This is the working internal ident service. Turn it on by setting

the make variable REAL_IDENT, and ~/.fakeid support can be added with FAKEID set. Note that the default behavior is the same as the old behavior.
1999-07-15 01:34:02 +00:00 · 1999-07-15 01:34:02 +00:00 · 7396d5d8d0
commit 7396d5d8d0
parent d808513020
3 changed files with 109 additions and 21 deletions
--- a/etc/inetd.conf
+++ b/etc/inetd.conf
@ -1,4 +1,4 @@
-#	$Id: inetd.conf,v 1.33 1998/12/01 22:01:59 dillon Exp $
+#	$Id: inetd.conf,v 1.34 1999/07/15 01:06:13 ache Exp $
 #
 # Internet server configuration database
 #
@ -63,7 +63,8 @@ ntalk	dgram	udp	wait	tty:tty	/usr/libexec/ntalkd	ntalkd
 #
 #imap4	stream	tcp	nowait	root	/usr/local/libexec/imapd	imapd
 #
-# Return error for all "ident" requests
+# Compiled with -DREAL_IDENT, this is a fully functional ident service.
 # By default, this is an ident service which returns error on any request.
 #
 #ident	stream	tcp	nowait	root	internal
 #
--- a/usr.sbin/inetd/Makefile
+++ b/usr.sbin/inetd/Makefile
@ -1,5 +1,5 @@
 #	@(#)Makefile	8.1 (Berkeley) 6/6/93
-#	$Id: Makefile,v 1.9 1999/06/17 09:16:06 sheldonh Exp $
+#	$Id: Makefile,v 1.10 1999/06/27 18:05:33 sheldonh Exp $
 PROG=	inetd
 MAN8=	inetd.8
@ -7,6 +7,12 @@ MLINKS=	inetd.8 inetd.conf.5
 COPTS+=	-Wall -DLOGIN_CAP
 #COPTS+=	-DSANITY_CHECK
 .ifdef REAL_IDENT
 COPTS+= -DREAL_IDENT
 .ifdef FAKEID
 COPTS+= -DFAKEID
 .endif
 .endif
 DPADD+=	${LIBUTIL} ${LIBWRAP}
 LDADD+=	-lutil -lwrap
--- a/usr.sbin/inetd/inetd.c
+++ b/usr.sbin/inetd/inetd.c
@ -42,7 +42,7 @@ static const char copyright[] =
 static char sccsid[] = "@(#)from: inetd.c	8.4 (Berkeley) 4/13/94";
 #endif
 static const char rcsid[] =
-	"$Id: inetd.c,v 1.58 1999/07/09 11:18:59 sheldonh Exp $";
+	"$Id: inetd.c,v 1.59 1999/07/09 11:46:45 sheldonh Exp $";
 #endif /* not lint */
 /*
@ -110,6 +110,8 @@ static const char rcsid[] =
 #include <sys/wait.h>
 #include <sys/time.h>
 #include <sys/resource.h>
 #include <sys/sysctl.h>
 #include <sys/ucred.h>
 #include <netinet/in.h>
 #include <netinet/tcp.h>
@ -117,6 +119,7 @@ static const char rcsid[] =
 #include <rpc/rpc.h>
 #include <rpc/pmap_clnt.h>
 #include <ctype.h>
 #include <errno.h>
 #include <err.h>
 #include <fcntl.h>
@ -255,6 +258,7 @@ void		endconfig __P((void));
 struct servtab *enter __P((struct servtab *));
 void		freeconfig __P((struct servtab *));
 struct servtab *getconfigent __P((void));
 void		iderror __P((int, int, FILE *, int));
 void		ident_stream __P((int, struct servtab *));
 void		machtime_dg __P((int, struct servtab *));
 void		machtime_stream __P((int, struct servtab *));
@ -1617,9 +1621,21 @@ inetd_setproctitle(a, s)
 /*
 * Internet services provided internally by inetd:
 */
-#define	BUFSIZE	8192
+#define		BUFSIZE 8192
-#define IDENT_RESPONSE ":ERROR:HIDDEN-USER\r\n"
+/* ARGSUSED */
 void
 iderror(lport, fport, fp, er)
 	int lport, fport, er;
 	FILE *fp;
 {
 	fprintf(fp, "%d , %d : ERROR : %s\r\n", lport, fport, 
 	    er == -1 ? "HIDDEN-USER" : er ? strerror(er) : "UNKNOWN-ERROR");
 	fflush(fp);
 	fclose(fp);
 	exit(0);
 }
 /* ARGSUSED */
 void
@ -1627,25 +1643,90 @@ ident_stream(s, sep)		/* Ident service */
 	int s;
 	struct servtab *sep;
 {
-	char buffer[BUFSIZE];
+	struct sockaddr_in sin[2];
-	int i, j;
+#ifdef REAL_IDENT
 	struct ucred uc;
 	struct passwd *pw;
 #endif
 	FILE *fp;
 #ifdef FAKEID
 	FILE *fakeid = NULL;
 	char fakeid_path[PATH_MAX];
 	struct stat sb;
 #endif
 	char buf[BUFSIZE];
 	char *cp;
 	int len;
 	u_short lport, fport;
 	inetd_setproctitle(sep->se_service, s);
-	j = 0;
+	fp = fdopen(s, "r+");
-	while ((i = read(s, buffer + j, sizeof(buffer) - j)) > 0) {
+	len = sizeof(sin[0]);
-		j += i;
+	if (getsockname(s, (struct sockaddr *)&sin[0], &len) == -1)
-		buffer[j] = '\0';
+		iderror(0, 0, fp, errno);
-		if (strchr(buffer, '\n'))
+	len = sizeof(sin[1]);
-			break;
+	if (getpeername(s, (struct sockaddr *)&sin[1], &len) == -1)
-		if (strchr(buffer, '\r'))
+		iderror(0, 0, fp, errno);
-			break;
+	errno = 0;
-	}
+	if (fgets(buf, sizeof(buf), fp) == NULL)
-	while (j > 0 && (buffer[j-1] == '\n' || buffer[j-1] == '\r'))
+		iderror(0, 0, fp, errno);
-		j--;
+	buf[BUFSIZE - 1] = '\0';
-	write(s, buffer, j);
+	strtok(buf, "\r\n");
-	write(s, IDENT_RESPONSE, strlen(IDENT_RESPONSE));
+	cp = strtok(buf, ",");
 	if (cp == NULL || sscanf(cp, "%hu", &lport) != 1)
 		iderror(0, 0, fp, 0);
 	cp = strtok(NULL, ",");
 	if (cp == NULL || sscanf(cp, "%hu", &fport) != 1)
 		iderror(0, 0, fp, 0);
 #ifndef REAL_IDENT
 	iderror(lport, fport, fp, -1);
 #else
 	sin[0].sin_port = htons(lport);
 	sin[1].sin_port = htons(fport);
 	len = sizeof(uc);
 	if (sysctlbyname("net.inet.tcp.getcred", &uc, &len, sin,
 	    sizeof(sin)) == -1)
 		iderror(lport, fport, fp, errno);
 	pw = getpwuid(uc.cr_uid);
 	if (pw == NULL)
 		iderror(lport, fport, fp, errno);
 #ifdef FAKEID
 	seteuid(pw->pw_uid);
 	setegid(pw->pw_gid);
 	snprintf(fakeid_path, sizeof(fakeid_path), "%s/.fakeid", pw->pw_dir);
 	if ((fakeid = fopen(fakeid_path, "r")) != NULL &&
 	    fstat(fileno(fakeid), &sb) != -1 && S_ISREG(sb.st_mode)) {
 		buf[sizeof(buf) - 1] = '\0';
 		if (fgets(buf, sizeof(buf), fakeid) == NULL) {
 			cp = pw->pw_name;
 			goto printit;
 		}
 		strtok(buf, "\r\n");
 		if (strlen(buf) > 16)
 			buf[16] = '\0';
 		cp = buf;
 		while (isspace(*cp))
 			cp++;
 		strtok(cp, " \t");
 		if (!*cp || getpwnam(cp))
 			cp = getpwuid(uc.cr_uid)->pw_name;
 	} else
 #endif
 	cp = pw->pw_name;
 #ifdef FAKEID
 	if (fakeid)
 		fclose(fakeid);
 printit:
 #endif
 	fprintf(fp, "%d , %d : USERID : FreeBSD :%s\r\n", lport, fport,
 	    cp);
 	fflush(fp);
 	fclose(fp);
 	exit(0);
 #endif
 }
 /* ARGSUSED */
 void
 echo_stream(s, sep)		/* Echo service -- echo data back */