTIONS="" diff --git a/net-misc/oidentd/files/oidentd-2.0.7-init b/net-misc/oidentd/files/oidentd-2.0.7-init new file mode 100644 index 000000000000..5b1ae44089d0 --- /dev/null +++ b/net-misc/oidentd/files/oidentd-2.0.7-init @@ -0,0 +1,40 @@ +#!/sbin/openrc-run +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + need net +} + +check_config() { + if [ -z "${USER}" ] + then + eerror "Please set \$USER in /etc/conf.d/oidentd!" + return 1 + fi + if [ -z "${GROUP}" ] + then + eerror "Please set \$GROUP in /etc/conf.d/oidentd!" + return 1 + fi + + if [ "$(sysctl -n security.bsd.see_other_uids 2>/dev/null)" = "0" ]; then + eerror "${SVCNAME} cannot work if the sysctl security.bsd.see_other_uids is 0" + return 1 + fi +} + + +start() { + check_config || return 1 + ebegin "Starting oidentd" + OPTIONS="${OPTIONS} -u ${USER} -g ${GROUP}" + start-stop-daemon --start --quiet --exec /usr/sbin/oidentd -- $OPTIONS + eend $? +} + +stop() { + ebegin "Stopping oidentd" + start-stop-daemon --stop --quiet --exec /usr/sbin/oidentd + eend $? +} diff --git a/net-misc/oidentd/files/oidentd-2.0.8-bind-to-ipv6-too.patch b/net-misc/oidentd/files/oidentd-2.0.8-bind-to-ipv6-too.patch new file mode 100644 index 000000000000..2652622cdd4f --- /dev/null +++ b/net-misc/oidentd/files/oidentd-2.0.8-bind-to-ipv6-too.patch @@ -0,0 +1,17 @@ +Patch to bind to ipv6 socket as well +Patch supplied by Fabian Knittel <fabian.knittel@avona.com> +--- oidentd-2.0.8/src/oidentd_inet_util.c 2006-05-22 02:31:19.000000000 +0200 ++++ oidentd-2.0.8.new/src/oidentd_inet_util.c 2010-03-01 20:26:11.000000000 +0100 +@@ -60,6 +60,12 @@ + #ifdef WANT_IPV6 + case AF_INET6: + SIN6(ai->ai_addr)->sin6_port = listen_port; ++ ++ if (setsockopt(listenfd, IPPROTO_IPV6, IPV6_V6ONLY, &one, ++ sizeof(one)) != 0) { ++ debug("setsockopt IPV6_V6ONLY: %s", strerror(errno)); ++ return (-1); ++ } + break; + #endif + diff --git a/net-misc/oidentd/files/oidentd-2.0.8-gcc5.patch b/net-misc/oidentd/files/oidentd-2.0.8-gcc5.patch new file mode 100644 index 000000000000..a401a65d9bc6 --- /dev/null +++ b/net-misc/oidentd/files/oidentd-2.0.8-gcc5.patch @@ -0,0 +1,25 @@ +Description: Fix a failure to build with gcc5. +Bug: http://bugs.debian.org/778035 + +--- a/src/oidentd_util.c 2015-07-03 05:56:24.000000000 -0400 ++++ b/src/oidentd_util.c 2015-07-03 05:56:47.671378000 -0400 +@@ -75,7 +75,7 @@ + ** PRNG functions on systems whose libraries provide them.) + */ + +-inline int randval(int i) { ++extern __attribute__ ((gnu_inline)) int randval(int i) { + /* Per _Numerical Recipes in C_: */ + return ((double) i * rand() / (RAND_MAX+1.0)); + } +--- a/src/oidentd_util.h 2015-07-03 05:56:32.000000000 -0400 ++++ b/src/oidentd_util.h 2015-07-03 05:56:53.835378000 -0400 +@@ -58,7 +58,7 @@ + int find_group(const char *temp_group, gid_t *gid); + + int random_seed(void); +-inline int randval(int i); ++extern __attribute__ ((gnu_inline)) int randval(int i); + + #ifndef HAVE_SNPRINTF + int snprintf(char *str, size_t n, char const *fmt, ...); diff --git a/net-misc/oidentd/files/oidentd-2.0.8-log-conntrack-fails.patch b/net-misc/oidentd/files/oidentd-2.0.8-log-conntrack-fails.patch new file mode 100644 index 000000000000..d29479ec0284 --- /dev/null +++ b/net-misc/oidentd/files/oidentd-2.0.8-log-conntrack-fails.patch @@ -0,0 +1,52 @@ +From 612f1d85dd59fc39b124392df38586769ebc8add Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> +Date: Fri, 11 Mar 2016 10:00:59 +0100 +Subject: [PATCH] Log Linux core_init failures as normal error +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Opening Linux conntracking table file failure for different reason than +missing the file is fatal for deamon initizalization. But the failure +was logged inly in debugging build. + +This patch makes the fatal error visible in normal log. + +https://bugzilla.redhat.com/show_bug.cgi?id=1316308 +Signed-off-by: Petr Písař <ppisar@redhat.com> +--- + src/kernel/linux.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/kernel/linux.c b/src/kernel/linux.c +index 8bf265f..9103dbf 100644 +--- a/src/kernel/linux.c ++++ b/src/kernel/linux.c +@@ -73,21 +73,21 @@ bool core_init(void) { + masq_fp = fopen(MASQFILE, "r"); + if (masq_fp == NULL) { + if (errno != ENOENT) { +- debug("fopen: %s: %s", MASQFILE, strerror(errno)); ++ o_log(NORMAL, "fopen: %s: %s", MASQFILE, strerror(errno)); + return false; + } + + masq_fp = fopen(CONNTRACK, "r"); + if (masq_fp == NULL) { + if (errno != ENOENT) { +- debug("fopen: %s: %s", CONNTRACK, strerror(errno)); ++ o_log(NORMAL, "fopen: %s: %s", CONNTRACK, strerror(errno)); + return false; + } + + masq_fp = fopen(NFCONNTRACK, "r"); + if (masq_fp == NULL) { + if (errno != ENOENT) { +- debug("fopen: %s: %s", NFCONNTRACK, strerror(errno)); ++ o_log(NORMAL, "fopen: %s: %s", NFCONNTRACK, strerror(errno)); + return false; + } + masq_fp = fopen("/dev/null", "r"); +-- +2.5.0 + diff --git a/net-misc/oidentd/files/oidentd-2.0.8-masquerading.patch b/net-misc/oidentd/files/oidentd-2.0.8-masquerading.patch new file mode 100644 index 000000000000..191e9b95e64d --- /dev/null +++ b/net-misc/oidentd/files/oidentd-2.0.8-masquerading.patch @@ -0,0 +1,43 @@ +--- oidentd.orig/src/kernel/linux.c 2006-05-22 06:58:53.000000000 +0300 ++++ oidentd-2.0.8/src/kernel/linux.c 2007-07-11 21:28:56.000000000 +0300 +@@ -48,6 +48,7 @@ + #define CFILE6 "/proc/net/tcp6" + #define MASQFILE "/proc/net/ip_masquerade" + #define CONNTRACK "/proc/net/ip_conntrack" ++#define NFCONNTRACK "/proc/net/nf_conntrack" + + static int netlink_sock; + extern struct sockaddr_storage proxy; +@@ -82,7 +83,15 @@ + debug("fopen: %s: %s", CONNTRACK, strerror(errno)); + return false; + } +- masq_fp = fopen("/dev/null", "r"); ++ ++ masq_fp = fopen(NFCONNTRACK, "r"); ++ if (masq_fp == NULL) { ++ if (errno != ENOENT) { ++ debug("fopen: %s: %s", NFCONNTRACK, strerror(errno)); ++ return false; ++ } ++ masq_fp = fopen("/dev/null", "r"); ++ } + } + + netfilter = true; +@@ -367,6 +376,15 @@ + &nport_temp, &mport_temp); + } + ++ if (ret != 21) { ++ ret = sscanf(buf, ++ "%*15s %*d %15s %*d %*d ESTABLISHED src=%d.%d.%d.%d dst=%d.%d.%d.%d sport=%d dport=%d packets=%*d bytes=%*d src=%d.%d.%d.%d dst=%d.%d.%d.%d sport=%d dport=%d", ++ proto, &l1, &l2, &l3, &l4, &r1, &r2, &r3, &r4, ++ &masq_lport_temp, &masq_fport_temp, ++ &nl1, &nl2, &nl3, &nl4, &nr1, &nr2, &nr3, &nr4, ++ &nport_temp, &mport_temp); ++ } ++ + if (ret != 21) + continue; + diff --git a/net-misc/oidentd/files/oidentd-2.0.8-no-conntrack-masquerading.patch b/net-misc/oidentd/files/oidentd-2.0.8-no-conntrack-masquerading.patch new file mode 100644 index 000000000000..92ef02523160 --- /dev/null +++ b/net-misc/oidentd/files/oidentd-2.0.8-no-conntrack-masquerading.patch @@ -0,0 +1,41 @@ +From 20a63ad8a90c36397cceedd34887298890dbafa3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> +Date: Fri, 11 Mar 2016 10:38:10 +0100 +Subject: [PATCH] Linux: Do not open conntracking table if masquerading is not + enabled +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The contracking table was always opened. This is unnecessary because +the table is used only when masquerading feature is requested on run +time. + +This patch skips opening the conntracking table on Linux if +masquerading is not requested. + +https://bugzilla.redhat.com/show_bug.cgi?id=1316308 +Signed-off-by: Petr Písař <ppisar@redhat.com> +--- + src/kernel/linux.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/kernel/linux.c b/src/kernel/linux.c +index 9103dbf..859f554 100644 +--- a/src/kernel/linux.c ++++ b/src/kernel/linux.c +@@ -70,6 +70,11 @@ bool netfilter; + */ + bool core_init(void) { + #ifdef MASQ_SUPPORT ++ if (!opt_enabled(MASQ)) { ++ masq_fp = NULL; ++ return true; ++ } ++ + masq_fp = fopen(MASQFILE, "r"); + if (masq_fp == NULL) { + if (errno != ENOENT) { +-- +2.5.0 + diff --git a/net-misc/oidentd/files/oidentd.conf b/net-misc/oidentd/files/oidentd.conf new file mode 100644 index 000000000000..03b28d827802 --- /dev/null +++ b/net-misc/oidentd/files/oidentd.conf @@ -0,0 +1,22 @@ +# Configuration for oidentd +# see oidentd.conf(5) +# +default { + default { + deny spoof + deny spoof_all + deny spoof_privport + allow random + allow random_numeric + allow numeric + deny hide + } +} + +# you may want to hide root connections +#user "root" { +# default { +# force reply "UNKNOWN" +# } +#} + diff --git a/net-misc/oidentd/files/oidentd.service b/net-misc/oidentd/files/oidentd.service new file mode 100644 index 000000000000..bf159d855b8d --- /dev/null +++ b/net-misc/oidentd/files/oidentd.service @@ -0,0 +1,9 @@ +[Unit] +Description=TCP/IP IDENT protocol server + +[Service] +ExecStart=/usr/sbin/oidentd -i -S -u nobody -g nobody +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target diff --git a/net-misc/oidentd/files/oidentd.socket b/net-misc/oidentd/files/oidentd.socket new file mode 100644 index 000000000000..63df7036e543 --- /dev/null +++ b/net-misc/oidentd/files/oidentd.socket @@ -0,0 +1,10 @@ +[Unit] +Description=Ident (RFC 1413) socket +Conflicts=oidentd.service + +[Socket] +ListenStream=113 +Accept=yes + +[Install] +WantedBy=sockets.target diff --git a/net-misc/oidentd/files/oidentd_at.service b/net-misc/oidentd/files/oidentd_at.service new file mode 100644 index 000000000000..ac03a94d6c8a --- /dev/null +++ b/net-misc/oidentd/files/oidentd_at.service @@ -0,0 +1,7 @@ +[Unit] +Description=Ident (RFC 1413) per-connection server + +[Service] +ExecStart=/usr/sbin/oidentd -I -S -u nobody -g nobody +ExecReload=/bin/kill -HUP $MAINPID +StandardInput=socket diff --git a/net-misc/oidentd/files/oidentd_masq.conf b/net-misc/oidentd/files/oidentd_masq.conf new file mode 100644 index 000000000000..6811288ff4cf --- /dev/null +++ b/net-misc/oidentd/files/oidentd_masq.conf @@ -0,0 +1,10 @@ +# oident masquarded connections configuration + +# use this file if your host is masquarading connections for several +# hosts and you want to return a reply based on the hostname of +# the originating machine +# add "-f" to OIDENT_OPTIONS in /etc/conf.d/oidentd if you want +# to forward ident requests to the real host + +# add hosts in the following format, see oidentd_masq.conf(5) for details: +# <ip or host>[/mask] <username> <os> |