diff options
-rw-r--r-- | security/Makefile | 1 | ||||
-rw-r--r-- | security/hamachi/Makefile | 39 | ||||
-rw-r--r-- | security/hamachi/distinfo | 3 | ||||
-rw-r--r-- | security/hamachi/files/hamachi.sh.in | 65 | ||||
-rw-r--r-- | security/hamachi/files/patch-Makefile | 26 | ||||
-rw-r--r-- | security/hamachi/files/patch-tuncfg_tuncfg.c | 240 | ||||
-rw-r--r-- | security/hamachi/pkg-descr | 3 |
7 files changed, 377 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile index 6f6940747851..88d790ba1373 100644 --- a/security/Makefile +++ b/security/Makefile @@ -179,6 +179,7 @@ SUBDIR += gwee SUBDIR += hackbot SUBDIR += hafiye + SUBDIR += hamachi SUBDIR += hashish SUBDIR += heimdal SUBDIR += hlfl diff --git a/security/hamachi/Makefile b/security/hamachi/Makefile new file mode 100644 index 000000000000..5d771f47d9ee --- /dev/null +++ b/security/hamachi/Makefile @@ -0,0 +1,39 @@ +# New ports collection makefile for: hamachi +# Date created: 2006-11-17 +# Whom: Lapo Luchini <lapo@lapo.it> +# +# $FreeBSD$ +# + +PORTNAME= hamachi +DISTVERSION= 0.9.9.9-20 +DISTVERSIONSUFFIX= -lnx +CATEGORIES= security linux +MASTER_SITES= http://files.hamachi.cc/linux/ +PKGNAMEPREFIX= linux- + +MAINTAINER= lapo@lapo.it +COMMENT= Fast, secure, simple VPN software with NAT-traversal + +PATCH_DEPENDS= upx:${PORTSDIR}/archivers/upx + +NO_BUILD= yes +ONLY_FOR_ARCHS= i386 amd64 +USE_LINUX= yes + +USE_RC_SUBR= hamachi.sh +PLIST_FILES= bin/hamachi bin/hamachi-init sbin/hamachi-tuncfg +PORTDOCS= README CHANGES + +post-patch: + ${RM} -f ${WRKSRC}/tuncfg/tuncfg + ${CC} ${CFLAGS} -o ${WRKSRC}/tuncfg/tuncfg ${WRKSRC}/tuncfg/tuncfg.c + upx -d ${WRKSRC}/hamachi + +post-install: +.if !defined(NOPORTDOCS) + ${MKDIR} ${DOCSDIR} + cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR} +.endif + +.include <bsd.port.mk> diff --git a/security/hamachi/distinfo b/security/hamachi/distinfo new file mode 100644 index 000000000000..93e95ca382ac --- /dev/null +++ b/security/hamachi/distinfo @@ -0,0 +1,3 @@ +MD5 (hamachi-0.9.9.9-20-lnx.tar.gz) = 27e4c926d0aa03de3573c0b7acf032a6 +SHA256 (hamachi-0.9.9.9-20-lnx.tar.gz) = 9e4b733558377d0c971ee2a19e04c0f5956e069033e8d13865f7c4dcb6d7f31b +SIZE (hamachi-0.9.9.9-20-lnx.tar.gz) = 344866 diff --git a/security/hamachi/files/hamachi.sh.in b/security/hamachi/files/hamachi.sh.in new file mode 100644 index 000000000000..49ebf427d8a6 --- /dev/null +++ b/security/hamachi/files/hamachi.sh.in @@ -0,0 +1,65 @@ +#!/bin/sh +# +# hamachi.sh - load tap driver and start Hamachi's tuncfg daemon +# +# (C) Copyright 2007 by Lapo Luchini +# (loosely based on ports/security/openvpn/files/openvpn.sh.in 1.9 by Matthias Andree) +# +# $FreeBSD$ +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, write to the Free Software Foundation, Inc., 51 Franklin +# Street, Fifth Floor, Boston, MA 02110-1301, USA. + +# PROVIDE: hamachi +# REQUIRE: DAEMON +# KEYWORD: shutdown + +#TODO: serve la KEYWORD:shutdown? che fa? + +# Note that we deliberately refrain from unloading drivers. + +. %%RC_SUBR%% + +name="hamachi" +rcvar=`set_rcvar` + +load_rc_config $name + +: ${hamachi_enable="NO"} + +command="%%PREFIX%%/sbin/hamachi-tuncfg" +start_precmd="hamachi_precmd" + +hamachi_precmd() { + # FreeBSD <= 5.4 does not know kldstat's -m option + # FreeBSD >= 6.0 does not add debug.* sysctl information + # in the default build - we check both to keep things simple + if ! sysctl debug.if_tap_debug >/dev/null 2>&1 \ + && ! kldstat -m if_tap >/dev/null 2>&1 ; then + if ! kldload if_tap ; then + warn "Could not load tap module." + return 1 + fi + fi + if ! sysctl compat.linux >/dev/null 2>&1 \ + && ! kldstat -m linuxelf >/dev/null 2>&1 ; then + if ! kldload linux ; then + warn "Could not load linux module." + return 1 + fi + fi + return 0 +} + +run_rc_command "$1" diff --git a/security/hamachi/files/patch-Makefile b/security/hamachi/files/patch-Makefile new file mode 100644 index 000000000000..6da80a312e15 --- /dev/null +++ b/security/hamachi/files/patch-Makefile @@ -0,0 +1,26 @@ +--- Makefile.orig Tue Jun 20 21:47:28 2006 ++++ Makefile Thu Mar 22 14:02:01 2007 +@@ -2,12 +2,12 @@ + # + # Where hamachi and its symbolic link hamachi-init goes + # +-HAMACHI_DST ?= /usr/bin ++HAMACHI_DST ?= /usr/local/bin + + # + # Where root-level tunnel device configuration daemon tuncfg goes + # +-TUNCFG_DST ?= /sbin ++TUNCFG_DST ?= /usr/local/sbin + + .phony: install + +@@ -26,7 +26,7 @@ + fi; + + @echo Copying tuncfg into $(TUNCFG_DST) .. +- @install -s -m 700 tuncfg/tuncfg $(TUNCFG_DST) ++ @install -s -m 700 tuncfg/tuncfg $(TUNCFG_DST)/hamachi-tuncfg + + @echo + @echo "Hamachi is installed. See README for what to do next." diff --git a/security/hamachi/files/patch-tuncfg_tuncfg.c b/security/hamachi/files/patch-tuncfg_tuncfg.c new file mode 100644 index 000000000000..cdde008bc9c9 --- /dev/null +++ b/security/hamachi/files/patch-tuncfg_tuncfg.c @@ -0,0 +1,240 @@ +--- tuncfg/tuncfg.c.orig Tue Jun 20 21:47:28 2006 ++++ tuncfg/tuncfg.c Fri Nov 17 11:14:51 2006 +@@ -20,7 +20,7 @@ + * normally required by a private networking software. Namely - + * + * * creation of tunneling devices; this requires an access to +- * /dev/net/tun file, which _usually_ has 700 access mask ++ * /dev/tapXX files, which _usually_ has 700 access mask + * + * * configuration of the tunneling device using ifconfig, which is + * always a root-level operation +@@ -29,7 +29,7 @@ + * open a listening domain socket /var/run/tuncfg.sock. + * + * Upon accepting the connection on this socket, it will issue an open() +- * call for /dev/net/tun file (thus instantiating the tunneling device) ++ * call for /dev/tapXX file (iterating over first 16 XX values) + * and pass obtained FD to the peer process. It will also query and pass + * the MAC address of the device to the peer process. + * +@@ -48,10 +48,12 @@ + #include <sys/un.h> + #include <sys/ioctl.h> + #include <sys/stat.h> ++#include <sys/sysctl.h> + #include <arpa/inet.h> + +-#include <linux/if.h> +-#include <linux/if_tun.h> ++#include <net/if.h> ++#include <net/if_dl.h> ++#include <netinet/in.h> + + #include <unistd.h> + #include <errno.h> +@@ -59,6 +61,7 @@ + #include <fcntl.h> + #include <stdarg.h> + #include <stdlib.h> ++#include <string.h> + + /* + * +@@ -68,7 +71,7 @@ + + #define TUNTAP_URL "http://www.hamachi.cc/tuntap" + +-#define MAX_CLIENTS 64 ++#define MAX_CLIENTS 16 + + struct context + { +@@ -90,6 +93,7 @@ + struct stat st; + pid_t pid; + int fd, r, i; ++ int debug = 0; + + struct context ctx[MAX_CLIENTS]; + int ctx_n = 0; +@@ -98,18 +102,28 @@ + if (getuid() != 0) + errorf("tuncfg: must be run with superuser permissions\n"); + +- // lcok +- fd = open(LOCK_PATH, O_CREAT); ++ // ++ if (argc > 1) ++ { ++ debug = (strcmp(argv[1], "-d") == 0); ++ } ++ ++ // lock ++ fd = open(LOCK_PATH, O_CREAT | O_RDWR); + if (fd < 0) + errorf("tuncfg: cannot open lock file %s -- %s\n", + LOCK_PATH, strerror(errno)); + ++ // + if (flock(fd, LOCK_EX | LOCK_NB) < 0) +- errorf("tuncfg: already running\n"); ++ { ++ errorf("tuncfg: already running, " ++ "use 'killall tuncfg; tuncfg' to restart it\n"); ++ } + + // check there's /dev/net/tun +- if (stat("/dev/net/tun", &st) < 0) +- errorf("tuncfg: cannot stat() /dev/net/tun -- %s\n" ++ if (stat("/dev/tap0", &st) < 0) ++ errorf("tuncfg: cannot stat() /dev/tap0 -- %s\n" + "tuncfg: visit %s for more information\n", + strerror(errno), TUNTAP_URL); + +@@ -143,7 +157,7 @@ + SOCK_PATH, strerror(errno)); + + // daemonize +- if (argc < 2 || strcmp(argv[1], "-d")) ++ if (! debug) + { + chdir("/"); + +@@ -196,8 +210,13 @@ + if (FD_ISSET(fd, &fdr)) + { + struct context * p; +- struct ifreq ifr; + char buf[4+6]; ++ int mib[6]; ++ size_t len; ++ struct if_msghdr * msg = NULL; ++ struct sockaddr_dl * sa; ++ char dev_name[32]; ++ int i; + int cli, dev = -1, tmp = -1; + + cli = accept(fd, (void*)&addr, &alen); +@@ -213,48 +232,64 @@ + goto done; + } + +- // open tap device +- dev = open("/dev/net/tun", O_RDWR); +- printf("tuncfg: open() %d %d\n", dev, errno); ++ // open first available tap device ++ for (i=0; i<MAX_CLIENTS; i++) ++ { ++ snprintf(dev_name, sizeof(dev_name), ++ "/dev/tap%d", i); ++ ++ dev = open(dev_name, O_RDWR); ++ printf("tuncfg: open(%s) %d %d\n", ++ dev_name, dev, errno); ++ if (dev >= 0) ++ break; ++ } + if (dev < 0) + { +- r = (0x02 << 24) | errno; ++ r = (0x02 << 24); + goto done; + } + +- // bring it up +- strcpy(ifr.ifr_name, "ham%d"); +- ifr.ifr_flags = IFF_TAP | IFF_NO_PI; +- if (ioctl(dev, TUNSETIFF, (ulong)&ifr) < 0) ++ // query mac ++ mib[0] = CTL_NET; ++ mib[1] = AF_ROUTE; ++ mib[2] = 0; ++ mib[3] = AF_LINK; ++ mib[4] = NET_RT_IFLIST; ++ mib[5] = if_nametoindex("tap0"); ++ ++ if (! mib[5]) + { +- printf("tuncfg: ioctl() -1 %d\n", errno); + r = (0x03 << 24) | errno; + goto done; + } +- printf("tuncfg: ioctl() 0 %s\n", ifr.ifr_name); + +- // query mac +- tmp = socket(AF_INET, SOCK_DGRAM, 0); +- if (tmp < 0) ++ if (sysctl(mib, 6, NULL, &len, NULL, 0) < 0) + { +- printf("tuncfg: socket(mac) %d\n", errno); + r = (0x04 << 24) | errno; + goto done; + } +- +- if (ioctl(tmp, SIOCGIFHWADDR, (ulong)&ifr) < 0) ++ ++ msg = malloc(len); ++ if (! msg) ++ { ++ r = (0x05 << 24) | errno; ++ goto done; ++ } ++ ++ if (sysctl(mib, 6, msg, &len, NULL, 0) < 0) + { +- printf("tuncfg: ioctl(mac) %d\n", errno); + r = (0x05 << 24) | errno; + goto done; + } + +- memcpy(buf+4, &ifr.ifr_hwaddr.sa_data, 6); ++ sa = (void*)(msg + 1); ++ memcpy(buf+4, LLADDR(sa), 6); + + // remember + p = &ctx[ctx_n++]; + p->fd = cli; +- strncpy(p->dev, ifr.ifr_name, sizeof(p->dev)); ++ strncpy(p->dev, dev_name+5, 5); + + r = 0; + done: +@@ -264,6 +299,7 @@ + send_with_fd(cli, buf, sizeof(buf), dev); + } + ++ free(msg); + if (tmp != -1) close(tmp); + if (dev != -1) close(dev); + if (r != 0) close(cli); +@@ -295,7 +331,7 @@ + goto ack; + } + +- /* v[0] = ham<n>, v[1] = ip, v[2] = mask */ ++ /* v[0] = ip, v[1] = mask */ + if ( (v[0] & 0xff000000) != 0x05000000 || + (v[1] & 0xff000000) != 0xff000000 ) + { +@@ -324,9 +360,13 @@ + + r = system(cmd); + printf("tuncfg: system(%s) %d %d\n", cmd, r, errno); +- ++ if (r != 0) ++ { ++ r = (0x08 << 24) | (r & 0x00ffffff); ++ goto ack; ++ } + ack: +- printf("tuncfg: config() %08x", r); ++ printf("tuncfg: config() %08x\n", r); + send_with_fd(ctx[i].fd, &r, sizeof(r), -1); + } + } +@@ -360,4 +400,3 @@ + + return sendmsg(fd, &msg, 0); + } +- diff --git a/security/hamachi/pkg-descr b/security/hamachi/pkg-descr new file mode 100644 index 000000000000..081f8fb8403b --- /dev/null +++ b/security/hamachi/pkg-descr @@ -0,0 +1,3 @@ +Hamachi is a zero-configuration virtual private networking tool. + +WWW: http://hamachi.cc/ |