diff options
-rw-r--r-- | security/cfs/files/cfsd.sh | 103 | ||||
-rw-r--r-- | security/cfs/patches/patch-ab | 20 | ||||
-rw-r--r-- | security/cfs/patches/patch-ac | 13 | ||||
-rw-r--r-- | security/cfs/pkg/DESCR | 23 | ||||
-rw-r--r-- | security/cfs/pkg/PLIST | 38 |
5 files changed, 170 insertions, 27 deletions
diff --git a/security/cfs/files/cfsd.sh b/security/cfs/files/cfsd.sh new file mode 100644 index 00000000000..92fcff5378e --- /dev/null +++ b/security/cfs/files/cfsd.sh @@ -0,0 +1,103 @@ +#!/bin/sh +# +# $NetBSD: cfsd.sh,v 1.1.1.1 2001/06/05 22:19:11 jlam Exp $ +# +# PROVIDE: cfsd +# REQUIRE: mountd +# +# To start cfsd at startup, copy this script to /etc/rc.d and set +# cfsd=YES in /etc/rc.conf. + +name="cfsd" +rcvar=$name +command="@PREFIX@/sbin/${name}" +command_args="> /dev/null 2>&1" +required_vars="mountd" + +# set defaults +if [ -r /etc/rc.conf ] +then + . /etc/rc.conf +else + eval ${rcvar}=YES +fi + +# $flags from environment overrides ${rcvar}_flags +if [ -n "${flags}" ] +then + eval ${rcvar}_flags="${flags}" +fi + +checkyesno() +{ + eval _value=\$${1} + case $_value in + [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) return 0 ;; + [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) return 1 ;; + *) + echo "\$${1} is not set properly." + return 1 + ;; + esac +} + +cmd=${1:-start} +case ${cmd} in +force*) + cmd=${cmd#force} + forcecmd=YES + eval ${rcvar}=YES + ;; +esac + +required_vars="${rcvar} ${required_vars}" +pid_cmd="ps ax | awk '{print \$1,\$5}' | grep ${name} | awk '{print \$1}'" + +for _var in ${required_vars} +do + if ! checkyesno ${_var} + then + if [ -z "${forcecmd}" ] + then + exit 1 + fi + fi +done + +if [ -x ${command} ] +then + case ${cmd} in + start) + echo "Starting ${name}." + eval ${command} ${cfs_flags} ${command_args} + ;; + stop) + pid=`eval ${pid_cmd}` + if [ -z "${pid}" ] + then + echo "${name} not running?" + exit 1 + fi + echo "Stopping ${name}." + kill ${pid} + ;; + restart) + ( $0 forcestop ) + sleep 5 + $0 forcestart + ;; + status) + pid=`eval ${pid_cmd}` + if [ -n "${pid}" ]; then + echo "${name} is running as pid ${pid}." + else + echo "${name} is not running." + exit 1 + fi + ;; + *) + echo 1>&2 "Usage: $0 [restart|start|stop|status]" + exit 1 + ;; + esac +fi diff --git a/security/cfs/patches/patch-ab b/security/cfs/patches/patch-ab new file mode 100644 index 00000000000..8ebaf45164f --- /dev/null +++ b/security/cfs/patches/patch-ab @@ -0,0 +1,20 @@ +$NetBSD: patch-ab,v 1.1.1.1 2001/06/05 22:19:11 jlam Exp $ + +--- getpass.c.orig Thu May 31 17:03:02 2001 ++++ getpass.c Thu May 31 17:03:40 2001 +@@ -45,6 +45,7 @@ + #include "cfs.h" + #include "shs.h" + ++#ifndef HAVE_GETPASS + #if defined(irix) || defined(linux) + /* hacks to use POSIX style termios instead of old BSD style sgttyb */ + #include <termios.h> +@@ -95,6 +96,7 @@ + fclose(fi); + return(pbuf); + } ++#endif + + old_pwcrunch(b,k) + char *b; diff --git a/security/cfs/patches/patch-ac b/security/cfs/patches/patch-ac new file mode 100644 index 00000000000..c217a0ea0d3 --- /dev/null +++ b/security/cfs/patches/patch-ac @@ -0,0 +1,13 @@ +$NetBSD: patch-ac,v 1.1.1.1 2001/06/05 22:19:11 jlam Exp $ + +--- netbsd_make_with_bad_rpcgen.orig Thu May 3 14:30:15 2001 ++++ netbsd_make_with_bad_rpcgen Thu May 31 17:13:32 2001 +@@ -1,7 +1,7 @@ + #!/bin/sh + # this will make CFS for NetBSD (and other) systems with the + # wrong version of rpcgen +-make CC="cc -traditional \ ++${MAKE} CFS_CFLAGS=" \ + -Dnfsproc_null_2_svc=nfsproc_null_2 \ + -Dnfsproc_getattr_2_svc=nfsproc_getattr_2 \ + -Dnfsproc_setattr_2_svc=nfsproc_setattr_2 \ diff --git a/security/cfs/pkg/DESCR b/security/cfs/pkg/DESCR index 27d401c4196..cda6e531a75 100644 --- a/security/cfs/pkg/DESCR +++ b/security/cfs/pkg/DESCR @@ -1,10 +1,13 @@ -CFS is an encrypting file system for Unix-like OSs. It uses NFS as -its interface, and so is reasonably portable. The FS code dates back -to 1989, and the crypto to 1992, so it is showing signs of age. This -code should be regarded as completely unsupported; a complete rewrite -will follow eventually. - -Please don't download this code if you're in a place that's forbidden -(under US or local law) to export cryptographic software from the US -to, or if you're on the State Department's "Denied Persons List." If -you aren't sure, ask a good lawyer. +CFS pushes encryption services into the UN*X file system. It supports +secure storage at the system level through a standard UN*X file system +interface to encrypted files. Users associate a cryptographic key with the +directories they wish to protect. Files in these directories (as well as +their pathname components) are transparently encrypted and decrypted with +the specified key without further user intervention; cleartext is never +stored on a disk or sent to a remote file server. CFS employs a novel +combination of DES stream and codebook cipher modes to provide high +security with good performance on a modern workstation. CFS can use any +available file system for its underlying storage without modification, +including remote file servers such as NFS. System management functions, +such as file backup, work in a normal manner and without knowledge of the +key. diff --git a/security/cfs/pkg/PLIST b/security/cfs/pkg/PLIST index 93c8bf62b66..01c7c8c4870 100644 --- a/security/cfs/pkg/PLIST +++ b/security/cfs/pkg/PLIST @@ -1,19 +1,23 @@ -@comment $NetBSD: PLIST,v 1.1.1.1 2001/06/05 10:29:38 agc Exp $ -libexec/cfsd -bin/cattach -bin/cdetach -bin/cmkdir -bin/cpasswd +@comment $NetBSD: PLIST,v 1.1.1.2 2001/06/05 22:19:11 jlam Exp $ +bin/cfs_attach +bin/cfs_cat +bin/cfs_detach +bin/cfs_mkdir +bin/cfs_mkkey +bin/cfs_name +bin/cfs_passwd bin/cfssh -bin/cname -bin/ccat -bin/cmkkey -man/man1/cattach.1 -man/man8/ccat.8 -man/man1/cdetach.1 -man/man8/cfsd.8 +etc/rc.d/cfsd +man/man1/cfs_attach.1 +man/man1/cfs_detach.1 +man/man1/cfs_mkdir.1 +man/man1/cfs_mkkey.1 +man/man1/cfs_passwd.1 man/man1/cfssh.1 -man/man1/cmkdir.1 -man/man1/cmkkey.1 -man/man8/cname.8 -man/man1/cpasswd.1 +man/man8/cfs_cat.8 +man/man8/cfs_name.8 +man/man8/cfsd.8 +sbin/cfsd +share/doc/cfs/README.netbsd +share/doc/cfs/notes.ms +@dirrm share/doc/cfs |