- update to 3.0.16

- use PLIST_FILES
- add missing manpage idecrypt.8

9 files changed, 116 insertions, 314 deletions

diff --git a/security/pidentd/Makefile b/security/pidentd/Makefile
index 897ffb398240..ae4b92b1de0d 100644
--- a/security/pidentd/Makefile
+++ b/security/pidentd/Makefile
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	pidentd
-PORTVERSION=	2.8.5
+PORTVERSION=	3.0.16
 CATEGORIES=	security ipv6
 MASTER_SITES=	ftp://ftp.lysator.liu.se/pub/ident/servers/ \
 		ftp://ftp.fu-berlin.de/unix/security/ident/servers/
@@ -15,38 +15,33 @@ PATCH_SITES=	http://www.imasy.or.jp/~ume/ipv6/ \
 		http://home.jp.FreeBSD.org/~ume/ipv6/ \
 		${MASTER_SITE_LOCAL}
 PATCH_SITE_SUBDIR=	dinoex
-PATCHFILES=	pidentd-2.8.5-ipv6-1.5.diff.gz
-PATCH_DIST_STRIP=	-p2
+PATCHFILES=	pidentd-${PORTVERSION}-ipv6-20040227.diff.gz
+PATCH_DIST_STRIP=	-p0
 
 MAINTAINER=	dinoex@FreeBSD.org
 COMMENT=	An RFC1413 identification server
 
-ALL_TARGET=	freebsd
-MAKE_ENV=	REALPREFIX=${PREFIX}
+USE_REINPLACE=	yes
+GNU_CONFIGURE=	yes
 MAN8=		identd.8 idecrypt.8
+PLIST_FILES=	sbin/ibench sbin/identd sbin/idecrypt sbin/ikeygen
 
 .if defined(WITH_DES)
 USE_OPENSSL=	yes
+CFLAGS+=	-DINCLUDE_CRYPT -DOPENSSL_DES_LIBDES_COMPATIBILITY
+LDFLAGS+=	-L${OPENSSLLIB} -lcrypto
 .endif
 
-.include <bsd.port.pre.mk>
+post-extract:
+	${CP} ${FILESDIR}/idecrypt.8 ${WRKSRC}/doc/idecrypt.8
 
-.if ${OSVERSION} >= 400014
-ADD_GDEFS+=	-DINET6 -D__ss_family=ss_family -D__ss_len=ss_len
-.endif
-
-# Uncomment to activate the use of verifiable "cookies".  The idea is to be
-# able to detect fake "logs" intended to get your innocent users in trouble.
-# Naturally, since it uses libcrypto, you must have OpenSSL installed.
-#WITH_DES=	yes
+post-patch:
+	@${REINPLACE_CMD} \
+		-e "s| /etc/identd.conf| ${PREFIX}/etc/identd.conf|" \
+		-e "s| /etc/identd.key| ${PREFIX}/etc/identd.key|" \
+		${WRKSRC}/doc/identd.8 ${WRKSRC}/doc/idecrypt.8
 
-.if defined(WITH_DES)
-ADD_GDEFS+=	-DINCLUDE_CRYPT -DOPENSSL_DES_LIBDES_COMPATIBILITY \
-		-I${OPENSSLINC} -I${OPENSSLINC}/openssl
-ADD_GLIBS=	-L${OPENSSLLIB} -lcrypto
-.endif
-.if defined(WITH_DES) || ${OSVERSION} >= 400014
-MAKE_ENV+=	ADD_GDEFS="${ADD_GDEFS}" ADD_GLIBS="${ADD_GLIBS}"
-.endif
+post-install:
+	${INSTALL_MAN} -m 644 ${WRKSRC}/doc/idecrypt.8 ${MANPREFIX}/man/man8/
 
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
diff --git a/security/pidentd/distinfo b/security/pidentd/distinfo
index 9c774a3cf56d..e41bb12a1013 100644
--- a/security/pidentd/distinfo
+++ b/security/pidentd/distinfo
@@ -1,4 +1,4 @@
-MD5 (pidentd-2.8.5.tar.gz) = 15d3d8b7ad9433b91634618b1f7b6417
-SIZE (pidentd-2.8.5.tar.gz) = 121835
-MD5 (pidentd-2.8.5-ipv6-1.5.diff.gz) = a8bf86a6f00611c0e3f7e1e153c73d7d
-SIZE (pidentd-2.8.5-ipv6-1.5.diff.gz) = 9635
+MD5 (pidentd-3.0.16.tar.gz) = 207ea2b786f3ea732f30ec4d531b9827
+SIZE (pidentd-3.0.16.tar.gz) = 118728
+MD5 (pidentd-3.0.16-ipv6-20040227.diff.gz) = b1e9830fd2fb1b26d1063c714c4a6d81
+SIZE (pidentd-3.0.16-ipv6-20040227.diff.gz) = 14406
diff --git a/security/pidentd/files/idecrypt.8 b/security/pidentd/files/idecrypt.8
new file mode 100644
index 000000000000..f5de49dfdd34
--- /dev/null
+++ b/security/pidentd/files/idecrypt.8
@@ -0,0 +1,94 @@
+.TH IDECRYPT 8 "19 May 1996"
+.SH NAME
+idecrypt \- Decrypt tokens obtained from identd
+.SH SYNOPSIS
+.B idecrypt
+.SH DESCRIPTION
+.B idecrypt
+is a utility for decrypting the encrypted tokens that
+.BR identd (8)
+provided instead of usernames when it is
+run in encrypted-token mode (that is, with the
+.B \-C
+flag).
+.PP
+.B idecrypt
+reads up to 1024 lines from the
+.B /etc/identd.key
+file, converting each line to a DES key using
+.BR des_string_to_key (3).
+It then reads standard input, searching for encrypted tokens
+in the format produced by
+.BR identd (8),
+decrypts the tokens if possible, and copies all unrecognised text from
+standard input to standard output without modification.
+.PP
+If more than one key appears in the key file, then
+.BR identd (8)
+will use the first key for encryption, and
+.B idecrypt
+will attempt to use all the keys for decryption.
+This allows new keys to be used by
+.BR identd (8)
+without losing the ability for
+.B idecrypt
+to decrypt old tokens (until there are more than 1024 keys in the key file).
+.PP
+Each encrypted token consists of 32 base64 characters, enclosed in
+square brackets.  To make it easier to process logs generated by
+versions of
+.B tcpd (8)
+that convert the square brackets to underlines,
+.B idecrypt
+permits underline characters instead of square brackets
+in its input.
+.PP
+.BR idecrypt 's
+output from decrypting each token is a human readable string
+containing the timestamp (displayed as a local time in
+.BR ctime (3)
+format), the numeric uid, the local IP address, the local port number,
+the remote IP address and the remote port number.
+.SH EXAMPLE
+Suppose that the local host has IP address 10.2.3.4, the local
+.B /etc/identd.key
+file contains
+.PP
+foobar
+.PP
+and the local host is running the
+.BR identd (8)
+server in encrypted-token mode.
+.PP
+Now, if a local user
+with uid 501 telnets to a remote host with IP address 10.9.8.7,
+the remote host may choose to make an ident query back to the
+local host, in order to obtain some information to be logged for
+possible use later.  The local
+.BR identd (8)
+might send the following encrypted token to the remote host
+instead of sending a username:
+.PP
+[aALdNYxh2496K4DDTel2Nk0Jzj5mRbok]
+.PP
+If the administrator of the remote host later provides the administrator
+of the local host with a copy of the encrypted token, and if
+the secret key has not been removed from the local
+.B /etc/identd.key
+file, then the administrator of the local host can run
+.B idecrypt
+and can provide the encrypted token in standard input.
+.PP
+.B idecrypt
+will then print the following decrypted information:
+.PP
+Sun May 19 00:25:23 1996 501 10.2.3.4 2304 10.9.8.7 23
+.PP
+This represents the time the encrypted token was created,
+the local user id, the local IP address and port number, and the
+remote IP address and port number.
+.SH SEE ALSO
+.BR identd (8)
+.BR tcpd (8)
+.SH BUGS
+The handling of fatal errors could be better.
diff --git a/security/pidentd/files/patch-ab b/security/pidentd/files/patch-ab
deleted file mode 100644
index b3444e66ba5e..000000000000
--- a/security/pidentd/files/patch-ab
+++ /dev/null
@@ -1,67 +0,0 @@
---- Makefile.orig	Tue Jul 29 05:01:22 1997
-+++ Makefile	Mon May  4 11:59:30 1998
-@@ -16,9 +16,9 @@
- MAKE=make
- 
- # set this to 'in.' if you like Sun's prefix on internet daemons
--PREFIX=in.
-+PREFIX=
-  
--DESTROOT=/usr/local
-+DESTROOT=${REALPREFIX}
- 
- # set this to '/share' if your man pages are in /usr/share
- #SHARE=/share
-@@ -33,7 +33,7 @@
- MANSECT=8
- MANDIR=$(MANROOT)/man$(MANSECT)
- 
--INSTALL=aux/install-sh -c
-+INSTALL=/usr/bin/install -c
- 
- 
- # NEXTSTEP 3.x Multi-Architecture-Binary (FAT) compiles
-@@ -57,14 +57,14 @@
- # GDEFS=-DINCLUDE_EXTENSIONS -DINCLUDE_PROXY -DINCLUDE_CRYPT \
- #	-DSTRONG_LOG -DALLOW_FORMAT \
- #
--GDEFS=-DINCLUDE_EXTENSIONS -DSTRONG_LOG -DALLOW_FORMAT \
--	-DDPATH_CONFIG='\"$(CONFDIR)/identd.conf\"' \
-+GDEFS=-DINCLUDE_EXTENSIONS -DSTRONG_LOG -DALLOW_FORMAT $(ADD_GDEFS) \
-+	-DPATH_CONFIG='\"$(CONFDIR)/identd.conf\"' \
- 	-DPATH_DESKEY='\"$(CONFDIR)/identd.key\"'
- 
- # GLIBS=-lident -ldes
--GLIBS=
-+GLIBS= $(ADD_GLIBS)
- 
--CFLAGS=-O
-+#CFLAGS=-O
- #LDFLAGS=-L$(DESTROOT)/lib
- 
- all:
-@@ -573,18 +573,18 @@
- 	mv $@-t $@
- 	chmod 755 $@
- 
--install: $(PREFIX)identd identd.$(MANSECT) identconn itest idecrypt
-+install: $(PREFIX)identd identd.$(MANSECT) idecrypt # identconn itest
- 	$(INSTALL) -m 644 identd.$(MANSECT) $(MANDIR)
- 	if [ -n "$(PREFIX)" ] ; then \
- 		rm -f $(MANDIR)/$(PREFIX)identd.$(MANSECT) ; \
- 		echo ".so `basename $(MANDIR)`/identd.$(MANSECT)" > $(MANDIR)/$(PREFIX)identd.$(MANSECT) ; \
- 	fi
--	$(INSTALL) -m 755 $(PREFIX)identd $(DESTDIR)
--	$(INSTALL) -m 755 identconn $(DESTROOT)/bin
-+	$(INSTALL) -s -m 755 $(PREFIX)identd $(DESTDIR)
-+#	$(INSTALL) -m 755 identconn $(DESTROOT)/bin
- 	$(INSTALL) -m 644 idecrypt.man  $(MANDIR)/idecrypt.$(MANSECT)
--	$(INSTALL) -m 755 idecrypt $(DESTDIR)/idecrypt
--	@echo "The following command will fail it you are not Root."
--	-$(INSTALL) -o root -g kmem -m 2555 itest $(DESTROOT)/bin
-+	$(INSTALL) -s -m 755 idecrypt $(DESTDIR)/idecrypt
-+#	@echo "The following command will fail it you are not Root."
-+#	-$(INSTALL) -o root -g kmem -m 2555 itest $(DESTROOT)/bin
- 
- 
- tests:
diff --git a/security/pidentd/files/patch-ac b/security/pidentd/files/patch-ac
deleted file mode 100644
index 72da063d8545..000000000000
--- a/security/pidentd/files/patch-ac
+++ /dev/null
@@ -1,79 +0,0 @@
---- identd.man.orig	Mon Jul 28 23:01:22 1997
-+++ identd.man	Tue Sep 29 18:40:47 1998
-@@ -4,9 +4,9 @@
- .\"
- .TH IDENTD 8 "27 May 1992"
- .SH NAME
--identd, in.identd \- TCP/IP IDENT protocol server
-+identd \- TCP/IP IDENT protocol server
- .SH SYNOPSIS
--.B xDESTDIRx/[in.]identd
-+.B !!PREFIX!!/sbin/identd
- .RB [ \-i | \-w | \-b ]
- .RB [ \-t<seconds> ]
- .RB [ \-u<uid> ]
-@@ -205,7 +205,7 @@
- If the
- .I keyfile
- is not specified, it defaults to
--.BR /etc/identd.key .
-+.BR !!PREFIX!!/etc/identd.key .
- .PP
- The
- .B \-n
-@@ -322,14 +322,14 @@
- mode of operation.
- .SH EXAMPLES
- Assuming the server is located in
--.B /usr/etc/in.identd
-+.B !!PREFIX!!/sbin/identd
- one can put either:
- .PP
--ident stream tcp wait sys /usr/etc/in.identd in.identd -w -t120
-+ident stream tcp wait sys !!PREFIX!!/sbin/identd identd -w -t120
- .PP
- or:
- .PP
--ident stream tcp nowait sys /usr/etc/in.identd in.identd -i
-+ident stream tcp nowait sys !!PREFIX!!/sbin/identd identd -i
- .PP
- into the
- .B /etc/inetd.conf
-@@ -342,7 +342,7 @@
- .B /etc/rc.local
- file:
- .PP
--/usr/etc/in.identd -b -u2 -g2
-+!!PREFIX!!/sbin/identd -b -u2 -g2
- .PP
- This will make it run in the background as user 2, group 2 (user "sys",
- group "kmem" on SunOS 4.1.1).
---- idecrypt.man.orig	Tue Sep 29 19:00:01 1998
-+++ idecrypt.man	Tue Sep 29 19:01:05 1998
-@@ -14,7 +14,7 @@
- .PP
- .B idecrypt
- reads up to 1024 lines from the
--.B /etc/identd.key
-+.B !!PREFIX!!/etc/identd.key
- file, converting each line to a DES key using
- .BR des_string_to_key (3).
- It then reads standard input, searching for encrypted tokens
-@@ -51,7 +51,7 @@
- the remote IP address and the remote port number.
- .SH EXAMPLE
- Suppose that the local host has IP address 10.2.3.4, the local
--.B /etc/identd.key
-+.B !!PREFIX!!/etc/identd.key
- file contains
- .PP
- foobar
-@@ -74,7 +74,7 @@
- If the administrator of the remote host later provides the administrator
- of the local host with a copy of the encrypted token, and if
- the secret key has not been removed from the local
--.B /etc/identd.key
-+.B !!PREFIX!!/etc/identd.key
- file, then the administrator of the local host can run
- .B idecrypt
- and can provide the encrypted token in standard input.
diff --git a/security/pidentd/files/patch-ai b/security/pidentd/files/patch-ai
deleted file mode 100644
index 8f730ae08a76..000000000000
--- a/security/pidentd/files/patch-ai
+++ /dev/null
@@ -1,19 +0,0 @@
-*** src/Makefile.orig	Mon Sep  1 15:47:04 1997
---- src/Makefile	Mon Sep  1 15:47:11 1997
-***************
-*** 18,24 ****
-  	mv $(PREFIX)identd ..
-  
-  idecrypt:	idecrypt.o crypto.o
-! 	$(CC) $(LDFLAGS) -o idecrypt idecrypt.o crypto.o
-  	mv idecrypt ..
-  
-  identd.o:	 identd.c identd.h error.h crypto.h Makefile
---- 18,24 ----
-  	mv $(PREFIX)identd ..
-  
-  idecrypt:	idecrypt.o crypto.o
-! 	$(CC) $(LDFLAGS) -o idecrypt idecrypt.o crypto.o $(LIBS)
-  	mv idecrypt ..
-  
-  identd.o:	 identd.c identd.h error.h crypto.h Makefile
diff --git a/security/pidentd/files/patch-ak b/security/pidentd/files/patch-ak
deleted file mode 100644
index 08893afd3f85..000000000000
--- a/security/pidentd/files/patch-ak
+++ /dev/null
@@ -1,16 +0,0 @@
---- src/freebsd.c.orig	Wed Jul 14 15:23:56 1999
-+++ src/freebsd.c	Wed Jul 14 15:24:51 1999
-@@ -1,3 +1,8 @@
-+#include <osreldate.h>
-+#if __FreeBSD_version >= 400007 || (__FreeBSD_version < 400000 && \
-+				    __FreeBSD_version >= 320002)
-+#include "freebsd-sysctl.c"
-+#else
- /*
- ** freebsd.c	   Low level kernel access functions for FreeBSD 2.x
- **
-@@ -306,3 +310,4 @@
- 
-   return -1;
- }
-+#endif
diff --git a/security/pidentd/files/patch-al b/security/pidentd/files/patch-al
deleted file mode 100644
index 9d0bdcf670b4..000000000000
--- a/security/pidentd/files/patch-al
+++ /dev/null
@@ -1,104 +0,0 @@
-
-$FreeBSD$
-
---- src/freebsd-sysctl.c.orig	Thu Aug 29 21:20:05 2002
-+++ src/freebsd-sysctl.c	Thu Aug 29 21:24:03 2002
-@@ -0,0 +1,98 @@
-+#include <sys/param.h>
-+#include <sys/types.h>
-+#include <sys/socket.h>
-+#include <sys/sysctl.h>
-+#include <sys/ucred.h>
-+
-+#include <netinet/in.h>
-+
-+int
-+k_open(void) {
-+
-+	return 0;
-+}
-+
-+#ifdef INET6
-+int k_getuid(struct sockaddr *faddr, int fport, struct sockaddr *laddr,
-+	     int lport, int *uid) {
-+	struct sockaddr_in sin[2];
-+	struct sockaddr_in6 sin6[2];
-+	struct xucred uc;
-+	size_t oldlen = sizeof(uc);
-+	struct sockaddr *sa;
-+	int salen;
-+	char *ctlname;
-+
-+	if (faddr->sa_family != laddr->sa_family)
-+		return -1;
-+	if (faddr->sa_family == AF_INET) {
-+		sin[0].sin_family = sin[1].sin_family = AF_INET;
-+		sin[0].sin_len = sin[1].sin_len = sizeof(struct sockaddr_in);
-+		memcpy(&sin[0].sin_addr,
-+		       &((struct sockaddr_in *)laddr)->sin_addr,
-+		       sizeof(struct in_addr));
-+		memcpy(&sin[1].sin_addr,
-+		       &((struct sockaddr_in *)faddr)->sin_addr,
-+		       sizeof(struct in_addr));
-+		sin[0].sin_port = (u_int16_t)lport;
-+		sin[1].sin_port = (u_int16_t)fport;
-+		sa = (struct sockaddr *)sin;
-+		salen = sizeof(sin);
-+		ctlname = "net.inet.tcp.getcred";
-+	} else if (IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)faddr)->sin6_addr)) {
-+		sin[0].sin_family = sin[1].sin_family = AF_INET;
-+		sin[0].sin_len = sin[1].sin_len = sizeof(struct sockaddr_in);
-+		memcpy(&sin[0].sin_addr,
-+		       &((struct sockaddr_in6 *)laddr)->sin6_addr.s6_addr[12],
-+		       sizeof(struct in_addr));
-+		memcpy(&sin[1].sin_addr,
-+		       &((struct sockaddr_in6 *)faddr)->sin6_addr.s6_addr[12],
-+		       sizeof(struct in_addr));
-+		sin[0].sin_port = (u_int16_t)lport;
-+		sin[1].sin_port = (u_int16_t)fport;
-+		sa = (struct sockaddr *)sin;
-+		salen = sizeof(sin);
-+		ctlname = "net.inet.tcp.getcred";
-+	} else {
-+		sin6[0].sin6_family = sin6[1].sin6_family = AF_INET6;
-+		sin6[0].sin6_len = sin6[1].sin6_len
-+				 = sizeof(struct sockaddr_in6);
-+		memcpy(&sin6[0].sin6_addr,
-+		       &((struct sockaddr_in6 *)laddr)->sin6_addr,
-+		       sizeof(struct in6_addr));
-+		memcpy(&sin6[1].sin6_addr,
-+		       &((struct sockaddr_in6 *)faddr)->sin6_addr,
-+		       sizeof(struct in6_addr));
-+		sin6[0].sin6_port = (u_int16_t)lport;
-+		sin6[1].sin6_port = (u_int16_t)fport;
-+		sa = (struct sockaddr *)sin6;
-+		salen = sizeof(sin6);
-+		ctlname = "net.inet6.tcp6.getcred";
-+	}
-+
-+	if (sysctlbyname(ctlname, &uc, &oldlen, sa, salen))
-+		return -1;
-+
-+	*uid = uc.cr_uid;
-+	return 0;
-+}	
-+#else
-+int k_getuid(struct in_addr *faddr, int fport, struct in_addr *laddr,
-+	     int lport, int *uid) {
-+	struct sockaddr_in sin[2];
-+	struct xucred uc;
-+	size_t oldlen = sizeof(uc);
-+
-+	sin[0].sin_addr.s_addr = laddr->s_addr;
-+	sin[1].sin_addr.s_addr = faddr->s_addr;
-+	sin[0].sin_port = (u_short)lport;
-+	sin[1].sin_port = (u_short)fport;
-+
-+	if (sysctlbyname("net.inet.tcp.getcred", &uc, &oldlen, sin,
-+	    sizeof(sin)))
-+		return -1;
-+
-+	*uid = uc.cr_uid;
-+	return 0;
-+}	
-+#endif
diff --git a/security/pidentd/pkg-plist b/security/pidentd/pkg-plist
deleted file mode 100644
index 2ffb7c7f8df4..000000000000
--- a/security/pidentd/pkg-plist
+++ /dev/null
@@ -1,2 +0,0 @@
-sbin/identd
-sbin/idecrypt