NFS security verification suite

6 files changed, 216 insertions, 0 deletions

diff --git a/security/nfsbug/patches/patch-aa b/security/nfsbug/patches/patch-aa
new file mode 100644
index 00000000000..2c03eee1966
--- /dev/null
+++ b/security/nfsbug/patches/patch-aa
@@ -0,0 +1,40 @@
+--- Makefile.orig	Fri Feb 17 06:57:26 1995
++++ Makefile	Mon Sep 28 17:44:50 1998
+@@ -1,21 +1,33 @@
+-CC=cc
+-#CFLAGS=-g -I. -DSVR4
++CC=gcc
++CFLAGS=-O2 -I.
++#CFLAGS=-ggdb -I. -DSVR4 -w
+ #LIBS=-lsocket -lnsl -L/usr/ucblib -lucb -lresolv
+-CFLAGS=-ggdb -I.
++#LIBS=-lsocket -lnsl -lresolv
++#CFLAGS=-ggdb -I.
+ LIBS=
+ NFSBUG_SOURCES=mount_clnt.c mount_xdr.c nfs_prot_clnt.c nfs_prot_xdr.c nfsbug.c
+ NFSBUG_OBJECTS=mount_clnt.o mount_xdr.o nfs_prot_clnt.o nfs_prot_xdr.o nfsbug.o
++NFSSHELL_SOURCES=nfsshell.c nfs_prot_clnt.c nfs_prot_xdr.c mount_clnt.c mount_xdr.c
++NFSSHELL_OBJECTS=nfsshell.o nfs_prot_clnt.o nfs_prot_xdr.o mount_clnt.o mount_xdr.o
+ RPCGEN_MOUNT= mount.h mount_clnt.c mount_svc.c mount_xdr.c
+ RPCGEN_NFS_PROT= nfs_prot.h nfs_prot_clnt.c nfs_prot_svc.c nfs_prot_xdr.c
+ 
++all: nfsbug nfsshell
++
++nfsshell: ${NFSSHELL_OBJECTS}
++	$(CC) ${CFLAGS} -o nfsshell $(NFSSHELL_OBJECTS) $(LIBS)
++
++${NFSSHELL_OBJECTS}: ${NFSSHELL_SOURCES}
++
+ nfsbug:	$(NFSBUG_OBJECTS)
+-	$(CC) -g -o nfsbug $(NFSBUG_OBJECTS) $(LIBS)
++	$(CC) ${CFLAGS} -o nfsbug $(NFSBUG_OBJECTS) $(LIBS)
+ 
+ lint:	$(NFSBUG_SOURCES)
+ 	lint $(NFSBUG_SOURCES)
+ 
+ clean:
+ 	rm -f nfsbug $(NFSBUG_OBJECTS) $(RPCGEN_MOUNT) $(RPCGEN_NFS_PROT) core
++	rm -f ${NFSSHELL_OBJECTS}
+ 
+ $(RPCGEN_MOUNT):; rpcgen mount.x
+ $(RPCGEN_NFS_PROT):; rpcgen nfs_prot.x
diff --git a/security/nfsbug/patches/patch-ab b/security/nfsbug/patches/patch-ab
new file mode 100644
index 00000000000..13e22c2c765
--- /dev/null
+++ b/security/nfsbug/patches/patch-ab
@@ -0,0 +1,139 @@
+--- nfsshell.c.orig	Mon Sep 28 15:54:36 1998
++++ nfsshell.c	Mon Sep 28 15:57:22 1998
+@@ -1,3 +1,4 @@
++/* URL: http://www.asmodeus.com/archive/Xnix/nfsShell */
+ /*

+  * Copyright, 1991, 1992, by Leendert van Doorn (leendert@cs.vu.nl)

+  *

+@@ -21,14 +22,19 @@
+ #include <sys/ioctl.h>

+ #include <sys/socket.h>

+ #include <sys/vnode.h>

+-#include <sys/vfs.h>

++/* #include <sys/vfs.h> *//*HF*/
+ #include <netinet/in.h>

+ #include <arpa/inet.h>

+ #include <sys/time.h>

+-#include <ufs/inode.h>

++#include <ufs/ufs/dinode.h> /*HF: NetBSD*/
++/* #include <sys/fs/ufs_inode.h> *//*HF: Solaris*/
++#include <sys/filio.h>
+ #include "mount.h"

+ #include "nfs_prot.h"

+ 

++int getline(char *buf, int bufsize, int *argc, char **argv, int argvsize);
++
++
+ /*

+  * Fundamental constants

+  */

+@@ -284,8 +290,11 @@
+     register char *p;

+ 

+     if (interact) printf("nfs> ");

+-    if (fgets(buf, bufsize, stdin) == NULL)

++    if (fgets(buf, bufsize, stdin) == NULL){ 
++	perror("fgets");
++	fprintf(stderr,"EOF?!\n");
+ 	return 0;

++    }
+     *argc = 0;

+     for (p = buf; *p == ' ' || *p == '\t'; p++)

+ 	/* skip white spaces */;

+@@ -340,7 +349,7 @@
+     *var = argc == 2 ? atoi(argv[1]) : -2;

+     if (nfsclient && nfsclient->cl_auth) {

+ 	auth_destroy(nfsclient->cl_auth);

+-	nfsclient->cl_auth = authunix_create_default(uid, gid);

++	nfsclient->cl_auth = MYauthunix_create_default(uid, gid);
+     }

+ }

+ 

+@@ -509,8 +518,7 @@
+ /*

+  * Print long listing of a files, much in the way ``ls -l'' does

+  */

+-printfilestatus(name)

+-    char *name;

++printfilestatus(char *name)
+ {

+     diropargs args;

+     diropres *res;

+@@ -1160,7 +1168,7 @@
+         return 0;

+     }

+     clnt_control(nfsclient, CLSET_TIMEOUT, &timeout);

+-    nfsclient->cl_auth = authunix_create_default(uid, gid);

++    nfsclient->cl_auth = MYauthunix_create_default(uid, gid);
+ 

+     /* provide some generic name for it */

+     if ((mountpath = malloc(8 + 1)) == NULL) {

+@@ -1235,7 +1243,7 @@
+     *var = 0x00100000;

+     if (nfsclient && nfsclient->cl_auth) {

+ 	auth_destroy(nfsclient->cl_auth);

+-	nfsclient->cl_auth = authunix_create_default(uid, gid);

++	nfsclient->cl_auth = MYauthunix_create_default(uid, gid);
+     }

+ /*

+  * Put in some type of code here

+@@ -1493,7 +1501,7 @@
+         return 0;

+     }

+     clnt_control(mntclient, CLSET_TIMEOUT, &timeout);

+-    mntclient->cl_auth = authunix_create_default(0, 0);

++    mntclient->cl_auth = MYauthunix_create_default(0, 0);
+     if (verbose)

+ 	printf("Open %s (%s)\n",

+ 	    remotehost, inet_ntoa(server_addr.sin_addr));

+@@ -1540,7 +1548,7 @@
+         return 0;

+     }

+     clnt_control(nfsclient, CLSET_TIMEOUT, &timeout);

+-    nfsclient->cl_auth = authunix_create_default(uid, gid);

++    nfsclient->cl_auth = MYauthunix_create_default(uid, gid);
+ 

+     /*

+      * Get file handle for this path from the mount daemon. There

+@@ -1634,7 +1642,7 @@
+ 	return RPC_ANYSOCK;

+     for (;;) {

+ 	sin.sin_port = htons((u_short)lport);

+-	if (bind(s, (caddr_t)&sin, sizeof (sin), 0) >= 0) {

++	if (bind(s, (caddr_t)&sin, sizeof (sin)/*, 0*//*HF*/) >= 0) {
+ 	    (void)ioctl(s, FIONBIO, (char *) &dontblock);

+ 	    if (verbose)

+ 		fprintf(stderr, "Using a privileged port (%d)\n", lport);

+@@ -1672,14 +1680,14 @@
+  * syscalls.

+  */

+ AUTH *

+-authunix_create_default(uid, gid)

++MYauthunix_create_default(uid, gid)
+     int uid, gid;

+ {

+     char machname[MAX_MACHINE_NAME + 1];

+     int gids[1];

+ 

+     if (gethostname(machname, MAX_MACHINE_NAME) == -1) {

+-	fprintf(stderr, "authunix_create_default: cannot get hostname\n");

++	fprintf(stderr, "MYauthunix_create_default: cannot get hostname\n");
+ 	exit(1);

+     }

+     machname[MAX_MACHINE_NAME] = 0;

+@@ -1858,8 +1866,7 @@
+  * NFS errors

+  */

+ char *

+-nfs_error(nfsstat)

+-    enum nfsstat nfsstat;

++nfs_error(enum nfsstat nfsstat)
+ {

+     switch (nfsstat) {

+     case NFS_OK:

+@@ -1903,4 +1910,3 @@
+     }

+ }

+ 

+-
+\ No newline at end of file
diff --git a/security/nfsbug/patches/patch-ac b/security/nfsbug/patches/patch-ac
new file mode 100644
index 00000000000..1f5a1ecb477
--- /dev/null
+++ b/security/nfsbug/patches/patch-ac
@@ -0,0 +1,24 @@
+--- nfsbug.c.orig	Mon Sep 28 17:45:40 1998
++++ nfsbug.c	Mon Sep 28 17:47:58 1998
+@@ -25,16 +25,18 @@
+ #include <sys/socket.h>
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
+-#include <sys/sysmacros.h>
+ #include <sys/time.h>
+ #include <sys/vnode.h>
+-#include <sys/vfs.h>
+-#include <sys/sysmacros.h>
++#include <sys/mount.h>
+ #ifdef SVR4
+ #include <sys/inode.h>
+ #else
+ #ifndef HPUX
++#ifdef __NetBSD__
++#include <ufs/ufs/dinode.h>
++#else
+ #include <ufs/inode.h>
++#endif
+ #endif
+ #endif
+ 
diff --git a/security/nfsbug/pkg/COMMENT b/security/nfsbug/pkg/COMMENT
new file mode 100644
index 00000000000..3fcbaa93f23
--- /dev/null
+++ b/security/nfsbug/pkg/COMMENT
@@ -0,0 +1 @@
+NFS security verification suite
diff --git a/security/nfsbug/pkg/DESCR b/security/nfsbug/pkg/DESCR
new file mode 100644
index 00000000000..d70e8b8b959
--- /dev/null
+++ b/security/nfsbug/pkg/DESCR
@@ -0,0 +1,10 @@
+This package consists of two parts, of which the first one ("nfsbug")
+verifies a given NFS-server for known bugs like world wide exportable
+file systems, determine whether the export list really works,
+determine whether we can mount file systems through the portmapper,
+try to guess file handles, excercise the mknod bug, and the uid
+masking bug.
+
+The second program ("nfsshell") is included for demonstration purpose
+to display the named deficiencies by offering a shell-like interface
+to access NFS file systems.
diff --git a/security/nfsbug/pkg/PLIST b/security/nfsbug/pkg/PLIST
new file mode 100644
index 00000000000..db385889645
--- /dev/null
+++ b/security/nfsbug/pkg/PLIST
@@ -0,0 +1,2 @@
+bin/nfsbug
+bin/nfsshell