diff options
author | jlam <jlam> | 2001-06-05 22:19:11 +0000 |
---|---|---|
committer | jlam <jlam> | 2001-06-05 22:19:11 +0000 |
commit | 77a27cdbcc34f75c5e1ffad5d402ff539aa5e989 (patch) | |
tree | b3e6816f3a78e65be0d06bacd3700de8be9bda9d /security | |
parent | 417443d40b41e135fa2f48e8792247338fbd0af9 (diff) | |
download | pkgsrc-77a27cdbcc34f75c5e1ffad5d402ff539aa5e989.tar.gz |
cfs - Cryptographic File System
CFS pushes encryption services into the UN*X file system. It supports
secure storage at the system level through a standard UN*X file system
interface to encrypted files. Users associate a cryptographic key with the
directories they wish to protect. Files in these directories (as well as
their pathname components) are transparently encrypted and decrypted with
the specified key without further user intervention; cleartext is never
stored on a disk or sent to a remote file server. CFS employs a novel
combination of DES stream and codebook cipher modes to provide high
security with good performance on a modern workstation. CFS can use any
available file system for its underlying storage without modification,
including remote file servers such as NFS. System management functions,
such as file backup, work in a normal manner and without knowledge of the
key.
Diffstat (limited to 'security')
-rw-r--r-- | security/cfs/files/cfsd.sh | 103 | ||||
-rw-r--r-- | security/cfs/patches/patch-ab | 20 | ||||
-rw-r--r-- | security/cfs/patches/patch-ac | 13 | ||||
-rw-r--r-- | security/cfs/pkg/DESCR | 23 | ||||
-rw-r--r-- | security/cfs/pkg/PLIST | 38 |
5 files changed, 170 insertions, 27 deletions
diff --git a/security/cfs/files/cfsd.sh b/security/cfs/files/cfsd.sh new file mode 100644 index 00000000000..92fcff5378e --- /dev/null +++ b/security/cfs/files/cfsd.sh @@ -0,0 +1,103 @@ +#!/bin/sh +# +# $NetBSD: cfsd.sh,v 1.1.1.1 2001/06/05 22:19:11 jlam Exp $ +# +# PROVIDE: cfsd +# REQUIRE: mountd +# +# To start cfsd at startup, copy this script to /etc/rc.d and set +# cfsd=YES in /etc/rc.conf. + +name="cfsd" +rcvar=$name +command="@PREFIX@/sbin/${name}" +command_args="> /dev/null 2>&1" +required_vars="mountd" + +# set defaults +if [ -r /etc/rc.conf ] +then + . /etc/rc.conf +else + eval ${rcvar}=YES +fi + +# $flags from environment overrides ${rcvar}_flags +if [ -n "${flags}" ] +then + eval ${rcvar}_flags="${flags}" +fi + +checkyesno() +{ + eval _value=\$${1} + case $_value in + [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) return 0 ;; + [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) return 1 ;; + *) + echo "\$${1} is not set properly." + return 1 + ;; + esac +} + +cmd=${1:-start} +case ${cmd} in +force*) + cmd=${cmd#force} + forcecmd=YES + eval ${rcvar}=YES + ;; +esac + +required_vars="${rcvar} ${required_vars}" +pid_cmd="ps ax | awk '{print \$1,\$5}' | grep ${name} | awk '{print \$1}'" + +for _var in ${required_vars} +do + if ! checkyesno ${_var} + then + if [ -z "${forcecmd}" ] + then + exit 1 + fi + fi +done + +if [ -x ${command} ] +then + case ${cmd} in + start) + echo "Starting ${name}." + eval ${command} ${cfs_flags} ${command_args} + ;; + stop) + pid=`eval ${pid_cmd}` + if [ -z "${pid}" ] + then + echo "${name} not running?" + exit 1 + fi + echo "Stopping ${name}." + kill ${pid} + ;; + restart) + ( $0 forcestop ) + sleep 5 + $0 forcestart + ;; + status) + pid=`eval ${pid_cmd}` + if [ -n "${pid}" ]; then + echo "${name} is running as pid ${pid}." + else + echo "${name} is not running." + exit 1 + fi + ;; + *) + echo 1>&2 "Usage: $0 [restart|start|stop|status]" + exit 1 + ;; + esac +fi diff --git a/security/cfs/patches/patch-ab b/security/cfs/patches/patch-ab new file mode 100644 index 00000000000..8ebaf45164f --- /dev/null +++ b/security/cfs/patches/patch-ab @@ -0,0 +1,20 @@ +$NetBSD: patch-ab,v 1.1.1.1 2001/06/05 22:19:11 jlam Exp $ + +--- getpass.c.orig Thu May 31 17:03:02 2001 ++++ getpass.c Thu May 31 17:03:40 2001 +@@ -45,6 +45,7 @@ + #include "cfs.h" + #include "shs.h" + ++#ifndef HAVE_GETPASS + #if defined(irix) || defined(linux) + /* hacks to use POSIX style termios instead of old BSD style sgttyb */ + #include <termios.h> +@@ -95,6 +96,7 @@ + fclose(fi); + return(pbuf); + } ++#endif + + old_pwcrunch(b,k) + char *b; diff --git a/security/cfs/patches/patch-ac b/security/cfs/patches/patch-ac new file mode 100644 index 00000000000..c217a0ea0d3 --- /dev/null +++ b/security/cfs/patches/patch-ac @@ -0,0 +1,13 @@ +$NetBSD: patch-ac,v 1.1.1.1 2001/06/05 22:19:11 jlam Exp $ + +--- netbsd_make_with_bad_rpcgen.orig Thu May 3 14:30:15 2001 ++++ netbsd_make_with_bad_rpcgen Thu May 31 17:13:32 2001 +@@ -1,7 +1,7 @@ + #!/bin/sh + # this will make CFS for NetBSD (and other) systems with the + # wrong version of rpcgen +-make CC="cc -traditional \ ++${MAKE} CFS_CFLAGS=" \ + -Dnfsproc_null_2_svc=nfsproc_null_2 \ + -Dnfsproc_getattr_2_svc=nfsproc_getattr_2 \ + -Dnfsproc_setattr_2_svc=nfsproc_setattr_2 \ diff --git a/security/cfs/pkg/DESCR b/security/cfs/pkg/DESCR index 27d401c4196..cda6e531a75 100644 --- a/security/cfs/pkg/DESCR +++ b/security/cfs/pkg/DESCR @@ -1,10 +1,13 @@ -CFS is an encrypting file system for Unix-like OSs. It uses NFS as -its interface, and so is reasonably portable. The FS code dates back -to 1989, and the crypto to 1992, so it is showing signs of age. This -code should be regarded as completely unsupported; a complete rewrite -will follow eventually. - -Please don't download this code if you're in a place that's forbidden -(under US or local law) to export cryptographic software from the US -to, or if you're on the State Department's "Denied Persons List." If -you aren't sure, ask a good lawyer. +CFS pushes encryption services into the UN*X file system. It supports +secure storage at the system level through a standard UN*X file system +interface to encrypted files. Users associate a cryptographic key with the +directories they wish to protect. Files in these directories (as well as +their pathname components) are transparently encrypted and decrypted with +the specified key without further user intervention; cleartext is never +stored on a disk or sent to a remote file server. CFS employs a novel +combination of DES stream and codebook cipher modes to provide high +security with good performance on a modern workstation. CFS can use any +available file system for its underlying storage without modification, +including remote file servers such as NFS. System management functions, +such as file backup, work in a normal manner and without knowledge of the +key. diff --git a/security/cfs/pkg/PLIST b/security/cfs/pkg/PLIST index 93c8bf62b66..01c7c8c4870 100644 --- a/security/cfs/pkg/PLIST +++ b/security/cfs/pkg/PLIST @@ -1,19 +1,23 @@ -@comment $NetBSD: PLIST,v 1.1.1.1 2001/06/05 10:29:38 agc Exp $ -libexec/cfsd -bin/cattach -bin/cdetach -bin/cmkdir -bin/cpasswd +@comment $NetBSD: PLIST,v 1.1.1.2 2001/06/05 22:19:11 jlam Exp $ +bin/cfs_attach +bin/cfs_cat +bin/cfs_detach +bin/cfs_mkdir +bin/cfs_mkkey +bin/cfs_name +bin/cfs_passwd bin/cfssh -bin/cname -bin/ccat -bin/cmkkey -man/man1/cattach.1 -man/man8/ccat.8 -man/man1/cdetach.1 -man/man8/cfsd.8 +etc/rc.d/cfsd +man/man1/cfs_attach.1 +man/man1/cfs_detach.1 +man/man1/cfs_mkdir.1 +man/man1/cfs_mkkey.1 +man/man1/cfs_passwd.1 man/man1/cfssh.1 -man/man1/cmkdir.1 -man/man1/cmkkey.1 -man/man8/cname.8 -man/man1/cpasswd.1 +man/man8/cfs_cat.8 +man/man8/cfs_name.8 +man/man8/cfsd.8 +sbin/cfsd +share/doc/cfs/README.netbsd +share/doc/cfs/notes.ms +@dirrm share/doc/cfs |