[pkgsrc/trunk]: pkgsrc/security/sbd Initial import of sbd-0.5 into the Packag...

[agc <agc%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/4f8477a6e5a0
branches:  trunk
changeset: 528623:4f8477a6e5a0
user:      agc <agc%pkgsrc.org@localhost>
date:      Thu May 10 18:18:16 2007 +0000

description:
Initial import of sbd-0.5 into the Packages Collection.

        One-time cipher based back door program for executing emergency
        commands.

        Secure Back Door(SBD) is an alternative to leaving SSH open all the
        time.  It is based on a secure one-time keypad method, that insures
        maximum security.  Since SBD is very small, it is less likely to have
        security exploits, as compared to SSH.  Therefore, you could leave an
        important computer up and running with just sbdd running in the
        background, and if an emergency came about, you could simple execute a
        command to bring ssh up, then work on the computer as regular.  It
        would be as simple as doing ./sbd domain.com "/etc/init.d/sshd start",
        and with the proper key file set, the remote computer would have ssh
        up and running shortly.

diffstat:

 security/sbd/DESCR            |  13 +++++++++++++
 security/sbd/Makefile         |  39 +++++++++++++++++++++++++++++++++++++++
 security/sbd/PLIST            |   9 +++++++++
 security/sbd/distinfo         |   7 +++++++
 security/sbd/patches/patch-aa |  22 ++++++++++++++++++++++
 security/sbd/patches/patch-ab |  33 +++++++++++++++++++++++++++++++++
 6 files changed, 123 insertions(+), 0 deletions(-)

diffs (147 lines):

diff -r 9e5e45bda80d -r 4f8477a6e5a0 security/sbd/DESCR
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/sbd/DESCR        Thu May 10 18:18:16 2007 +0000
@@ -0,0 +1,13 @@
+One-time cipher based back door program for executing emergency
+commands.
+
+Secure Back Door(SBD) is an alternative to leaving SSH open all the
+time.  It is based on a secure one-time keypad method, that insures
+maximum security.  Since SBD is very small, it is less likely to have
+security exploits, as compared to SSH.  Therefore, you could leave an
+important computer up and running with just sbdd running in the
+background, and if an emergency came about, you could simple execute a
+command to bring ssh up, then work on the computer as regular.  It
+would be as simple as doing ./sbd domain.com "/etc/init.d/sshd start",
+and with the proper key file set, the remote computer would have ssh
+up and running shortly.
diff -r 9e5e45bda80d -r 4f8477a6e5a0 security/sbd/Makefile
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/sbd/Makefile     Thu May 10 18:18:16 2007 +0000
@@ -0,0 +1,39 @@
+# $NetBSD: Makefile,v 1.1.1.1 2007/05/10 18:18:16 agc Exp $
+#
+
+DISTNAME=      sbd-0.5
+CATEGORIES=    security
+MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=sbd/}
+
+MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
+HOMEPAGE=      http://sourceforge.net/projects/sbd/
+COMMENT=       HMAC & one-time pad-based remote login program
+
+WRKSRC=                ${WRKDIR}/sbd
+
+USE_LANGUAGES+=        c c++
+
+EGDIR=         ${PREFIX}/share/sbd
+CONF_FILES=    ${EGDIR}/deckey.bits ${PKG_SYSCONFDIR}/sbd/deckey.bits
+CONF_FILES+=   ${EGDIR}/enckey.bits ${PKG_SYSCONFDIR}/sbd/enckey.bits
+CONF_FILES+=   ${EGDIR}/athkey.bits ${PKG_SYSCONFDIR}/sbd/athkey.bits
+
+do-configure:
+
+do-build:
+       cd ${WRKSRC} && \
+       ${CXX} -DPKG_SYSCONFDIR=\""${PKG_SYSCONFDIR}/sbd\"" -Wall -O2 -o sbdd ssocket.cpp sha1.cpp utils.cpp sbdd.cpp; \
+       ${CXX} -DPKG_SYSCONFDIR=\""${PKG_SYSCONFDIR}/sbd\"" -Wall -O2 -o sbd csocket.cpp sha1.cpp utils.cpp sbd.cpp
+
+do-install:
+       ${INSTALL_PROGRAM} ${WRKSRC}/sbdd ${PREFIX}/bin
+       ${INSTALL_PROGRAM} ${WRKSRC}/sbd ${PREFIX}/bin
+       ${INSTALL_DATA_DIR} ${PREFIX}/share/sbd
+       ${INSTALL_DATA_DIR} ${PKG_SYSCONFDIR}/sbd
+       ${INSTALL_DATA} ${WRKSRC}/PROTOCOL ${PREFIX}/share/sbd/
+       ${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/sbd/
+       ${INSTALL_DATA} ${WRKSRC}/athkey.bits ${EGDIR}
+       ${INSTALL_DATA} ${WRKSRC}/deckey.bits ${EGDIR}
+       ${INSTALL_DATA} ${WRKSRC}/enckey.bits ${EGDIR}
+
+.include "../../mk/bsd.pkg.mk"
diff -r 9e5e45bda80d -r 4f8477a6e5a0 security/sbd/PLIST
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/sbd/PLIST        Thu May 10 18:18:16 2007 +0000
@@ -0,0 +1,9 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2007/05/10 18:18:16 agc Exp $
+bin/sbd
+bin/sbdd
+share/sbd/PROTOCOL
+share/sbd/README
+share/sbd/athkey.bits
+share/sbd/deckey.bits
+share/sbd/enckey.bits
+@dirrm share/sbd
diff -r 9e5e45bda80d -r 4f8477a6e5a0 security/sbd/distinfo
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/sbd/distinfo     Thu May 10 18:18:16 2007 +0000
@@ -0,0 +1,7 @@
+$NetBSD: distinfo,v 1.1.1.1 2007/05/10 18:18:16 agc Exp $
+
+SHA1 (sbd-0.5.tar.gz) = 958860dc240105b705a0127409cfb5e4da4109ab
+RMD160 (sbd-0.5.tar.gz) = 374db4f75210bc04ed9dd91c1c608fa2984856b3
+Size (sbd-0.5.tar.gz) = 25750 bytes
+SHA1 (patch-aa) = e516c2a43d33e3e4a0c808f38a128bce8b96fedf
+SHA1 (patch-ab) = afa9111e000d25dd05189554c2d97991d799ed5c
diff -r 9e5e45bda80d -r 4f8477a6e5a0 security/sbd/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/sbd/patches/patch-aa     Thu May 10 18:18:16 2007 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-aa,v 1.1.1.1 2007/05/10 18:18:16 agc Exp $
+
+--- sbd.cpp    2007/05/10 09:59:22     1.1
++++ sbd.cpp    2007/05/10 10:00:30
+@@ -121,7 +121,7 @@
+   
+   // We always assume server recieved the command ok
+   // truncate file so same bytes are not used
+-  truncateFile("enckey.bits", keyBytesUsed);
++  truncateFile(PKG_SYSCONFDIR "/" "enckey.bits", keyBytesUsed);
+ 
+   return 0;
+ }
+@@ -136,7 +136,7 @@
+   eMsg="";                               // Finished cypher text
+   
+   // get key bytes from file
+-  readKey("enckey.bits", key, SHA1_SIZE*2 + msg.size());
++  readKey(PKG_SYSCONFDIR "/" "enckey.bits", key, SHA1_SIZE*2 + msg.size());
+   
+   // Copy 20 bytes of key over to hashOTP for computing HMAC-SHA1
+   for (i = 0; i < SHA1_SIZE; i++)
diff -r 9e5e45bda80d -r 4f8477a6e5a0 security/sbd/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/sbd/patches/patch-ab     Thu May 10 18:18:16 2007 +0000
@@ -0,0 +1,33 @@
+$NetBSD: patch-ab,v 1.1.1.1 2007/05/10 18:18:16 agc Exp $
+
+--- sbdd.cpp   2007/05/10 09:59:22     1.1
++++ sbdd.cpp   2007/05/10 10:01:05
+@@ -110,8 +110,8 @@
+       return 1;
+     }
+     
+-    readKey("athkey.bits", authBytes, AUTH_SIZE);
+-    truncateFile("athkey.bits", AUTH_SIZE);
++    readKey(PKG_SYSCONFDIR "/" "athkey.bits", authBytes, AUTH_SIZE);
++    truncateFile(PKG_SYSCONFDIR "/" "athkey.bits", AUTH_SIZE);
+   
+     for (i = 0; i < authBytes.size() ; i++)
+     {
+@@ -180,7 +180,7 @@
+   unsigned char hashOTP[SHA1_SIZE];      // First 20 bytes of OTP used to comput HMAC-SHA1 
+   unsigned char finishedHash[SHA1_SIZE]; // Finished HMAC-SHA1 hash
+   
+-  readKey("deckey.bits", key, infileCmd.size()+SHA1_SIZE);
++  readKey(PKG_SYSCONFDIR "/" "deckey.bits", key, infileCmd.size()+SHA1_SIZE);
+   
+   // Copy 20 bytes of key over to hashOTP for computing HMAC-SHA1
+   for (i = 0; i < SHA1_SIZE; i++)
+@@ -227,7 +227,7 @@
+     logFile << "system() returned : " << system(cmd.c_str()) << endl;
+     
+     //truncate bytes file
+-    truncateFile("deckey.bits", infileCmd.size()+SHA1_SIZE);
++    truncateFile(PKG_SYSCONFDIR "/" "deckey.bits", infileCmd.size()+SHA1_SIZE);
+     return 0;
+   }
+