summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhubertf <hubertf>1998-10-08 14:47:02 +0000
committerhubertf <hubertf>1998-10-08 14:47:02 +0000
commitf91af942cab4da18afed7118b2ce74ace529caf8 (patch)
tree6282314450e09549992076e41ba90302f5eda2af
parent475967f6dc58acbe84f8a09852d0d3966a132b29 (diff)
downloadpkgsrc-f91af942cab4da18afed7118b2ce74ace529caf8.tar.gz
NFS security verification suite
Diffstat
-rw-r--r--security/nfsbug/patches/patch-aa40
-rw-r--r--security/nfsbug/patches/patch-ab139
-rw-r--r--security/nfsbug/patches/patch-ac24
-rw-r--r--security/nfsbug/pkg/COMMENT1
-rw-r--r--security/nfsbug/pkg/DESCR10
-rw-r--r--security/nfsbug/pkg/PLIST2
6 files changed, 216 insertions, 0 deletions
diff --git a/security/nfsbug/patches/patch-aa b/security/nfsbug/patches/patch-aa
new file mode 100644
index 00000000000..2c03eee1966
--- /dev/null
+++ b/security/nfsbug/patches/patch-aa
@@ -0,0 +1,40 @@
+--- Makefile.orig Fri Feb 17 06:57:26 1995
++++ Makefile Mon Sep 28 17:44:50 1998
+@@ -1,21 +1,33 @@
+-CC=cc
+-#CFLAGS=-g -I. -DSVR4
++CC=gcc
++CFLAGS=-O2 -I.
++#CFLAGS=-ggdb -I. -DSVR4 -w
+ #LIBS=-lsocket -lnsl -L/usr/ucblib -lucb -lresolv
+-CFLAGS=-ggdb -I.
++#LIBS=-lsocket -lnsl -lresolv
++#CFLAGS=-ggdb -I.
+ LIBS=
+ NFSBUG_SOURCES=mount_clnt.c mount_xdr.c nfs_prot_clnt.c nfs_prot_xdr.c nfsbug.c
+ NFSBUG_OBJECTS=mount_clnt.o mount_xdr.o nfs_prot_clnt.o nfs_prot_xdr.o nfsbug.o
++NFSSHELL_SOURCES=nfsshell.c nfs_prot_clnt.c nfs_prot_xdr.c mount_clnt.c mount_xdr.c
++NFSSHELL_OBJECTS=nfsshell.o nfs_prot_clnt.o nfs_prot_xdr.o mount_clnt.o mount_xdr.o
+ RPCGEN_MOUNT= mount.h mount_clnt.c mount_svc.c mount_xdr.c
+ RPCGEN_NFS_PROT= nfs_prot.h nfs_prot_clnt.c nfs_prot_svc.c nfs_prot_xdr.c
+
++all: nfsbug nfsshell
++
++nfsshell: ${NFSSHELL_OBJECTS}
++ $(CC) ${CFLAGS} -o nfsshell $(NFSSHELL_OBJECTS) $(LIBS)
++
++${NFSSHELL_OBJECTS}: ${NFSSHELL_SOURCES}
++
+ nfsbug: $(NFSBUG_OBJECTS)
+- $(CC) -g -o nfsbug $(NFSBUG_OBJECTS) $(LIBS)
++ $(CC) ${CFLAGS} -o nfsbug $(NFSBUG_OBJECTS) $(LIBS)
+
+ lint: $(NFSBUG_SOURCES)
+ lint $(NFSBUG_SOURCES)
+
+ clean:
+ rm -f nfsbug $(NFSBUG_OBJECTS) $(RPCGEN_MOUNT) $(RPCGEN_NFS_PROT) core
++ rm -f ${NFSSHELL_OBJECTS}
+
+ $(RPCGEN_MOUNT):; rpcgen mount.x
+ $(RPCGEN_NFS_PROT):; rpcgen nfs_prot.x
diff --git a/security/nfsbug/patches/patch-ab b/security/nfsbug/patches/patch-ab
new file mode 100644
index 00000000000..13e22c2c765
--- /dev/null
+++ b/security/nfsbug/patches/patch-ab
@@ -0,0 +1,139 @@
+--- nfsshell.c.orig Mon Sep 28 15:54:36 1998
++++ nfsshell.c Mon Sep 28 15:57:22 1998
+@@ -1,3 +1,4 @@
++/* URL: http://www.asmodeus.com/archive/Xnix/nfsShell */
+ /*
+ * Copyright, 1991, 1992, by Leendert van Doorn (leendert@cs.vu.nl)
+ *
+@@ -21,14 +22,19 @@
+ #include <sys/ioctl.h>
+ #include <sys/socket.h>
+ #include <sys/vnode.h>
+-#include <sys/vfs.h>
++/* #include <sys/vfs.h> *//*HF*/
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
+ #include <sys/time.h>
+-#include <ufs/inode.h>
++#include <ufs/ufs/dinode.h> /*HF: NetBSD*/
++/* #include <sys/fs/ufs_inode.h> *//*HF: Solaris*/
++#include <sys/filio.h>
+ #include "mount.h"
+ #include "nfs_prot.h"
+
++int getline(char *buf, int bufsize, int *argc, char **argv, int argvsize);
++
++
+ /*
+ * Fundamental constants
+ */
+@@ -284,8 +290,11 @@
+ register char *p;
+
+ if (interact) printf("nfs> ");
+- if (fgets(buf, bufsize, stdin) == NULL)
++ if (fgets(buf, bufsize, stdin) == NULL){
++ perror("fgets");
++ fprintf(stderr,"EOF?!\n");
+ return 0;
++ }
+ *argc = 0;
+ for (p = buf; *p == ' ' || *p == '\t'; p++)
+ /* skip white spaces */;
+@@ -340,7 +349,7 @@
+ *var = argc == 2 ? atoi(argv[1]) : -2;
+ if (nfsclient && nfsclient->cl_auth) {
+ auth_destroy(nfsclient->cl_auth);
+- nfsclient->cl_auth = authunix_create_default(uid, gid);
++ nfsclient->cl_auth = MYauthunix_create_default(uid, gid);
+ }
+ }
+
+@@ -509,8 +518,7 @@
+ /*
+ * Print long listing of a files, much in the way ``ls -l'' does
+ */
+-printfilestatus(name)
+- char *name;
++printfilestatus(char *name)
+ {
+ diropargs args;
+ diropres *res;
+@@ -1160,7 +1168,7 @@
+ return 0;
+ }
+ clnt_control(nfsclient, CLSET_TIMEOUT, &timeout);
+- nfsclient->cl_auth = authunix_create_default(uid, gid);
++ nfsclient->cl_auth = MYauthunix_create_default(uid, gid);
+
+ /* provide some generic name for it */
+ if ((mountpath = malloc(8 + 1)) == NULL) {
+@@ -1235,7 +1243,7 @@
+ *var = 0x00100000;
+ if (nfsclient && nfsclient->cl_auth) {
+ auth_destroy(nfsclient->cl_auth);
+- nfsclient->cl_auth = authunix_create_default(uid, gid);
++ nfsclient->cl_auth = MYauthunix_create_default(uid, gid);
+ }
+ /*
+ * Put in some type of code here
+@@ -1493,7 +1501,7 @@
+ return 0;
+ }
+ clnt_control(mntclient, CLSET_TIMEOUT, &timeout);
+- mntclient->cl_auth = authunix_create_default(0, 0);
++ mntclient->cl_auth = MYauthunix_create_default(0, 0);
+ if (verbose)
+ printf("Open %s (%s)\n",
+ remotehost, inet_ntoa(server_addr.sin_addr));
+@@ -1540,7 +1548,7 @@
+ return 0;
+ }
+ clnt_control(nfsclient, CLSET_TIMEOUT, &timeout);
+- nfsclient->cl_auth = authunix_create_default(uid, gid);
++ nfsclient->cl_auth = MYauthunix_create_default(uid, gid);
+
+ /*
+ * Get file handle for this path from the mount daemon. There
+@@ -1634,7 +1642,7 @@
+ return RPC_ANYSOCK;
+ for (;;) {
+ sin.sin_port = htons((u_short)lport);
+- if (bind(s, (caddr_t)&sin, sizeof (sin), 0) >= 0) {
++ if (bind(s, (caddr_t)&sin, sizeof (sin)/*, 0*//*HF*/) >= 0) {
+ (void)ioctl(s, FIONBIO, (char *) &dontblock);
+ if (verbose)
+ fprintf(stderr, "Using a privileged port (%d)\n", lport);
+@@ -1672,14 +1680,14 @@
+ * syscalls.
+ */
+ AUTH *
+-authunix_create_default(uid, gid)
++MYauthunix_create_default(uid, gid)
+ int uid, gid;
+ {
+ char machname[MAX_MACHINE_NAME + 1];
+ int gids[1];
+
+ if (gethostname(machname, MAX_MACHINE_NAME) == -1) {
+- fprintf(stderr, "authunix_create_default: cannot get hostname\n");
++ fprintf(stderr, "MYauthunix_create_default: cannot get hostname\n");
+ exit(1);
+ }
+ machname[MAX_MACHINE_NAME] = 0;
+@@ -1858,8 +1866,7 @@
+ * NFS errors
+ */
+ char *
+-nfs_error(nfsstat)
+- enum nfsstat nfsstat;
++nfs_error(enum nfsstat nfsstat)
+ {
+ switch (nfsstat) {
+ case NFS_OK:
+@@ -1903,4 +1910,3 @@
+ }
+ }
+
+-
+\ No newline at end of file
diff --git a/security/nfsbug/patches/patch-ac b/security/nfsbug/patches/patch-ac
new file mode 100644
index 00000000000..1f5a1ecb477
--- /dev/null
+++ b/security/nfsbug/patches/patch-ac
@@ -0,0 +1,24 @@
+--- nfsbug.c.orig Mon Sep 28 17:45:40 1998
++++ nfsbug.c Mon Sep 28 17:47:58 1998
+@@ -25,16 +25,18 @@
+ #include <sys/socket.h>
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
+-#include <sys/sysmacros.h>
+ #include <sys/time.h>
+ #include <sys/vnode.h>
+-#include <sys/vfs.h>
+-#include <sys/sysmacros.h>
++#include <sys/mount.h>
+ #ifdef SVR4
+ #include <sys/inode.h>
+ #else
+ #ifndef HPUX
++#ifdef __NetBSD__
++#include <ufs/ufs/dinode.h>
++#else
+ #include <ufs/inode.h>
++#endif
+ #endif
+ #endif
+
diff --git a/security/nfsbug/pkg/COMMENT b/security/nfsbug/pkg/COMMENT
new file mode 100644
index 00000000000..3fcbaa93f23
--- /dev/null
+++ b/security/nfsbug/pkg/COMMENT
@@ -0,0 +1 @@
+NFS security verification suite
diff --git a/security/nfsbug/pkg/DESCR b/security/nfsbug/pkg/DESCR
new file mode 100644
index 00000000000..d70e8b8b959
--- /dev/null
+++ b/security/nfsbug/pkg/DESCR
@@ -0,0 +1,10 @@
+This package consists of two parts, of which the first one ("nfsbug")
+verifies a given NFS-server for known bugs like world wide exportable
+file systems, determine whether the export list really works,
+determine whether we can mount file systems through the portmapper,
+try to guess file handles, excercise the mknod bug, and the uid
+masking bug.
+
+The second program ("nfsshell") is included for demonstration purpose
+to display the named deficiencies by offering a shell-like interface
+to access NFS file systems.
diff --git a/security/nfsbug/pkg/PLIST b/security/nfsbug/pkg/PLIST
new file mode 100644
index 00000000000..db385889645
--- /dev/null
+++ b/security/nfsbug/pkg/PLIST
@@ -0,0 +1,2 @@
+bin/nfsbug
+bin/nfsshell
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-17 01:00:17 +0000