diff -u -r oidentd-1.6.4.orig/config.h.in oidentd-1.6.4/config.h.in --- oidentd-1.6.4.orig/config.h.in Tue Jan 18 03:37:19 2000 +++ oidentd-1.6.4/config.h.in Thu May 4 12:27:50 2000 @@ -79,6 +79,9 @@ /* Define if you have the vsnprintf function. */ #undef HAVE_VSNPRINTF +/* Define if you have the udb library (-ludb). */ +#undef HAVE_LIBUDB + /* Name of package */ #undef PACKAGE diff -u -r oidentd-1.6.4.orig/configure.in oidentd-1.6.4/configure.in --- oidentd-1.6.4.orig/configure.in Tue Jan 18 03:37:19 2000 +++ oidentd-1.6.4/configure.in Thu May 4 12:27:50 2000 @@ -56,6 +56,7 @@ AC_DEFINE_UNQUOTED(UPREFIX, "$withval")) AC_CHECK_FUNCS(asprintf dprintf snprintf vsnprintf inet_aton) +AC_CHECK_LIB(udb, main) case "$host_os" in *linux* ) diff -u -r oidentd-1.6.4.orig/oidentd.8 oidentd-1.6.4/oidentd.8 --- oidentd-1.6.4.orig/oidentd.8 Tue Jan 18 03:37:19 2000 +++ oidentd-1.6.4/oidentd.8 Thu May 4 12:27:50 2000 @@ -4,7 +4,7 @@ oidentd, in.oidentd \- TCP/IP IDENT protocol server .SH SYNOPSIS .B oidentd -[ \-AdeFhimnNoqrsSvVwW ] +[ \-AdeFhimnNoqrsSUvVwW ] [ \-a ] [ \-c ] [ \-f ] @@ -152,6 +152,9 @@ .TP .I "\-u or \-u " Run with specified uid or username. +.TP +.I "\-U" +Perform lookups in the UDB shared memory tables, both for connections originating on the local host and masqueraded connections. When a match is found, it will be used instead of the values supplied by the operating system, for either masqueraed entries (with the -m flag) or normal TCP/IP connections. Entries in the table which don't match any local user will be returned verbatim. This allows oidentd to cooperate with other programs (e.g. RADIUS servers or proxies) to give valid replies on dynamic connections. .TP .I "\-x " Upon a failed lookup, will be returned to the client as if the lookup had succeeded. diff -u -r oidentd-1.6.4.orig/src/linux.c oidentd-1.6.4/src/linux.c --- oidentd-1.6.4.orig/src/linux.c Tue Jan 18 03:37:19 2000 +++ oidentd-1.6.4/src/linux.c Thu May 4 12:27:50 2000 @@ -24,6 +24,9 @@ #include #include #include +#ifdef HAVE_LIBUDB +# include +#endif #ifdef MASQ_SUPPORT extern u_long proxy; @@ -265,8 +268,9 @@ return (0); else { if (flags & DEBUG) { - syslog(DPRI, "Forward to %s (%d %d) failed.", - inet_ntoa(fhost), lportm, fportm); + syslog(DPRI, "Forward to %s (%d %d) %s.", + inet_ntoa(fhost), lportm, fportm, + (flags & MASQ)?"failed":"not allowed"); } } } @@ -305,7 +309,34 @@ u_long addr = 0, mask = 0, mask2 = 0; FILE *fp = NULL; u_char buf[1024], *temp; +#ifdef HAVE_LIBUDB + struct udb_ip_user ibuf; + struct in_addr hostaddr; + if (flags & USEUDB) + { + hostaddr.s_addr = host; + + if ((flags & DEBUG)) + syslog(DPRI, "[%s] UDB lookup...", inet_ntoa(hostaddr)); + + if (udb_ip_get(&hostaddr, &ibuf)) + { + strncpy(user, ibuf.username, ursz); + user[ursz] = '\0'; + strncpy(os, "UNIX", ursz); + os[osz] = '\0'; + + if (!(flags & QUIET)) + syslog(PRIORITY, + "Successful UDB lookup: %s : %s", + inet_ntoa(hostaddr), user); + + return (0); + } + } +#endif + fp = fopen(MAP, "r"); if (fp == NULL) { diff -u -r oidentd-1.6.4.orig/src/oidentd.c oidentd-1.6.4/src/oidentd.c --- oidentd-1.6.4.orig/src/oidentd.c Tue Jan 18 03:37:19 2000 +++ oidentd-1.6.4/src/oidentd.c Thu May 4 12:33:02 2000 @@ -23,6 +23,9 @@ #include #include #include +#ifdef HAVE_LIBUDB +# include +#endif static int setup_listen(int listen_port, u_long listen_addr); static int drop_privs(uid_t new_uid, gid_t new_gid); @@ -43,11 +46,11 @@ static u_char *hostlookup(u_long lookup_addr, u_char *hostname, size_t len); #if defined(__linux__) && defined(MASQ_SUPPORT) -# define OPTSTRING "a:Ac:def:Fg:himnNoO:p:P:qrsSt:T:u:vVwWx:" +# define OPTSTRING "a:Ac:def:Fg:himnNoO:p:P:qrsSt:T:u:UvVwWx:" int fwdport, fsock; u_long proxy; #else -# define OPTSTRING "a:Ac:deg:hinNoO:p:qrsSt:T:u:vVwWx:" +# define OPTSTRING "a:Ac:deg:hinNoO:p:qrsSt:T:u:UvVwWx:" #endif u_char *ret_os = "UNIX"; @@ -193,6 +196,11 @@ uid = pw->pw_uid; } break; +#ifdef HAVE_LIBUDB + case 'U': + flags |= USEUDB; + break; +#endif case 'v': case 'V': print_version(); @@ -275,7 +283,17 @@ if (flags & DEBUG) syslog(DPRI, "Error: Can't open kernel memory device, exiting"); exit(-1); - } + } +#endif + +#ifdef HAVE_LIBUDB + if (flags & USEUDB) + if (!udb_init(UDB_ENV_BASE_KEY)) + { + if (flags & DEBUG) + syslog(DPRI, "Error: Can't open UDB shared memory tables, exiting"); + exit(-1); + } #endif signal(SIGALRM, sigalrm); @@ -463,6 +481,62 @@ return (0); } +#ifdef HAVE_LIBUDB +/* +** This function will look up the connection in the UDB shared memory tables. +** +** Return values: +** +** If an entry is found which matches a local username, the function will +** return the matching UID for further processing. +** +** Otherwise, if a non-local match is found, the reply will be sent directly +** to the client and -2 returned. +** +** If no match is found, -1 is returned. +*/ + +int get_udb_user(int lport, + int fport, + const struct in_addr *laddr, + const struct in_addr *faddr, + int sock) +{ + struct udb_connection conn; + struct udb_conn_user buf; + struct passwd *pw; + + memset(&conn, 0, sizeof(conn)); + conn.from.sin_family = AF_INET; + conn.from.sin_addr = *laddr; + conn.from.sin_port = htons(lport); + conn.to.sin_family = AF_INET; + conn.to.sin_addr = *faddr; + conn.to.sin_port = htons(fport); + + if (flags & DEBUG) + syslog(DPRI, "UDB lookup: %s:%d->%s:%d", + inet_ntoa(conn.from.sin_addr), ntohs(conn.from.sin_port), + inet_ntoa(conn.to.sin_addr), ntohs(conn.to.sin_port)); + + if (!udb_conn_get(&conn, &buf)) return (-1); + + /* If the user is local, return his UID */ + if (NULL != (pw = getpwnam(buf.username))) return (pw->pw_uid); + + /* User not local, reply with string from UDB table. */ + dprintf(sock, "%d , %d : USERID : %s%s%s : %s\r\n", lport, fport, + OS("UNIX"), (charset != NULL ? " , " : ""), + (charset != NULL ? charset : (u_char *) ""), buf.username); + + if (!(flags & QUIET)) + syslog(PRIORITY, "[%s] UDB lookup: %d , %d : (returned %s)", + inet_ntoa(*faddr), lport, fport, buf.username); + + return (-2); +} +#endif + /* ** Handle the client's request: read the client data and send the identd reply. */ @@ -519,18 +593,29 @@ return (0); } + /* User ID is unknown .. */ + con_uid = -1; + +#ifdef HAVE_LIBUDB + if (flags & USEUDB) + { + con_uid = get_udb_user(lport, fport, &laddr, &faddr, sock); + if (con_uid == -2) return(0); + } +#endif + + if (con_uid == -1) #ifdef __linux__ - con_uid = get_user(lport, fport, &laddr, &faddr); + con_uid = get_user(lport, fport, &laddr, &faddr); #else - con_uid = get_user(htons(lport), htons(fport), &laddr, &faddr); + con_uid = get_user(htons(lport), htons(fport), &laddr, &faddr); #endif if (con_uid == -1) { #if defined(__linux__) && defined(MASQ_SUPPORT) - if (flags & MASQ) { - if (!masq(sock, lport, fport, &faddr)) - return (0); - } + if (flags & MASQ) + if (!masq(sock, lport, fport, &faddr)) + return (0); #endif if (failuser != NULL) { dprintf(sock, "%d , %d : USERID : %s%s%s : %s\r\n", lport, fport, @@ -1156,6 +1241,9 @@ " -T \toidentd will remain accepting connections when run\n" " \t\twith -w for .\n" " -u \tRun with specified uid.\n" +#ifdef HAVE_LIBUDB +" -U\t\tPerform lookups in UDB shared memory tables.\n" +#endif " -v/-V\t\tDisplay version information and exit.\n" " -w\t\tWait mode.\n" " -x \tIf a query fails, pretend it succeeded, returning \n" Only in oidentd-1.6.4/src: oidentd.c~ diff -u -r oidentd-1.6.4.orig/src/oidentd.h oidentd-1.6.4/src/oidentd.h --- oidentd-1.6.4.orig/src/oidentd.h Tue Jan 18 03:37:19 2000 +++ oidentd-1.6.4/src/oidentd.h Thu May 4 12:27:50 2000 @@ -63,6 +63,7 @@ #define FWD 0x8000 #define PROXY 0x10000 #define QUIET 0x20000 +#define USEUDB 0x40000 /* ** Maximum length of identd replies