Package: oidentd
Version: 2.0.7-3
Followup-For: Bug #266722
I created a patch to open /proc/net/ip_conntrack before dropping
permissions. It fixes this bug.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.9-rc2-paper
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=UTF-8)
Versions of packages oidentd depends on:
ii libc6 2.3.5-8.1 GNU C Library: Shared libraries an
oidentd recommends no packages.
-- no debconf information
diff -ur oidentd-2.0.7-orig/AUTHORS oidentd-2.0.7/AUTHORS
--- oidentd-2.0.7-orig/AUTHORS 2003-02-12 03:15:55.000000000 +0100
+++ oidentd-2.0.7/AUTHORS 2006-01-26 16:36:09.000000000 +0100
@@ -1,5 +1,8 @@
+Christof Douma <[EMAIL PROTECTED]>
+ netfilter premissions fix
+
Kamil Andrusz <[EMAIL PROTECTED]>
- OpenBSD >= 3.0 Packet Filter support.
+ OpenBSD >= 3.0 Packet Filter support.
Daniel Brafford <[EMAIL PROTECTED]>
Initial IPv6 support, Initial IPv6 support on Linux.
diff -ur oidentd-2.0.7-orig/ChangeLog oidentd-2.0.7/ChangeLog
--- oidentd-2.0.7-orig/ChangeLog 2003-07-11 17:48:32.000000000 +0200
+++ oidentd-2.0.7/ChangeLog 2006-01-26 16:33:30.000000000 +0100
@@ -1,3 +1,7 @@
+Thu Jan 26 16:32:18 CET 2006 Christof Douma <[EMAIL PROTECTED]>
+
+ * Open masquerading options before dropping permissions on linux.
+
Fri Jul 11 10:11:38 EDT 2003 Ryan McCabe <[EMAIL PROTECTED]>
* Really fix the bug with random ident replies.
diff -ur oidentd-2.0.7-orig/src/kernel/darwin.c
oidentd-2.0.7/src/kernel/darwin.c
--- oidentd-2.0.7-orig/src/kernel/darwin.c 2003-02-14 05:33:32.000000000
+0100
+++ oidentd-2.0.7/src/kernel/darwin.c 2006-01-26 16:21:39.000000000 +0100
@@ -220,6 +220,13 @@
return (temp_file);
}
+/* System dependend initialisation. Call only once!
+ * On failure, return false.
+ */
+bool core_init() {
+ return true;
+}
+
/*
** Return the UID of the connection owner
*/
diff -ur oidentd-2.0.7-orig/src/kernel/freebsd4.c
oidentd-2.0.7/src/kernel/freebsd4.c
--- oidentd-2.0.7-orig/src/kernel/freebsd4.c 2003-02-12 08:26:25.000000000
+0100
+++ oidentd-2.0.7/src/kernel/freebsd4.c 2006-01-26 16:22:13.000000000 +0100
@@ -48,6 +48,13 @@
#include <oidentd_inet_util.h>
#include <oidentd_options.h>
+/* System dependend initialisation. Call only once!
+ * On failure, return false.
+ */
+bool core_init() {
+ return true;
+}
+
extern struct sockaddr_storage proxy;
int get_user4( in_port_t lport,
diff -ur oidentd-2.0.7-orig/src/kernel/freebsd5.c
oidentd-2.0.7/src/kernel/freebsd5.c
--- oidentd-2.0.7-orig/src/kernel/freebsd5.c 2003-02-12 03:15:59.000000000
+0100
+++ oidentd-2.0.7/src/kernel/freebsd5.c 2006-01-26 16:22:33.000000000 +0100
@@ -245,6 +245,13 @@
#endif
+/* System dependend initialisation. Call only once!
+ * On failure, return false.
+ */
+bool core_init() {
+ return true;
+}
+
/*
** Return the UID of the connection owner
*/
diff -ur oidentd-2.0.7-orig/src/kernel/freebsd.c
oidentd-2.0.7/src/kernel/freebsd.c
--- oidentd-2.0.7-orig/src/kernel/freebsd.c 2003-02-12 03:15:59.000000000
+0100
+++ oidentd-2.0.7/src/kernel/freebsd.c 2006-01-26 16:22:40.000000000 +0100
@@ -244,6 +244,13 @@
#endif
+/* System dependend initialisation. Call only once!
+ * On failure, return false.
+ */
+bool core_init() {
+ return true;
+}
+
/*
** Return the UID of the connection owner
*/
diff -ur oidentd-2.0.7-orig/src/kernel/linux.c oidentd-2.0.7/src/kernel/linux.c
--- oidentd-2.0.7-orig/src/kernel/linux.c 2006-01-26 15:37:07.000000000
+0100
+++ oidentd-2.0.7/src/kernel/linux.c 2006-01-26 16:49:11.000000000 +0100
@@ -56,6 +56,39 @@
in_port_t src_port,
in_port_t dst_port);
+#ifdef MASQ_SUPPORT
+FILE *masq_fp;
+bool netfilter;
+#endif
+
+/* System dependend initialisation. Call only once!
+ * On failure, return false.
+ * - open connection tracking file before dropping permissions
+ */
+bool core_init() {
+#ifdef MASQ_SUPPORT
+ masq_fp = fopen(MASQFILE, "r");
+ if (masq_fp == NULL) {
+ if (errno != ENOENT)
+ debug("fopen: %s: %s", MASQFILE, strerror(errno));
+
+ masq_fp = fopen(CONNTRACK, "r");
+ if (masq_fp == NULL) {
+ if (errno != ENOENT)
+ debug("fopen: %s: %s", CONNTRACK,
strerror(errno));
+ return false; //return true to allow operation without
masquerade support
+ }
+
+ netfilter = true;
+ } else {
+ netfilter = false;
+ }
+#endif
+
+ return true;
+}
+
+
#ifdef WANT_IPV6
/*
@@ -247,9 +280,7 @@
struct sockaddr_storage *laddr,
struct sockaddr_storage *faddr)
{
- FILE *fp;
char buf[2048];
- bool netfilter;
/* laddr is unneeded on Linux */
(void) laddr;
@@ -264,27 +295,19 @@
lport = ntohs(lport);
fport = ntohs(fport);
- fp = fopen(MASQFILE, "r");
- if (fp == NULL) {
- if (errno != ENOENT)
- debug("fopen: %s: %s", MASQFILE, strerror(errno));
-
- fp = fopen(CONNTRACK, "r");
- if (fp == NULL) {
- if (errno != ENOENT)
- debug("fopen: %s: %s", CONNTRACK,
strerror(errno));
- return (-1);
- }
+ //masq support failed to initialize
+ if(masq_fp == NULL)
+ return (-1);
- netfilter = true;
- } else {
- netfilter = false;
+ //rewind fp to read new contents
+ rewind(masq_fp);
+ if(! netfilter) {
/* Eat the header line. */
- fgets(buf, sizeof(buf), fp);
+ fgets(buf, sizeof(buf), masq_fp);
}
- while (fgets(buf, sizeof(buf), fp)) {
+ while (fgets(buf, sizeof(buf), masq_fp)) {
char os[24];
char proto[16];
in_port_t mport;
@@ -298,7 +321,7 @@
struct sockaddr_storage ss;
int ret;
- if (netfilter == false) {
+ if (! netfilter) {
u_int32_t mport_temp;
u_int32_t masq_lport_temp;
u_int32_t masq_fport_temp;
@@ -401,11 +424,9 @@
}
}
- fclose(fp);
return (-1);
out_success:
- fclose(fp);
return (0);
}
diff -ur oidentd-2.0.7-orig/src/kernel/netbsd.c
oidentd-2.0.7/src/kernel/netbsd.c
--- oidentd-2.0.7-orig/src/kernel/netbsd.c 2003-02-12 03:15:59.000000000
+0100
+++ oidentd-2.0.7/src/kernel/netbsd.c 2006-01-26 16:22:59.000000000 +0100
@@ -191,6 +191,13 @@
return (NULL);
}
+/* System dependend initialisation. Call only once!
+ * On failure, return false.
+ */
+bool core_init() {
+ return true;
+}
+
/*
** Return the UID of the connection owner
*/
diff -ur oidentd-2.0.7-orig/src/kernel/openbsd24.c
oidentd-2.0.7/src/kernel/openbsd24.c
--- oidentd-2.0.7-orig/src/kernel/openbsd24.c 2003-02-12 08:26:25.000000000
+0100
+++ oidentd-2.0.7/src/kernel/openbsd24.c 2006-01-26 16:23:07.000000000
+0100
@@ -38,6 +38,13 @@
#include <oidentd_inet_util.h>
#include <oidentd_options.h>
+/* System dependend initialisation. Call only once!
+ * On failure, return false.
+ */
+bool core_init() {
+ return true;
+}
+
extern struct sockaddr_storage proxy;
/*
diff -ur oidentd-2.0.7-orig/src/kernel/openbsd29.c
oidentd-2.0.7/src/kernel/openbsd29.c
--- oidentd-2.0.7-orig/src/kernel/openbsd29.c 2003-02-12 08:26:25.000000000
+0100
+++ oidentd-2.0.7/src/kernel/openbsd29.c 2006-01-26 16:23:44.000000000
+0100
@@ -44,6 +44,13 @@
#include <oidentd_inet_util.h>
#include <oidentd_options.h>
+/* System dependend initialisation. Call only once!
+ * On failure, return false.
+ */
+bool core_init() {
+ return true;
+}
+
extern struct sockaddr_storage proxy;
/*
diff -ur oidentd-2.0.7-orig/src/kernel/openbsd30.c
oidentd-2.0.7/src/kernel/openbsd30.c
--- oidentd-2.0.7-orig/src/kernel/openbsd30.c 2003-02-12 08:15:16.000000000
+0100
+++ oidentd-2.0.7/src/kernel/openbsd30.c 2006-01-26 16:23:50.000000000
+0100
@@ -54,6 +54,13 @@
#include <oidentd_masq.h>
#include <oidentd_options.h>
+/* System dependend initialisation. Call only once!
+ * On failure, return false.
+ */
+bool core_init() {
+ return true;
+}
+
extern struct sockaddr_storage proxy;
/*
diff -ur oidentd-2.0.7-orig/src/kernel/openbsd.c
oidentd-2.0.7/src/kernel/openbsd.c
--- oidentd-2.0.7-orig/src/kernel/openbsd.c 2003-02-12 03:15:59.000000000
+0100
+++ oidentd-2.0.7/src/kernel/openbsd.c 2006-01-26 16:24:00.000000000 +0100
@@ -180,6 +180,13 @@
return (NULL);
}
+/* System dependend initialisation. Call only once!
+ * On failure, return false.
+ */
+bool core_init() {
+ return true;
+}
+
/*
** Return the UID of the connection owner
*/
diff -ur oidentd-2.0.7-orig/src/kernel/solaris4.c
oidentd-2.0.7/src/kernel/solaris4.c
--- oidentd-2.0.7-orig/src/kernel/solaris4.c 2003-02-12 03:15:59.000000000
+0100
+++ oidentd-2.0.7/src/kernel/solaris4.c 2006-01-26 16:24:16.000000000 +0100
@@ -162,6 +162,13 @@
}
+/* System dependend initialisation. Call only once!
+ * On failure, return false.
+ */
+bool core_init() {
+ return true;
+}
+
/*
** Return the UID of the connection owner
*/
diff -ur oidentd-2.0.7-orig/src/kernel/solaris5.c
oidentd-2.0.7/src/kernel/solaris5.c
--- oidentd-2.0.7-orig/src/kernel/solaris5.c 2003-02-12 03:15:59.000000000
+0100
+++ oidentd-2.0.7/src/kernel/solaris5.c 2006-01-26 16:24:22.000000000 +0100
@@ -157,6 +157,13 @@
}
+/* System dependend initialisation. Call only once!
+ * On failure, return false.
+ */
+bool core_init() {
+ return true;
+}
+
/*
** Return the UID of the connection owner
*/
diff -ur oidentd-2.0.7-orig/src/kernel/solaris7.c
oidentd-2.0.7/src/kernel/solaris7.c
--- oidentd-2.0.7-orig/src/kernel/solaris7.c 2003-04-24 02:49:53.000000000
+0200
+++ oidentd-2.0.7/src/kernel/solaris7.c 2006-01-26 16:24:33.000000000 +0100
@@ -156,6 +156,13 @@
}
+/* System dependend initialisation. Call only once!
+ * On failure, return false.
+ */
+bool core_init() {
+ return true;
+}
+
/*
** Return the UID of the connection owner
*/
diff -ur oidentd-2.0.7-orig/src/kernel/solaris8.c
oidentd-2.0.7/src/kernel/solaris8.c
--- oidentd-2.0.7-orig/src/kernel/solaris8.c 2003-02-12 03:15:59.000000000
+0100
+++ oidentd-2.0.7/src/kernel/solaris8.c 2006-01-26 16:24:41.000000000 +0100
@@ -196,6 +196,13 @@
}
+/* System dependend initialisation. Call only once!
+ * On failure, return false.
+ */
+bool core_init() {
+ return true;
+}
+
/*
** Return the UID of the connection owner
*/
diff -ur oidentd-2.0.7-orig/src/oidentd.c oidentd-2.0.7/src/oidentd.c
--- oidentd-2.0.7-orig/src/oidentd.c 2003-04-24 02:03:54.000000000 +0200
+++ oidentd-2.0.7/src/oidentd.c 2006-01-26 16:27:57.000000000 +0100
@@ -87,6 +87,11 @@
exit(-1);
}
+ if(! core_init()) {
+ o_log(NORMAL, "Error initializing core"); //log some stupid
message
+ exit(-1);
+ }
+
if (random_seed() != 0) {
o_log(NORMAL, "Error seeding random number generator");
exit(-1);
diff -ur oidentd-2.0.7-orig/src/oidentd.h oidentd-2.0.7/src/oidentd.h
--- oidentd-2.0.7-orig/src/oidentd.h 2003-07-11 16:11:25.000000000 +0200
+++ oidentd-2.0.7/src/oidentd.h 2006-01-26 16:26:02.000000000 +0100
@@ -149,6 +149,8 @@
#define ss_family __ss_family
#endif
+bool core_init();
+
int get_user4( in_port_t lport,
in_port_t fport,
struct sockaddr_storage *laddr,
