summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorjlam <jlam>2001-06-05 22:19:11 +0000
committerjlam <jlam>2001-06-05 22:19:11 +0000
commit77a27cdbcc34f75c5e1ffad5d402ff539aa5e989 (patch)
treeb3e6816f3a78e65be0d06bacd3700de8be9bda9d /security
parent417443d40b41e135fa2f48e8792247338fbd0af9 (diff)
downloadpkgsrc-77a27cdbcc34f75c5e1ffad5d402ff539aa5e989.tar.gz
cfs - Cryptographic File System
CFS pushes encryption services into the UN*X file system. It supports secure storage at the system level through a standard UN*X file system interface to encrypted files. Users associate a cryptographic key with the directories they wish to protect. Files in these directories (as well as their pathname components) are transparently encrypted and decrypted with the specified key without further user intervention; cleartext is never stored on a disk or sent to a remote file server. CFS employs a novel combination of DES stream and codebook cipher modes to provide high security with good performance on a modern workstation. CFS can use any available file system for its underlying storage without modification, including remote file servers such as NFS. System management functions, such as file backup, work in a normal manner and without knowledge of the key.
Diffstat (limited to 'security')
-rw-r--r--security/cfs/files/cfsd.sh103
-rw-r--r--security/cfs/patches/patch-ab20
-rw-r--r--security/cfs/patches/patch-ac13
-rw-r--r--security/cfs/pkg/DESCR23
-rw-r--r--security/cfs/pkg/PLIST38
5 files changed, 170 insertions, 27 deletions
diff --git a/security/cfs/files/cfsd.sh b/security/cfs/files/cfsd.sh
new file mode 100644
index 00000000000..92fcff5378e
--- /dev/null
+++ b/security/cfs/files/cfsd.sh
@@ -0,0 +1,103 @@
+#!/bin/sh
+#
+# $NetBSD: cfsd.sh,v 1.1.1.1 2001/06/05 22:19:11 jlam Exp $
+#
+# PROVIDE: cfsd
+# REQUIRE: mountd
+#
+# To start cfsd at startup, copy this script to /etc/rc.d and set
+# cfsd=YES in /etc/rc.conf.
+
+name="cfsd"
+rcvar=$name
+command="@PREFIX@/sbin/${name}"
+command_args="> /dev/null 2>&1"
+required_vars="mountd"
+
+# set defaults
+if [ -r /etc/rc.conf ]
+then
+ . /etc/rc.conf
+else
+ eval ${rcvar}=YES
+fi
+
+# $flags from environment overrides ${rcvar}_flags
+if [ -n "${flags}" ]
+then
+ eval ${rcvar}_flags="${flags}"
+fi
+
+checkyesno()
+{
+ eval _value=\$${1}
+ case $_value in
+ [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) return 0 ;;
+ [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) return 1 ;;
+ *)
+ echo "\$${1} is not set properly."
+ return 1
+ ;;
+ esac
+}
+
+cmd=${1:-start}
+case ${cmd} in
+force*)
+ cmd=${cmd#force}
+ forcecmd=YES
+ eval ${rcvar}=YES
+ ;;
+esac
+
+required_vars="${rcvar} ${required_vars}"
+pid_cmd="ps ax | awk '{print \$1,\$5}' | grep ${name} | awk '{print \$1}'"
+
+for _var in ${required_vars}
+do
+ if ! checkyesno ${_var}
+ then
+ if [ -z "${forcecmd}" ]
+ then
+ exit 1
+ fi
+ fi
+done
+
+if [ -x ${command} ]
+then
+ case ${cmd} in
+ start)
+ echo "Starting ${name}."
+ eval ${command} ${cfs_flags} ${command_args}
+ ;;
+ stop)
+ pid=`eval ${pid_cmd}`
+ if [ -z "${pid}" ]
+ then
+ echo "${name} not running?"
+ exit 1
+ fi
+ echo "Stopping ${name}."
+ kill ${pid}
+ ;;
+ restart)
+ ( $0 forcestop )
+ sleep 5
+ $0 forcestart
+ ;;
+ status)
+ pid=`eval ${pid_cmd}`
+ if [ -n "${pid}" ]; then
+ echo "${name} is running as pid ${pid}."
+ else
+ echo "${name} is not running."
+ exit 1
+ fi
+ ;;
+ *)
+ echo 1>&2 "Usage: $0 [restart|start|stop|status]"
+ exit 1
+ ;;
+ esac
+fi
diff --git a/security/cfs/patches/patch-ab b/security/cfs/patches/patch-ab
new file mode 100644
index 00000000000..8ebaf45164f
--- /dev/null
+++ b/security/cfs/patches/patch-ab
@@ -0,0 +1,20 @@
+$NetBSD: patch-ab,v 1.1.1.1 2001/06/05 22:19:11 jlam Exp $
+
+--- getpass.c.orig Thu May 31 17:03:02 2001
++++ getpass.c Thu May 31 17:03:40 2001
+@@ -45,6 +45,7 @@
+ #include "cfs.h"
+ #include "shs.h"
+
++#ifndef HAVE_GETPASS
+ #if defined(irix) || defined(linux)
+ /* hacks to use POSIX style termios instead of old BSD style sgttyb */
+ #include <termios.h>
+@@ -95,6 +96,7 @@
+ fclose(fi);
+ return(pbuf);
+ }
++#endif
+
+ old_pwcrunch(b,k)
+ char *b;
diff --git a/security/cfs/patches/patch-ac b/security/cfs/patches/patch-ac
new file mode 100644
index 00000000000..c217a0ea0d3
--- /dev/null
+++ b/security/cfs/patches/patch-ac
@@ -0,0 +1,13 @@
+$NetBSD: patch-ac,v 1.1.1.1 2001/06/05 22:19:11 jlam Exp $
+
+--- netbsd_make_with_bad_rpcgen.orig Thu May 3 14:30:15 2001
++++ netbsd_make_with_bad_rpcgen Thu May 31 17:13:32 2001
+@@ -1,7 +1,7 @@
+ #!/bin/sh
+ # this will make CFS for NetBSD (and other) systems with the
+ # wrong version of rpcgen
+-make CC="cc -traditional \
++${MAKE} CFS_CFLAGS=" \
+ -Dnfsproc_null_2_svc=nfsproc_null_2 \
+ -Dnfsproc_getattr_2_svc=nfsproc_getattr_2 \
+ -Dnfsproc_setattr_2_svc=nfsproc_setattr_2 \
diff --git a/security/cfs/pkg/DESCR b/security/cfs/pkg/DESCR
index 27d401c4196..cda6e531a75 100644
--- a/security/cfs/pkg/DESCR
+++ b/security/cfs/pkg/DESCR
@@ -1,10 +1,13 @@
-CFS is an encrypting file system for Unix-like OSs. It uses NFS as
-its interface, and so is reasonably portable. The FS code dates back
-to 1989, and the crypto to 1992, so it is showing signs of age. This
-code should be regarded as completely unsupported; a complete rewrite
-will follow eventually.
-
-Please don't download this code if you're in a place that's forbidden
-(under US or local law) to export cryptographic software from the US
-to, or if you're on the State Department's "Denied Persons List." If
-you aren't sure, ask a good lawyer.
+CFS pushes encryption services into the UN*X file system. It supports
+secure storage at the system level through a standard UN*X file system
+interface to encrypted files. Users associate a cryptographic key with the
+directories they wish to protect. Files in these directories (as well as
+their pathname components) are transparently encrypted and decrypted with
+the specified key without further user intervention; cleartext is never
+stored on a disk or sent to a remote file server. CFS employs a novel
+combination of DES stream and codebook cipher modes to provide high
+security with good performance on a modern workstation. CFS can use any
+available file system for its underlying storage without modification,
+including remote file servers such as NFS. System management functions,
+such as file backup, work in a normal manner and without knowledge of the
+key.
diff --git a/security/cfs/pkg/PLIST b/security/cfs/pkg/PLIST
index 93c8bf62b66..01c7c8c4870 100644
--- a/security/cfs/pkg/PLIST
+++ b/security/cfs/pkg/PLIST
@@ -1,19 +1,23 @@
-@comment $NetBSD: PLIST,v 1.1.1.1 2001/06/05 10:29:38 agc Exp $
-libexec/cfsd
-bin/cattach
-bin/cdetach
-bin/cmkdir
-bin/cpasswd
+@comment $NetBSD: PLIST,v 1.1.1.2 2001/06/05 22:19:11 jlam Exp $
+bin/cfs_attach
+bin/cfs_cat
+bin/cfs_detach
+bin/cfs_mkdir
+bin/cfs_mkkey
+bin/cfs_name
+bin/cfs_passwd
bin/cfssh
-bin/cname
-bin/ccat
-bin/cmkkey
-man/man1/cattach.1
-man/man8/ccat.8
-man/man1/cdetach.1
-man/man8/cfsd.8
+etc/rc.d/cfsd
+man/man1/cfs_attach.1
+man/man1/cfs_detach.1
+man/man1/cfs_mkdir.1
+man/man1/cfs_mkkey.1
+man/man1/cfs_passwd.1
man/man1/cfssh.1
-man/man1/cmkdir.1
-man/man1/cmkkey.1
-man/man8/cname.8
-man/man1/cpasswd.1
+man/man8/cfs_cat.8
+man/man8/cfs_name.8
+man/man8/cfsd.8
+sbin/cfsd
+share/doc/cfs/README.netbsd
+share/doc/cfs/notes.ms
+@dirrm share/doc/cfs