janikrabe / oidentd Goto Github PK
View Code? Open in Web Editor NEWFlexible, RFC 1413 compliant Ident daemon with NAT support
Home Page: https://oidentd.janikrabe.com
License: GNU General Public License v2.0
Flexible, RFC 1413 compliant Ident daemon with NAT support
Home Page: https://oidentd.janikrabe.com
License: GNU General Public License v2.0
oidentd ======= Version 3.1.0 Flexible, RFC 1413 compliant Ident daemon with NAT support. oidentd is a flexible Ident daemon for Linux, FreeBSD, OpenBSD, NetBSD, and DragonFly BSD. It is highly configurable, allowing the system administator to define custom responses based on host and port pairs. The administrator can also grant capabilities to individual users to allow them to change their Ident replies, generate random replies, or hide their connections. oidentd supports lookups for NAT connections and is able to forward queries to other servers. Detailed descriptions of all features are available in the manual pages. The INSTALL file contains instructions for installing oidentd. The HACKING file describes how to work with the source code. Please consult the KERNEL_SUPPORT.md file for information about the supported kernels. oidentd is maintained and developed by Janik Rabe <[email protected]>, with contributions from many people who are listed in the AUTHORS file. oidentd was originally written by Ryan McCabe <[email protected]>. The most recent version of oidentd is available from <https://oidentd.janikrabe.com/download>. Please report any bugs or submit pull requests on GitHub: <https://github.com/janikrabe/oidentd>.
If you try to compile without enabling IPv6, but enabling masquerade, compilation will fail.
x86_64-pc-linux-gnu-gcc -march=native -mfpmath=sse,387 -mtune=intel -O3 -frecord-gcc-switches -fomit-frame-pointer -malign-data=abi -mtls-dialect=gnu2 -pipe -Wl,--as-needed -Wl,--defsym=__gentoo_check_ldflags__=0 -Wl,-O1 -Wl,--sort-common -Wl,-z,now -o oidentd oidentd.o util.o inet_util.o forward.o user_db.o options.o masq.o cfg_scan.o cfg_parse.o os.o -Lmissing -lmissing -lnetfilter_conntrack
/usr/lib/gcc/x86_64-pc-linux-gnu/11.2.0/../../../../x86_64-pc-linux-gnu/bin/ld: os.o: in function `masq_ct_line.part.0':
os.c:(.text+0x824): undefined reference to `sin_setv6'
/usr/lib/gcc/x86_64-pc-linux-gnu/11.2.0/../../../../x86_64-pc-linux-gnu/bin/ld: os.c:(.text+0x846): undefined reference to `sin_setv6'
/usr/lib/gcc/x86_64-pc-linux-gnu/11.2.0/../../../../x86_64-pc-linux-gnu/bin/ld: os.c:(.text+0x853): undefined reference to `sin_setv6'
/usr/lib/gcc/x86_64-pc-linux-gnu/11.2.0/../../../../x86_64-pc-linux-gnu/bin/ld: os.c:(.text+0x862): undefined reference to `sin_setv6'
/usr/lib/gcc/x86_64-pc-linux-gnu/11.2.0/../../../../x86_64-pc-linux-gnu/bin/ld: os.c:(.text+0xa21): undefined reference to `get_user6'
collect2: error: ld returned 1 exit status
Sometime recently oidentd became unable to function if it was started with restricted privileges. I used to run xinetd with the config:
user = nobody
server = oidentd
server_args = -I
As far as I know this would start oidentd as nobody
and oidentd would then listen to STDIO for the request that comes from xinetd. But now oidentd fails to start, complaining:
Fatal: Failed to drop privileges (global)
But if you listen from STDIO, you don't need to try to drop privileges if you are already non-root, no? You can easily test this by running oidentd as your own user:
โ ~ oidentd -I
Fatal: Failed to drop privileges (global)
I had to change my xinetd config to say user = root
and server_args = -I -u nobody
, so now I am starting oidentd as root only for it to drop back to nobody immediately.
Is this an issue? I would have expected oidentd only to drop privileges if it's running as root in the first place.
Hi,
It's possible to adapt oidentd to macos ?
When I trying to run ./configure :
(...)
checking for getopt_long... yes
checking for setgroups... yes
checking for unveil... no
checking for library containing socket... none required
checking for getaddrinfo... yes
checking for freeaddrinfo... yes
checking for gai_strerror... yes
checking for getnameinfo... yes
checking for inet_ntop... yes
checking for struct sockaddr_storage... yes
checking for ss_family member in struct sockaddr_storage... yes
checking for struct sockaddr_in6... yes
checking for struct in6_addr... yes
checking for struct addrinfo... yes
checking netinet/ip_compat.h netinet/ip_fil.h netinet/ip_nat.h usability... no
checking netinet/ip_compat.h netinet/ip_fil.h netinet/ip_nat.h presence... no
checking for netinet/ip_compat.h netinet/ip_fil.h netinet/ip_nat.h... no
checking for netinet/ip_nat.h... no
checking for /usr/src/sys/contrib/ipfilter/netinet/ip_nat.h... no
checking if nat_t has nat_p member... no
configure: error: oidentd does not yet support darwin20.5.0
When building on Mageia, I get this error:
gcc -DHAVE_CONFIG_H -I. -I.. -I "./missing" -D "SYSCONFDIR="/etc"" -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fPIC -std=gnu89 -MT os.o -MD -MP -MF .deps/os.Tpo -c -o os.o os.c
os.c: In function 'callback_nfct':
os.c:181:31: error: parameter name omitted
static int callback_nfct(enum nf_conntrack_msg_type,
^
os.c: In function 'masq':
os.c:469:19: error: 'CT_LIBNFCT' undeclared (first use in this function)
if (conntrack == CT_LIBNFCT) {
^
os.c:469:19: note: each undeclared identifier is reported only once for each function it appears in
os.c:470:11: error: expected expression before '{' token
query = { sock, lport, fport, laddr, faddr, 1 };
^
Makefile:477: recipe for target 'os.o' failed
make[3]: *** [os.o] Error 1
make[3]: Leaving directory '/home/solbu/mageia-rpm/oidentd/BUILD/oidentd-2.3.0/src'
Makefile:503: recipe for target 'install-recursive' failed
make[2]: *** [install-recursive] Error 1
make[2]: Leaving directory '/home/solbu/mageia-rpm/oidentd/BUILD/oidentd-2.3.0/src'
Makefile:660: recipe for target 'install' failed
make[1]: *** [install] Error 2
make[1]: Leaving directory '/home/solbu/mageia-rpm/oidentd/BUILD/oidentd-2.3.0/src'
Makefile:430: recipe for target 'install-recursive' failed
make: *** [install-recursive] Error 1
error: Bad exit status from /home/solbu/mageia-rpm/oidentd/BUILDROOT/rpm-tmp.OPcOzB (%install)
HI there,
I recently noticed that oidentd is crashing.
Here is some information on what ive found in the syslog as well as versiuon information.
oidentd 2.3.1 by Janik Rabe <[email protected]>
Originally written by Ryan McCabe <[email protected]>
https://oidentd.janikrabe.com
Build information:
Kernel driver: linux.c
Needs kmem access: No
Needs root access: No
Debugging build: No
Masquerading support: Yes
IPv6 support: Yes
Linux libcap-ng support: Yes
Linux libnfct support: Yes
UDB library support: No
Aug 16 21:12:03 <hostname> oidentd[19300]: Connection from weber.freenode.net (162.213.39.42):34303
Aug 16 21:12:03 <hostname> oidentd[19300]: Caught SIGSEGV; please report this to [email protected]
Aug 16 21:12:43 <hostname> oidentd[19304]: Connection from weber.freenode.net (162.213.39.42):57553
Aug 16 21:12:43 hostname oidentd[19304]: [weber.freenode.net] Successful lookup: 35590 , 6665 : quasselcore (quasselcore)
Aug 16 21:13:02 host quasselcore: [Warn ] CoreNetwork::doAutoReconnect(): Cannot reconnect while not being disconnected!
Aug 16 21:15:01 <hostname> CRON[19325]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
I am running Ubuntu 1804 LTS
I have compiled version 2.5.0
run with 'sudo ./oidentd -i -d'
'ls -i -P' output includes:
adb 3464845 gregbert 9u IPv4 124223527 0t0 TCP www:57408->192.168.2.114:5555 (ESTABLISHED)
so i telnet localhost 113 and give:
[me]: 57408,5555
[oidentd response]: 57408,5555:ERROR:NO-USER
I have tried multiple config configurations, including no config so it is using defaults
What did work: 'sudo oidentd -i -u root -g root -r test' - this correctly returns 'test', but still the lookup fails.
oidentd 2.5.0 by Janik Rabe <[email protected]>
Originally written by Ryan McCabe <[email protected]>
https://janikrabe.com/projects/oidentd/
Build information:
Kernel driver: linux.c
Needs kmem access: No
Needs root access: No
Debug build: Yes
Masquerading support: Yes
IPv6 support: Yes
Linux libnfct support: Yes
Build settings:
Configuration directory: /usr/local/etc
User configuration file: ~/.config/oidentd.conf
User configuration file: ~/.oidentd.conf
Linux 5.10.21-1-lts x86_64
Archlinux
Am I doing something wrong?
I'm using 2.4.0 in alpine 10.3 within docker. With the following configs, oidentd always returns ERROR:NO-USER
for my nc test:
$ cat /etc/oidentd.conf
user znc {
default {
allow spoof
allow spoof_all
}
}
$ cat /home/znc/.oidentd.conf
global { reply "abc" }
$ stat -c '%a' /home/znc
711
$ stat -c '%U %G %a' /home/znc/.oidentd.conf
znc nogroup 644
$ cat /etc/passwd | grep znc
znc:x:100:65533:Linux User,,,:/home/znc:/sbin/nologin
oidentd is run with
oidentd --foreground --nosyslog
configure options
./configure \
--prefix=/usr \
--sysconfdir=/etc \
--disable-nat \
--disable-libnfct \
--disable-xdgbdir
and the nc command
$ nc 1.1.1.1 113
1,1
1,1:ERROR:NO-USER
where 1.1.1.1 is the server's public ip.
From the doc, I expect no matter what ports are given, it should return user id abc.
What did I miss?
Per thread title, after updating to FreeBSD 13, oidentd no longer differentiates connections and returns the owner user as root on all ident requests.
oident installed using the standard "pkg install oidentd" functionality, was working as expected on 12.x.
Would be happy to help debug.
This would allow you to specify specific subnets in the to/from fields in range specifications. For example, if you wanted to spoof a specific user on your local network, you could set the to field as 192.168.0.0/24 in the range specification.
libudb (user database library) is a library that intends to provide an abstraction layer for looking up user information. It serves as an alternative to oidentd's built-in kernel interface, and can also integrate with other programs such as RADIUS servers.
However, libudb has been unmaintained for more than ten years, and it is doubtful whether it compiles with any recent kernels. I'm also unable to find a download link for the library, although I did find the project webpage earlier this year.
I'm planning to deprecate libudb support in the next release, and remove it entirely from the following major release. If anyone still uses oidentd with libudb, please let me know.
Currently, libudb is used if oidentd is run with the --udb
(-U
) flag. The command oidentd --version
shows whether oidentd was compiled with support for libudb.
oidentd needs to run as root on FreeBSD, DragonFly BSD and NetBSD. The current approach is not to drop privileges automatically and to show a warning instead.
It would be much better if oidentd was able to run as an unprivileged user.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.