mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-10-22 20:41:26 +00:00
Code Issues Releases Activity

Remove expired port:

Browse Source 
2013-08-23 security/sfs: Broken on FreeBSD 8 and newer
This commit is contained in:
Rene Ladan 2013-08-23 09:52:03 +00:00
parent 51fe2cda57
commit 2738c7104a
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=325258
43 changed files with 1 additions and 1690 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
MOVED
View File

@ -4843,3 +4843,4 @@ devel/prettygo|devel/go-pretty|2013-08-17|Project was renamed
www/w3m-m17n|www/w3m|2013-08-22|Unified to www/w3m
www/w3m-m17n-img|www/w3m-img|2013-08-22|Unified to www/w3m-img
www/moodle22||2013-08-20|Has expired: Unmaintained upstream
security/sfs||2013-08-23|Has expired: Broken on FreeBSD 8 and newer

1
security/Makefile
View File

@ -889,7 +889,6 @@
SUBDIR += secpanel
SUBDIR += sectok
SUBDIR += secure_delete
SUBDIR += sfs
SUBDIR += sguil-client
SUBDIR += sguil-sensor
SUBDIR += sguil-server

132
security/sfs/Makefile
View File

@ -1,132 +0,0 @@
# Ports collection makefile for: sfs
# Date created: 2002-07-11
# Whom: Michael Handler <handler@grendel.net>
# Matthew Dodd <winter@jurai.net>
#
# $FreeBSD$
#
PORTNAME= sfs
PORTVERSION= 0.7.2
PORTREVISION= 10
CATEGORIES= security net
MASTER_SITES= http://www.fs.net/sfswww/dist/
MAINTAINER= malus.x@gmail.com
COMMENT= Self-Certifying File System: A secure global network file system
DEPRECATED= Broken on FreeBSD 8 and newer
EXPIRATION_DATE=2013-08-23
PLIST_SUB= SFS_VERSION=${PORTVERSION}
INFO= sfs
USE_RC_SUBR= sfscd sfssd
USE_GMAKE= yes
GNU_CONFIGURE= yes
CONFIGURE_ARGS+=--with-sfsuser=sfs \
--with-sfsgroup=sfs \
--with-sfsdir=/var/spool/sfs \
--with-etcdir=${PREFIX}/etc/sfs \
--disable-uvfs \
--with-gmp=${LOCALBASE}
LIB_DEPENDS+= gmp.10:${PORTSDIR}/math/gmp
.include <bsd.port.pre.mk>
.if ${ARCH} != "i386"
IGNORE= nfsmounter component fails to execute correctly on ${ARCH} systems
.elif ${OSVERSION} >= 800000
BROKEN= does not build
.endif
MAN1= \
dirsearch.1 \
newaid.1 \
rex.1 \
sfsagent.1 \
sfskey.1 \
ssu.1
MAN5= \
sfs_config.5 \
sfs_srp_params.5 \
sfs_users.5 \
sfsauthd_config.5 \
sfscd_config.5 \
sfsrwsd_config.5 \
sfssd_config.5
MAN7= \
sfs.7
MAN8= \
funmount.8 \
sfsauthd.8 \
sfscd.8 \
sfsrwsd.8 \
sfssd.8 \
vidb.8
post-extract:
@${FIND} -E ${WRKDIR} -type f -iregex ".*\.(C|h)" -print0 | \
${XARGS} -0 ${REINPLACE_CMD} -e 's/template get/get/'
@${REINPLACE_CMD} -e 's/authsess::\(authsess\)/\1/' \
${WRKSRC}/agent/agent.h
@${REINPLACE_CMD} -e 's/\(u_int32_t val\)/\1 = 0/' \
${WRKSRC}/arpc/xdrmisc.C
@${REINPLACE_CMD} -e 's/\(errorbuf = \)""/\1const_cast<char *> ("")/' \
${WRKSRC}/async/parseopt.C
@${REINPLACE_CMD} -e 's/, \(&dummy_len\)/, (socklen_t *)\1/' \
${WRKSRC}/rex/connect.c
@${REINPLACE_CMD} -e 's/, \(&reslen\)/, (socklen_t *)\1/' \
${WRKSRC}/rex/listen.c
@${REINPLACE_CMD} -e 's/ptyclient::\(ptyclient\)/\1/' \
${WRKSRC}/rex/ptyd.C
@${REINPLACE_CMD} -e 's/\("ptyd"\)/const_cast<char *> (\1)/' \
${WRKSRC}/rex/rexd.C
@${REINPLACE_CMD} -e 's/, &sn/, (socklen_t *)\&sn/' \
${WRKSRC}/rex/uasync.c
@${REINPLACE_CMD} -e \
's/\(\\"" << cp->id << "\\"\)/const_cast<char *> (\1)/' \
${WRKSRC}/rpcc/gencfile.C
@${REINPLACE_CMD} -e 's/= fhextra =/=/' ${WRKSRC}/sfscd/ctlnode.C
@${REINPLACE_CMD} -e 's/\("-c"\)/const_cast<char *> (\1)/' \
${WRKSRC}/sfsmisc/agentmisc.C
@${REINPLACE_CMD} -e 's/\("localhost"\)/const_cast<char *> (\1)/' \
${WRKSRC}/sfsrwsd/client.C
post-configure:
@${REINPLACE_CMD} -e 's/^\(NOPAGING =\).*$$/(\1)/' \
${WRKSRC}/sfsrwcd/Makefile
pre-install:
PKG_PREFIX=${PREFIX} ${SH} pkg-install ${PKGNAME} PRE-INSTALL
post-install:
${INSTALL_SCRIPT} ${WRKSRC}/sfsauthd/upgradedb.pl ${PREFIX}/lib/sfs-${PORTVERSION}/upgradedb.pl
${MKDIR} ${PREFIX}/etc/sfs
${INSTALL_DATA} ${FILESDIR}/etc-sfsrwsd_config.sample ${PREFIX}/etc/sfs/sfsrwsd_config.sample
${MKDIR} ${PREFIX}/share/doc/sfs
${INSTALL_DATA} ${FILESDIR}/share-doc-WELCOME ${PREFIX}/share/doc/sfs/WELCOME
${INSTALL_DATA} ${FILESDIR}/share-doc-README ${PREFIX}/share/doc/sfs/README
${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/sfs/README.packageblurb
${INSTALL_DATA} ${WRKSRC}/README.0.7-upgrade ${PREFIX}/share/doc/sfs/README.0.7-upgrade
PKG_PREFIX=${PREFIX} ${SH} pkg-install ${PKGNAME} POST-INSTALL
.include <bsd.port.post.mk>

2
security/sfs/distinfo
View File

@ -1,2 +0,0 @@
SHA256 (sfs-0.7.2.tar.gz) = 06cfa24b474ded453b01423ec09e7a575b5478da1d8d88ea5f9ac29dea19a952
SIZE (sfs-0.7.2.tar.gz) = 1283652

34
security/sfs/files/etc-sfsrwsd_config.sample
View File

@ -1,34 +0,0 @@
# To configure sfsrwsd (part of the SFS server subsystem), copy this file
# (sfsrwsd_config.sample) to sfsrwsd_config and edit as necessary.
#
# Normally, it should not be necessary for you to specify Hostname
# or Keyfile options, only Export statements.
#
# Configuration reference:
#
# Hostname name
# Set the Location part of the server's self-certifying pathname. The
# default is the current host's fully-qualified hostname.
#
# Keyfile path
# Tells sfsrwsd to look for its private key in file path. The default
# is sfs_host_key. SFS looks for file names that do not start with /
# in /etc/sfs, or whatever directory you specified if you used the
# --with-etcdir option to configure (see configure).
#
# Export local-directory sfs-name [R|W]
# Tells sfsrwsd to export local-directory, giving it the name sfs-name
# with respect to the server's self-certifying pathname. Appending R
# to an export directive gives anonymous users read-only access to
# the file system (under user ID -2 and group ID -2). Appending W
# gives anonymous users both read and write access. See Quick server
# setup, for an example of the Export directive. There is almost no
# reason to use the W flag. The R flag lets anyone on the Internet
# issue NFS calls to your kernel as user -2. SFS filters these calls;
# it makes sure that they operate on files covered by the export
# directive, and it blocks any calls that would modify the file system.
# This approach is safe given a perfect NFS3 implementation. If,
# however, there are bugs in your NFS code, attackers may exploit
# them if you have the R option--probably just crashing your server
# but possibly doing worse

15
security/sfs/files/patch-README.0.7-upgrade
View File

@ -1,15 +0,0 @@
--- README.0.7-upgrade.orig Fri Dec 6 01:24:44 2002
+++ README.0.7-upgrade Fri Dec 6 01:25:41 2002
@@ -15,10 +15,10 @@
-------------------
Run:
- perl sfsauthd/upgradedb.pl
+ perl /usr/local/lib/sfs/upgradedb.pl
By default, the script will operate on the sfs_users
- file in /etc/sfs. You can alternatively specify files
+ file in /usr/local/etc/sfs. You can alternatively specify files
to upgrade on the command line, or try the -a flag to
upgrade all sfs_users files found with the locate utility.
If you do not explicitly specify files to upgrade, the

22
security/sfs/files/patch-agent_ssu.C
View File

@ -1,22 +0,0 @@
--- agent/ssu.C.orig 2002-08-01 17:09:53.000000000 -0400
+++ agent/ssu.C 2007-09-15 19:44:20.000000000 -0400
@@ -87,7 +87,7 @@
str cwdopt = getcwdopt ();
vec<char *> av;
- av.push_back (PATH_SU);
+ av.push_back (const_cast<char *> (PATH_SU));
int ch;
while ((ch = getopt (argc, argv, "fmlc:")) != -1)
@@ -111,8 +111,8 @@
if (argc)
usage ();
- av.push_back ("root");
- av.push_back ("-c");
+ av.push_back (const_cast<char *> ("root"));
+ av.push_back (const_cast<char *> ("-c"));
{
strbuf cbuf ("exec ");
cbuf << fix_exec_path ("newaid") << " " << uidopt;

44
security/sfs/files/patch-arpc_rpctypes.h
View File

@ -1,44 +0,0 @@
--- arpc/rpctypes.h.orig 2002-05-28 06:29:15.000000000 -0400
+++ arpc/rpctypes.h 2007-09-15 17:13:31.000000000 -0400
@@ -129,7 +129,7 @@
if (&v != this) \
assign (v)
- void init () { mode = NOFREE; nelm = 0; vec = NULL; }
+ void init () { mode = freemode::NOFREE; nelm = 0; vec = NULL; }
void del () {
switch (mode) {
case NOFREE:
@@ -266,6 +266,8 @@
a.swap (b);
}
+extern const str rpc_emptystr;
+
template<size_t max = RPC_INFINITY> struct rpc_str : str
{
enum { maxsize = max };
@@ -301,12 +303,12 @@
};
template<size_t n = RPC_INFINITY> struct rpc_opaque : array<char, n> {
- rpc_opaque () { bzero (base (), size ()); }
+ rpc_opaque () { bzero (this->base (), this->size ()); }
};
template<size_t n = RPC_INFINITY> struct rpc_bytes : rpc_vec<char, n> {
- void setstrmem (const str &s) { set (s.cstr (), s.len (), NOFREE); }
+ void setstrmem (const str &s) { this->set (s.cstr (), s.len (), freemode::NOFREE); }
rpc_bytes &operator= (const str &s)
- { setsize (s.len ()); memcpy (base (), s.cstr (), size ()); return *this; }
+ { this->setsize (s.len ()); memcpy (this->base (), s.cstr (), this->size ()); return *this; }
template<size_t m> rpc_bytes &operator= (const rpc_vec<char, m> &v)
{ rpc_vec<char, n>::operator= (v); return *this; }
template<size_t m> rpc_bytes &operator= (const array<char, m> &v)
@@ -519,7 +521,6 @@
struct rpc_clear_t {};
extern struct rpc_clear_t _rpcclear;
-extern const str rpc_emptystr;
inline bool
rpc_traverse (rpc_clear_t &, u_int32_t &obj)

10
security/sfs/files/patch-arpc_xdrmisc.h
View File

@ -1,10 +0,0 @@
--- arpc/xdrmisc.h.orig Mon Oct 11 16:43:34 2004
+++ arpc/xdrmisc.h Mon Oct 11 16:39:35 2004
@@ -26,6 +26,7 @@
#ifndef _ARPC_XDRMISC_H_
#define _ARPC_XDRMISC_H_ 1
+#include "wmstr.h"
#include "sysconf.h"
extern "C" {

12
security/sfs/files/patch-async_aiod.h
View File

@ -1,12 +0,0 @@
--- async/aiod.h.orig 2002-10-29 01:29:02.000000000 -0500
+++ async/aiod.h 2007-09-15 16:53:08.000000000 -0400
@@ -30,6 +30,9 @@
#include "ihash.h"
#include "aiod_prot.h"
+class aiod;
+class aiofh;
+
struct aiod_req;
class aiobuf {

37
security/sfs/files/patch-async_daemonize.C
View File

@ -1,37 +0,0 @@
--- async/daemonize.C.orig 2002-10-10 13:20:16.000000000 -0400
+++ async/daemonize.C 2007-09-15 17:00:51.000000000 -0400
@@ -49,18 +49,19 @@
const str &logfile, int flags, mode_t mode)
{
#ifdef PATH_LOGGER
- char *av[] = { PATH_LOGGER, "-p", NULL, "-t", NULL, NULL, NULL };
+ char *av[] = { const_cast<char *> (PATH_LOGGER), const_cast<char *> ("-p"),
+ NULL, const_cast<char *> ("-t"), NULL, NULL, NULL };
av[2] = const_cast<char *> (priority.cstr ());
if (line)
av[5] = const_cast<char *> (line.cstr ());
else
- av[5] = "log started";
+ av[5] = const_cast<char *> ("log started");
if (tag)
av[4] = const_cast<char *> (tag.cstr ());
else
- av[4] = "";
+ av[4] = const_cast<char *> ("");
pid_t pid;
int status;
@@ -93,9 +94,9 @@
start_logger ()
{
#ifdef PATH_LOGGER
- char *av[] = { PATH_LOGGER, "-p",
+ char *av[] = { const_cast<char *> (PATH_LOGGER), const_cast<char *> ("-p"),
const_cast<char *> (syslog_priority.cstr ()),
- "-t", "", NULL};
+ const_cast<char *> ("-t"), const_cast<char *> (""), NULL};
int fds[2];
close (0);

14
security/sfs/files/patch-async_dnsparse.C
View File

@ -1,14 +0,0 @@
$FreeBSD$
--- async/dnsparse.C.orig
+++ async/dnsparse.C
@@ -323,7 +323,7 @@
n_chars += strlen (name) + 1;
ref <mxlist> mxl = refcounted<mxlist, vsize>::alloc
- (offsetof (mxlist, m_mxes[nmx]) + n_chars);
+ (offsetof (mxlist, m_mxes) + n_chars);
mxrec *mxrecs = mxl->m_mxes;
char *np = (char *) &mxrecs[nmx];

11
security/sfs/files/patch-async_ihash.h
View File

@ -1,11 +0,0 @@
--- async/ihash.h.orig Mon Oct 11 16:43:34 2004
+++ async/ihash.h Mon Oct 11 16:39:35 2004
@@ -213,7 +213,7 @@
const H hash;
public:
- ihash () {}
+ ihash () : eq (E ()), hash (H ()) {}
ihash (const E &e, const H &h) : eq (e), hash (h) {}
void insert (V *elm) { insert_val (elm, hash (elm->*key)); }

41
security/sfs/files/patch-async_init.h
View File

@ -1,41 +0,0 @@
--- async/init.h.orig Mon Oct 11 16:43:34 2004
+++ async/init.h Mon Oct 11 16:39:35 2004
@@ -25,6 +25,12 @@
#ifndef _ASYNC_INIT_H_
#define _ASYNC_INIT_H_ 1
+#if __GNUC__ >= 3
+# define __init_attribute__(x)
+#else /* gcc < 3 */
+# define __init_attribute__(x) __attribute__ (x)
+#endif /* gcc < 3 */
+
#define INIT(name) \
static class name { \
static int count; \
@@ -34,7 +40,7 @@
public: \
name () {if (!cnt ()++) start ();} \
~name () {if (!--cnt ()) stop ();} \
-} init_ ## name __attribute__ ((unused))
+} init_ ## name __init_attribute__ ((unused))
class initfn {
initfn ();
@@ -43,7 +49,7 @@
};
#define INITFN(fn) \
static void fn (); \
-static initfn init_ ## fn (fn) __attribute__ ((unused))
+static initfn init_ ## fn (fn) __init_attribute__ ((unused))
class exitfn {
void (*const fn) ();
@@ -53,6 +59,6 @@
};
#define EXITFN(fn) \
static void fn (); \
-static exitfn exit_ ## fn (fn) __attribute__ ((unused))
+static exitfn exit_ ## fn (fn) __init_attribute__ ((unused))
#endif /* !_ASYNC_INIT_H_ */

11
security/sfs/files/patch-async_itree.h
View File

@ -1,11 +0,0 @@
--- async/itree.h.orig Sun Jul 9 00:14:16 2006
+++ async/itree.h Sun Jul 9 00:15:07 2006
@@ -86,7 +86,7 @@
itree_core (const itree_core &);
itree_core &operator = (const itree_core &);
-#define eos ((int) &(((T *) 0)->*field).p)
+#define eos ((ptrdiff_t) &(((T *) 0)->*field).p)
#define cmpfn scmp, (void *) this
public:

11
security/sfs/files/patch-async_qhash.h
View File

@ -1,11 +0,0 @@
--- async/qhash.h.orig Mon Oct 11 16:43:34 2004
+++ async/qhash.h Mon Oct 11 16:39:35 2004
@@ -166,7 +166,7 @@
public:
bhash () {}
- void clear () { deleteall (); }
+ void clear () { this->deleteall (); }
~bhash () { clear (); }
bool insert (const K &k) {

118
security/sfs/files/patch-async_refcnt.h
View File

@ -1,118 +0,0 @@
--- async/refcnt.h.orig Mon Oct 11 16:43:34 2004
+++ async/refcnt.h Mon Oct 11 16:39:35 2004
@@ -409,7 +409,7 @@
friend class refpriv;
friend ref<T> mkref<T> (T *);
- ref (T *pp, refcount *cc) : refpriv (cc) { p = pp; inc (); }
+ ref (T *pp, refcount *cc) : refpriv (cc) { this->p = pp; inc (); }
void inc () const { rinc (c); }
void dec () const { rdec (c); }
@@ -420,32 +420,32 @@
template<class U, reftype v>
ref (refcounted<U, v> *pp)
- : refpriv (rc (pp)) { p = refpriv::rp (pp); inc (); }
+ : refpriv (rc (pp)) { this->p = refpriv::rp (pp); inc (); }
/* At least with gcc, the copy constructor must be explicitly
* defined (though it would appear to be redundant given the
* template constructor bellow). */
- ref (const ref<T> &r) : refpriv (r.c) { p = r.p; inc (); }
+ ref (const ref<T> &r) : refpriv (r.c) { this->p = r.p; inc (); }
template<class U>
ref (const ref<U> &r)
- : refpriv (rc (r)) { p = refpriv::rp (r); inc (); }
+ : refpriv (rc (r)) { this->p = refpriv::rp (r); inc (); }
template<class U>
ref (const ::ptr<U> &r)
- : refpriv (rc (r)) { p = refpriv::rp (r); inc (); }
+ : refpriv (rc (r)) { this->p = refpriv::rp (r); inc (); }
~ref () { dec (); }
template<class U, reftype v> ref<T> &operator= (refcounted<U, v> *pp)
- { rinc (pp); dec (); p = refpriv::rp (pp); c = rc (pp); return *this; }
+ { rinc (pp); dec (); this->p = refpriv::rp (pp); c = rc (pp); return *this; }
/* The copy assignment operator must also explicitly be defined,
* despite a redundant template. */
ref<T> &operator= (const ref<T> &r)
- { r.inc (); dec (); p = r.p; c = r.c; return *this; }
+ { r.inc (); dec (); this->p = r.p; c = r.c; return *this; }
template<class U> ref<T> &operator= (const ref<U> &r)
- { rinc (r); dec (); p = refpriv::rp (r); c = rc (r); return *this; }
+ { rinc (r); dec (); this->p = refpriv::rp (r); c = rc (r); return *this; }
/* Self asignment not possible. Use ref::inc to cause segfauls on NULL. */
template<class U> ref<T> &operator= (const ::ptr<U> &r)
- { dec (); p = refpriv::rp (r); c = rc (r); inc (); return *this; }
+ { dec (); this->p = refpriv::rp (r); c = rc (r); inc (); return *this; }
};
/* To skip initialization of ptr's in BSS */
@@ -464,13 +464,13 @@
rinc (pp);
if (decme)
dec ();
- p = refpriv::rp (pp);
+ this->p = refpriv::rp (pp);
c = rc (pp);
}
else {
if (decme)
dec ();
- p = NULL;
+ this->p = NULL;
c = NULL;
}
}
@@ -480,31 +480,31 @@
typedef ref<T> ref;
explicit ptr (__bss_init) {}
- ptr () : refpriv (NULL) { p = NULL; }
- ptr (privtype *) : refpriv (NULL) { p = NULL; }
+ ptr () : refpriv (NULL) { this->p = NULL; }
+ ptr (privtype *) : refpriv (NULL) { this->p = NULL; }
template<class U, reftype v>
ptr (refcounted<U, v> *pp) { set (pp, false); }
- ptr (const ptr<T> &r) : refpriv (r.c) { p = r.p; inc (); }
+ ptr (const ptr<T> &r) : refpriv (r.c) { this->p = r.p; inc (); }
template<class U>
ptr (const ptr<U> &r)
- : refpriv (rc (r)) { p = refpriv::rp (r); inc (); }
+ : refpriv (rc (r)) { this->p = refpriv::rp (r); inc (); }
template<class U>
ptr (const ::ref<U> &r)
- : refpriv (rc (r)) { p = refpriv::rp (r); inc (); }
+ : refpriv (rc (r)) { this->p = refpriv::rp (r); inc (); }
~ptr () { dec (); }
ptr<T> &operator= (privtype *)
- { dec (); p = NULL; c = NULL; return *this; }
+ { dec (); this->p = NULL; c = NULL; return *this; }
template<class U, reftype v> ptr<T> &operator= (refcounted<U, v> *pp)
{ set (pp, true); return *this; }
ptr<T> &operator= (const ptr<T> &r)
- { r.inc (); dec (); p = r.p; c = r.c; return *this; }
+ { r.inc (); dec (); this->p = r.p; c = r.c; return *this; }
template<class U> ptr<T> &operator= (const ptr<U> &r)
- { rinc (r); dec (); p = refpriv::rp (r); c = rc (r); return *this; }
+ { rinc (r); dec (); this->p = refpriv::rp (r); c = rc (r); return *this; }
template<class U> ptr<T> &operator= (const ::ref<U> &r)
- { rinc (r); dec (); p = refpriv::rp (r); c = rc (r); return *this; }
+ { rinc (r); dec (); this->p = refpriv::rp (r); c = rc (r); return *this; }
};
template<class T>
@@ -512,7 +512,7 @@
// Don't initialize (assume we were 0 initialized in the BSS)
bssptr () : ptr<T> (__bss_init ()) {}
// Override the effects of destruction
- ~bssptr () { assert (globaldestruction); if (*this != NULL) Xleak (); }
+ ~bssptr () { assert (globaldestruction); if (*this != NULL) this->Xleak (); }
ptr<T> &operator= (refpriv::privtype *p) { return ptr<T>::operator= (p); }
template<class U> ptr<T> &operator= (const ptr<U> &r)
{ return ptr<T>::operator= (r); }

51
security/sfs/files/patch-async_suio_vuprintf.C
View File

@ -1,51 +0,0 @@
--- async/suio_vuprintf.C.orig 2000-10-08 19:18:10.000000000 -0400
+++ async/suio_vuprintf.C 2007-09-15 17:02:44.000000000 -0400
@@ -139,7 +139,7 @@
int dprec; /* a copy of prec if [diouxX], 0 otherwise */
int realsz; /* field size expanded by dprec */
int size; /* size of converted field or string */
- char *xdigs = ""; /* digits for [xX] conversion */
+ char *xdigs = const_cast<char *> (""); /* digits for [xX] conversion */
char buf[BUF]; /* space for %c, %[diouxX], %[eEfgG] */
char ox[2]; /* space for 0x hex-prefix */
@@ -392,7 +392,7 @@
/* NOSTRICT */
_uquad = (u_long) va_arg (ap, void *);
base = HEX;
- xdigs = "0123456789abcdef";
+ xdigs = const_cast<char *> ("0123456789abcdef");
flags |= HEXPREFIX;
ch = 'x';
goto nosign;
@@ -403,7 +403,7 @@
cp = va_arg (ap, char *);
gotcp:
if (cp == NULL)
- cp = "(null)";
+ cp = const_cast<char *> ("(null)");
if (prec >= 0) {
/*
* can't use strlen; can only look for the
@@ -434,10 +434,10 @@
base = DEC;
goto nosign;
case 'X':
- xdigs = "0123456789ABCDEF";
+ xdigs = const_cast<char *> ("0123456789ABCDEF");
goto hex;
case 'x':
- xdigs = "0123456789abcdef";
+ xdigs = const_cast<char *> ("0123456789abcdef");
hex:
_uquad = UARG ();
base = HEX;
@@ -497,7 +497,7 @@
break;
default:
- cp = "bug in vfprintf: bad base";
+ cp = const_cast<char *> ("bug in vfprintf: bad base");
size = strlen (cp);
goto skipsize;
}

143
security/sfs/files/patch-async_vec.h
View File

@ -1,143 +0,0 @@
--- async/vec.h.orig Mon Oct 11 16:43:34 2004
+++ async/vec.h Mon Oct 11 16:39:35 2004
@@ -74,16 +74,16 @@
template<class T, size_t N = 0> class vec : public vec_base<T, N> {
typedef typename vec_base<T, N>::elm_t elm_t;
void move (elm_t *dst) {
- if (dst == firstp)
+ if (dst == this->firstp)
return;
- assert (dst < firstp || dst >= lastp);
- basep = dst;
- for (elm_t *src = firstp; src < lastp; src++) {
+ assert (dst < this->firstp || dst >= this->lastp);
+ this->basep = dst;
+ for (elm_t *src = this->firstp; src < this->lastp; src++) {
new ((void *) (dst++)) elm_t (*src);
src->~elm_t ();
}
- lastp += basep - firstp;
- firstp = basep;
+ this->lastp += this->basep - this->firstp;
+ this->firstp = this->basep;
}
static elm_t &construct (elm_t &e)
@@ -92,14 +92,14 @@
{ return *new (implicit_cast<void *> (&e)) elm_t (v); }
static void destroy (elm_t &e) { e.~elm_t (); }
- void init () { lastp = firstp = basep = def_basep (); limp = def_limp (); }
- void del () { while (firstp < lastp) firstp++->~elm_t (); bfree (basep); }
+ void init () { this->lastp = this->firstp = this->basep = this->def_basep (); this->limp = this->def_limp (); }
+ void del () { while (this->firstp < this->lastp) (this->firstp)++->~elm_t (); bfree (this->basep); }
#define append(v) \
do { \
reserve (v.size ()); \
for (const elm_t *s = v.base (), *e = v.lim (); s < e; s++) \
- cconstruct (*lastp++, *s); \
+ cconstruct (*(this->lastp)++, *s); \
} while (0)
#ifdef CHECK_BOUNDS
@@ -125,19 +125,19 @@
{ clear (); append (v); return *this; }
void reserve (size_t n) {
- if (lastp + n <= limp)
+ if (this->lastp + n <= this->limp)
return;
- size_t nalloc = limp - basep;
- size_t nwanted = lastp - firstp + n;
+ size_t nalloc = this->limp - this->basep;
+ size_t nwanted = this->lastp - this->firstp + n;
if (nwanted > nalloc / 2) {
nalloc = 1 << fls (max (nalloc, nwanted));
- elm_t *obasep = basep;
+ elm_t *obasep = this->basep;
move (static_cast<elm_t *> (txmalloc (nalloc * sizeof (elm_t))));
- limp = basep + nalloc;
+ this->limp = this->basep + nalloc;
bfree (obasep);
}
else
- move (basep);
+ move (this->basep);
}
void setsize (size_t n) {
size_t s = size ();
@@ -145,47 +145,47 @@
popn_back (s - n);
else if ((n -= s)) {
reserve (n);
- elm_t *sp = lastp;
- lastp += n;
- while (sp < lastp)
+ elm_t *sp = this->lastp;
+ this->lastp += n;
+ while (sp < this->lastp)
construct (*sp++);
}
}
- elm_t *base () { return firstp; }
- const elm_t *base () const { return firstp; }
- elm_t *lim () { return lastp; }
- const elm_t *lim () const { return lastp; }
- size_t size () const { return lastp - firstp; }
- bool empty () const { return lastp == firstp; }
-
- elm_t &front () { zcheck (); return *firstp; }
- const elm_t &front () const { zcheck (); return *firstp; }
- elm_t &back () { zcheck (); return lastp[-1]; }
- const elm_t &back () const { zcheck (); return lastp[-1]; }
+ elm_t *base () { return this->firstp; }
+ const elm_t *base () const { return this->firstp; }
+ elm_t *lim () { return this->lastp; }
+ const elm_t *lim () const { return this->lastp; }
+ size_t size () const { return this->lastp - this->firstp; }
+ bool empty () const { return this->lastp == this->firstp; }
+
+ elm_t &front () { zcheck (); return *(this->firstp); }
+ const elm_t &front () const { zcheck (); return *(this->firstp); }
+ elm_t &back () { zcheck (); return this->lastp[-1]; }
+ const elm_t &back () const { zcheck (); return this->lastp[-1]; }
- elm_t &operator[] (ptrdiff_t i) { bcheck (i); return firstp[i]; }
- const elm_t &operator[] (ptrdiff_t i) const { bcheck (i); return firstp[i]; }
+ elm_t &operator[] (ptrdiff_t i) { bcheck (i); return this->firstp[i]; }
+ const elm_t &operator[] (ptrdiff_t i) const { bcheck (i); return this->firstp[i]; }
- elm_t &push_back () { reserve (1); return construct (*lastp++); }
+ elm_t &push_back () { reserve (1); return construct (*(this->lastp)++); }
elm_t &push_back (const elm_t &e)
- { reserve (1); return cconstruct (*lastp++, e); }
+ { reserve (1); return cconstruct (*(this->lastp)++, e); }
- elm_t pop_back () { zcheck (); return destroy_return (*--lastp); }
+ elm_t pop_back () { zcheck (); return destroy_return (*--(this->lastp)); }
void popn_back (size_t n) {
pcheck (n);
- elm_t *sp = lastp;
- lastp -= n;
- while (sp > lastp)
+ elm_t *sp = this->lastp;
+ this->lastp -= n;
+ while (sp > this->lastp)
destroy (*--sp);
}
- elm_t pop_front () { zcheck (); return destroy_return (*firstp++); }
+ elm_t pop_front () { zcheck (); return destroy_return (*(this->firstp)++); }
void popn_front (size_t n) {
pcheck (n);
- elm_t *sp = firstp;
- firstp += n;
- while (sp < firstp)
+ elm_t *sp = this->firstp;
+ this->firstp += n;
+ while (sp < this->firstp)
destroy (*sp++);
}

87
security/sfs/files/patch-crypt_getsysnoise.C
View File

@ -1,87 +0,0 @@
--- crypt/getsysnoise.C.orig 2002-02-08 09:27:51.000000000 -0500
+++ crypt/getsysnoise.C 2007-09-15 17:30:39.000000000 -0400
@@ -27,61 +27,61 @@
#include <sys/resource.h>
char *const noiseprogs[][5] = {
- { PATH_PS, "laxwww" },
- { PATH_PS, "-al" },
- { PATH_LS, "-nfail", "/tmp/." },
+ { const_cast<char *> (PATH_PS), const_cast<char *> ("laxwww") },
+ { const_cast<char *> (PATH_PS), const_cast<char *> ("-al") },
+ { const_cast<char *> (PATH_LS), const_cast<char *> ("-nfail"), const_cast<char *> ("/tmp/.") },
#ifdef PATH_NETSTAT
- { PATH_NETSTAT, "-s" },
- { PATH_NETSTAT, "-an" },
- { PATH_NETSTAT, "-in" },
+ { const_cast<char *> (PATH_NETSTAT), const_cast<char *> ("-s") },
+ { const_cast<char *> (PATH_NETSTAT), const_cast<char *> ("-an") },
+ { const_cast<char *> (PATH_NETSTAT), const_cast<char *> ("-in") },
#endif /* PATH_NETSTAT */
#ifdef PATH_NTPQ
- { PATH_NTPQ, "-np" },
+ { const_cast<char *> (PATH_NTPQ), const_cast<char *> ("-np") },
#endif /* PATH_NTPQ */
#ifdef PATH_W
- { PATH_W },
+ { const_cast<char *> (PATH_W) },
#endif /* PATH_W */
#ifdef PATH_NFSSTAT
- { PATH_NFSSTAT },
+ { const_cast<char *> (PATH_NFSSTAT) },
#endif /* PATH_NFSSTAT */
#ifdef PATH_VNSTAT
- { PATH_VMSTAT },
- { PATH_VMSTAT, "-i" },
- { PATH_VMSTAT, "-s" },
+ { const_cast<char *> (PATH_VMSTAT) },
+ { const_cast<char *> (PATH_VMSTAT), const_cast<char *> ("-i") },
+ { const_cast<char *> (PATH_VMSTAT), const_cast<char *> ("-s") },
#endif /* PATH_VNSTAT */
#ifdef PATH_IOSTAT
#if defined (__linux__) || defined (__osf__)
- { PATH_IOSTAT },
+ { const_cast<char *> (PATH_IOSTAT) },
#else /* not linux or osf */
- { PATH_IOSTAT, "-I" },
+ { const_cast<char *> (PATH_IOSTAT), const_cast<char *> ("-I") },
#endif /* not linux or osf */
#endif /* PATH_IOSTAT */
#ifdef PATH_LSOF
- { PATH_LSOF, "-bwn",
+ { const_cast<char *> (PATH_LSOF), const_cast<char *> ("-bwn"),
# ifdef LSOF_DEVCACHE
- "-Di"
+ const_cast<char *> ("-Di")
# endif /* LSOF_DEVCACHE */
},
#else /* no lsof */
# ifdef PATH_FSTAT
- { PATH_FSTAT },
+ { const_cast<char *> (PATH_FSTAT) },
# endif /* PATH_FSTAT */
# ifdef PATH_PSTAT
- { PATH_PSTAT, "-f" },
+ { const_cast<char *> (PATH_PSTAT), const_cast<char *> ("-f") },
# endif /* PATH_PSTAT */
#endif /* no lsof */
#ifdef PATH_PSTAT
- { PATH_PSTAT, "-t" },
+ { const_cast<char *> (PATH_PSTAT), const_cast<char *> ("-t") },
# if defined (__OpenBSD__) || defined (__NetBSD__) || defined (__FreeBSD__)
- { PATH_PSTAT, "-v" },
+ { const_cast<char *> (PATH_PSTAT), const_cast<char *> ("-v") },
# endif /* open/net/freebsd */
#endif /* PATH_PSTAT */
#ifdef PATH_NFSSTAT
- { PATH_NFSSTAT },
+ { const_cast<char *> (PATH_NFSSTAT) },
#endif /* PATH_NFSSTAT */
#if 0
- { PATH_RUP },
- { PATH_RUSERS, "-l" },
+ { const_cast<char *> (PATH_RUP) },
+ { const_cast<char *> (PATH_RUSERS), const_cast<char *> ("-l") },
#endif
{ NULL }
};

20
security/sfs/files/patch-nfsclient
View File

@ -1,20 +0,0 @@
--- nfsconf.h.orig Wed May 19 22:42:39 2004
+++ nfsconf.h Wed May 19 22:43:24 2004
@@ -33,6 +33,7 @@
# include <nfs/nfs.h>
#endif /* NEED_NFS_NFS_H */
#if NEED_NFSCLIENT_NFS_H
+# include <nfs/nfsproto.h>
# include <nfsclient/nfs.h>
#endif /* NEED_NFSCLIENT_NFS_H */
#if NEED_NFS_MOUNT_H
--- configure.orig Wed May 19 22:43:05 2004
+++ configure Wed May 19 22:41:46 2004
@@ -9661,6 +9661,7 @@
cat >conftest.$ac_ext <<_ACEOF
#line 9662 "configure"
#include "confdefs.h"
+#include <nfs/nfsproto.h>
#include <nfsclient/nfs.h>
_ACEOF

11
security/sfs/files/patch-random_prime.C
View File

@ -1,11 +0,0 @@
--- crypt/random_prime.C.orig Tue Oct 14 23:24:18 2003
+++ crypt/random_prime.C Tue Oct 14 22:59:32 2003
@@ -336,7 +336,7 @@
bigint t1, t2;
for (;;) {
next_weak ();
- if (!tmp || (fermat2_test (tmp, &t1, &t2) == 2 && tmp.probab_prime (iter)))
+ if (!tmp || (fermat2_test (tmp, &t1, &t2) && tmp.probab_prime (iter)))
return tmp;
}
}

15
security/sfs/files/patch-rex_chan.C
View File

@ -1,15 +0,0 @@
--- rex/chan.C.orig 2007-09-15 19:54:59.000000000 -0400
+++ rex/chan.C 2007-09-15 19:55:32.000000000 -0400
@@ -366,10 +366,10 @@
av.push_back (default_shell);
else {
warn ("SHELL not set, reverting to sh\n");
- av.push_back ("sh");
+ av.push_back (const_cast<char *> ("sh"));
}
if (argp->av.size () == 1)
- av.push_back ("-i");
+ av.push_back (const_cast<char *> ("-i"));
}
else
av.push_back (const_cast<char *> (argp->av[0].cstr ()));

42
security/sfs/files/patch-rex_ptyd.C
View File

@ -1,42 +0,0 @@
--- rex/ptyd.C.orig 2007-09-23 03:02:05.000000000 -0400
+++ rex/ptyd.C 2007-09-23 03:03:45.000000000 -0400
@@ -94,13 +94,13 @@
return -1;
vec<char *> argv;
- argv.push_back ("sessreg");
+ argv.push_back (const_cast<char *> ("sessreg"));
if (add)
- argv.push_back ("-a");
+ argv.push_back (const_cast<char *> ("-a"));
else
- argv.push_back ("-d");
+ argv.push_back (const_cast<char *> ("-d"));
- argv.push_back ("-l");
+ argv.push_back (const_cast<char *> ("-l"));
if (tty && !strncmp ("/dev/", tty, 5) && tty[5])
tmp = const_cast<char *> (&tty[5]);
else {
@@ -110,10 +110,10 @@
if (tmp)
argv.push_back (tmp);
else
- argv.push_back ("?");
+ argv.push_back (const_cast<char *> ("?"));
if (host) {
- argv.push_back ("-h");
+ argv.push_back (const_cast<char *> ("-h"));
argv.push_back (const_cast<char *> (host));
}
@@ -121,7 +121,7 @@
int slot = myttyslot (tty);
if (slot > 0) {
str s = strbuf () << slot;
- argv.push_back ("-s");
+ argv.push_back (const_cast<char *> ("-s"));
argv.push_back (const_cast<char *> (s.cstr ()));
}
#endif /* USE_TTYENT */

20
security/sfs/files/patch-rex_rex.C
View File

@ -1,20 +0,0 @@
--- rex/rex.C.orig 2002-11-19 14:58:44.000000000 -0500
+++ rex/rex.C 2007-09-15 19:48:38.000000000 -0400
@@ -746,7 +746,7 @@
vec<str> cmd2vec (str cmdstr) {
char *cmd = const_cast<char *> (cmdstr.cstr ());
vec<str> cmdvec;
- char *word, *sep = "\t ";
+ char *word, *sep = const_cast<char *> ("\t ");
for (word = strtok(cmd, sep); word; word = strtok(NULL, sep))
cmdvec.push_back (word);
return cmdvec;
@@ -962,7 +962,7 @@
main (int argc, char **argv)
{
setprogname (argv[0]);
- putenv ("POSIXLY_CORRECT=1"); // Prevents Linux from reordering options
+ putenv (const_cast<char *> ("POSIXLY_CORRECT=1")); // Prevents Linux from reordering options
sfsconst_init ();
int ch;

29
security/sfs/files/patch-rpcc_rpcc.C
View File

@ -1,29 +0,0 @@
--- rpcc/rpcc.C.orig 2002-11-17 16:42:10.000000000 -0500
+++ rpcc/rpcc.C 2007-09-15 17:04:18.000000000 -0400
@@ -151,8 +151,8 @@
void (*fn) (str) = NULL;
int len;
- av.push_back (PATH_CPP);
- av.push_back ("-DRPCC");
+ av.push_back (const_cast<char *> (PATH_CPP));
+ av.push_back (const_cast<char *> ("-DRPCC"));
av.push_back (NULL);
for (an = 1; an < argc; an++) {
@@ -196,13 +196,13 @@
switch (mode) {
case HEADER:
- av[2] = "-DRPCC_H";
+ av[2] = const_cast<char *> ("-DRPCC_H");
fn = genheader;
if (!outfile)
outfile = strbuf ("%.*sh", len - 1, basename);
break;
case CFILE:
- av[2] = "-DRPCC_C";
+ av[2] = const_cast<char *> ("-DRPCC_C");
fn = gencfile;
if (!outfile)
outfile = strbuf ("%.*sC", len - 1, basename);

11
security/sfs/files/patch-sfsauthd_config
View File

@ -1,11 +0,0 @@
--- etc/sfsauthd_config.in.orig Sun Dec 8 17:45:00 2002
+++ etc/sfsauthd_config.in Sun Dec 8 17:45:15 2002
@@ -56,7 +56,7 @@
### Specify a file to log server signature endorsements. This file will
### provide users with audit information if the client half of their private
### Schnorr key is compromised.
-#LogFile /var/sfs/sign_log
+LogFile /var/spool/sfs/sign_log
### Specify a certification path to return to the client during an
### "sfskey login"; this list of directories will become the arguments

11
security/sfs/files/patch-sfsdeclog.C
View File

@ -1,11 +0,0 @@
--- sfsauthd/sfsdeclog.C.orig Wed Jan 1 17:52:31 2003
+++ sfsauthd/sfsdeclog.C Wed Jan 1 17:52:51 2003
@@ -43,7 +43,7 @@
}
void
-writewait (int fd)
+writewait (unsigned int fd)
{
fd_set fds;
assert (fd < FD_SETSIZE);

12
security/sfs/files/patch-sfskey.h
View File

@ -1,12 +0,0 @@
$FreeBSD$
--- agent/sfskey.h.orig Sun Dec 1 17:32:05 2002
+++ agent/sfskey.h Sun Dec 1 18:03:45 2002
@@ -34,7 +34,7 @@
extern bool opt_quiet;
extern ref<agentconn> aconn;
-#if __GNUC__ == 2 && __GNUC_MINOR__ <= 95 && defined (__alpha__)
+#if __GNUC__ == 2 && __GNUC_MINOR__ <= 95 && defined (__alpha__) && !defined(__FreeBSD__)
# define XXX_EXIT 1
#endif /* gcc <= 2.95.x && alpha */

11
security/sfs/files/patch-sfsmisc_afsnode.h
View File

@ -1,11 +0,0 @@
--- sfsmisc/afsnode.h.orig Mon Oct 11 16:43:34 2004
+++ sfsmisc/afsnode.h Mon Oct 11 16:39:35 2004
@@ -168,7 +168,7 @@
void mkfattr3 (fattr3 *, sfs_aid aid);
void setres (nfsstat err);
void setres (nfspath path);
- str readlink () const { return res.status ? str (NULL) : *res.data; }
+ str readlink () const { return res.status ? str (NULL) : str (*res.data); }
bool resset () { return resok; }
void nfs_readlink (svccb *sbp);

42
security/sfs/files/patch-sfsmisc_nfsserv.h
View File

@ -1,42 +0,0 @@
--- sfsmisc/nfsserv.h.orig Mon Oct 11 16:43:34 2004
+++ sfsmisc/nfsserv.h Mon Oct 11 16:39:35 2004
@@ -110,6 +110,19 @@
template<class T> T *getres () { return static_cast<T *> (getvoidres ()); }
};
+struct nfsserv : public virtual refcount {
+ typedef callback<void, nfscall *>::ref cb_t;
+ static const cb_t stalecb;
+ cb_t cb;
+ const ptr<nfsserv> nextserv;
+ explicit nfsserv (ptr<nfsserv> n = NULL);
+ void setcb (const cb_t &c) { cb = c; }
+ void mkcb (nfscall *nc) { nc->curserv = this; (*cb) (nc); }
+ virtual void getcall (nfscall *nc) { mkcb (nc); }
+ virtual void getreply (nfscall *nc) { nc->sendreply (); }
+ virtual bool encodefh (nfs_fh3 &fh);
+};
+
template<int N> class nfscall_cb : public nfscall {
typedef typename nfs3proc<N>::arg_type *arg_type;
typedef typename nfs3proc<N>::res_type *res_type;
@@ -134,19 +147,6 @@
svccb *sbp;
nfscall_rpc (svccb *sbp);
~nfscall_rpc ();
-};
-
-struct nfsserv : public virtual refcount {
- typedef callback<void, nfscall *>::ref cb_t;
- static const cb_t stalecb;
- cb_t cb;
- const ptr<nfsserv> nextserv;
- explicit nfsserv (ptr<nfsserv> n = NULL);
- void setcb (const cb_t &c) { cb = c; }
- void mkcb (nfscall *nc) { nc->curserv = this; (*cb) (nc); }
- virtual void getcall (nfscall *nc) { mkcb (nc); }
- virtual void getreply (nfscall *nc) { nc->sendreply (); }
- virtual bool encodefh (nfs_fh3 &fh);
};
class nfsserv_udp : public nfsserv {

10
security/sfs/files/patch-sfsmisc_sfsclient.h
View File

@ -1,10 +0,0 @@
--- sfsmisc/sfsclient.h.orig Mon Oct 11 16:43:34 2004
+++ sfsmisc/sfsclient.h Mon Oct 11 16:39:35 2004
@@ -31,6 +31,7 @@
#include "qhash.h"
#include "axprt_crypt.h"
#include "sfscrypt.h"
+#include "sfscd_prot.h"
struct sfscd_mountarg;
class rabin_priv;

10
security/sfs/files/patch-sfsmisc_sfscrypt.h
View File

@ -1,10 +0,0 @@
--- sfsmisc/sfscrypt.h.orig Mon Oct 11 16:43:34 2004
+++ sfsmisc/sfscrypt.h Mon Oct 11 16:39:35 2004
@@ -89,7 +89,6 @@
virtual u_char get_bad_opts () const { return (SFS_DECRYPT | SFS_SIGN); }
bool get_opt (u_char o) const { return (opts & o); }
const sfs_keytype ktype;
- const int eksb_id;
const u_char opts;
};

20
security/sfs/files/patch-sfsmisc_suidgetfd.C
View File

@ -1,20 +0,0 @@
--- sfsmisc/suidgetfd.C.orig 2001-02-07 02:48:01.000000000 -0500
+++ sfsmisc/suidgetfd.C 2007-09-15 19:11:34.000000000 -0400
@@ -42,7 +42,7 @@
close_on_exec (fds[0]);
str path = fix_exec_path ("suidconnect");
- char *av[] = { "suidconnect", const_cast<char *> (prog.cstr ()), NULL };
+ char *av[] = { const_cast<char *> ("suidconnect"), const_cast<char *> (prog.cstr ()), NULL };
if (spawn (path, av, fds[1]) == -1) {
close (fds[0]);
close (fds[1]);
@@ -64,7 +64,7 @@
close_on_exec (fds[0]);
str path = fix_exec_path ("suidconnect");
- char *av[] = { "suidconnect", const_cast<char *> (prog.cstr ()), NULL };
+ char *av[] = { const_cast<char *> ("suidconnect"), const_cast<char *> (prog.cstr ()), NULL };
if (spawn (path, av, fds[1]) == -1)
fatal << path << ": " << strerror (errno) << "\n";
close (fds[1]);

11
security/sfs/files/patch-upgradedb.pl
View File

@ -1,11 +0,0 @@
--- sfsauthd/upgradedb.pl.orig Fri Dec 6 01:26:18 2002
+++ sfsauthd/upgradedb.pl Fri Dec 6 01:26:36 2002
@@ -16,7 +16,7 @@
use vars qw [ $LOCATE $SFS_USERS @SFS_CONF_DIRS %FIELDS ];
$LOCATE = "locate";
$SFS_USERS = "sfs_users";
-@SFS_CONF_DIRS = qw [ /etc/sfs ];
+@SFS_CONF_DIRS = qw [ /usr/local/etc/sfs ];
%FIELDS = ( user => 0, pubkey => 1, privs => 2, srpinfo => 3, privkey => 4);

48
security/sfs/files/sfscd.in
View File

@ -1,48 +0,0 @@
#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: sfscd
# REQUIRE: NETWORKING
# KEYWORD: shutdown
#
# Add the following line to /etc/rc.conf to enable the sfscd daemon:
#
# sfscd_enable="YES"
#
. /etc/rc.subr
name=sfscd
rcvar=sfscd_enable
command="%%PREFIX%%/sbin/${name}"
pidfile="/var/run/${name}.pid"
stop_cmd=stop_cmd
stop_cmd() {
echo "Stopping ${name}"
users_mounts=`mount | awk '/^@.* on \./ { print $1 }'`
if [ -n $user_mounts] ; then
`echo $users_mounts | xargs umount -f`
fi
if [ -d /sfs/.mnt ] ; then
for dir in /sfs/.mnt/*; do
umount -f $dir
done
umount -f /sfs
fi
pkill -9 nfsmounter
}
# set defaults
sfscd_enable=${sfscd_enable:-"NO"}
load_rc_config ${name}
run_rc_command "$1"

26
security/sfs/files/sfssd.in
View File

@ -1,26 +0,0 @@
#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: sfssd
# REQUIRE: NETWORKING
# KEYWORD: shutdown
#
# Add the following line to /etc/rc.conf to enable the sfssd daemon:
#
# sfssd_enable="YES"
#
. /etc/rc.subr
name=sfssd
rcvar=sfssd_enable
command="%%PREFIX%%/sbin/${name}"
pidfile="/var/run/${name}.pid"
# set defaults
sfssd_enable=${sfssd_enable:-"NO"}
load_rc_config ${name}
run_rc_command "$1"

195
security/sfs/files/share-doc-README
View File

@ -1,195 +0,0 @@
*** Notes on SFS configuration:
SFS is a complex system to configure, and cannot be adequately
described in these limited files. It is strongly suggested that you
read the SFS documentation on <URL://www.fs.net/> before configuring
any of the various programs. A limited roadmap is provided for
reference here, but that is no substitute for a reading of the full
documentation. GNU info documentation ("info sfs") and manual pages
are installed as well.
The various programs in the SFS package are configured via files
in two directories: /usr/local/share/sfs/ (henceforth "share/sfs")
and /usr/local/etc/sfs (henceforth "etc/sfs"). The port installs
various configuration files into share/sfs directly from the
compilation of the SFS package. These files should never be edited
directly; they can be overridden by the creation of new files in
etc/sfs, as detailed below.
*** IMPORTANT SECURITY NOTE:
SFS operates by interfacing with NFS processes on localhost
(127.0.0.1). While every effort is taken to insure security, NFS
is a large subsystem with a long history of security problems.
Utilizing SFS thus may expose you to NFS-related problems and
attacks. It is strongly suggested that you read and ponder the
security considerations section of the SFS documentation before
setting up an SFS client or server. Additionally, it is STRONGLY
suggested that you set up a software firewall on any SFS client or
server machine to block unauthorized traffic to NFS-related programs
from other machines to the non-localhost IP addresses of your
machine. Discussions of how best to do this are outside the scope
of this document; consult your local guru, users group, mailing
list, or search engine.
*** Starting the SFS daemons (client and server):
There are sample startup files for sfscd and sfssd in /usr/local/etc/rc.d,
under the name sfscd.sh.sample and sfssd.sh.sample respectively.
These startup files are not enabled by default. Copy the files to
sfscd.sh or sfssd.sh to enable sfscd or sfssd (respectively) on
system boot.
sfscd and sfssd also run nicely under Daniel Bernstein's daemontools
package (/usr/ports/sysutils/daemontools or
<URL:http://cr.yp.to/daemontools.html>); the -d flag makes the main
process stay in the foreground, and sends logs to stderr for easy
processing by multilog.
*** Setting up an SFS client
1) Set up sfscd to start on boot, via /usr/local/etc/rc.d/sfscd.sh or
some other method of your preference.
2) Put the following line into /etc/rc.conf:
nfs_client_enable="YES"
3) Set up a firewall to prevent NFS traffic from outside the machine from
contacting your NFS processes.
4) Reboot. You should now have a working SFS client, which you can test
via the following command:
$ cat /sfs/@sfs.fs.net,uzwadtctbjb3dg596waiyru8cx5kb4an/CONGRATULATIONS
You have set up a working SFS client.
*** Setting up an SFS server
(You do not need to set up an SFS host key on the server machine;
the port installation does this for you in
/usr/local/etc/sfs/sfs_host_key.)
1) Set up sfssd to start on boot, via /usr/local/etc/rc.d/sfssd.sh or
some other method of your preference.
2) Put the following lines into /etc/rc.conf:
mountd_flags=""
nfs_reserved_port_only="YES"
nfs_server_enable="YES"
portmap_enable="YES"
If the following line occurs in /etc/rc.conf, remove it:
weak_mountd_authentication="YES"
3) Set up a firewall to prevent NFS traffic from outside the machine from
contacting your NFS processes.
4) Create a suitable /usr/local/etc/sfs/sfsrwsd_config file, e.g.:
Export /root/sfsroot / R
Export /usr/src /src R
Export /usr/ports /ports R
Export /local/baz /local/baz
5) Add any local filesystems that are being exported to /etc/exports, and
export them to localhost, e.g.:
/root/sfsroot 127.0.0.1
/usr/src /usr/ports 127.0.0.1
/local/baz 127.0.0.1
NOTA BENE: any directories exported via SFS must follow all NFS
export rules, i.e. no symlinks in the exported directory pathname,
the exported path must be absolute to the physical mount point. If
you want to export /usr/ports via SFS, and /usr/ports is really a
symlink to /vol/h0/ports, you have to use:
Export /vol/h0/ports /ports
not:
Export /usr/ports /ports
Similarly, /etc/exports must reference /vol/h0/ports rather than
/usr/ports.
6) Make an empty directory structure mirroring your SFS namespace, e.g.:
# mkdir /root/sfsroot
# mkdir /root/sfsroot/src
# mkdir /root/sfsroot/ports
# mkdir /root/sfsroot/local
# mkdir /root/sfsroot/local/baz
7) Reboot. You should now have a working SFS server. sfssd will emit a
message into /var/log/messages like the following:
sfsrwsd: serving /sfs/@<hostname>,<SFS key>
From a DIFFERENT machine with an SFS client already installed
and running, attempt to access /sfs/@<hostname>,<SFS key>. Note
that the SFS client machine will have to be able to connect to
TCP port 4 on the SFS server machine. Note also that you must
test your SFS server from a separate SFS client machine to avoid
deadlock issues; see the SFS documentation for more details.
If your server setup has been successful, the client machine
should be able to see src, ports, and local/baz in the root
directory of the SFS mount.
8) Consider using your machine's firewall to restrict who has access
to your SFS server by restricting access to TCP port 4.
Advanced SFS server configurations, such as user authentication,
is outside the scope of this document. Read the full SFS documentation
for details.
*** SFS configuration files:
[ The following section is taken nearly verbatim from
<URL:http://www.fs.net/sfswww/sfs.html#SFS%20configuration>. ]
SFS comprises a number of programs, many of which have configuration
files. All programs look for configuration files in two directories--first
/usr/local/etc/sfs, then, if they don't find the file there, in
/usr/local/share/sfs.
This port installs reasonable defaults in /usr/local/share/sfs
for all configuration files except sfsrwsd_config. On particular
hosts where you wish to change the default behavior, you can override
the default configuration file by creating a new file of the same
name in /usr/local/etc/sfs.
The sfs_config file contains system-wide configuration parameters
for most of the programs comprising SFS. Note that
/usr/local/share/sfs/sfs_config is always parsed, even if
/usr/local/etc/sfs/sfs_config exists. Options in
/usr/local/etc/sfs/sfs_config simply override the defaults in
/usr/local/share/sfs/sfs_config. For the other configuration files,
a file in /usr/local/etc/sfs/ entirely overrides the version in
/usr/local/share/sfs/.
If you are running a server, you will need to create an sfsrwsd_config
file to tell SFS what directories to export, and possibly an
sfsauthd_config if you wish to share the database of user public
keys across several file servers.
The sfssd_config file contains information about which protocols
and services to route to which daemons on an SFS server, including
support for backwards compatibility across several versions of SFS.
You probably don't need to change this file.
sfs_srp_params contains some cryptographic parameters for retrieving
keys securely over the network with a passphrase (as with the sfskey
add usr@server command).
sfscd_config contains information about extensions to the SFS
protocol and which kinds of file servers to route to which daemons.
You almost certainly should not touch this file unless you are
developing new versions of the SFS software.
Note that configuration command names are case-insensitive in all
configuration files (though the arguments are not).

27
security/sfs/files/share-doc-WELCOME
View File

@ -1,27 +0,0 @@
SFS is now installed. To test your installation, try this (as root):
# /usr/local/sbin/sfscd
# cat /sfs/@sfs.fs.net,uzwadtctbjb3dg596waiyru8cx5kb4an/CONGRATULATIONS
If it worked, you will see:
You have set up a working SFS client.
Afterwards, kill sfscd:
# kill -TERM `cat /var/run/sfscd.pid`
SFS is a complex and potentially security-affecting set of programs,
and if you wish to do more with it, e.g. setting up an SFS server
of your own, it is strongly recommended that you read the documentation
fully before proceeding. Start with the documentation link on
<URL:http://www.fs.net>, and see any supplemental documentation in
/usr/local/share/doc/sfs/.
There are sample startup files for sfscd and sfssd in /usr/local/etc/rc.d,
under the name sfscd.sh.sample and sfssd.sh.sample respectively.
These startup files are not enabled by default.
NOTE TO USERS UPGRADING FROM SFS 0.6: You should read the file
/usr/local/share/doc/sfs/README.0.7.upgrade for important information
about converting your existing SFS configuration.

34
security/sfs/pkg-deinstall
View File

@ -1,34 +0,0 @@
#!/bin/sh
if [ -n "${PACKAGE_BUILDING}" ]; then
exit 0
fi
if [ "$2" != "POST-DEINSTALL" ]; then
exit 0
fi
USER=sfs
GROUP=sfs
PW=/usr/sbin/pw
SFSDIR=/var/spool/sfs
if ${PW} groupshow "${GROUP}" >/dev/null 2>&1; then
echo "If you're done with SFS permanently, delete the sfs group manually: pw groupdel ${GROUP}" | fmt
fi
if ${PW} usershow "${USER}" >/dev/null 2>&1; then
echo
echo "If you're done with SFS permanently, delete the sfs user manually: pw userdel ${USER}" | fmt
fi
if [ -d "$PKG_PREFIX/etc/sfs" ] && ! rmdir $PKG_PREFIX/etc/sfs 2>/dev/null; then
echo
echo "You may wish to investigate the contents of $PKG_PREFIX/etc/sfs and delete the directory if you're done with SFS permanently." | fmt
fi
if [ -d "$SFSDIR" ] && ! rmdir $SFSDIR 2>/dev/null; then
echo
echo "You may wish to investigate the contents of $SFSDIR and delete the directory if you're done with SFS permanently." | fmt
fi

18
security/sfs/pkg-descr
View File

@ -1,18 +0,0 @@
WWW: http://www.fs.net/sfswww/
SFS (Self-Certifying File System) is a secure, global file system
with completely decentralized control. SFS lets you access your
files from anywhere and share them with anyone, anywhere. Anyone
can set up an SFS server, and any user can access any server from
any client. SFS lets you share files across administrative realms
without involving administrators or certification authorities.
SFS names file systems by public keys. Every remote file server is
mounted on a self-certifying pathname -- a directory of the form
/sfs/LOCATION:HOSTID, where LOCATION is a DNS hostname and HOSTID
is a cryptographic hash of a public key. This naming scheme allows
for completely decentralized control -- anyone can create a file
server, and any user can access any file server from any client.
Various key management schemes can be built on top of SFS using
symbolic links to map human-readable names to self-certifying
pathnames.

92
security/sfs/pkg-install
View File

@ -1,92 +0,0 @@
#!/bin/sh
if [ -n "${PACKAGE_BUILDING}" ]; then
exit 0
fi
KEYFILE="$PKG_PREFIX/etc/sfs/sfs_host_key"
USER=sfs
GROUP=sfs
UID=171
GID=171
PW=/usr/sbin/pw
SFSDIR=/var/spool/sfs
if [ "$2" = "PRE-INSTALL" ]; then
echo -n "Checking for group '$GROUP'... "
if ! ${PW} groupshow $GROUP >/dev/null 2>&1; then
echo -n "doesn't exist, adding... "
if ${PW} groupadd $GROUP -g ${GID}; then
echo "success."
else
echo "FAILED!"
exit 1
fi
else
echo "exists."
fi
echo -n "Checking for user '$USER'... "
if ! ${PW} usershow $USER >/dev/null 2>&1; then
echo -n "doesn't exist, adding... "
if ${PW} useradd $USER -u ${UID} -c 'Self-Certifying File System' -d /nonexistent -g $GROUP -s /sbin/nologin -h -; then
echo "success."
else
echo "FAILED!"
exit 1
fi
else
echo "exists."
fi
fi
if [ "$2" = "POST-INSTALL" ]; then
echo -n "Checking for SFS directory ($SFSDIR)... "
if [ -d "$SFSDIR" ]; then
echo "already exists."
else
echo -n "creating... "
if mkdir $SFSDIR; then
echo "success."
else
echo "FAILED!"
exit 1
fi
fi
if ! chmod 750 $SFSDIR; then
echo "chmod 750 $SFSDIR FAILED!"
exit 1
fi
if ! chown $USER:$GROUP $SFSDIR; then
echo "chown $USER:$GROUP $SFSDIR FAILED!"
exit 1
fi
echo -n "Checking for SFS host key ($KEYFILE)... "
if [ -f "$KEYFILE" ]; then
echo "already exists, not generating."
else
echo "doesn't exist, generating."
echo "Starting sfscd for entropy services."
$PKG_PREFIX/sbin/sfscd
echo -n "Sleeping ten seconds to give sfscd time to start up... "
sleep 10
echo "done."
$PKG_PREFIX/bin/sfskey gen -KP -l `uname -n` $KEYFILE
echo -n "Key generation done, killing sfscd... "
kill -TERM `cat /var/run/sfscd.pid`
echo "done."
fi
cat $PKG_PREFIX/share/doc/sfs/WELCOME
fi
exit 0

179
security/sfs/pkg-plist
View File

@ -1,179 +0,0 @@
bin/dirsearch
bin/newaid
bin/rex
bin/rpcc
bin/sfsagent
bin/sfsdeclog
bin/sfskey
bin/sfsproac
bin/ssu
etc/sfs/sfsrwsd_config.sample
include/sfs
include/sfs-%%SFS_VERSION%%/aclnt.h
include/sfs-%%SFS_VERSION%%/aes.h
include/sfs-%%SFS_VERSION%%/afsnode.h
include/sfs-%%SFS_VERSION%%/agentconn.h
include/sfs-%%SFS_VERSION%%/agentmisc.h
include/sfs-%%SFS_VERSION%%/aiod.h
include/sfs-%%SFS_VERSION%%/aiod_prot.h
include/sfs-%%SFS_VERSION%%/aios.h
include/sfs-%%SFS_VERSION%%/amisc.h
include/sfs-%%SFS_VERSION%%/arc4.h
include/sfs-%%SFS_VERSION%%/arena.h
include/sfs-%%SFS_VERSION%%/arpc.h
include/sfs-%%SFS_VERSION%%/array.h
include/sfs-%%SFS_VERSION%%/asrv.h
include/sfs-%%SFS_VERSION%%/async.h
include/sfs-%%SFS_VERSION%%/autoconf.h
include/sfs-%%SFS_VERSION%%/axprt.h
include/sfs-%%SFS_VERSION%%/axprt_crypt.h
include/sfs-%%SFS_VERSION%%/backoff.h
include/sfs-%%SFS_VERSION%%/bbuddy.h
include/sfs-%%SFS_VERSION%%/bench.h
include/sfs-%%SFS_VERSION%%/bigint.h
include/sfs-%%SFS_VERSION%%/bitvec.h
include/sfs-%%SFS_VERSION%%/blowfish.h
include/sfs-%%SFS_VERSION%%/callback.h
include/sfs-%%SFS_VERSION%%/cbuf.h
include/sfs-%%SFS_VERSION%%/crypt.h
include/sfs-%%SFS_VERSION%%/crypt_prot.h
include/sfs-%%SFS_VERSION%%/crypt_prot.x
include/sfs-%%SFS_VERSION%%/crypthash.h
include/sfs-%%SFS_VERSION%%/dns.h
include/sfs-%%SFS_VERSION%%/dnsparse.h
include/sfs-%%SFS_VERSION%%/err.h
include/sfs-%%SFS_VERSION%%/esign.h
include/sfs-%%SFS_VERSION%%/fdlim.h
include/sfs-%%SFS_VERSION%%/getfh3.h
include/sfs-%%SFS_VERSION%%/hashcash.h
include/sfs-%%SFS_VERSION%%/ihash.h
include/sfs-%%SFS_VERSION%%/init.h
include/sfs-%%SFS_VERSION%%/itree.h
include/sfs-%%SFS_VERSION%%/keyfunc.h
include/sfs-%%SFS_VERSION%%/list.h
include/sfs-%%SFS_VERSION%%/modalg.h
include/sfs-%%SFS_VERSION%%/mount_prot.h
include/sfs-%%SFS_VERSION%%/mount_prot.x
include/sfs-%%SFS_VERSION%%/msb.h
include/sfs-%%SFS_VERSION%%/nfs3_ext.x
include/sfs-%%SFS_VERSION%%/nfs3_nonnul.h
include/sfs-%%SFS_VERSION%%/nfs3_prot.h
include/sfs-%%SFS_VERSION%%/nfs3_prot.x
include/sfs-%%SFS_VERSION%%/nfs3close_prot.h
include/sfs-%%SFS_VERSION%%/nfs3close_prot.x
include/sfs-%%SFS_VERSION%%/nfs3exp_prot.h
include/sfs-%%SFS_VERSION%%/nfs3exp_prot.x
include/sfs-%%SFS_VERSION%%/nfs_prot.h
include/sfs-%%SFS_VERSION%%/nfs_prot.x
include/sfs-%%SFS_VERSION%%/nfsmounter.h
include/sfs-%%SFS_VERSION%%/nfsmounter.x
include/sfs-%%SFS_VERSION%%/nfsserv.h
include/sfs-%%SFS_VERSION%%/nfstrans.h
include/sfs-%%SFS_VERSION%%/opnew.h
include/sfs-%%SFS_VERSION%%/parseopt.h
include/sfs-%%SFS_VERSION%%/password.h
include/sfs-%%SFS_VERSION%%/pcre.h
include/sfs-%%SFS_VERSION%%/pmap_prot.h
include/sfs-%%SFS_VERSION%%/pmap_prot.x
include/sfs-%%SFS_VERSION%%/prime.h
include/sfs-%%SFS_VERSION%%/prng.h
include/sfs-%%SFS_VERSION%%/qhash.h
include/sfs-%%SFS_VERSION%%/rabin.h
include/sfs-%%SFS_VERSION%%/refcnt.h
include/sfs-%%SFS_VERSION%%/rex.h
include/sfs-%%SFS_VERSION%%/rex_prot.h
include/sfs-%%SFS_VERSION%%/rex_prot.x
include/sfs-%%SFS_VERSION%%/rpctypes.h
include/sfs-%%SFS_VERSION%%/rwfd.h
include/sfs-%%SFS_VERSION%%/rxx.h
include/sfs-%%SFS_VERSION%%/schnorr.h
include/sfs-%%SFS_VERSION%%/seqno.h
include/sfs-%%SFS_VERSION%%/serial.h
include/sfs-%%SFS_VERSION%%/sfs-internal.h
include/sfs-%%SFS_VERSION%%/sfs_prot.h
include/sfs-%%SFS_VERSION%%/sfs_prot.x
include/sfs-%%SFS_VERSION%%/sfsagent.h
include/sfs-%%SFS_VERSION%%/sfsagent.x
include/sfs-%%SFS_VERSION%%/sfsauth_prot.h
include/sfs-%%SFS_VERSION%%/sfsauth_prot.x
include/sfs-%%SFS_VERSION%%/sfscd_prot.h
include/sfs-%%SFS_VERSION%%/sfscd_prot.x
include/sfs-%%SFS_VERSION%%/sfsclient.h
include/sfs-%%SFS_VERSION%%/sfsconnect.h
include/sfs-%%SFS_VERSION%%/sfscrypt.h
include/sfs-%%SFS_VERSION%%/sfsextauth.h
include/sfs-%%SFS_VERSION%%/sfskeymgr.h
include/sfs-%%SFS_VERSION%%/sfskeymisc.h
include/sfs-%%SFS_VERSION%%/sfsmisc.h
include/sfs-%%SFS_VERSION%%/sfsro_prot.h
include/sfs-%%SFS_VERSION%%/sfsro_prot.x
include/sfs-%%SFS_VERSION%%/sfsschnorr.h
include/sfs-%%SFS_VERSION%%/sfsserv.h
include/sfs-%%SFS_VERSION%%/sfstty.h
include/sfs-%%SFS_VERSION%%/sha1.h
include/sfs-%%SFS_VERSION%%/srp.h
include/sfs-%%SFS_VERSION%%/stllike.h
include/sfs-%%SFS_VERSION%%/str.h
include/sfs-%%SFS_VERSION%%/suio++.h
include/sfs-%%SFS_VERSION%%/sysconf.h
include/sfs-%%SFS_VERSION%%/tiger.h
include/sfs-%%SFS_VERSION%%/union.h
include/sfs-%%SFS_VERSION%%/uvfstrans.h
include/sfs-%%SFS_VERSION%%/vatmpl.h
include/sfs-%%SFS_VERSION%%/vec.h
include/sfs-%%SFS_VERSION%%/wmstr.h
include/sfs-%%SFS_VERSION%%/xdr_suio.h
include/sfs-%%SFS_VERSION%%/xdrmisc.h
include/sfs-%%SFS_VERSION%%/xhinfo.h
include/sfs.h
lib/libsfs.a
lib/sfs
lib/sfs-%%SFS_VERSION%%/aiod
lib/sfs-%%SFS_VERSION%%/connect
lib/sfs-%%SFS_VERSION%%/libarpc.a
lib/sfs-%%SFS_VERSION%%/libarpc.la
lib/sfs-%%SFS_VERSION%%/libasync.a
lib/sfs-%%SFS_VERSION%%/libasync.la
lib/sfs-%%SFS_VERSION%%/libsfscrypt.a
lib/sfs-%%SFS_VERSION%%/libsfscrypt.la
lib/sfs-%%SFS_VERSION%%/libsfsmisc.a
lib/sfs-%%SFS_VERSION%%/libsfsmisc.la
lib/sfs-%%SFS_VERSION%%/libsvc.a
lib/sfs-%%SFS_VERSION%%/libsvc.la
lib/sfs-%%SFS_VERSION%%/listen
lib/sfs-%%SFS_VERSION%%/mallock.o
lib/sfs-%%SFS_VERSION%%/moduled
lib/sfs-%%SFS_VERSION%%/newaid
lib/sfs-%%SFS_VERSION%%/nfsmounter
lib/sfs-%%SFS_VERSION%%/pathinfo
lib/sfs-%%SFS_VERSION%%/proxy
lib/sfs-%%SFS_VERSION%%/ptyd
lib/sfs-%%SFS_VERSION%%/rexd
lib/sfs-%%SFS_VERSION%%/sfsauthd
lib/sfs-%%SFS_VERSION%%/sfsrwcd
lib/sfs-%%SFS_VERSION%%/sfsrwsd
@group sfs
lib/sfs-%%SFS_VERSION%%/suidconnect
@group
lib/sfs-%%SFS_VERSION%%/ttyd
lib/sfs-%%SFS_VERSION%%/upgradedb.pl
lib/sfs-%%SFS_VERSION%%/xfer
sbin/funmount
sbin/sfscd
sbin/sfssd
sbin/vidb
%%DOCSDIR%%/README
%%DOCSDIR%%/README.0.7-upgrade
%%DOCSDIR%%/README.packageblurb
%%DOCSDIR%%/WELCOME
%%DATADIR%%/agentrc
%%DATADIR%%/sfs_config
%%DATADIR%%/sfs_srp_parms
%%DATADIR%%/sfsauthd_config
%%DATADIR%%/sfscd_config
%%DATADIR%%/sfssd_config
@dirrm %%DATADIR%%
@dirrm %%DOCSDIR%%
@dirrm lib/sfs-%%SFS_VERSION%%
@dirrm include/sfs-%%SFS_VERSION%%
@dirrm etc/sfs