Package: oidentd
Version: 2.0.7-3
Followup-For: Bug #266722
I created a patch to open /proc/net/ip_conntrack before dropping
permissions. It fixes this bug.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.9-rc2-paper
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=UTF-8)
Versions of packages oidentd depends on:
ii libc6 2.3.5-8.1 GNU C Library: Shared libraries an
oidentd recommends no packages.
-- no debconf information
diff -ur oidentd-2.0.7-orig/AUTHORS oidentd-2.0.7/AUTHORS
--- oidentd-2.0.7-orig/AUTHORS 2003-02-12 03:15:55.0 +0100
+++ oidentd-2.0.7/AUTHORS 2006-01-26 16:36:09.0 +0100
@@ -1,5 +1,8 @@
+Christof Douma [EMAIL PROTECTED]
+netfilter premissions fix
+
Kamil Andrusz [EMAIL PROTECTED]
- OpenBSD = 3.0 Packet Filter support.
+OpenBSD = 3.0 Packet Filter support.
Daniel Brafford [EMAIL PROTECTED]
Initial IPv6 support, Initial IPv6 support on Linux.
diff -ur oidentd-2.0.7-orig/ChangeLog oidentd-2.0.7/ChangeLog
--- oidentd-2.0.7-orig/ChangeLog2003-07-11 17:48:32.0 +0200
+++ oidentd-2.0.7/ChangeLog 2006-01-26 16:33:30.0 +0100
@@ -1,3 +1,7 @@
+Thu Jan 26 16:32:18 CET 2006Christof Douma [EMAIL PROTECTED]
+
+* Open masquerading options before dropping permissions on linux.
+
Fri Jul 11 10:11:38 EDT 2003Ryan McCabe [EMAIL PROTECTED]
* Really fix the bug with random ident replies.
diff -ur oidentd-2.0.7-orig/src/kernel/darwin.c
oidentd-2.0.7/src/kernel/darwin.c
--- oidentd-2.0.7-orig/src/kernel/darwin.c 2003-02-14 05:33:32.0
+0100
+++ oidentd-2.0.7/src/kernel/darwin.c 2006-01-26 16:21:39.0 +0100
@@ -220,6 +220,13 @@
return (temp_file);
}
+/* System dependend initialisation. Call only once!
+ * On failure, return false.
+ */
+bool core_init() {
+ return true;
+}
+
/*
** Return the UID of the connection owner
*/
diff -ur oidentd-2.0.7-orig/src/kernel/freebsd4.c
oidentd-2.0.7/src/kernel/freebsd4.c
--- oidentd-2.0.7-orig/src/kernel/freebsd4.c2003-02-12 08:26:25.0
+0100
+++ oidentd-2.0.7/src/kernel/freebsd4.c 2006-01-26 16:22:13.0 +0100
@@ -48,6 +48,13 @@
#include oidentd_inet_util.h
#include oidentd_options.h
+/* System dependend initialisation. Call only once!
+ * On failure, return false.
+ */
+bool core_init() {
+ return true;
+}
+
extern struct sockaddr_storage proxy;
int get_user4( in_port_t lport,
diff -ur oidentd-2.0.7-orig/src/kernel/freebsd5.c
oidentd-2.0.7/src/kernel/freebsd5.c
--- oidentd-2.0.7-orig/src/kernel/freebsd5.c2003-02-12 03:15:59.0
+0100
+++ oidentd-2.0.7/src/kernel/freebsd5.c 2006-01-26 16:22:33.0 +0100
@@ -245,6 +245,13 @@
#endif
+/* System dependend initialisation. Call only once!
+ * On failure, return false.
+ */
+bool core_init() {
+ return true;
+}
+
/*
** Return the UID of the connection owner
*/
diff -ur oidentd-2.0.7-orig/src/kernel/freebsd.c
oidentd-2.0.7/src/kernel/freebsd.c
--- oidentd-2.0.7-orig/src/kernel/freebsd.c 2003-02-12 03:15:59.0
+0100
+++ oidentd-2.0.7/src/kernel/freebsd.c 2006-01-26 16:22:40.0 +0100
@@ -244,6 +244,13 @@
#endif
+/* System dependend initialisation. Call only once!
+ * On failure, return false.
+ */
+bool core_init() {
+ return true;
+}
+
/*
** Return the UID of the connection owner
*/
diff -ur oidentd-2.0.7-orig/src/kernel/linux.c oidentd-2.0.7/src/kernel/linux.c
--- oidentd-2.0.7-orig/src/kernel/linux.c 2006-01-26 15:37:07.0
+0100
+++ oidentd-2.0.7/src/kernel/linux.c2006-01-26 16:49:11.0 +0100
@@ -56,6 +56,39 @@
in_port_t src_port,
in_port_t dst_port);
+#ifdef MASQ_SUPPORT
+FILE *masq_fp;
+bool netfilter;
+#endif
+
+/* System dependend initialisation. Call only once!
+ * On failure, return false.
+ * - open connection tracking file before dropping permissions
+ */
+bool core_init() {
+#ifdef MASQ_SUPPORT
+ masq_fp = fopen(MASQFILE, r);
+ if (masq_fp == NULL) {
+ if (errno != ENOENT)
+ debug(fopen: %s: %s, MASQFILE, strerror(errno));
+
+ masq_fp = fopen(CONNTRACK, r);
+ if (masq_fp == NULL) {
+ if (errno != ENOENT)
+ debug(fopen: %s: %s, CONNTRACK,
strerror(errno));
+ return false; //return true to allow operation without
masquerade support
+ }
+
+ netfilter = true;
+ } else {
+ netfilter = false;
+ }
+#endif
+
+ return true;
+}
+
+
#ifdef WANT_IPV6
/*
@@ -247,9 +280,7 @@
struct sockaddr_storage *laddr,
struct sockaddr_storage