diff options
| -rw-r--r-- | INSTALL | 2 | ||||
| -rw-r--r-- | NEWS | 6 | ||||
| -rw-r--r-- | doc/index.html | 5 | ||||
| -rw-r--r-- | doc/libs6net/ident.html | 3 | ||||
| -rw-r--r-- | doc/minidentd.html | 84 | ||||
| -rw-r--r-- | doc/s6-ident-client.html | 2 | ||||
| -rw-r--r-- | doc/upgrade.html | 8 | ||||
| -rw-r--r-- | package/deps.mak | 5 | ||||
| -rw-r--r-- | package/info | 2 | ||||
| -rw-r--r-- | package/modes | 1 | ||||
| -rw-r--r-- | package/targets.mak | 12 | ||||
| -rwxr-xr-x | src/minidentd/deps-exe/minidentd | 6 | ||||
| -rw-r--r-- | src/minidentd/mgetuid-default.c | 16 | ||||
| -rw-r--r-- | src/minidentd/mgetuid-linux.c | 184 | ||||
| -rw-r--r-- | src/minidentd/mgetuid.h | 12 | ||||
| -rw-r--r-- | src/minidentd/minidentd.c | 275 |
16 files changed, 21 insertions, 602 deletions
@@ -6,7 +6,7 @@ Build Instructions - A POSIX-compliant C development environment - GNU make version 3.81 or later - - skalibs version 2.10.0.3 or later: https://skarnet.org/software/skalibs/ + - skalibs version 2.11.0.0 or later: https://skarnet.org/software/skalibs/ - Optional (but recommended): execline version 2.8.0.1 or later: https://skarnet.org/software/execline/ - s6 version 2.10.0.3 or later: https://skarnet.org/software/s6/ - s6-dns version 2.3.5.1 or later: https://skarnet.org/software/s6-dns/ @@ -1,5 +1,11 @@ Changelog for s6-networking. +In 2.5.0.0 +---------- + + - minidentd has been removed + + In 2.4.2.0 ---------- diff --git a/doc/index.html b/doc/index.html index be03d73..9da2ca0 100644 --- a/doc/index.html +++ b/doc/index.html @@ -55,7 +55,7 @@ as extensions to the s6 ecosystem. <li> A POSIX-compliant system with a standard C development environment </li> <li> GNU make, version 3.81 or later </li> <li> <a href="//skarnet.org/software/skalibs/">skalibs</a> version -2.10.0.3 or later. It's a build-time requirement. It's also a run-time +2.11.0.0 or later. It's a build-time requirement. It's also a run-time requirement if you link against the shared version of the skalibs library. </li> <li> (Optional, but recommended) <a href="//skarnet.org/software/execline/">execline</a> version @@ -91,7 +91,7 @@ run-time requirement if you link against its shared version. </li> <ul> <li> The current released version of s6-networking is -<a href="s6-networking-2.4.2.0.tar.gz">2.4.2.0</a>. </li> +<a href="s6-networking-2.5.0.0.tar.gz">2.5.0.0</a>. </li> <li> Alternatively, you can checkout a copy of the <a href="//git.skarnet.org/cgi-bin/cgit.cgi/s6-networking/">s6-networking git repository</a>: @@ -175,7 +175,6 @@ relevant page. <ul> <li><a href="s6-ident-client.html">The <tt>s6-ident-client</tt> program</a></li> -<li><a href="minidentd.html">The <tt>minidentd</tt> program</a></li> </ul> <h4> Miscellaneous utilities </h4> diff --git a/doc/libs6net/ident.html b/doc/libs6net/ident.html index 0b6a9c5..c8b4b2a 100644 --- a/doc/libs6net/ident.html +++ b/doc/libs6net/ident.html @@ -32,8 +32,7 @@ and implemented in the <tt>libs6net.a</tt> or <tt>libs6net.so</tt> library. <p> Please note that this protocol is of historical interest exclusively; -this client, as well as the <a href="../minidentd.html">minidentd</a> -server, is only provided for convenience and interoperability with +this client is only provided for convenience and interoperability with legacy systems. The IDENT protocol absolutely cannot be relied on for any kind of authentication or secure operation. </p> diff --git a/doc/minidentd.html b/doc/minidentd.html deleted file mode 100644 index d1fb546..0000000 --- a/doc/minidentd.html +++ /dev/null @@ -1,84 +0,0 @@ -<html> - <head> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /> - <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> - <meta http-equiv="Content-Language" content="en" /> - <title>s6-networking: the minidentd program</title> - <meta name="Description" content="s6-networking: the minidentd program" /> - <meta name="Keywords" content="s6-networking minidentd identd ident server rfc 1413" /> - <!-- <link rel="stylesheet" type="text/css" href="//skarnet.org/default.css" /> --> - </head> -<body> - -<p> -<a href="index.html">s6-networking</a><br /> -<a href="//skarnet.org/software/">Software</a><br /> -<a href="//skarnet.org/">skarnet.org</a> -</p> - -<h1> The <tt>minidentd</tt> program </h1> - -<p> -<tt>minidentd</tt> is a small -<a href="https://cr.yp.to/proto/ucspi.txt">UCSPI</a> server application -that answers IDENT requests. -</p> - -<h2> Interface </h2> - -<pre> - minidentd [ -v ] [ -n | -i | -r ] [ -y <em>file</em> ] [ -t <em>timeout</em> ] -</pre> - -<p> -<tt>minidentd</tt> reads a series of IDENT requests on stdin and answers -them on stdout. It logs what it's doing on stderr. The environment -variables <em>x</em>LOCALIP and <em>x</em>REMOTEIP, where <em>x</em> is -the value of the PROTO environment variable, must contain the IDENT -server address and the IDENT client address, respectively. -</p> - -<p> - minidentd exits 0 on success, 100 on a usage error and 111 on a system -call failure. -</p> - -<p> - minidentd does not contact the network directly. It's meant to -run under a super-server like -<a href="s6-tcpserver.html">s6-tcpserver</a>. minidentd will -work with IPv4 as well as IPv6. -</p> - -<h2> Options </h2> - -<ul> - <li> <tt>-v</tt> : verbose mode. Log queries and replies. </li> - <li> <tt>-n</tt> : send ERROR : HIDDEN-USER replies if -the user has a <tt>.ident</tt> file in their home directory. </li> - <li> <tt>-i</tt> : user-defined answers. The first 14 chars of the -user's <tt>.ident</tt> file, up to EOF or newline, are used instead of -the user name. If the file exists and is empty, send -ERROR : HIDDEN-USER. If it doesn't exist, send a normal reply. </li> - <li> <tt>-r</tt> : send random replies. </li> - <li> <tt>-y <em>file</em></tt> : valid with <tt>-n</tt> or <tt>-i</tt>. -Use <em>file</em> instead of <tt>.ident</tt>. </li> - <li> <tt>-t <em>timeout</em></tt> : close connection after -<em>timeout</em> milliseconds without a client request. </li> -</ul> - -<h2> Notes </h2> - -<ul> - <li> minidentd works only under Linux (2.2 or later); -on other systems, it will compile and run, but report an error for every -request. -The problem is that <em>there is no portable Unix way</em> of listing active -outgoing TCP connections with the relevant uids. On Linux, minidentd parses -the <tt>/proc/net/tcp</tt> or <tt>/proc/net/tcp6</tt> virtual file. Other -systems have their own way of doing this, if you want your system to be -supported by minidentd, please contact the author. </li> -</ul> - -</body> -</html> diff --git a/doc/s6-ident-client.html b/doc/s6-ident-client.html index ed44479..9a7d8be 100644 --- a/doc/s6-ident-client.html +++ b/doc/s6-ident-client.html @@ -5,7 +5,7 @@ <meta http-equiv="Content-Language" content="en" /> <title>s6-networking: the s6-ident-client program</title> <meta name="Description" content="s6-networking: the s6-ident-client program" /> - <meta name="Keywords" content="s6-networking minidentd identd ident client rfc 1413" /> + <meta name="Keywords" content="s6-networking identd ident client rfc 1413" /> <!-- <link rel="stylesheet" type="text/css" href="//skarnet.org/default.css" /> --> </head> <body> diff --git a/doc/upgrade.html b/doc/upgrade.html index f174e74..af9f7e6 100644 --- a/doc/upgrade.html +++ b/doc/upgrade.html @@ -18,6 +18,14 @@ <h1> What has changed in s6-networking </h1> +<h2> in 2.5.0.0 </h2> + +<ul> + <li> <a href="//skarnet.org/software/skalibs/">skalibs</a> +dependency bumped to 2.11.0.0 </li> + <li> The obsolete <tt>minidentd</tt> program has been removed. </li> +</ul> + <h2> in 2.4.2.0 </h2> <ul> diff --git a/package/deps.mak b/package/deps.mak index 030f842..8776328 100644 --- a/package/deps.mak +++ b/package/deps.mak @@ -24,9 +24,6 @@ src/libs6net/s6net_ident_client.o src/libs6net/s6net_ident_client.lo: src/libs6n src/libs6net/s6net_ident_error.o src/libs6net/s6net_ident_error.lo: src/libs6net/s6net_ident_error.c src/include/s6-networking/ident.h src/libs6net/s6net_ident_reply_get.o src/libs6net/s6net_ident_reply_get.lo: src/libs6net/s6net_ident_reply_get.c src/include/s6-networking/ident.h src/libs6net/s6net_ident_reply_parse.o src/libs6net/s6net_ident_reply_parse.lo: src/libs6net/s6net_ident_reply_parse.c src/include/s6-networking/ident.h -src/minidentd/mgetuid-default.o src/minidentd/mgetuid-default.lo: src/minidentd/mgetuid-default.c src/minidentd/mgetuid.h -src/minidentd/mgetuid-linux.o src/minidentd/mgetuid-linux.lo: src/minidentd/mgetuid-linux.c src/minidentd/mgetuid.h -src/minidentd/minidentd.o src/minidentd/minidentd.lo: src/minidentd/minidentd.c src/minidentd/mgetuid.h src/sbearssl/sbearssl_append.o src/sbearssl/sbearssl_append.lo: src/sbearssl/sbearssl_append.c src/sbearssl/sbearssl-internal.h src/sbearssl/sbearssl_cert_from.o src/sbearssl/sbearssl_cert_from.lo: src/sbearssl/sbearssl_cert_from.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl_cert_readbigpem.o src/sbearssl/sbearssl_cert_readbigpem.lo: src/sbearssl/sbearssl_cert_readbigpem.c src/include/s6-networking/sbearssl.h @@ -142,8 +139,6 @@ libs6net.a.xyzzy: src/libs6net/s6net_ident_client.lo src/libs6net/s6net_ident_re endif libs6net.so.xyzzy: EXTRA_LIBS := -lskarnet libs6net.so.xyzzy: src/libs6net/s6net_ident_client.lo src/libs6net/s6net_ident_reply_get.lo src/libs6net/s6net_ident_reply_parse.lo src/libs6net/s6net_ident_error.lo -minidentd: EXTRA_LIBS := -lskarnet ${MAYBEPTHREAD_LIB} ${SOCKET_LIB} ${SYSCLOCK_LIB} -minidentd: src/minidentd/minidentd.o src/minidentd/mgetuid.o ${LIBNSSS} ifeq ($(strip $(STATIC_LIBS_ARE_PIC)),) libsbearssl.a.xyzzy: src/sbearssl/sbearssl_append.o src/sbearssl/sbearssl_cert_from.o src/sbearssl/sbearssl_cert_readbigpem.o src/sbearssl/sbearssl_cert_readfile.o src/sbearssl/sbearssl_cert_to.o src/sbearssl/sbearssl_choose_algos_ec.o src/sbearssl/sbearssl_choose_algos_rsa.o src/sbearssl/sbearssl_choose_hash.o src/sbearssl/sbearssl_client_init_and_run.o src/sbearssl/sbearssl_drop.o src/sbearssl/sbearssl_ec_issuer_keytype.o src/sbearssl/sbearssl_ec_pkey_from.o src/sbearssl/sbearssl_ec_pkey_to.o src/sbearssl/sbearssl_ec_skey_from.o src/sbearssl/sbearssl_ec_skey_to.o src/sbearssl/sbearssl_error_str.o src/sbearssl/sbearssl_get_keycert.o src/sbearssl/sbearssl_get_tas.o src/sbearssl/sbearssl_isder.o src/sbearssl/sbearssl_pem_decode_from_buffer.o src/sbearssl/sbearssl_pem_decode_from_string.o src/sbearssl/sbearssl_pem_push.o src/sbearssl/sbearssl_pkey_from.o src/sbearssl/sbearssl_pkey_to.o src/sbearssl/sbearssl_rsa_pkey_from.o src/sbearssl/sbearssl_rsa_pkey_to.o src/sbearssl/sbearssl_rsa_skey_from.o src/sbearssl/sbearssl_rsa_skey_to.o src/sbearssl/sbearssl_run.o src/sbearssl/sbearssl_sctx_init_full_generic.o src/sbearssl/sbearssl_sctx_set_policy_sni.o src/sbearssl/sbearssl_send_environment.o src/sbearssl/sbearssl_server_init_and_run.o src/sbearssl/sbearssl_skey_from.o src/sbearssl/sbearssl_skey_readfile.o src/sbearssl/sbearssl_skey_storagelen.o src/sbearssl/sbearssl_skey_to.o src/sbearssl/sbearssl_skey_wipe.o src/sbearssl/sbearssl_sni_policy_add_keypair_file.o src/sbearssl/sbearssl_sni_policy_init.o src/sbearssl/sbearssl_sni_policy_nkeypairs.o src/sbearssl/sbearssl_sni_policy_vtable.o src/sbearssl/sbearssl_suite_bits.o src/sbearssl/sbearssl_suite_list.o src/sbearssl/sbearssl_suite_name.o src/sbearssl/sbearssl_ta_cert.o src/sbearssl/sbearssl_ta_certs.o src/sbearssl/sbearssl_ta_from.o src/sbearssl/sbearssl_ta_readdir.o src/sbearssl/sbearssl_ta_readfile.o src/sbearssl/sbearssl_ta_to.o src/sbearssl/sbearssl_x500_from_ta.o src/sbearssl/sbearssl_x500_name_len.o src/sbearssl/sbearssl_x509_minimal_set_tai.o src/sbearssl/sbearssl_x509_small_init_full.o src/sbearssl/sbearssl_x509_small_vtable.o else diff --git a/package/info b/package/info index 342e4dd..f67528d 100644 --- a/package/info +++ b/package/info @@ -1,4 +1,4 @@ package=s6-networking -version=2.4.2.0 +version=2.5.0.0 category=net package_macro_name=S6_NETWORKING diff --git a/package/modes b/package/modes index 1bbc527..2327ea2 100644 --- a/package/modes +++ b/package/modes @@ -14,7 +14,6 @@ s6-clockview 0755 s6-sntpclock 0755 s6-taiclock 0755 s6-taiclockd 0755 -minidentd 0755 s6-tlsclient 0755 s6-tlsc 0755 s6-tlsc-io 0755 diff --git a/package/targets.mak b/package/targets.mak index 474ea2d..4fa79dc 100644 --- a/package/targets.mak +++ b/package/targets.mak @@ -14,22 +14,12 @@ s6-clockadd \ s6-clockview \ s6-sntpclock \ s6-taiclock \ -s6-taiclockd \ -minidentd +s6-taiclockd LIBEXEC_TARGETS := LIB_DEFS := S6NET=s6net -EXTRA_TARGETS := src/minidentd/mgetuid.c - -src/minidentd/mgetuid.c: src/minidentd/mgetuid-linux.c src/minidentd/mgetuid-default.c - @if grep -q -iF -- -linux $(sysdeps)/target 2>/dev/null ; then \ - ln -sf mgetuid-linux.c src/minidentd/mgetuid.c ; \ - else \ - ln -sf mgetuid-default.c src/minidentd/mgetuid.c ; \ - fi - ifneq ($(SSL_IMPL),) BIN_TARGETS += s6-tlsclient s6-tlsc s6-tlsc-io s6-tlsserver s6-tlsd s6-tlsd-io s6-ucspitlsc s6-ucspitlsd diff --git a/src/minidentd/deps-exe/minidentd b/src/minidentd/deps-exe/minidentd deleted file mode 100755 index 572ca89..0000000 --- a/src/minidentd/deps-exe/minidentd +++ /dev/null @@ -1,6 +0,0 @@ -mgetuid.o -${LIBNSSS} --lskarnet -${MAYBEPTHREAD_LIB} -${SOCKET_LIB} -${SYSCLOCK_LIB} diff --git a/src/minidentd/mgetuid-default.c b/src/minidentd/mgetuid-default.c deleted file mode 100644 index 5c9f1d2..0000000 --- a/src/minidentd/mgetuid-default.c +++ /dev/null @@ -1,16 +0,0 @@ -/* ISC license. */ - -#include <sys/types.h> -#include <stdint.h> -#include <errno.h> -#include <skalibs/ip46.h> -#include "mgetuid.h" - -uid_t mgetuid (ip46_t const *localaddr, uint16_t localport, ip46_t const *remoteaddr, uint16_t remoteport) -{ - (void)localaddr ; - (void)localport ; - (void)remoteaddr ; - (void)remoteport ; - return (errno = ENOSYS, -2) ; -} diff --git a/src/minidentd/mgetuid-linux.c b/src/minidentd/mgetuid-linux.c deleted file mode 100644 index f374adf..0000000 --- a/src/minidentd/mgetuid-linux.c +++ /dev/null @@ -1,184 +0,0 @@ -/* ISC license. */ - -#include <sys/types.h> -#include <string.h> -#include <stdint.h> -#include <skalibs/uint64.h> -#include <skalibs/types.h> -#include <skalibs/fmtscan.h> -#include <skalibs/buffer.h> -#include <skalibs/stralloc.h> -#include <skalibs/djbunix.h> -#include <skalibs/ip46.h> -#include <skalibs/skamisc.h> -#include "mgetuid.h" - -#ifdef DEBUG -#include <skalibs/strerr2.h> -#define bug(a) do { strerr_warn4x("bug parsing ", a, "remaining: ", cur) ; return 0 ; } while (0) -#else -#define bug(a) return 0 -#endif - -#define LINESIZE 256 - -static int skipspace (char **s) -{ - while (**s && ((**s == ' ') || (**s == '\t'))) - (*s)++ ; - return (int)**s ; -} - -static void reverse_address (char *s, size_t n) -{ - size_t i = n >> 1 ; - while (i--) - { - char tmp = s[i] ; - s[i] = s[n-1-i] ; - s[n-1-i] = tmp ; - } -} - -static int parseline (char *s, size_t len, uid_t *u, char *la, uint16_t *lp, char *ra, uint16_t *rp, int is6) -{ - char *cur = s ; - size_t pos ; - uint64_t uu ; - uint32_t junk ; - unsigned int iplen = is6 ? 16 : 4 ; - - if (!skipspace(&cur)) bug("initial whitespace") ; - pos = uint32_scan(cur, &junk) ; /* sl */ - if (!pos || (cur-s+1+pos) > len) bug("sl") ; - cur += pos ; - if ((*cur++) != ':') bug("sl:") ; - if (!skipspace(&cur)) bug("sl: SPACE") ; - - if ((cur - s + 1 + iplen) > len) bug("local_address") ; - pos = ucharn_scan(cur, la, iplen) ; /* local_address */ - reverse_address(la, iplen) ; - if (!pos) bug("local_address") ; - cur += pos ; - if ((*cur++) != ':') bug("local_address:") ; - - pos = uint16_xscan(cur, lp) ; /* :port */ - if (!pos || (cur-s+pos) > len) bug("local_port") ; - cur += pos ; - if (!skipspace(&cur)) bug("local_port SPACE") ; - - if ((cur - s + 1 + iplen) > len) bug("remote_address") ; - pos = ucharn_scan(cur, ra, iplen) ; /* remote_address */ - reverse_address(ra, iplen) ; - if (!pos) bug("remote_address") ; - cur += pos ; - if ((*cur++) != ':') bug("remote_address:") ; - - pos = uint16_xscan(cur, rp) ; /* :port */ - if (!pos || (cur-s+pos) > len) bug("remote_port") ; - cur += pos ; - if (!skipspace(&cur)) bug("remote_port SPACE"); - - pos = uint32_xscan(cur, &junk) ; /* st */ - if (!pos || (cur-s+pos) > len) bug("st") ; - cur += pos ; - if (!skipspace(&cur)) bug("st SPACE") ; - pos = uint32_xscan(cur, &junk) ; /* tx_queue */ - if (!pos || (cur-s+1+pos) > len) bug("tx_queue") ; - cur += pos ; - if ((*cur++) != ':') bug("tx_queue:") ; - pos = uint32_xscan(cur, &junk) ; /* rx_queue */ - if (!pos || (cur-s+pos) > len) bug("rx_queue") ; - cur += pos ; - if (!skipspace(&cur)) bug("rx_queue SPACE") ; - pos = uint32_xscan(cur, &junk) ; /* tr */ - if (!pos || (cur-s+1+pos) > len) bug("tr") ; - cur += pos ; - if ((*cur++) != ':') bug("tr:") ; - pos = uint32_xscan(cur, &junk) ; /* tm->when */ - if (!pos || (cur-s+pos) > len) bug("tm->when") ; - cur += pos ; - if (!skipspace(&cur)) bug("tm->when SPACE") ; - pos = uint32_xscan(cur, &junk) ; /* retrnsmt */ - if (!pos || (cur-s+pos) > len) bug("retrnsmt") ; - cur += pos ; - - if (!skipspace(&cur)) bug("retrnsmt SPACE") ; - pos = uint64_scan(cur, &uu) ; /* uid */ - if (!pos || (cur-s+1+pos) > len) bug("uid") ; - *u = uu ; - return 1 ; -} - -#ifdef DEBUG - -static void debuglog (uint16_t a, uint16_t b, unsigned int c, char const *d, char const *e, int is6) -{ - char sa[UINT16_FMT] ; - char sb[UINT16_FMT] ; - char sc[UINT_FMT] ; - char sd[IP46_FMT] ; - char se[IP46_FMT] ; - - sa[uint16_fmt(sa, a)] = 0 ; - sb[uint16_fmt(sb, b)] = 0 ; - sc[uint_fmt(sc, c)] = 0 ; - sd[is6 ? ip6_fmt(sd, d) : ip4_fmt(sd, d)] = 0 ; - se[is6 ? ip6_fmt(se, e) : ip4_fmt(se, e)] = 0 ; - - buffer_puts(buffer_2, sd) ; - buffer_puts(buffer_2, ":") ; - buffer_puts(buffer_2, sa) ; - buffer_puts(buffer_2, " , ") ; - buffer_puts(buffer_2, se) ; - buffer_puts(buffer_2, ":") ; - buffer_puts(buffer_2, sb) ; - buffer_puts(buffer_2, " -> ") ; - buffer_puts(buffer_2, sc) ; - buffer_putsflush(buffer_2, "\n") ; -} - -#endif - -uid_t mgetuid (ip46_t const *localaddr, uint16_t localport, ip46_t const *remoteaddr, uint16_t remoteport) -{ - int r ; - uid_t u = -2 ; - stralloc line = STRALLOC_ZERO ; - buffer b ; - char y[BUFFER_INSIZE] ; - int is6 = ip46_is6(localaddr) ; - int fd = open_readb(is6 ? "/proc/net/tcp6" : "/proc/net/tcp") ; - if (fd == -1) return -2 ; - buffer_init(&b, &buffer_read, fd, y, BUFFER_INSIZE_SMALL) ; - if (skagetln(&b, &line, '\n') < 1) goto err ; -#ifdef DEBUG - line.s[line.len-1] = 0 ; - debuglog(localport, remoteport, 65535, localaddr->ip, remoteaddr->ip, is6) ; -#endif - for (;;) - { - char la[16] ; - char ra[16] ; - uid_t nu ; - uint16_t lp, rp ; - line.len = 0 ; - r = skagetln(&b, &line, '\n') ; - if (r <= 0) { u = -1 ; break ; } - line.s[line.len-1] = 0 ; - if (!parseline(line.s, line.len, &nu, la, &lp, ra, &rp, is6)) break ; -#ifdef DEBUG - debuglog(lp, rp, nu, la, ra, is6) ; -#endif - if ((lp == localport) && (rp == remoteport) - && !memcmp(la, localaddr->ip, is6 ? 16 : 4) - && !memcmp(ra, remoteaddr->ip, is6 ? 16 : 4)) - { - u = nu ; break ; - } - } - stralloc_free(&line) ; - err: - fd_close(fd) ; - return u ; -} diff --git a/src/minidentd/mgetuid.h b/src/minidentd/mgetuid.h deleted file mode 100644 index 4b882e4..0000000 --- a/src/minidentd/mgetuid.h +++ /dev/null @@ -1,12 +0,0 @@ -/* ISC license. */ - -#ifndef MGETUID_H -#define MGETUID_H - -#include <sys/types.h> -#include <stdint.h> -#include <skalibs/ip46.h> - -extern uid_t mgetuid (ip46_t const *, uint16_t, ip46_t const *, uint16_t) ; - -#endif diff --git a/src/minidentd/minidentd.c b/src/minidentd/minidentd.c deleted file mode 100644 index a5115b7..0000000 --- a/src/minidentd/minidentd.c +++ /dev/null @@ -1,275 +0,0 @@ -/* ISC license. */ - -#include <string.h> -#include <stdint.h> -#include <unistd.h> -#include <errno.h> -#include <pwd.h> - -#include <skalibs/types.h> -#include <skalibs/allreadwrite.h> -#include <skalibs/bytestr.h> -#include <skalibs/fmtscan.h> -#include <skalibs/buffer.h> -#include <skalibs/strerr2.h> -#include <skalibs/stralloc.h> -#include <skalibs/env.h> -#include <skalibs/djbunix.h> -#include <skalibs/sgetopt.h> -#include <skalibs/tai.h> -#include <skalibs/random.h> -#include <skalibs/unix-timed.h> - -#include "mgetuid.h" - -#define USAGE "minidentd [ -v ] [ -n | -i | -r ] [ -y file ] [ -t timeout ]" -#define dieusage() strerr_dieusage(100, USAGE) - - -static int how = 0 ; -static int flagverbose = 0 ; -static char const *userfile = ".ident" ; - -static tain_t deadline ; -static unsigned int nquery = 0 ; -static char logfmt[UINT_FMT] ; - -#define godecimal(s) while (*(s) && !strchr("0123456789", *(s))) (s)++ - -static int parseline (char const *s, uint16_t *localport, uint16_t *remoteport) -{ - size_t pos ; - godecimal(s) ; - if (!*s) return 0 ; - pos = uint16_scan(s, localport) ; - if (!pos) return 0 ; - s += pos ; - if (!*s) return 0 ; - s += str_chr(s, ',') ; - if (*s) s++ ; - godecimal(s) ; - if (!*s) return 0 ; - if (!uint16_scan(s, remoteport)) return 0 ; - return 1 ; -} - -static void formatlr (char *s, uint16_t lp, uint16_t rp) -{ - s += uint16_fmt(s, lp) ; - *s++ = ',' ; - *s++ = ' ' ; - s += uint16_fmt(s, rp) ; - *s = 0 ; -} - -static void reply (char const *s, char const *r, char const *info) -{ - buffer_puts(buffer_1small, s) ; - buffer_put(buffer_1small, " : ", 3) ; - buffer_puts(buffer_1small, r) ; - buffer_put(buffer_1small, " : ", 3) ; - buffer_puts(buffer_1small, info) ; - buffer_put(buffer_1small, "\r\n", 2) ; - if (!buffer_timed_flush_g(buffer_1small, &deadline)) - strerr_diefu1sys(111, "write to stdout") ; -} - -static void logquery (char const *s) -{ - if (!flagverbose) return ; - buffer_puts(buffer_2, PROG) ; - buffer_puts(buffer_2, ": info : query ") ; - logfmt[uint_fmt(logfmt, ++nquery)] = 0 ; - buffer_puts(buffer_2, logfmt) ; - buffer_put(buffer_2, ": ", 2) ; - buffer_puts(buffer_2, s) ; - buffer_putflush(buffer_2, "\n", 1) ; -} - -static void logreply (char const *type, char const *reply1, char const *reply2) -{ - if (!flagverbose) return ; - buffer_puts(buffer_2, PROG) ; - buffer_puts(buffer_2, ": info: reply type ") ; - buffer_puts(buffer_2, type) ; - buffer_put(buffer_2, ": ", 2) ; - buffer_puts(buffer_2, logfmt) ; - buffer_put(buffer_2, ": ", 2) ; - buffer_puts(buffer_2, reply1) ; - buffer_put(buffer_2, ": ", 2) ; - buffer_puts(buffer_2, reply2) ; - buffer_putflush(buffer_2, "\n", 1) ; -} - -static int userident (char *s, char const *home) -{ - int fd ; - size_t r = 1 ; - { - size_t homelen = strlen(home) ; - size_t userlen = strlen(userfile) ; - char tmp[homelen + userlen + 2] ; - memcpy(tmp, home, homelen) ; - tmp[homelen] = '/' ; - memcpy(tmp + homelen + 1, userfile, userlen + 1) ; - fd = open_readb(tmp) ; - } - if (fd == -1) return (errno != ENOENT) ? -1 : 0 ; - if (how == 1) - { - fd_close(fd) ; - return 1 ; - } - r = allread(fd, s, 14) ; - fd_close(fd) ; - if (!r) return 1 ; - s[r] = 0 ; - s[byte_chr(s, r, '\n')] = 0 ; - return 2 ; -} - - -static void doit (char const *s, ip46_t const *localaddr, ip46_t const *remoteaddr) -{ - char lr[15] ; - uint16_t localport, remoteport ; - struct passwd *pw ; - uid_t uid ; - if (!parseline(s, &localport, &remoteport)) - { - reply("0, 0", "ERROR", "INVALID-PORT") ; - return ; - } - formatlr(lr, localport, remoteport) ; - logquery(lr) ; - - uid = mgetuid(localaddr, localport, remoteaddr, remoteport) ; - if (uid == -2) - { - strerr_warnwu1sys("get uid") ; - reply(lr, "ERROR", "UNKNOWN-ERROR") ; - return ; - } - else if (uid == -1) - { - reply(lr, "ERROR", "NO-USER") ; - logreply("error", "ERROR", "NO-USER") ; - return ; - } - - if (how == 3) - { - char name[9] ; - char fmt[4 + UINT_FMT] = "uid " ; - fmt[4 + uint_fmt(fmt+4, uid)] = 0 ; - random_name(name, 8) ; - reply(lr, "UNIX", name) ; - logreply("random", fmt, name) ; - return ; - } - - pw = getpwuid(uid) ; - if (!pw) - { - char fmt[UINT_FMT] ; - fmt[uint_fmt(fmt, uid)] = 0 ; - strerr_warnw2x("unknown uid ", fmt) ; - reply(lr, "ERROR", "UNKNOWN-ERROR") ; - return ; - } - - if (how) - { - char s[15] ; - int r = userident(s, pw->pw_dir) ; - if ((how == 1) || (r == 1)) - { - reply(lr, "ERROR", "HIDDEN-USER") ; - logreply("user", "ERROR", "HIDDEN-USER") ; - return ; - } - else if (r == 2) - { - reply(lr, "USERID : UNIX", s) ; - logreply("user", "UNIX", s) ; - return ; - } - } - - reply(lr, "USERID : UNIX", pw->pw_name) ; - logreply("user", "UNIX", pw->pw_name) ; -} - - -int main (int argc, char const *const *argv, char const *const *envp) -{ - stralloc line = STRALLOC_ZERO ; - tain_t tto ; - ip46_t localaddr, remoteaddr ; - PROG = "minidentd" ; - - { - subgetopt_t l = SUBGETOPT_ZERO ; - unsigned int t = 0 ; - for (;;) - { - int opt = subgetopt_r(argc, argv, "vniry:t:", &l) ; - if (opt == -1) break ; - switch (opt) - { - case 'v' : flagverbose = 1 ; break ; - case 'n' : how = 1 ; break ; - case 'i' : how = 2 ; break ; - case 'r' : how = 3 ; break ; - case 'y' : userfile = l.arg ; break ; - case 't' : if (!uint0_scan(l.arg, &t)) dieusage() ; break ; - default : dieusage() ; - } - } - if (t) tain_from_millisecs(&tto, t) ; else tto = tain_infinite_relative ; - argc -= l.ind ; argv += l.ind ; - } - - { - char const *proto = env_get2(envp, "PROTO") ; - if (!proto) strerr_dienotset(100, "PROTO") ; - { - char const *x ; - size_t protolen = strlen(proto) ; - char tmp[protolen + 9] ; - memcpy(tmp, proto, protolen) ; - memcpy(tmp + protolen, "LOCALIP", 8) ; - x = env_get2(envp, tmp) ; - if (!x) strerr_dienotset(100, tmp) ; - if (!ip46_scan(x, &localaddr)) strerr_dieinvalid(100, tmp) ; - memcpy(tmp + protolen, "REMOTEIP", 9) ; - x = env_get2(envp, tmp) ; - if (!x) strerr_dienotset(100, tmp) ; - if (!ip46_scan(x, &remoteaddr)) strerr_dieinvalid(100, tmp) ; - } - } - - if (ip46_is6(&localaddr) != ip46_is6(&remoteaddr)) - strerr_dief1x(100, "local and remote address not of the same family") ; - if (!random_init()) - strerr_diefu1sys(111, "init random generator") ; - - tain_now_set_stopwatch_g() ; - - for (;;) - { - int r ; - line.len = 0 ; - tain_add_g(&deadline, &tto) ; - r = timed_getln_g(buffer_0small, &line, '\n', &deadline) ; - if (r == -1) - { - if (errno == ETIMEDOUT || errno == ECONNRESET) return 1 ; - else strerr_diefu1sys(111, "read from stdin") ; - } - if (!r) break ; - line.s[line.len - 1] = 0 ; - doit(line.s, &localaddr, &remoteaddr) ; - } - return 0 ; -} |