#!/usr/bin/perl -T # chujowy ident dla pf'a z openbsd, obsługuje nat # # wpisać użytkowników w postaci do pliku /etc/chujident.conf, # każdy user w osobnej linijce, defaultowo odpowiada "natuser", # musi być odpalany z inetd # # babcia padlina ltd. use Socket; use strict; use Sys::Syslog; sub timeout { syslog('info', 'Timeout from %s', $main::raddr); closelog(); exit; } my($recvbuf, $statebuf, $lport, $rport, $raddr, $rsock, %hasz); $ENV{PATH} = "/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"; $statebuf = `/sbin/pfctl -s state`; #$< = $( = 71; #if ($< != 71 || $( != 71) #{ # die "set[ug]id failed\n"; #} $rsock = getpeername STDIN or die "getpeername: $!\n"; $raddr = inet_ntoa((unpack_sockaddr_in($rsock))[1]); openlog('identd', 'pid, ndelay', 'daemon') or die "openlog: $!\n"; local($SIG{'ALRM'}) = 'timeout'; %hasz = (); open CONF, "< /etc/chujident.conf" or die "open: $!\n"; while() { if (/(\d+\.\d+\.\d+\.\d+)\s+(\w+)/) { $hasz{$1} = $2; } } close CONF; alarm(20); $recvbuf = ; alarm(0); if ($recvbuf =~ /^(\d+)\s+,\s+(\d+)(\r)?\n$/) { $lport = $1; $rport = $2; } else { print "0, 0 : ERROR : NO-USER\r\n"; syslog('info', 'Bad query from %s', $raddr); closelog(); exit; } while ($statebuf =~ /TCP\s+(\d+\.\d+\.\d+\.\d+):(\d+)\s+->\s+(\d+\.\d+\.\d+\.\d+):(\d+)\s+->\s+(\d+\.\d+\.\d+\.\d+):(\d+)\s+ESTABLISHED:ESTABLISHED(\r\n)?/g) { if ($4 eq $lport && $6 eq $rport && $5 eq $raddr) { if ($hasz{$1} ne undef) { print "$lport, $rport : USERID : UNIX : ", $hasz{$1}, "\r\n"; syslog('info', '%s, %s : USERID : UNIX : %s (from %s)', $lport, $rport, $hasz{$1}, $raddr); closelog(); exit; } print "$lport, $rport : USERID : UNIX : natuser\r\n"; syslog('info', '%s, %s : USERID : UNIX : natuser (from %s)', $lport, $rport, $raddr); closelog(); exit; } } print "$lport, $rport : ERROR : NO-USER\r\n"; syslog('info', '%s, %s : ERROR : NO-USER (from %s)', $lport, $rport, $raddr); closelog(); exit;