debian/0000755000000000000000000000000011432617772007200 5ustar debian/README.Debian0000644000000000000000000000164411432612262011233 0ustar SSL support =========== SSL has been disabled in this release. IMSpector uses OpenSSL for SSL support upstream, but the GNU GPL is incompatible with the OpenSSL license. The upstream maintainer has added a license exception in the version of imspector in the repository, but because part of the code in socket.cpp was copied from Squid, this will not be enough to allow redistribution of binaries linked against OpenSSL. It may be possible to port to GnuTLS in the future. Transparently intercepting IM traffic ===================================== IMSpector is intended to transparently filter instant messaging traffic. This can be done by running imspector on the network's gateway, and using iptables rules of the following form: iptables -t nat -A PREROUTING -p tcp --destination-port $port \ -j REDIRECT --to-ports 16667 Typical ports to redirect in this manner would be 6667 for IRC, and 5222 for XMPP. debian/control0000644000000000000000000000121511432617441010573 0ustar Source: imspector Section: net Priority: optional Maintainer: Tim Retout Standards-Version: 3.9.1 Homepage: http://www.imspector.org/ Vcs-Git: git://git.debian.org/git/collab-maint/imspector.git Vcs-Browser: http://git.debian.org/?p=collab-maint/imspector.git Build-Depends: debhelper (>= 8) Package: imspector Architecture: any Depends: ${misc:Depends}, ${shlibs:Depends}, adduser, lsb-base (>= 3.0-6) Description: instant messenger proxy IMSpector is an IM proxy with monitoring, blocking and content-filtering capabilities. . Currently it supports MSN, Jabber/XMPP, AIM, ICQ, Yahoo, IRC and Gadu-Gadu to different degrees. debian/watch0000644000000000000000000000011011402016341010177 0ustar version=3 http://www.imspector.org/downloads/imspector-([\d\.]+).tar.gz debian/imspector.80000644000000000000000000000123711432311253011262 0ustar .\" man page for imspector .\" .\" Copyright (C) 2009 Tim Retout .\" .\" Licensed under the same terms as imspector itself. .\" .TH IMSPECTOR "8" "October 2009" "IMSpector" .SH NAME imspector \- instant messaging proxy .SH SYNOPSIS .B imspector [\fIoptions\fR] .SH DESCRIPTION .B IMSpector is an Instant Messenger proxy with monitoring, blocking and content\-filtering capabilities. Currently it supports MSN, Jabber/XMPP, AIM, ICQ, Yahoo, IRC and Gadu\-Gadu to different degrees. .SH OPTIONS .TP .B \-c \fIfilename\fR Specify alternative configuration file. .TP .B \-d Turn on debugging output. .SH AUTHOR Lawrence Manning <\&lawrence@aslak.net\&> debian/imspector.manpages0000644000000000000000000000002311402016341012673 0ustar debian/imspector.8 debian/patches/0000755000000000000000000000000011432614762010623 5ustar debian/patches/use-rpath0000644000000000000000000000326511432323517012457 0ustar Description: Use rpath for private library. Install libimspector.so into /usr/lib/imspector, and add an rpath to the binary and the plugins. . Also remove the sonames from the private libraries, because they are unnecessary and cause a dpkg-shlibdeps warning. Author: Tim Retout --- imspector.orig/Makefile +++ imspector/Makefile @@ -27,7 +27,7 @@ CXXFLAGS = -Wall -O2 -fPIC $(SSL_FLAGS) -PLUGIN_FLAGS = $(LIBS) -fPIC -shared -Wl,-soname,$@ -o $@ +PLUGIN_FLAGS = $(LIBS) -fPIC -shared -Wl,-R/usr/lib/imspector -o $@ IMSPECTOR_OBJS = main.o protocolplugin.o loggingplugin.o filterplugin.o responderplugin.o $(SSL_OBJS) @@ -46,10 +46,10 @@ rm -f imspector libimspector.so $(PLUGINS) *.o imspector: $(IMSPECTOR_OBJS) libimspector.so - $(CXX) $(IMSPECTOR_OBJS) $(LIBS) libimspector.so -o imspector $(SSL_LIBS) + $(CXX) $(IMSPECTOR_OBJS) $(LIBS) -Wl,-R/usr/lib/imspector libimspector.so -o imspector $(SSL_LIBS) libimspector.so: $(LIBIMSPECTOR_OBJS) - $(CXX) $(LIBIMSPECTOR_OBJS) $(LIBS) -fPIC -shared -Wl,-soname,libimspector.so -o libimspector.so + $(CXX) $(LIBIMSPECTOR_OBJS) $(LIBS) -fPIC -shared -o libimspector.so msnprotocolplugin.so: msnprotocolplugin.o libimspector.so $(CXX) msnprotocolplugin.o libimspector.so $(PLUGIN_FLAGS) @@ -163,7 +163,7 @@ -mkdir -p $(DESTDIR)/$(PREFIX)/sbin -mkdir -p $(DESTDIR)/$(PREFIX)/lib/imspector -install imspector $(DESTDIR)/$(PREFIX)/sbin/imspector - -install libimspector.so $(DESTDIR)/$(PREFIX)/lib/libimspector.so + -install libimspector.so $(DESTDIR)/$(PREFIX)/lib/imspector/libimspector.so -(for PLUGIN in $(PLUGINS) $(ADD_PLUGINS); do \ install $$PLUGIN $(DESTDIR)/$(PREFIX)/lib/imspector/$$PLUGIN; \ done); debian/patches/series0000644000000000000000000000015011432604736012034 0ustar disable-ssl fhs no-executable-text-files use-rpath fix-typos imspector-user-by-default fix-sizet-format debian/patches/disable-ssl0000644000000000000000000000102611432311306012733 0ustar Description: Disable SSL support. Upstream has promised to add a license exception, but until then this is necessary. Author: Tim Retout Index: imspector-0.9/Makefile =================================================================== --- imspector-0.9.orig/Makefile 2009-10-28 12:56:22.000000000 +0000 +++ imspector-0.9/Makefile 2009-10-28 12:56:45.000000000 +0000 @@ -3,7 +3,7 @@ ########## # Comment this out if you dont want SSL -SSL = yes +#SSL = yes ########## # Location of openssl installation debian/patches/fhs0000644000000000000000000000447611432614604011334 0ustar Description: Use FHS-compliant paths for the config files. Author: Tim Retout --- a/Makefile +++ b/Makefile @@ -167,12 +167,11 @@ -(for PLUGIN in $(PLUGINS) $(ADD_PLUGINS); do \ install $$PLUGIN $(DESTDIR)/$(PREFIX)/lib/imspector/$$PLUGIN; \ done); - -mkdir -p $(DESTDIR)/$(PREFIX)/etc/imspector - -install imspector.conf $(DESTDIR)/$(PREFIX)/etc/imspector/imspector.conf - -install badwords.txt $(DESTDIR)/$(PREFIX)/etc/imspector/badwords.txt - -install acl.txt $(DESTDIR)/$(PREFIX)/etc/imspector/acl.txt - -mkdir -p /var/log/imspector - -mkdir -p /var/lib/imspector + -mkdir -p $(DESTDIR)/etc/imspector + -install imspector.conf $(DESTDIR)/etc/imspector/imspector.conf + -install badwords.txt $(DESTDIR)/etc/imspector/badwords.txt + -install acl.txt $(DESTDIR)/etc/imspector/acl.txt + -mkdir -p $(DESTDIR)/var/log/imspector install-cert: -mkdir -p $(DESTDIR)/$(PREFIX)/etc/imspector --- a/main.cpp +++ b/main.cpp @@ -9,7 +9,7 @@ #include "imspector.h" -#define DEFAULT_CONFIG "/usr/etc/imspector/imspector.conf" +#define DEFAULT_CONFIG "/etc/imspector/imspector.conf" #define LOGGING_SOCKET "/tmp/.imspectorlog" #define DEFAULT_PLUGIN_DIR "/usr/lib/imspector" --- a/imspector.conf +++ b/imspector.conf @@ -12,19 +12,19 @@ # SSL support? #ssl=on -#ssl_key=/usr/etc/imspector/serverkey.pem +#ssl_key=/etc/imspector/serverkey.pem # Fixed cert? -#ssl_cert=/usr/etc/imspector/servercert.pem +#ssl_cert=/etc/imspector/servercert.pem # Or certs created on-the-fly and signed against a CA -#ssl_ca_key=/usr/etc/imspector/cakey.pem -#ssl_ca_cert=/usr/etc/imspector/cacert.pem +#ssl_ca_key=/etc/imspector/cakey.pem +#ssl_ca_cert=/etc/imspector/cacert.pem # And finally a directory to store the created certs #ssl_cert_dir=/var/lib/imspector # Directory of CA certs for IM server cert validation -#ssl_verify_dir=/usr/lib/ssl/certs +#ssl_verify_dir=/etc/ssl/certs # Drop connection when the IM server has a bad cert #ssl_verify=block @@ -70,12 +70,12 @@ #sqlite_file=/path/to/file # Bad words filtering -#badwords_filename=/usr/etc/imspector/badwords.txt +#badwords_filename=/etc/imspector/badwords.txt #badwords_replace_character=* #badwords_block_count=1 # ACL -#acl_filename=/usr/etc/imspector/acl.txt +#acl_filename=/etc/imspector/acl.txt # SQLite-backed filter #db_filter_filename=/path/to/file debian/patches/fix-typos0000644000000000000000000000206211432310476012503 0ustar Description: Fix some 'spelling error in binary' errors reported by lintian. This patch does not correct every instance of 'extention' in the file; only the times it was used in a debugging message. Author: Tim Retout --- imspector.orig/icqprotocolplugin.cpp +++ imspector/icqprotocolplugin.cpp @@ -522,7 +522,7 @@ { if (submytag == 0x2711) { - debugprint(localdebugmode, PROTOCOL_NAME ": Extention data tag 0x2711 found, len: %d", + debugprint(localdebugmode, PROTOCOL_NAME ": Extension data tag 0x2711 found, len: %d", submylength); uint16_t msgextentionlength; @@ -547,7 +547,7 @@ /* compare the memory for zeroed plugin */ if (memcmp(msgplugin, pluginzeroed, 16) != 0) { - debugprint(localdebugmode, PROTOCOL_NAME ": Unknown extention data plugin, {%s}", + debugprint(localdebugmode, PROTOCOL_NAME ": Unknown extension data plugin, {%s}", cookietohex(16,msgplugin).c_str()); return 2; } debian/patches/fix-sizet-format0000644000000000000000000000266511432320342013753 0ustar Description: Fix warnings about %d format and size_t. Author: Tim Retout --- imspector.orig/msnprotocolplugin.cpp 2010-08-16 21:29:52.000000000 +0100 +++ imspector/msnprotocolplugin.cpp 2010-08-16 21:31:12.000000000 +0100 @@ -209,14 +209,14 @@ if (response.outgoing) { snprintf(replybuffer, BUFFER_SIZE - 1, - "MSG 1 U %d\r\n" \ - "%s", body.length(), body.c_str()); + "MSG 1 U %lu\r\n" \ + "%s", (unsigned long)body.length(), body.c_str()); } else { snprintf(replybuffer, BUFFER_SIZE - 1, - "MSG %s %s %d\r\n" \ - "%s", remoteid.c_str(), remoteid.c_str(), body.length(), body.c_str()); + "MSG %s %s %lu\r\n" \ + "%s", remoteid.c_str(), remoteid.c_str(), (unsigned long)body.length(), body.c_str()); } *replybufferlength = strlen(replybuffer); Index: imspector/yahooprotocolplugin.cpp =================================================================== --- imspector.orig/yahooprotocolplugin.cpp 2010-08-16 21:29:56.000000000 +0100 +++ imspector/yahooprotocolplugin.cpp 2010-08-16 21:33:03.000000000 +0100 @@ -378,7 +378,7 @@ YAHOO_SERVICE_MESSAGE, tagvaluebuffer); if (response.outgoing) - snprintf(contentlengthbuffer, BUFFER_SIZE - 1, "content-length: %d\r\n\r\n", strlen(xmlbuffer)); + snprintf(contentlengthbuffer, BUFFER_SIZE - 1, "content-length: %lu\r\n\r\n", (unsigned long)strlen(xmlbuffer)); snprintf(replybuffer, BUFFER_SIZE, "%s%s", contentlengthbuffer, xmlbuffer); debian/patches/no-executable-text-files0000644000000000000000000000130111432614762015356 0ustar Description: Ensure config files are installed with mode 644. Author: Tim Retout --- a/Makefile +++ b/Makefile @@ -168,9 +168,9 @@ install $$PLUGIN $(DESTDIR)/$(PREFIX)/lib/imspector/$$PLUGIN; \ done); -mkdir -p $(DESTDIR)/etc/imspector - -install imspector.conf $(DESTDIR)/etc/imspector/imspector.conf - -install badwords.txt $(DESTDIR)/etc/imspector/badwords.txt - -install acl.txt $(DESTDIR)/etc/imspector/acl.txt + -install -m 644 imspector.conf $(DESTDIR)/etc/imspector/imspector.conf + -install -m 644 badwords.txt $(DESTDIR)/etc/imspector/badwords.txt + -install -m 644 acl.txt $(DESTDIR)/etc/imspector/acl.txt -mkdir -p $(DESTDIR)/var/log/imspector install-cert: debian/patches/imspector-user-by-default0000644000000000000000000000055611432317113015555 0ustar Description: Drop privileges to the imspector user by default. Author: Tim Retout --- imspector.orig/imspector.conf +++ imspector/imspector.conf @@ -7,8 +7,8 @@ #plugin_dir=/usr/lib/imspector # For dropping privs - you probably want to do this. -#user=imspector -#group=imspector +user=imspector +group=imspector # SSL support? #ssl=on debian/source/0000755000000000000000000000000011402016341010456 5ustar debian/source/format0000644000000000000000000000001411402016341011664 0ustar 3.0 (quilt) debian/copyright0000644000000000000000000000124611432311234011116 0ustar Name: IMSpector Maintainer: Lawrence Manning Source: http://www.imspector.org/downloads/ Copyright: 2006, Lawrence Manning License: GPL-2 On Debian systems the full text of the GNU General Public License can be found in the `/usr/share/common-licenses/GPL-2' file. Files: socket.cpp Copyright: 2006, Lawrence Manning 2001, Regents of the University of California License: GPL-2 Files: debian/* Copyright: 2009, 2010 Tim Retout License: GPL-2 or other This packaging is licensed under either version 2 of the GNU GPL or the same terms as any version of imspector you have available. debian/compat0000644000000000000000000000000211432320747010367 0ustar 8 debian/changelog0000644000000000000000000000022611432616335011044 0ustar imspector (0.9-1) unstable; urgency=low * Initial release. (Closes: #552728) -- Tim Retout Wed, 18 Aug 2010 00:35:50 +0100 debian/rules0000755000000000000000000000003511402021437010236 0ustar #!/usr/bin/make -f %: dh $@ debian/imspector.init0000644000000000000000000001010311432311270012045 0ustar #! /bin/sh ### BEGIN INIT INFO # Provides: imspector # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: IMSpector initscript # Description: IMSpector is a proxy server for instant messenger # protocols, with filtering and logging capabilities. ### END INIT INFO # Author: Tim Retout # Do NOT "set -e" # PATH should only include /usr/* if it runs after the mountnfs.sh script PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC="instant messenger proxy" NAME=imspector DAEMON=/usr/sbin/$NAME DAEMON_ARGS="" PIDFILE=/var/run/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME # Exit if the package is not installed [ -x "$DAEMON" ] || exit 0 # Read configuration variable file if it is present [ -r /etc/default/$NAME ] && . /etc/default/$NAME # Load the VERBOSE setting and other rcS variables . /lib/init/vars.sh # Define LSB log_* functions. # Depend on lsb-base (>= 3.0-6) to ensure that this file is present. . /lib/lsb/init-functions # # Function that starts the daemon/service # do_start() { # Return # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ || return 1 start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ $DAEMON_ARGS \ || return 2 # Add code here, if necessary, that waits for the process to be ready # to handle requests from services started subsequently which depend # on this one. As a last resort, sleep for some time. } # # Function that stops the daemon/service # do_stop() { # Return # 0 if daemon has been stopped # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 # Wait for children to finish too if this is a daemon that forks # and if the daemon is only ever run from this initscript. # If the above conditions are not satisfied then add some other code # that waits for the process to drop all resources that could be # needed by services started subsequently. A last resort is to # sleep for some time. start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON [ "$?" = 2 ] && return 2 # Many daemons don't delete their pidfiles when they exit. rm -f $PIDFILE return "$RETVAL" } # # Function that sends a SIGHUP to the daemon/service # do_reload() { # # If the daemon can reload its configuration without # restarting (for example, when it is sent a SIGHUP), # then implement that here. # start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME return 0 } case "$1" in start) [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" do_start case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; stop) [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" do_stop case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; status) status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? ;; #reload|force-reload) # # If do_reload() is not implemented then leave this commented out # and leave 'force-reload' as an alias for 'restart'. # #log_daemon_msg "Reloading $DESC" "$NAME" #do_reload #log_end_msg $? #;; restart|force-reload) # # If the "reload" option is implemented then remove the # 'force-reload' alias # log_daemon_msg "Restarting $DESC" "$NAME" do_stop case "$?" in 0|1) do_start case "$?" in 0) log_end_msg 0 ;; 1) log_end_msg 1 ;; # Old process is still running *) log_end_msg 1 ;; # Failed to start esac ;; *) # Failed to stop log_end_msg 1 ;; esac ;; *) #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 exit 3 ;; esac : debian/imspector.postinst0000644000000000000000000000225311432351717013006 0ustar #!/bin/sh # postinst script for imspector set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in configure) if ! getent passwd imspector >/dev/null; then adduser --disabled-password --quiet --system \ --home /var/run/imspector --no-create-home \ --gecos "Imspector daemon" --group imspector fi if [ ! -d /var/log/imspector ]; then mkdir -p /var/log/imspector fi if ! dpkg-statoverride --list /var/log/imspector >/dev/null 2>&1; then chown imspector:imspector /var/log/imspector fi ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac #DEBHELPER#