summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--security/cfs/files/cfsd.sh103
-rw-r--r--security/cfs/patches/patch-ab20
-rw-r--r--security/cfs/patches/patch-ac13
-rw-r--r--security/cfs/pkg/DESCR23
-rw-r--r--security/cfs/pkg/PLIST38
5 files changed, 170 insertions, 27 deletions
diff --git a/security/cfs/files/cfsd.sh b/security/cfs/files/cfsd.sh
new file mode 100644
index 00000000000..92fcff5378e
--- /dev/null
+++ b/security/cfs/files/cfsd.sh
@@ -0,0 +1,103 @@
+#!/bin/sh
+#
+# $NetBSD: cfsd.sh,v 1.1.1.1 2001/06/05 22:19:11 jlam Exp $
+#
+# PROVIDE: cfsd
+# REQUIRE: mountd
+#
+# To start cfsd at startup, copy this script to /etc/rc.d and set
+# cfsd=YES in /etc/rc.conf.
+
+name="cfsd"
+rcvar=$name
+command="@PREFIX@/sbin/${name}"
+command_args="> /dev/null 2>&1"
+required_vars="mountd"
+
+# set defaults
+if [ -r /etc/rc.conf ]
+then
+ . /etc/rc.conf
+else
+ eval ${rcvar}=YES
+fi
+
+# $flags from environment overrides ${rcvar}_flags
+if [ -n "${flags}" ]
+then
+ eval ${rcvar}_flags="${flags}"
+fi
+
+checkyesno()
+{
+ eval _value=\$${1}
+ case $_value in
+ [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) return 0 ;;
+ [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) return 1 ;;
+ *)
+ echo "\$${1} is not set properly."
+ return 1
+ ;;
+ esac
+}
+
+cmd=${1:-start}
+case ${cmd} in
+force*)
+ cmd=${cmd#force}
+ forcecmd=YES
+ eval ${rcvar}=YES
+ ;;
+esac
+
+required_vars="${rcvar} ${required_vars}"
+pid_cmd="ps ax | awk '{print \$1,\$5}' | grep ${name} | awk '{print \$1}'"
+
+for _var in ${required_vars}
+do
+ if ! checkyesno ${_var}
+ then
+ if [ -z "${forcecmd}" ]
+ then
+ exit 1
+ fi
+ fi
+done
+
+if [ -x ${command} ]
+then
+ case ${cmd} in
+ start)
+ echo "Starting ${name}."
+ eval ${command} ${cfs_flags} ${command_args}
+ ;;
+ stop)
+ pid=`eval ${pid_cmd}`
+ if [ -z "${pid}" ]
+ then
+ echo "${name} not running?"
+ exit 1
+ fi
+ echo "Stopping ${name}."
+ kill ${pid}
+ ;;
+ restart)
+ ( $0 forcestop )
+ sleep 5
+ $0 forcestart
+ ;;
+ status)
+ pid=`eval ${pid_cmd}`
+ if [ -n "${pid}" ]; then
+ echo "${name} is running as pid ${pid}."
+ else
+ echo "${name} is not running."
+ exit 1
+ fi
+ ;;
+ *)
+ echo 1>&2 "Usage: $0 [restart|start|stop|status]"
+ exit 1
+ ;;
+ esac
+fi
diff --git a/security/cfs/patches/patch-ab b/security/cfs/patches/patch-ab
new file mode 100644
index 00000000000..8ebaf45164f
--- /dev/null
+++ b/security/cfs/patches/patch-ab
@@ -0,0 +1,20 @@
+$NetBSD: patch-ab,v 1.1.1.1 2001/06/05 22:19:11 jlam Exp $
+
+--- getpass.c.orig Thu May 31 17:03:02 2001
++++ getpass.c Thu May 31 17:03:40 2001
+@@ -45,6 +45,7 @@
+ #include "cfs.h"
+ #include "shs.h"
+
++#ifndef HAVE_GETPASS
+ #if defined(irix) || defined(linux)
+ /* hacks to use POSIX style termios instead of old BSD style sgttyb */
+ #include <termios.h>
+@@ -95,6 +96,7 @@
+ fclose(fi);
+ return(pbuf);
+ }
++#endif
+
+ old_pwcrunch(b,k)
+ char *b;
diff --git a/security/cfs/patches/patch-ac b/security/cfs/patches/patch-ac
new file mode 100644
index 00000000000..c217a0ea0d3
--- /dev/null
+++ b/security/cfs/patches/patch-ac
@@ -0,0 +1,13 @@
+$NetBSD: patch-ac,v 1.1.1.1 2001/06/05 22:19:11 jlam Exp $
+
+--- netbsd_make_with_bad_rpcgen.orig Thu May 3 14:30:15 2001
++++ netbsd_make_with_bad_rpcgen Thu May 31 17:13:32 2001
+@@ -1,7 +1,7 @@
+ #!/bin/sh
+ # this will make CFS for NetBSD (and other) systems with the
+ # wrong version of rpcgen
+-make CC="cc -traditional \
++${MAKE} CFS_CFLAGS=" \
+ -Dnfsproc_null_2_svc=nfsproc_null_2 \
+ -Dnfsproc_getattr_2_svc=nfsproc_getattr_2 \
+ -Dnfsproc_setattr_2_svc=nfsproc_setattr_2 \
diff --git a/security/cfs/pkg/DESCR b/security/cfs/pkg/DESCR
index 27d401c4196..cda6e531a75 100644
--- a/security/cfs/pkg/DESCR
+++ b/security/cfs/pkg/DESCR
@@ -1,10 +1,13 @@
-CFS is an encrypting file system for Unix-like OSs. It uses NFS as
-its interface, and so is reasonably portable. The FS code dates back
-to 1989, and the crypto to 1992, so it is showing signs of age. This
-code should be regarded as completely unsupported; a complete rewrite
-will follow eventually.
-
-Please don't download this code if you're in a place that's forbidden
-(under US or local law) to export cryptographic software from the US
-to, or if you're on the State Department's "Denied Persons List." If
-you aren't sure, ask a good lawyer.
+CFS pushes encryption services into the UN*X file system. It supports
+secure storage at the system level through a standard UN*X file system
+interface to encrypted files. Users associate a cryptographic key with the
+directories they wish to protect. Files in these directories (as well as
+their pathname components) are transparently encrypted and decrypted with
+the specified key without further user intervention; cleartext is never
+stored on a disk or sent to a remote file server. CFS employs a novel
+combination of DES stream and codebook cipher modes to provide high
+security with good performance on a modern workstation. CFS can use any
+available file system for its underlying storage without modification,
+including remote file servers such as NFS. System management functions,
+such as file backup, work in a normal manner and without knowledge of the
+key.
diff --git a/security/cfs/pkg/PLIST b/security/cfs/pkg/PLIST
index 93c8bf62b66..01c7c8c4870 100644
--- a/security/cfs/pkg/PLIST
+++ b/security/cfs/pkg/PLIST
@@ -1,19 +1,23 @@
-@comment $NetBSD: PLIST,v 1.1.1.1 2001/06/05 10:29:38 agc Exp $
-libexec/cfsd
-bin/cattach
-bin/cdetach
-bin/cmkdir
-bin/cpasswd
+@comment $NetBSD: PLIST,v 1.1.1.2 2001/06/05 22:19:11 jlam Exp $
+bin/cfs_attach
+bin/cfs_cat
+bin/cfs_detach
+bin/cfs_mkdir
+bin/cfs_mkkey
+bin/cfs_name
+bin/cfs_passwd
bin/cfssh
-bin/cname
-bin/ccat
-bin/cmkkey
-man/man1/cattach.1
-man/man8/ccat.8
-man/man1/cdetach.1
-man/man8/cfsd.8
+etc/rc.d/cfsd
+man/man1/cfs_attach.1
+man/man1/cfs_detach.1
+man/man1/cfs_mkdir.1
+man/man1/cfs_mkkey.1
+man/man1/cfs_passwd.1
man/man1/cfssh.1
-man/man1/cmkdir.1
-man/man1/cmkkey.1
-man/man8/cname.8
-man/man1/cpasswd.1
+man/man8/cfs_cat.8
+man/man8/cfs_name.8
+man/man8/cfsd.8
+sbin/cfsd
+share/doc/cfs/README.netbsd
+share/doc/cfs/notes.ms
+@dirrm share/doc/cfs