From trevor@jpj.net  Wed Mar 29 03:53:43 2000
Return-Path: <trevor@jpj.net>
Received: from blues.jpj.net (blues.jpj.net [204.97.17.146])
	by hub.freebsd.org (Postfix) with ESMTP id AF8F737B640
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 29 Mar 2000 03:53:42 -0800 (PST)
	(envelope-from trevor@jpj.net)
Received: from localhost (trevor@localhost)
	by blues.jpj.net (right/backatcha) with ESMTP id e2TBrfI10761
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 29 Mar 2000 06:53:41 -0500 (EST)
Message-Id: <Pine.BSI.4.21.0003290648130.28798-100000@blues.jpj.net>
Date: Wed, 29 Mar 2000 06:53:41 -0500 (EST)
From: Trevor Johnson <trevor@jpj.net>
To: FreeBSD-gnats-submit@freebsd.org
Subject: new port:  net/oidentd

>Number:         17660
>Category:       ports
>Synopsis:       new port:  net/oidentd
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar 29 04:00:02 PST 2000
>Closed-Date:    Sat Apr 1 20:27:28 PST 2000
>Last-Modified:  Mon Apr  3 03:10:04 PDT 2000
>Originator:     Trevor Johnson
>Release:        4.0-CURRENT i386
>Organization:
myself
>Environment:
only tested on 4.0-CURRENT i386
>Description:

an ident daemon which allows user-specified responses

>How-To-Repeat:
N/A
>Fix:

# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	oidentd/files/md5
#	oidentd/patches/patch-aa
#	oidentd/pkg/COMMENT
#	oidentd/pkg/DESCR
#	oidentd/pkg/PLIST
#	oidentd/Makefile
#
echo x - oidentd/files/md5
sed 's/^X//' >oidentd/files/md5 << 'END-of-oidentd/files/md5'
XMD5 (oidentd-1.6.4.tar.gz) = a70c40ae57b71e873152ea3c01aef81a
END-of-oidentd/files/md5
echo x - oidentd/patches/patch-aa
sed 's/^X//' >oidentd/patches/patch-aa << 'END-of-oidentd/patches/patch-aa'
X--- src/freebsd.c.orig	Tue Jan 18 02:37:19 2000
X+++ src/freebsd.c	Wed Mar 29 09:39:27 2000
X@@ -22,9 +22,9 @@
X #include <sys/queue.h>
X #include <sys/uio.h>
X #include <sys/socketvar.h>
X-#define KERNEL
X+#define _KERNEL
X #include <sys/file.h>
X-#undef KERNEL
X+#undef _KERNEL
X #include <sys/user.h>
X #include <sys/filedesc.h>
X #include <sys/proc.h>
END-of-oidentd/patches/patch-aa
echo x - oidentd/pkg/COMMENT
sed 's/^X//' >oidentd/pkg/COMMENT << 'END-of-oidentd/pkg/COMMENT'
Xident server
END-of-oidentd/pkg/COMMENT
echo x - oidentd/pkg/DESCR
sed 's/^X//' >oidentd/pkg/DESCR << 'END-of-oidentd/pkg/DESCR'
Xfrom the README:
X
XOidentd is an ident (RFC 1413-compliant) daemon which runs on
XGNU/Linux, FreeBSD and OpenBSD.  Oidentd supports most features of
Xpidentd as well as a number of features absent in pidentd.  Most
Xnotably, oidentd allows users, given the proper permission, to
Xspecify the identd response that the server will output when a
Xsuccessful lookup is completed.  Oidentd also allows for pseudo-random
Xstrings (either a prefix, such as "user," followed by a number
Xbetween 0 and 99999, or 10 pseudo-random characters of the set
X0-9A-Za-z) to be returned upon the completion of a successful lookup
Xinstead of a username or a UID.  Oidentd supports IP masqueraded
Xconnections and supports fowarding ident requests for IP masqeraded
Xconnections to the machines from which the connections originate.
XFor information on how to setup support for masqueraded connections,
Xsee the "INSTALL" file. NOTE: Currently, only Linux supports the
X-P -f and -m options.  In other words, the IP masquerading support
Xonly exists on Linux right now.
X
XWWW: http://ojnk.sourceforge.net/
X
XTrevor Johnson
Xtrevor@jpj.net
END-of-oidentd/pkg/DESCR
echo x - oidentd/pkg/PLIST
sed 's/^X//' >oidentd/pkg/PLIST << 'END-of-oidentd/pkg/PLIST'
Xsbin/oidentd
Xman/man8/oidentd.8
END-of-oidentd/pkg/PLIST
echo x - oidentd/Makefile
sed 's/^X//' >oidentd/Makefile << 'END-of-oidentd/Makefile'
X# New ports collection makefile for:	oidentd
X# Version required:	1.6.4
X# Date created:		29 Mar 2000
X# Whom:			trevor@jpj.net
X#
X# $FreeBSD$
X#
X
XDISTNAME=	oidentd-1.6.4
XCATEGORIES=	net
XMASTER_SITES=	http://download.sourceforge.net/ojnk/ \
X		http://www.numb.org/~odin/stuff/
X
XMAINTAINER=	trevor@jpj.net
X
XUSE_GMAKE=	yes
XGNU_CONFIGURE=	yes
X
X.include <bsd.port.mk>
END-of-oidentd/Makefile
exit




>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: will 
State-Changed-When: Sat Apr 1 20:27:28 PST 2000 
State-Changed-Why:  
committed, thanks! 

From: Will Andrews <andrews@technologist.com>
To: Trevor Johnson <trevor@jpj.net>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: ports/17660: new port:  net/oidentd
Date: Sat, 1 Apr 2000 23:31:21 -0500

 On Wed, Mar 29, 2000 at 06:53:41AM -0500, Trevor Johnson wrote:
 > only tested on 4.0-CURRENT i386
 
 Unfortunately, oidentd only works on 4.0 and later at the moment.
 
 I also changed your primary master site to use the Sourceforge FTP server,
 and gave the port a better pkg/COMMENT.
 
 Thanks for your port!
 
 -- 
 Will Andrews <andrews@technologist.com>
 GCS/E/S @d- s+:+>+:- a--->+++ C++ UB++++ P+ L- E--- W+++ !N !o ?K w---
 ?O M+ V-- PS+ PE++ Y+ PGP+>+++ t++ 5 X++ R+ tv+ b++>++++ DI+++ D+ 
 G++>+++ e->++++ h! r-->+++ y?
 

From: Trevor Johnson <trevor@jpj.net>
To: Will Andrews <andrews@technologist.com>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: ports/17660: new port:  net/oidentd
Date: Mon, 3 Apr 2000 06:03:11 -0400 (EDT)

 Will Andrews wrote:
 
 > On Wed, Mar 29, 2000 at 06:53:41AM -0500, Trevor Johnson wrote:
 > > only tested on 4.0-CURRENT i386
 > 
 > Unfortunately, oidentd only works on 4.0 and later at the moment.
 
 > I also changed your primary master site to use the Sourceforge FTP server,
 
 Their FTP site has a limit of only 25 users, and is often at its limit (as
 it was when I was making the port). Thanks for finding the FTP URL, but
 IMO that should be the last on the list because it is unlikely to work.  
 I've appended a patch which puts it last and adds their HTTP server back
 to the list.
 
 > and gave the port a better pkg/COMMENT.
 
 Yes, that is better.
 
 I notice that you added the "security" category and made that the primary
 category.  I don't understand why.  In
 ftp://ftp.isi.edu/in-notes/rfc1413.txt it says:
 
    The information returned by this protocol is at most as trustworthy
    as the host providing it OR the organization operating the host.  For
    example, a PC in an open lab has few if any controls on it to prevent
    a user from having this protocol return any identifier the user
    wants.  Likewise, if the host has been compromised the information
    returned may be completely erroneous and misleading.
 
    The Identification Protocol is not intended as an authorization or
    access control protocol.  At best, it provides some additional
    auditing information with respect to TCP connections.  At worst, it
    can provide misleading, incorrect, or maliciously incorrect
    information.
 
    The use of the information returned by this protocol for other than
    auditing is strongly discouraged.  Specifically, using Identification
    Protocol information to make access control decisions - either as the
    primary method (i.e., no other checks) or as an adjunct to other
    methods may result in a weakening of normal host security.
 
    An Identification server may reveal information about users,
    entities, objects or processes which might normally be considered
    private.  An Identification server provides service which is a rough
    analog of the CallerID services provided by some phone companies and
    many of the same privacy considerations and arguments that apply to
    the CallerID service apply to Identification.  If you wouldn't run a
    "finger" server due to privacy considerations you may not want to run
    this protocol.
 
 As you mention in the new COMMENT, oidentd is specifically designed to
 make it easier to generate bogus responses.  I don't see how a system
 which is running oidentd is more secure than one that refuses ident
 queries, so I don't see why the port belongs in the security category.
 
 > Thanks for your port!
 
 Thank you (and mharo) for reviewing and committing it.
 __
 Trevor Johnson
 
 --- Makefile.orig	Sun Apr  2 06:07:17 2000
 +++ Makefile	Mon Apr  3 10:27:21 2000
 @@ -8,8 +8,9 @@
  
  DISTNAME=	oidentd-1.6.4
  CATEGORIES=	security net
 -MASTER_SITES=	ftp://ftp.sourceforge.net/pub/sourceforge/ojnk/ \
 -		http://www.numb.org/~odin/stuff/
 +MASTER_SITES=	http://download.sourceforge.net/ojnk/ \
 +		http://www.numb.org/~odin/stuff/ \
 +		ftp://ftp.sourceforge.net/pub/sourceforge/ojnk/
  
  MAINTAINER=	trevor@jpj.net
  
 
 
 
 
 
>Unformatted:
