diff options
-rw-r--r-- | security/sbd/DESCR | 13 | ||||
-rw-r--r-- | security/sbd/Makefile | 39 | ||||
-rw-r--r-- | security/sbd/PLIST | 9 | ||||
-rw-r--r-- | security/sbd/distinfo | 7 | ||||
-rw-r--r-- | security/sbd/patches/patch-aa | 22 | ||||
-rw-r--r-- | security/sbd/patches/patch-ab | 33 |
6 files changed, 123 insertions, 0 deletions
diff --git a/security/sbd/DESCR b/security/sbd/DESCR new file mode 100644 index 00000000000..cb5119593e3 --- /dev/null +++ b/security/sbd/DESCR @@ -0,0 +1,13 @@ +One-time cipher based back door program for executing emergency +commands. + +Secure Back Door(SBD) is an alternative to leaving SSH open all the +time. It is based on a secure one-time keypad method, that insures +maximum security. Since SBD is very small, it is less likely to have +security exploits, as compared to SSH. Therefore, you could leave an +important computer up and running with just sbdd running in the +background, and if an emergency came about, you could simple execute a +command to bring ssh up, then work on the computer as regular. It +would be as simple as doing ./sbd domain.com "/etc/init.d/sshd start", +and with the proper key file set, the remote computer would have ssh +up and running shortly. diff --git a/security/sbd/Makefile b/security/sbd/Makefile new file mode 100644 index 00000000000..7f6cbc14df5 --- /dev/null +++ b/security/sbd/Makefile @@ -0,0 +1,39 @@ +# $NetBSD: Makefile,v 1.1.1.1 2007/05/10 18:18:16 agc Exp $ +# + +DISTNAME= sbd-0.5 +CATEGORIES= security +MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=sbd/} + +MAINTAINER= pkgsrc-users@NetBSD.org +HOMEPAGE= http://sourceforge.net/projects/sbd/ +COMMENT= HMAC & one-time pad-based remote login program + +WRKSRC= ${WRKDIR}/sbd + +USE_LANGUAGES+= c c++ + +EGDIR= ${PREFIX}/share/sbd +CONF_FILES= ${EGDIR}/deckey.bits ${PKG_SYSCONFDIR}/sbd/deckey.bits +CONF_FILES+= ${EGDIR}/enckey.bits ${PKG_SYSCONFDIR}/sbd/enckey.bits +CONF_FILES+= ${EGDIR}/athkey.bits ${PKG_SYSCONFDIR}/sbd/athkey.bits + +do-configure: + +do-build: + cd ${WRKSRC} && \ + ${CXX} -DPKG_SYSCONFDIR=\""${PKG_SYSCONFDIR}/sbd\"" -Wall -O2 -o sbdd ssocket.cpp sha1.cpp utils.cpp sbdd.cpp; \ + ${CXX} -DPKG_SYSCONFDIR=\""${PKG_SYSCONFDIR}/sbd\"" -Wall -O2 -o sbd csocket.cpp sha1.cpp utils.cpp sbd.cpp + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/sbdd ${PREFIX}/bin + ${INSTALL_PROGRAM} ${WRKSRC}/sbd ${PREFIX}/bin + ${INSTALL_DATA_DIR} ${PREFIX}/share/sbd + ${INSTALL_DATA_DIR} ${PKG_SYSCONFDIR}/sbd + ${INSTALL_DATA} ${WRKSRC}/PROTOCOL ${PREFIX}/share/sbd/ + ${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/sbd/ + ${INSTALL_DATA} ${WRKSRC}/athkey.bits ${EGDIR} + ${INSTALL_DATA} ${WRKSRC}/deckey.bits ${EGDIR} + ${INSTALL_DATA} ${WRKSRC}/enckey.bits ${EGDIR} + +.include "../../mk/bsd.pkg.mk" diff --git a/security/sbd/PLIST b/security/sbd/PLIST new file mode 100644 index 00000000000..c12add9870e --- /dev/null +++ b/security/sbd/PLIST @@ -0,0 +1,9 @@ +@comment $NetBSD: PLIST,v 1.1.1.1 2007/05/10 18:18:16 agc Exp $ +bin/sbd +bin/sbdd +share/sbd/PROTOCOL +share/sbd/README +share/sbd/athkey.bits +share/sbd/deckey.bits +share/sbd/enckey.bits +@dirrm share/sbd diff --git a/security/sbd/distinfo b/security/sbd/distinfo new file mode 100644 index 00000000000..7b1ff481095 --- /dev/null +++ b/security/sbd/distinfo @@ -0,0 +1,7 @@ +$NetBSD: distinfo,v 1.1.1.1 2007/05/10 18:18:16 agc Exp $ + +SHA1 (sbd-0.5.tar.gz) = 958860dc240105b705a0127409cfb5e4da4109ab +RMD160 (sbd-0.5.tar.gz) = 374db4f75210bc04ed9dd91c1c608fa2984856b3 +Size (sbd-0.5.tar.gz) = 25750 bytes +SHA1 (patch-aa) = e516c2a43d33e3e4a0c808f38a128bce8b96fedf +SHA1 (patch-ab) = afa9111e000d25dd05189554c2d97991d799ed5c diff --git a/security/sbd/patches/patch-aa b/security/sbd/patches/patch-aa new file mode 100644 index 00000000000..318c4f04b33 --- /dev/null +++ b/security/sbd/patches/patch-aa @@ -0,0 +1,22 @@ +$NetBSD: patch-aa,v 1.1.1.1 2007/05/10 18:18:16 agc Exp $ + +--- sbd.cpp 2007/05/10 09:59:22 1.1 ++++ sbd.cpp 2007/05/10 10:00:30 +@@ -121,7 +121,7 @@ + + // We always assume server recieved the command ok + // truncate file so same bytes are not used +- truncateFile("enckey.bits", keyBytesUsed); ++ truncateFile(PKG_SYSCONFDIR "/" "enckey.bits", keyBytesUsed); + + return 0; + } +@@ -136,7 +136,7 @@ + eMsg=""; // Finished cypher text + + // get key bytes from file +- readKey("enckey.bits", key, SHA1_SIZE*2 + msg.size()); ++ readKey(PKG_SYSCONFDIR "/" "enckey.bits", key, SHA1_SIZE*2 + msg.size()); + + // Copy 20 bytes of key over to hashOTP for computing HMAC-SHA1 + for (i = 0; i < SHA1_SIZE; i++) diff --git a/security/sbd/patches/patch-ab b/security/sbd/patches/patch-ab new file mode 100644 index 00000000000..7140672f82a --- /dev/null +++ b/security/sbd/patches/patch-ab @@ -0,0 +1,33 @@ +$NetBSD: patch-ab,v 1.1.1.1 2007/05/10 18:18:16 agc Exp $ + +--- sbdd.cpp 2007/05/10 09:59:22 1.1 ++++ sbdd.cpp 2007/05/10 10:01:05 +@@ -110,8 +110,8 @@ + return 1; + } + +- readKey("athkey.bits", authBytes, AUTH_SIZE); +- truncateFile("athkey.bits", AUTH_SIZE); ++ readKey(PKG_SYSCONFDIR "/" "athkey.bits", authBytes, AUTH_SIZE); ++ truncateFile(PKG_SYSCONFDIR "/" "athkey.bits", AUTH_SIZE); + + for (i = 0; i < authBytes.size() ; i++) + { +@@ -180,7 +180,7 @@ + unsigned char hashOTP[SHA1_SIZE]; // First 20 bytes of OTP used to comput HMAC-SHA1 + unsigned char finishedHash[SHA1_SIZE]; // Finished HMAC-SHA1 hash + +- readKey("deckey.bits", key, infileCmd.size()+SHA1_SIZE); ++ readKey(PKG_SYSCONFDIR "/" "deckey.bits", key, infileCmd.size()+SHA1_SIZE); + + // Copy 20 bytes of key over to hashOTP for computing HMAC-SHA1 + for (i = 0; i < SHA1_SIZE; i++) +@@ -227,7 +227,7 @@ + logFile << "system() returned : " << system(cmd.c_str()) << endl; + + //truncate bytes file +- truncateFile("deckey.bits", infileCmd.size()+SHA1_SIZE); ++ truncateFile(PKG_SYSCONFDIR "/" "deckey.bits", infileCmd.size()+SHA1_SIZE); + return 0; + } + |