From 69cd37a82396577534265b33239bb610ebbc6a67 Mon Sep 17 00:00:00 2001 From: archie Date: Wed, 26 Jan 2000 01:55:28 +0000 Subject: Bash this port until it compiles under -current again. --- security/skip/Makefile | 18 +- security/skip/files/patch-aa | 2 +- security/skip/files/patch-ab | 2 +- security/skip/files/patch-ac | 2 +- security/skip/files/patch-ad | 2 +- security/skip/files/patch-ae | 2 +- security/skip/files/patch-af | 2 +- security/skip/files/patch-ag | 2 +- security/skip/files/patch-ah | 2 +- security/skip/files/patch-ai | 2 +- security/skip/files/patch-aj | 2 +- security/skip/files/patch-ak | 2 +- security/skip/files/patch-al | 2 +- security/skip/files/patch-am | 31 ++-- security/skip/files/patch-an | 16 +- security/skip/files/patch-ao | 23 +-- security/skip/files/patch-ap | 16 +- security/skip/files/patch-aq | 21 +-- security/skip/files/patch-ar | 14 +- security/skip/files/patch-as | 28 ++-- security/skip/files/patch-at | 17 +- security/skip/files/patch-au | 39 ++--- security/skip/files/patch-av | 88 ++-------- security/skip/files/patch-aw | 31 ++-- security/skip/files/patch-ax | 26 ++- security/skip/files/patch-ay | 70 ++------ security/skip/files/patch-az | 39 +++-- security/skip/files/patch-ba | 98 ++++++++--- security/skip/files/patch-bb | 129 +++++++------- security/skip/files/patch-bc | 93 +++------- security/skip/files/patch-bd | 27 +-- security/skip/files/patch-be | 70 ++++++-- security/skip/files/patch-bf | 42 ++--- security/skip/files/patch-bg | 130 +++----------- security/skip/files/patch-bh | 107 ++++++------ security/skip/files/patch-bi | 83 +++++++-- security/skip/files/patch-bj | 158 ++--------------- security/skip/files/patch-bk | 36 ++-- security/skip/files/patch-bl | 316 ++-------------------------------- security/skip/files/patch-bm | 76 ++++----- security/skip/files/patch-bn | 300 ++++++++++++--------------------- security/skip/files/patch-bo | 147 +++++----------- security/skip/files/patch-bp | 22 +-- security/skip/files/patch-bq | 184 +++++++++++++++----- security/skip/files/patch-br | 37 ++-- security/skip/files/patch-bs | 329 +++++++++++++++++++++++++++++++++--- security/skip/files/patch-bt | 63 ++++--- security/skip/files/patch-bu | 223 ++++++++++++++++++++++-- security/skip/files/patch-bv | 189 +++++++++++++++++---- security/skip/files/patch-bw | 24 +-- security/skip/files/patch-bx | 63 ++++--- security/skip/files/patch-by | 23 ++- security/skip/files/patch-bz | 88 ++-------- security/skip/files/patch-ca | 33 ++-- security/skip/files/patch-cb | 28 ++-- security/skip/files/patch-cc | 51 +++--- security/skip/files/patch-cd | 28 ++-- security/skip/files/patch-ce | 32 ++-- security/skip/files/patch-cf | 53 ++++-- security/skip/files/patch-cg | 32 ++-- security/skip/files/patch-ch | 51 +++--- security/skip/files/patch-ci | 35 ++-- security/skip/files/patch-cj | 31 ++-- security/skip/files/patch-ck | 94 +++++++++-- security/skip/files/patch-cl | 52 ++---- security/skip/files/patch-cm | 30 ++-- security/skip/files/patch-cn | 29 ++-- security/skip/files/patch-co | 106 ++---------- security/skip/files/patch-cp | 182 +++----------------- security/skip/files/patch-cq | 33 ++-- security/skip/files/patch-cr | 30 ++-- security/skip/files/patch-cs | 41 +++-- security/skip/files/patch-ct | 392 ++----------------------------------------- security/skip/files/patch-cu | 88 +++------- security/skip/files/patch-cv | 18 ++ security/skip/files/patch-cw | 39 +++++ security/skip/files/patch-cx | 17 ++ security/skip/files/patch-cy | 18 ++ security/skip/files/patch-cz | 92 ++++++++++ security/skip/files/patch-da | 161 ++++++++++++++++++ security/skip/files/patch-db | 30 ++++ security/skip/files/patch-dc | 19 +++ security/skip/files/patch-dd | 12 ++ security/skip/files/patch-de | 17 ++ security/skip/files/patch-df | 12 ++ 85 files changed, 2669 insertions(+), 2775 deletions(-) create mode 100644 security/skip/files/patch-cv create mode 100644 security/skip/files/patch-cw create mode 100644 security/skip/files/patch-cx create mode 100644 security/skip/files/patch-cy create mode 100644 security/skip/files/patch-cz create mode 100644 security/skip/files/patch-da create mode 100644 security/skip/files/patch-db create mode 100644 security/skip/files/patch-dc create mode 100644 security/skip/files/patch-dd create mode 100644 security/skip/files/patch-de create mode 100644 security/skip/files/patch-df (limited to 'security') diff --git a/security/skip/Makefile b/security/skip/Makefile index ba7f8995922f..966f9004790a 100644 --- a/security/skip/Makefile +++ b/security/skip/Makefile @@ -18,7 +18,7 @@ MASTER_SITES= ftp://ftp.replaytv.com/pub/replay/crypto/APPS/skip/ \ DISTFILES= skipsrc-1.0.tar.Z EXTRACT_SUFX= tar.Z -MAINTAINER= archie@whistle.com +MAINTAINER= archie@freebsd.org BUILD_DEPENDS= ${X11BASE}/lib/libxview.a:${PORTSDIR}/x11-toolkits/xview \ ${X11BASE}/lib/X11/config/XView.cf:${PORTSDIR}/x11-toolkits/xview @@ -47,6 +47,8 @@ MAN4= skipd.conf.4 raw_keys.4 # SKIP has a lot of hard coded paths in it. Our patches replace # them with @@PREFIX@@, which we then replace with ${PREFIX}. +# Also, we remove all the "#pragma ident" lines that generate +# a bazillion warnings from the compiler. post-patch: @find ${WRKSRC} -name '*.orig' -print | xargs rm @cd ${WRKSRC}; \ @@ -54,12 +56,12 @@ post-patch: for FILE in $$FILES; do \ ${SED} 's!@@PREFIX@@!${PREFIX}!g' < $$FILE > $$FILE.new ; \ ${MV} $$FILE.new $$FILE; \ + done; \ + FILES=`find . -type f -name '*.[cCh]' -print \ + | xargs ${GREP} -l '^#pragma ident'`; \ + for FILE in $$FILES; do \ + ${SED} '/^#pragma ident/d' < $$FILE > $$FILE.new ; \ + ${MV} $$FILE.new $$FILE; \ done -.include - -.if ${OSVERSION} >= 400006 -BROKEN= New character device registration issues and _KERNEL -.endif - -.include +.include diff --git a/security/skip/files/patch-aa b/security/skip/files/patch-aa index e200731e4444..81243b3478b9 100644 --- a/security/skip/files/patch-aa +++ b/security/skip/files/patch-aa @@ -1,6 +1,6 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/Configure work.new/Configure --- skipsrc-1.0.orig/Configure Fri Oct 25 13:13:15 1996 -+++ work.new/Configure Mon Mar 8 21:33:38 1999 ++++ work.new/Configure Mon Jan 24 12:35:36 2000 @@ -103,8 +103,6 @@ echo "$0: failed to install skip/freebsd/Makefile.defs" exit 1 diff --git a/security/skip/files/patch-ab b/security/skip/files/patch-ab index 67570ddb1e04..8652f698ac68 100644 --- a/security/skip/files/patch-ab +++ b/security/skip/files/patch-ab @@ -1,6 +1,6 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/Makefile work.new/Makefile --- skipsrc-1.0.orig/Makefile Fri Oct 25 13:11:18 1996 -+++ work.new/Makefile Mon Mar 8 21:33:38 1999 ++++ work.new/Makefile Mon Jan 24 12:35:36 2000 @@ -74,3 +74,7 @@ cleanpkgs: @echo "Cleaning SKIP package directory..." diff --git a/security/skip/files/patch-ac b/security/skip/files/patch-ac index 94b3d5cb3e4c..41c4031dc2d2 100644 --- a/security/skip/files/patch-ac +++ b/security/skip/files/patch-ac @@ -1,6 +1,6 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/admin/hosts.4.x work.new/admin/hosts.4.x --- skipsrc-1.0.orig/admin/hosts.4.x Fri Oct 25 13:13:14 1996 -+++ work.new/admin/hosts.4.x Mon Mar 8 21:33:39 1999 ++++ work.new/admin/hosts.4.x Mon Jan 24 12:35:36 2000 @@ -46,20 +46,18 @@ # # SKIP host access control information diff --git a/security/skip/files/patch-ad b/security/skip/files/patch-ad index c740229d83ab..fe19b7ea66b1 100644 --- a/security/skip/files/patch-ad +++ b/security/skip/files/patch-ad @@ -1,6 +1,6 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/admin/install_skip_keys.sh work.new/admin/install_skip_keys.sh --- skipsrc-1.0.orig/admin/install_skip_keys.sh Fri Oct 25 13:11:19 1996 -+++ work.new/admin/install_skip_keys.sh Mon Mar 8 21:33:39 1999 ++++ work.new/admin/install_skip_keys.sh Mon Jan 24 12:35:36 2000 @@ -145,18 +145,11 @@ rm -rf $DIR } diff --git a/security/skip/files/patch-ae b/security/skip/files/patch-ae index 6bd7d9b698f8..74c72ff0d468 100644 --- a/security/skip/files/patch-ae +++ b/security/skip/files/patch-ae @@ -1,6 +1,6 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/admin/skip_conf.sh work.new/admin/skip_conf.sh --- skipsrc-1.0.orig/admin/skip_conf.sh Fri Oct 25 13:11:19 1996 -+++ work.new/admin/skip_conf.sh Mon Mar 8 21:33:39 1999 ++++ work.new/admin/skip_conf.sh Mon Jan 24 12:35:36 2000 @@ -8,14 +8,9 @@ exit 1 fi diff --git a/security/skip/files/patch-af b/security/skip/files/patch-af index 640f7eb15e56..98536736e588 100644 --- a/security/skip/files/patch-af +++ b/security/skip/files/patch-af @@ -1,6 +1,6 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/admin/skipd_restart.sh work.new/admin/skipd_restart.sh --- skipsrc-1.0.orig/admin/skipd_restart.sh Fri Oct 25 13:11:19 1996 -+++ work.new/admin/skipd_restart.sh Mon Mar 8 21:33:39 1999 ++++ work.new/admin/skipd_restart.sh Mon Jan 24 12:35:36 2000 @@ -4,20 +4,9 @@ # # Kill and restart the SKIP key management/certificate daemon diff --git a/security/skip/files/patch-ag b/security/skip/files/patch-ag index bf7d540cbe57..a69725be638a 100644 --- a/security/skip/files/patch-ag +++ b/security/skip/files/patch-ag @@ -1,6 +1,6 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/admin/skipif.sh work.new/admin/skipif.sh --- skipsrc-1.0.orig/admin/skipif.sh Fri Oct 25 13:11:20 1996 -+++ work.new/admin/skipif.sh Mon Mar 8 21:33:39 1999 ++++ work.new/admin/skipif.sh Mon Jan 24 12:35:36 2000 @@ -4,30 +4,15 @@ # # SKIP interface management utility diff --git a/security/skip/files/patch-ah b/security/skip/files/patch-ah index 3122c9e19286..e01160933859 100644 --- a/security/skip/files/patch-ah +++ b/security/skip/files/patch-ah @@ -1,6 +1,6 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/bnlib/Makefile.in work.new/bnlib/Makefile.in --- skipsrc-1.0.orig/bnlib/Makefile.in Fri Oct 25 13:11:20 1996 -+++ work.new/bnlib/Makefile.in Mon Mar 8 21:33:38 1999 ++++ work.new/bnlib/Makefile.in Mon Jan 24 12:35:36 2000 @@ -61,7 +61,7 @@ # code compiled with another cc, which doesn't know about -lgcc. diff --git a/security/skip/files/patch-ai b/security/skip/files/patch-ai index 6821ea657511..496c7650b3be 100644 --- a/security/skip/files/patch-ai +++ b/security/skip/files/patch-ai @@ -1,6 +1,6 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/certs/hashcert/dh_keygen.C work.new/certs/hashcert/dh_keygen.C --- skipsrc-1.0.orig/certs/hashcert/dh_keygen.C Fri Oct 25 13:11:37 1996 -+++ work.new/certs/hashcert/dh_keygen.C Mon Mar 8 21:33:38 1999 ++++ work.new/certs/hashcert/dh_keygen.C Mon Jan 24 12:35:36 2000 @@ -54,6 +54,8 @@ #include diff --git a/security/skip/files/patch-aj b/security/skip/files/patch-aj index e2f5331f593c..95b12aa4aafd 100644 --- a/security/skip/files/patch-aj +++ b/security/skip/files/patch-aj @@ -1,6 +1,6 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/certs/lib/AuthPolicy.C work.new/certs/lib/AuthPolicy.C --- skipsrc-1.0.orig/certs/lib/AuthPolicy.C Fri Oct 25 13:11:37 1996 -+++ work.new/certs/lib/AuthPolicy.C Mon Mar 8 21:33:38 1999 ++++ work.new/certs/lib/AuthPolicy.C Mon Jan 24 12:35:37 2000 @@ -44,7 +44,9 @@ #pragma ident "@(#)AuthPolicy.C 1.9 96/05/15" diff --git a/security/skip/files/patch-ak b/security/skip/files/patch-ak index cbf1fe221874..e49fe4db858c 100644 --- a/security/skip/files/patch-ak +++ b/security/skip/files/patch-ak @@ -1,6 +1,6 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/certs/lib/Bstream.C work.new/certs/lib/Bstream.C --- skipsrc-1.0.orig/certs/lib/Bstream.C Fri Oct 25 13:11:38 1996 -+++ work.new/certs/lib/Bstream.C Mon Mar 8 21:33:38 1999 ++++ work.new/certs/lib/Bstream.C Mon Jan 24 12:35:37 2000 @@ -48,6 +48,7 @@ #include #include diff --git a/security/skip/files/patch-al b/security/skip/files/patch-al index 6ab3833b796b..cf3cd4f779f9 100644 --- a/security/skip/files/patch-al +++ b/security/skip/files/patch-al @@ -1,6 +1,6 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/certs/lib/CertInfo.C work.new/certs/lib/CertInfo.C --- skipsrc-1.0.orig/certs/lib/CertInfo.C Fri Oct 25 13:11:39 1996 -+++ work.new/certs/lib/CertInfo.C Mon Mar 8 21:33:38 1999 ++++ work.new/certs/lib/CertInfo.C Mon Jan 24 12:35:37 2000 @@ -44,6 +44,7 @@ #pragma ident "@(#)CertInfo.C 1.14 96/04/10" diff --git a/security/skip/files/patch-am b/security/skip/files/patch-am index 00e385abf212..c4cf892a89e7 100644 --- a/security/skip/files/patch-am +++ b/security/skip/files/patch-am @@ -1,11 +1,20 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/certs/lib/Name.C work.new/certs/lib/Name.C ---- skipsrc-1.0.orig/certs/lib/Name.C Fri Oct 25 13:11:40 1996 -+++ work.new/certs/lib/Name.C Mon Mar 8 21:33:38 1999 -@@ -48,6 +48,7 @@ - #include - #include - #include -+#include - #include "Time.h" - #include "Bigint.h" - #include "Bstream.h" +diff -ur --unidirectional-new-file skipsrc-1.0.orig/certs/lib/HashCert.h work.new/certs/lib/HashCert.h +--- skipsrc-1.0.orig/certs/lib/HashCert.h Fri Oct 25 13:11:40 1996 ++++ work.new/certs/lib/HashCert.h Mon Jan 24 13:26:47 2000 +@@ -69,13 +69,13 @@ + + int CertType(); + virtual SkipCert* dup(); +- decode(Bstream); ++ int decode(Bstream); + char* isValid(AuthPolicy&); + Bstream encode(); +- skip_params(Bigint &, Bigint &); ++ int skip_params(Bigint &, Bigint &); + Bigint skip_pubkey(); + Bstream skip_name(); +- encode(Bstream); ++ int encode(Bstream); + u_long skip_notvalidafter(); + u_long skip_notvalidbefore(); + virtual Bstream get_issuer(); diff --git a/security/skip/files/patch-an b/security/skip/files/patch-an index 38af530fd723..762466fee708 100644 --- a/security/skip/files/patch-an +++ b/security/skip/files/patch-an @@ -1,11 +1,11 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/certs/lib/SkipCert.C work.new/certs/lib/SkipCert.C ---- skipsrc-1.0.orig/certs/lib/SkipCert.C Fri Oct 25 13:11:43 1996 -+++ work.new/certs/lib/SkipCert.C Mon Mar 8 21:33:38 1999 -@@ -46,6 +46,7 @@ - - #include +diff -ur --unidirectional-new-file skipsrc-1.0.orig/certs/lib/Name.C work.new/certs/lib/Name.C +--- skipsrc-1.0.orig/certs/lib/Name.C Fri Oct 25 13:11:40 1996 ++++ work.new/certs/lib/Name.C Mon Jan 24 12:35:37 2000 +@@ -48,6 +48,7 @@ + #include #include + #include +#include - - #include "Bstream.h" + #include "Time.h" #include "Bigint.h" + #include "Bstream.h" diff --git a/security/skip/files/patch-ao b/security/skip/files/patch-ao index 10b7658ae4e6..286d5677e2b1 100644 --- a/security/skip/files/patch-ao +++ b/security/skip/files/patch-ao @@ -1,11 +1,12 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/certs/lib/Time.C work.new/certs/lib/Time.C ---- skipsrc-1.0.orig/certs/lib/Time.C Fri Oct 25 13:11:43 1996 -+++ work.new/certs/lib/Time.C Mon Mar 8 21:33:38 1999 -@@ -46,6 +46,7 @@ - - #include - #include -+#include - #include "Time.h" - #include - #include +diff -ur --unidirectional-new-file skipsrc-1.0.orig/certs/lib/Signed.h work.new/certs/lib/Signed.h +--- skipsrc-1.0.orig/certs/lib/Signed.h Fri Oct 25 13:11:43 1996 ++++ work.new/certs/lib/Signed.h Mon Jan 24 13:07:18 2000 +@@ -69,7 +69,7 @@ + Signed(const Signed& ); + Signed& operator =(const Signed &); + // Member functions and operators +- virtual decode(const Bstream&); // Supply a signed object ++ virtual int decode(const Bstream&); // Supply a signed object + virtual Bstream sign(const Bstream&, // tobesigned, key and algid. + const Bstream&, const AlgId&); + // returns encoded_signed diff --git a/security/skip/files/patch-ap b/security/skip/files/patch-ap index 1f7dadf80cd2..f98a34ec55cc 100644 --- a/security/skip/files/patch-ap +++ b/security/skip/files/patch-ap @@ -1,11 +1,11 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/certs/lib/asn1_der_decode.C work.new/certs/lib/asn1_der_decode.C ---- skipsrc-1.0.orig/certs/lib/asn1_der_decode.C Fri Oct 25 13:11:45 1996 -+++ work.new/certs/lib/asn1_der_decode.C Mon Mar 8 21:33:38 1999 -@@ -48,6 +48,7 @@ - #include - #include +diff -ur --unidirectional-new-file skipsrc-1.0.orig/certs/lib/SkipCert.C work.new/certs/lib/SkipCert.C +--- skipsrc-1.0.orig/certs/lib/SkipCert.C Fri Oct 25 13:11:43 1996 ++++ work.new/certs/lib/SkipCert.C Mon Jan 24 12:35:37 2000 +@@ -46,6 +46,7 @@ + + #include #include +#include - #include "my_types.h" - #include "Time.h" + + #include "Bstream.h" #include "Bigint.h" diff --git a/security/skip/files/patch-aq b/security/skip/files/patch-aq index b9e13a1719cf..0c325f383999 100644 --- a/security/skip/files/patch-aq +++ b/security/skip/files/patch-aq @@ -1,11 +1,12 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/certs/lib/passwd_subr.C work.new/certs/lib/passwd_subr.C ---- skipsrc-1.0.orig/certs/lib/passwd_subr.C Fri Oct 25 13:11:49 1996 -+++ work.new/certs/lib/passwd_subr.C Mon Mar 8 21:33:38 1999 -@@ -52,6 +52,7 @@ +diff -ur --unidirectional-new-file skipsrc-1.0.orig/certs/lib/SkipCert.h work.new/certs/lib/SkipCert.h +--- skipsrc-1.0.orig/certs/lib/SkipCert.h Fri Oct 25 13:11:43 1996 ++++ work.new/certs/lib/SkipCert.h Mon Jan 24 13:26:21 2000 +@@ -63,7 +63,7 @@ + virtual ~SkipCert()=0; - #include - #include -+#include - #include "Bstream.h" - #include "Bigint.h" - #include "ObjId.h" + virtual int CertType()=0; +- virtual skip_params(Bigint&, Bigint&)=0; ++ virtual int skip_params(Bigint&, Bigint&)=0; + virtual Bigint skip_pubkey()=0; + virtual Bstream skip_name()=0; + virtual int decode(Bstream)=0; diff --git a/security/skip/files/patch-ar b/security/skip/files/patch-ar index 6ba7080175a7..828133f363d5 100644 --- a/security/skip/files/patch-ar +++ b/security/skip/files/patch-ar @@ -1,11 +1,11 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/certs/lib/test_ca.C work.new/certs/lib/test_ca.C ---- skipsrc-1.0.orig/certs/lib/test_ca.C Fri Oct 25 13:11:50 1996 -+++ work.new/certs/lib/test_ca.C Mon Mar 8 21:33:38 1999 +diff -ur --unidirectional-new-file skipsrc-1.0.orig/certs/lib/Time.C work.new/certs/lib/Time.C +--- skipsrc-1.0.orig/certs/lib/Time.C Fri Oct 25 13:11:43 1996 ++++ work.new/certs/lib/Time.C Mon Jan 24 12:35:37 2000 @@ -46,6 +46,7 @@ - #include - #include -+#include #include + #include ++#include #include "Time.h" - #include "Bigint.h" + #include + #include diff --git a/security/skip/files/patch-as b/security/skip/files/patch-as index 8132c5d9326c..055b7b3f86ad 100644 --- a/security/skip/files/patch-as +++ b/security/skip/files/patch-as @@ -1,11 +1,19 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/certs/lib/test_passwd.C work.new/certs/lib/test_passwd.C ---- skipsrc-1.0.orig/certs/lib/test_passwd.C Fri Oct 25 13:11:50 1996 -+++ work.new/certs/lib/test_passwd.C Mon Mar 8 21:33:38 1999 -@@ -46,6 +46,7 @@ +diff -ur --unidirectional-new-file skipsrc-1.0.orig/certs/lib/X509skip.h work.new/certs/lib/X509skip.h +--- skipsrc-1.0.orig/certs/lib/X509skip.h Fri Oct 25 13:11:44 1996 ++++ work.new/certs/lib/X509skip.h Mon Jan 24 13:34:50 2000 +@@ -63,13 +63,13 @@ + X509SkipCert& operator=(const X509SkipCert&); - #include - #include -+#include - #include "Bstream.h" - #include "Bigint.h" - #include "ObjId.h" + int CertType(); +- skip_params(Bigint &, Bigint &); ++ int skip_params(Bigint &, Bigint &); + Bigint skip_pubkey(); + Bstream skip_name(); + u_long skip_notvalidafter(); + u_long skip_notvalidbefore(); + Bstream encode(); +- decode(Bstream); ++ int decode(Bstream); + char* isValid(AuthPolicy&); + virtual Bstream get_issuer(); + void print(); diff --git a/security/skip/files/patch-at b/security/skip/files/patch-at index 7efadc32a72d..284f85c41ed9 100644 --- a/security/skip/files/patch-at +++ b/security/skip/files/patch-at @@ -1,12 +1,11 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/certs/lib/userfuncs.C work.new/certs/lib/userfuncs.C ---- skipsrc-1.0.orig/certs/lib/userfuncs.C Fri Oct 25 13:11:51 1996 -+++ work.new/certs/lib/userfuncs.C Mon Mar 8 21:33:38 1999 -@@ -47,6 +47,8 @@ - #include - #include +diff -ur --unidirectional-new-file skipsrc-1.0.orig/certs/lib/asn1_der_decode.C work.new/certs/lib/asn1_der_decode.C +--- skipsrc-1.0.orig/certs/lib/asn1_der_decode.C Fri Oct 25 13:11:45 1996 ++++ work.new/certs/lib/asn1_der_decode.C Mon Jan 24 12:35:37 2000 +@@ -48,6 +48,7 @@ + #include #include -+#include -+#include + #include ++#include + #include "my_types.h" #include "Time.h" #include "Bigint.h" - #include "Bstream.h" diff --git a/security/skip/files/patch-au b/security/skip/files/patch-au index 4a77530b6c78..fd9732bf433e 100644 --- a/security/skip/files/patch-au +++ b/security/skip/files/patch-au @@ -1,27 +1,12 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/doc/INSTALL work.new/doc/INSTALL ---- skipsrc-1.0.orig/doc/INSTALL Fri Oct 25 13:11:55 1996 -+++ work.new/doc/INSTALL Mon Mar 8 21:33:38 1999 -@@ -1,6 +1,13 @@ - Quick-Start Guide - ----------------- - -+ *** -+ *** NOTE TO FREEBSD PORT USERS -+ *** -+ *** If you've installed SKIP using the FreeBSD port -+ *** or package, you can go directly to step #4. -+ *** -+ - This is a quick-start guide for SKIP. It covers installing the SKIP - binaries and setting up IP-level encryption between two hosts. - -@@ -64,7 +71,8 @@ - View the key manager log file to see if the the certificate - exchange and the shared secret computation succeeded: - -- tail /var/log/skip.log -+ tail /var/log/skiphost.log -+ tail /var/log/messages - - If you have tcpdump, etherfind, snoop, or some other packet dumping - utility, you can verify that encrypted packets are using protocol 57. +diff -ur --unidirectional-new-file skipsrc-1.0.orig/certs/lib/manualcrl.h work.new/certs/lib/manualcrl.h +--- skipsrc-1.0.orig/certs/lib/manualcrl.h Fri Oct 25 13:11:47 1996 ++++ work.new/certs/lib/manualcrl.h Mon Jan 24 13:01:14 2000 +@@ -58,7 +58,7 @@ + int store(const char *filename); + void add(Bigint&); + void del(Bigint&); +- ispresent(Bigint&); ++ int ispresent(Bigint&); + ManualCRL(); + ManualCRL(const ManualCRL&); + ManualCRL& operator =(const ManualCRL& rhs); diff --git a/security/skip/files/patch-av b/security/skip/files/patch-av index 2c6bc86feb6d..08c1b77c657e 100644 --- a/security/skip/files/patch-av +++ b/security/skip/files/patch-av @@ -1,77 +1,11 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/doc/README.FreeBSD work.new/doc/README.FreeBSD ---- skipsrc-1.0.orig/doc/README.FreeBSD Wed Dec 31 16:00:00 1969 -+++ work.new/doc/README.FreeBSD Wed Mar 10 09:25:35 1999 -@@ -0,0 +1,73 @@ -+ -+Some notes regarding the FreeBSD port of SKIP -+December 8, 1997 -+ -+- Much of the non-man page documentation has NOT be patched to reflect -+ the different locations of files, etc. The main difference is that the -+ original version of SKIP puts everything under /usr/skip, whereas the -+ FreeBSD port has put it under @@PREFIX@@. This documentation can be -+ found in @@PREFIX@@/share/doc/skip. -+ -+- Thanks to Stephanie Wehner, skiphost now takes a new argument for specifying -+ the source address for encrypted packets. This allows encrypted packets -+ that are being tunnelled between two routers to have source and dest -+ IP addresses of only those two routers. This reduces firewall complexity -+ in many cases. From her description: -+ -+ This adds another command line option to skiphost, namely -+ -f . Every packet going out to the other host -+ will then have this source address in the packet. -+ -+- SKIP is applied to packets *after* any ipfw(8) filtering is applied. -+ This is true for both incoming and outgoing packets. Note that SKIP -+ has its own access control functionality. -+ -+ One way to deal with this is to do the following: -+ -+ - Setup ipfw as you normally would to restrict access to your machine. -+ - Add additional ipfw rules to allow SKIP related traffic: -+ - ipfw add 10 allow 57 from any to any -+ - ipfw add 10 allow 79 from any to any (if using SunScreen mode) -+ - ipfw add 10 allow 50 from any to any (if using raw ESP/AH mode) -+ - ipfw add 10 allow 51 from any to any (if using raw ESP/AH mode) -+ - ipfw add 10 allow udp from any to 1640 -+ - ipfw add 10 allow udp from 1640 to any -+ - Set the default rule for SKIP to be to allow access. -+ -+- Skipd will logs via syslog(3) instead of logging directly -+ to /var/log/skip.log as before, using the LOG_DAEMON facility. -+ -+ You may want to redirect this output to its own log file. -+ This is done by the following steps: -+ -+ 1. touch /var/log/skipd.log -+ 2. Edit /etc/syslog.conf and add these lines at the end: -+ -+ !skipd -+ *.* /var/log/skipd.log -+ -+ 3. Edit /etc/newsyslog.conf as appropriate -+ 4. Restart syslogd -+ -+- Each time skip is started (at reboot time), the skiphost -+ output is written to /var/log/skiphost.log. You may also -+ want to add an entry to /etc/newsyslog.conf for this one -+ as well. -+ -+- Users of skip should subscribe to the SKIP mailing list -+ by sending an email to "majordomo@skip.org" containing -+ the line "subscribe skip-info". -+ -+- If you have trouble: -+ -+ - If there is a problem with the port itself (e.g., it won't -+ compile on your system), use send-pr(1) to send a problem report. -+ -+ - If you are having trouble with SKIP configuration, use, -+ compatibility, etc., send your questions to the SKIP -+ mailing list: skip-info@skip.org (you should subscribe -+ to it first). -+ -+Thanks, -+-Archie Cobbs -+ +diff -ur --unidirectional-new-file skipsrc-1.0.orig/certs/lib/passwd_subr.C work.new/certs/lib/passwd_subr.C +--- skipsrc-1.0.orig/certs/lib/passwd_subr.C Fri Oct 25 13:11:49 1996 ++++ work.new/certs/lib/passwd_subr.C Mon Jan 24 12:35:37 2000 +@@ -52,6 +52,7 @@ + + #include + #include ++#include + #include "Bstream.h" + #include "Bigint.h" + #include "ObjId.h" diff --git a/security/skip/files/patch-aw b/security/skip/files/patch-aw index ed65632c3beb..f3f8006a8aad 100644 --- a/security/skip/files/patch-aw +++ b/security/skip/files/patch-aw @@ -1,22 +1,11 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/doc/ROADMAP work.new/doc/ROADMAP ---- skipsrc-1.0.orig/doc/ROADMAP Fri Oct 25 13:11:55 1996 -+++ work.new/doc/ROADMAP Thu Jul 22 11:13:09 1999 -@@ -1,6 +1,13 @@ - This directory contains documentation and legal statements for this - release. +diff -ur --unidirectional-new-file skipsrc-1.0.orig/certs/lib/test_ca.C work.new/certs/lib/test_ca.C +--- skipsrc-1.0.orig/certs/lib/test_ca.C Fri Oct 25 13:11:50 1996 ++++ work.new/certs/lib/test_ca.C Mon Jan 24 12:35:37 2000 +@@ -46,6 +46,7 @@ -+README.FreeBSD - Notes on the FreeBSD port of SKIP. -+ -+README.FreeBSD+NAT - Notes on using SKIP with FreeBSD's NAT -+ (Network Address Translation). -+ -+All of the other documentation is NOT specific to FreeBSD: -+ - 00README - Introduction, Release notes and Build - Instructions. Read this first. You - should read this if only for the -@@ -24,3 +31,4 @@ - architecture and performance. - - usersguide.* - User's guide in various formats -+ + #include + #include ++#include + #include + #include "Time.h" + #include "Bigint.h" diff --git a/security/skip/files/patch-ax b/security/skip/files/patch-ax index ecd1919db16a..50b786044538 100644 --- a/security/skip/files/patch-ax +++ b/security/skip/files/patch-ax @@ -1,17 +1,11 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/libdb/PORT/freebsd2.1/include/compat.h work.new/libdb/PORT/freebsd2.1/include/compat.h ---- skipsrc-1.0.orig/libdb/PORT/freebsd2.1/include/compat.h Fri Oct 25 13:12:04 1996 -+++ work.new/libdb/PORT/freebsd2.1/include/compat.h Mon Mar 8 21:33:38 1999 -@@ -125,13 +125,6 @@ - #define bcopy(a, b, n) memmove(b, a, n) - #endif +diff -ur --unidirectional-new-file skipsrc-1.0.orig/certs/lib/test_passwd.C work.new/certs/lib/test_passwd.C +--- skipsrc-1.0.orig/certs/lib/test_passwd.C Fri Oct 25 13:11:50 1996 ++++ work.new/certs/lib/test_passwd.C Mon Jan 24 12:35:38 2000 +@@ -46,6 +46,7 @@ --#if defined(BSD) || defined(BSD4_3) --#define strchr(a, b) index(a, b) --#define strrchr(a, b) rindex(a, b) --#define memcmp(a, b, n) bcmp(a, b, n) --#define memmove(a, b, n) bcopy(b, a, n) --#endif -- - /* - * 32-bit machine. The db routines are theoretically independent of - * the size of u_shorts and u_longs, but I don't know that anyone has + #include + #include ++#include + #include "Bstream.h" + #include "Bigint.h" + #include "ObjId.h" diff --git a/security/skip/files/patch-ay b/security/skip/files/patch-ay index 5f1915d950d3..68aa9d1b69f6 100644 --- a/security/skip/files/patch-ay +++ b/security/skip/files/patch-ay @@ -1,58 +1,12 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/libdb/hash/hash.c work.new/libdb/hash/hash.c ---- skipsrc-1.0.orig/libdb/hash/hash.c Fri Oct 25 13:12:20 1996 -+++ work.new/libdb/hash/hash.c Mon Mar 8 21:33:38 1999 -@@ -505,7 +505,7 @@ - else - if (wsize != sizeof(HASHHDR)) { - errno = EFTYPE; -- hashp->errno = errno; -+ hashp->errnum = errno; - return (-1); - } - for (i = 0; i < NCACHED; i++) -@@ -536,7 +536,7 @@ - - hashp = (HTAB *)dbp->internal; - if (flag) { -- hashp->errno = errno = EINVAL; -+ hashp->errnum = errno = EINVAL; - return (ERROR); - } - return (hash_access(hashp, HASH_GET, (DBT *)key, data)); -@@ -553,11 +553,11 @@ - - hashp = (HTAB *)dbp->internal; - if (flag && flag != R_NOOVERWRITE) { -- hashp->errno = errno = EINVAL; -+ hashp->errnum = errno = EINVAL; - return (ERROR); - } - if ((hashp->flags & O_ACCMODE) == O_RDONLY) { -- hashp->errno = errno = EPERM; -+ hashp->errnum = errno = EPERM; - return (ERROR); - } - return (hash_access(hashp, flag == R_NOOVERWRITE ? -@@ -574,11 +574,11 @@ - - hashp = (HTAB *)dbp->internal; - if (flag && flag != R_CURSOR) { -- hashp->errno = errno = EINVAL; -+ hashp->errnum = errno = EINVAL; - return (ERROR); - } - if ((hashp->flags & O_ACCMODE) == O_RDONLY) { -- hashp->errno = errno = EPERM; -+ hashp->errnum = errno = EPERM; - return (ERROR); - } - return (hash_access(hashp, HASH_DELETE, (DBT *)key, NULL)); -@@ -729,7 +729,7 @@ - - hashp = (HTAB *)dbp->internal; - if (flag && flag != R_FIRST && flag != R_NEXT) { -- hashp->errno = errno = EINVAL; -+ hashp->errnum = errno = EINVAL; - return (ERROR); - } - #ifdef HASH_STATISTICS +diff -ur --unidirectional-new-file skipsrc-1.0.orig/certs/lib/userfuncs.C work.new/certs/lib/userfuncs.C +--- skipsrc-1.0.orig/certs/lib/userfuncs.C Fri Oct 25 13:11:51 1996 ++++ work.new/certs/lib/userfuncs.C Mon Jan 24 12:35:38 2000 +@@ -47,6 +47,8 @@ + #include + #include + #include ++#include ++#include + #include "Time.h" + #include "Bigint.h" + #include "Bstream.h" diff --git a/security/skip/files/patch-az b/security/skip/files/patch-az index 66aa82fa6d44..975aa2f1b8fa 100644 --- a/security/skip/files/patch-az +++ b/security/skip/files/patch-az @@ -1,12 +1,27 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/libdb/hash/hash.h work.new/libdb/hash/hash.h ---- skipsrc-1.0.orig/libdb/hash/hash.h Fri Oct 25 13:12:21 1996 -+++ work.new/libdb/hash/hash.h Mon Mar 8 21:33:38 1999 -@@ -103,7 +103,7 @@ - BUFHEAD *cpage; /* Current page */ - int cbucket; /* Current bucket */ - int cndx; /* Index of next item on cpage */ -- int errno; /* Error Number -- for DBM -+ int errnum; /* Error Number -- for DBM - * compatability */ - int new_file; /* Indicates if fd is backing store - * or no */ +diff -ur --unidirectional-new-file skipsrc-1.0.orig/doc/INSTALL work.new/doc/INSTALL +--- skipsrc-1.0.orig/doc/INSTALL Fri Oct 25 13:11:55 1996 ++++ work.new/doc/INSTALL Mon Jan 24 12:35:38 2000 +@@ -1,6 +1,13 @@ + Quick-Start Guide + ----------------- + ++ *** ++ *** NOTE TO FREEBSD PORT USERS ++ *** ++ *** If you've installed SKIP using the FreeBSD port ++ *** or package, you can go directly to step #4. ++ *** ++ + This is a quick-start guide for SKIP. It covers installing the SKIP + binaries and setting up IP-level encryption between two hosts. + +@@ -64,7 +71,8 @@ + View the key manager log file to see if the the certificate + exchange and the shared secret computation succeeded: + +- tail /var/log/skip.log ++ tail /var/log/skiphost.log ++ tail /var/log/messages + + If you have tcpdump, etherfind, snoop, or some other packet dumping + utility, you can verify that encrypted packets are using protocol 57. diff --git a/security/skip/files/patch-ba b/security/skip/files/patch-ba index d9d7779ed51a..6fa0f6c56180 100644 --- a/security/skip/files/patch-ba +++ b/security/skip/files/patch-ba @@ -1,21 +1,77 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/libdb/hash/ndbm.c work.new/libdb/hash/ndbm.c ---- skipsrc-1.0.orig/libdb/hash/ndbm.c Fri Oct 25 13:12:22 1996 -+++ work.new/libdb/hash/ndbm.c Mon Mar 8 21:33:38 1999 -@@ -180,7 +180,7 @@ - HTAB *hp; - - hp = (HTAB *)db->internal; -- return (hp->errno); -+ return (hp->errnum); - } - - extern int -@@ -190,7 +190,7 @@ - HTAB *hp; - - hp = (HTAB *)db->internal; -- hp->errno = 0; -+ hp->errnum = 0; - return (0); - } - +diff -ur --unidirectional-new-file skipsrc-1.0.orig/doc/README.FreeBSD work.new/doc/README.FreeBSD +--- skipsrc-1.0.orig/doc/README.FreeBSD Wed Dec 31 16:00:00 1969 ++++ work.new/doc/README.FreeBSD Mon Jan 24 12:35:38 2000 +@@ -0,0 +1,73 @@ ++ ++Some notes regarding the FreeBSD port of SKIP ++December 8, 1997 ++ ++- Much of the non-man page documentation has NOT be patched to reflect ++ the different locations of files, etc. The main difference is that the ++ original version of SKIP puts everything under /usr/skip, whereas the ++ FreeBSD port has put it under @@PREFIX@@. This documentation can be ++ found in @@PREFIX@@/share/doc/skip. ++ ++- Thanks to Stephanie Wehner, skiphost now takes a new argument for specifying ++ the source address for encrypted packets. This allows encrypted packets ++ that are being tunnelled between two routers to have source and dest ++ IP addresses of only those two routers. This reduces firewall complexity ++ in many cases. From her description: ++ ++ This adds another command line option to skiphost, namely ++ -f . Every packet going out to the other host ++ will then have this source address in the packet. ++ ++- SKIP is applied to packets *after* any ipfw(8) filtering is applied. ++ This is true for both incoming and outgoing packets. Note that SKIP ++ has its own access control functionality. ++ ++ One way to deal with this is to do the following: ++ ++ - Setup ipfw as you normally would to restrict access to your machine. ++ - Add additional ipfw rules to allow SKIP related traffic: ++ - ipfw add 10 allow 57 from any to any ++ - ipfw add 10 allow 79 from any to any (if using SunScreen mode) ++ - ipfw add 10 allow 50 from any to any (if using raw ESP/AH mode) ++ - ipfw add 10 allow 51 from any to any (if using raw ESP/AH mode) ++ - ipfw add 10 allow udp from any to 1640 ++ - ipfw add 10 allow udp from 1640 to any ++ - Set the default rule for SKIP to be to allow access. ++ ++- Skipd will logs via syslog(3) instead of logging directly ++ to /var/log/skip.log as before, using the LOG_DAEMON facility. ++ ++ You may want to redirect this output to its own log file. ++ This is done by the following steps: ++ ++ 1. touch /var/log/skipd.log ++ 2. Edit /etc/syslog.conf and add these lines at the end: ++ ++ !skipd ++ *.* /var/log/skipd.log ++ ++ 3. Edit /etc/newsyslog.conf as appropriate ++ 4. Restart syslogd ++ ++- Each time skip is started (at reboot time), the skiphost ++ output is written to /var/log/skiphost.log. You may also ++ want to add an entry to /etc/newsyslog.conf for this one ++ as well. ++ ++- Users of skip should subscribe to the SKIP mailing list ++ by sending an email to "majordomo@skip.org" containing ++ the line "subscribe skip-info". ++ ++- If you have trouble: ++ ++ - If there is a problem with the port itself (e.g., it won't ++ compile on your system), use send-pr(1) to send a problem report. ++ ++ - If you are having trouble with SKIP configuration, use, ++ compatibility, etc., send your questions to the SKIP ++ mailing list: skip-info@skip.org (you should subscribe ++ to it first). ++ ++Thanks, ++-Archie Cobbs ++ diff --git a/security/skip/files/patch-bb b/security/skip/files/patch-bb index e0391db7cec4..eb3518a56ddf 100644 --- a/security/skip/files/patch-bb +++ b/security/skip/files/patch-bb @@ -1,60 +1,69 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/mkpkgs/freebsd/Makefile work.new/mkpkgs/freebsd/Makefile ---- skipsrc-1.0.orig/mkpkgs/freebsd/Makefile Fri Oct 25 13:12:32 1996 -+++ work.new/mkpkgs/freebsd/Makefile Thu Jul 22 11:03:37 1999 -@@ -64,6 +64,8 @@ - $(BLD_DIR)/doc/SKIP_SOFTWARE_LICENSE \ - $(BLD_DIR)/doc/BN_SOFTWARE_LICENSE \ - $(BLD_DIR)/doc/README.PATENT \ -+ $(BLD_DIR)/doc/README.FreeBSD \ -+ $(BLD_DIR)/doc/README.FreeBSD+NAT \ - $(BLD_DIR)/doc/00README \ - $(BLD_DIR)/doc/INSTALL \ - $(BLD_DIR)/doc/advanced.TOPICS \ -@@ -104,10 +106,10 @@ - $(MKDIR) $(BSDPROTO)/bin - $(MKDIR) $(BSDPROTO)/doc - -- $(INSTALL) -m 0555 $(BLD_DIR)/skip/freebsd/install.skip \ -- $(BSDPROTO)/install.skip -- $(INSTALL) -m 0555 $(BLD_DIR)/admin/remove.skip \ -- $(BSDPROTO)/remove.skip -+# $(INSTALL) -m 0555 $(BLD_DIR)/skip/freebsd/install.skip \ -+# $(BSDPROTO)/install.skip -+# $(INSTALL) -m 0555 $(BLD_DIR)/admin/remove.skip \ -+# $(BSDPROTO)/remove.skip - - @echo "Initializing skip/etc directory" - $(INSTALL) -m 0444 $(BLD_DIR)/admin/SunICG_CA_selfcert \ -@@ -124,8 +126,8 @@ - $(BSDPROTO)/etc/skipd.conf - - @echo "Adding skip/drv to release" -- $(INSTALL) -m 0755 $(BLD_DIR)/skip/freebsd/bin.x86/skip.o \ -- $(BSDPROTO)/drv/skip.o -+ $(INSTALL) -m 0755 $(BLD_DIR)/skip/freebsd/skip.ko \ -+ $(BSDPROTO)/drv/skip.ko - - @echo "Adding skip/bin to release" - $(INSTALL) -m 0755 $(BLD_DIR)/skip/tools/skiptool/none.ras \ -@@ -191,6 +193,10 @@ - $(BSDPROTO)/doc/BN_SOFTWARE_LICENSE - $(INSTALL) -m 0644 $(BLD_DIR)/doc/README.PATENT \ - $(BSDPROTO)/doc/README.PATENT -+ $(INSTALL) -m 0644 $(BLD_DIR)/doc/README.FreeBSD \ -+ $(BSDPROTO)/doc/README.FreeBSD -+ $(INSTALL) -m 0644 $(BLD_DIR)/doc/README.FreeBSD+NAT \ -+ $(BSDPROTO)/doc/README.FreeBSD+NAT - $(INSTALL) -m 0644 $(BLD_DIR)/doc/00README \ - $(BSDPROTO)/doc/00README - $(INSTALL) -m 0644 $(BLD_DIR)/doc/INSTALL \ -@@ -239,8 +245,8 @@ - $(BSDPROTO)/man/man4/raw_keys.4 - $(INSTALL) -m 0644 $(BLD_DIR)/certs/man/print_cert.1m \ - $(BSDPROTO)/man/man1/print_cert.1 -- (cd $(BSDBIN); tar cvf skip.tar skip) -- (cd $(BSDBIN); compress skip.tar) -+# (cd $(BSDBIN); tar cvf skip.tar skip) -+# (cd $(BSDBIN); compress skip.tar) - - clean: - @-$(RM) -rf $(BSDBIN) +diff -ur --unidirectional-new-file skipsrc-1.0.orig/doc/README.FreeBSD+NAT work.new/doc/README.FreeBSD+NAT +--- skipsrc-1.0.orig/doc/README.FreeBSD+NAT Wed Dec 31 16:00:00 1969 ++++ work.new/doc/README.FreeBSD+NAT Mon Jan 24 12:35:42 2000 +@@ -0,0 +1,65 @@ ++Using SKIP and FreeBSD's NAT (Network Address Translation) together ++------------------------------------------------------------------- ++ ++Skip and NAT are two very popular strategies for building secure ++networks with FreeBSD. They are sometimes believed to be incompatable ++when applied to the same interface. They will work together, however, ++when correctly configured. This document addresses the reference ++implementation of SKIP (1.0) and natd as implemented through ipfw. ++ ++The key to understanding the operation of SKIP and NAT in parallel is to ++realize that inbound packets traverse the ipfw ruleset twice - once as an ++encapsulated packet and once as an de-encapsulated packet with the ++original destination address restored. Outbound packets, on the other ++hand, make a single pass in the unencapsulated state. This understanding ++can be used to advantage in building a nomadic SKIP server. A nomadic SKIP ++server allows any host equipped with a SKIP client to connect to the ++Internet (eg. via a dialup connection to an ISP) and then establish a ++secure connection to the nomadic SKIP server allowing full access to a ++Local Area Network. Because the remote host may have a different IP ++address each time it connects it is known as a nomad and its KeyID is ++used for identification rather than the IP address identification normally ++used to establish authenticity. ++ ++The primary difficulty in setting up a nomadic server in conjunction with ++NAT is not in reaching in to the LAN but in returning a response to the ++remote host. The remote host IP address cannot, by definition, be known ++in advance. Further - authentication of the remote host and ++identification of its IP address by the SKIP module does not proceed to ++update the routing tables in the kernel. A LAN host receiving a ++connection request has insufficient information to reply to the remote ++host either via a static route or by dynamic routing. ++ ++This leads to the requirement that the nomadic server must be in-line ++between the Internet and the LAN so that all packets not destined for the ++LAN are routed to the nomadic server by the gateway address in the LAN ++host. ++ ++The second requirement is to prevent NAT from interfering. NAT does ++not bother the SKIP pass as the packet header is directed to the ++nat/skiphost. You can count the inbound SKIP packets as they ++can be identified by the SKIP protocol (57). Use an ipfw rule ++before the NAT rule such as: ++ ++00010 allow skip from any to any in recv fxp0 ++00100 divert 8668 ip from any to any via fxp0 ++ ++assuming that skip is identified as 57 in /etc/protocols. ++ ++A rule is required for the de-encrypted packets to allow them to be ++forwarded to the LAN by the routing mechanism without interference from ++NAT during the second pass: ++ ++00010 allow skip from any to any in recv fxp0 ++00020 allow ip from any to 192.168.0.0/24 in recv fxp0 ++00100 divert 8668 ip from any to any via fxp0 ++ ++Now you can have nomadic hosts connect securely as part of the LAN and ++hosts on the LAN can continue to access the Internet through NAT. Of ++course, you have to configure the skiphost ACL correctly and setup the ++SKIP client on the nomad to match but that's covered in the ++documentation. ++ ++Jim Flowers ++#4 ISP on C|NET, #1 in Ohio ++ diff --git a/security/skip/files/patch-bc b/security/skip/files/patch-bc index 1ecbfe8e44e4..ba634c1310b9 100644 --- a/security/skip/files/patch-bc +++ b/security/skip/files/patch-bc @@ -1,73 +1,22 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/bdcmod/des_ecb/dessp.c work.new/skip/bdcmod/des_ecb/dessp.c ---- skipsrc-1.0.orig/skip/bdcmod/des_ecb/dessp.c Fri Oct 25 13:12:34 1996 -+++ work.new/skip/bdcmod/des_ecb/dessp.c Mon Mar 8 21:33:38 1999 -@@ -2,6 +2,7 @@ - #pragma ident "@(#)dessp.c 1.2 95/11/15 Sun Microsystems" +diff -ur --unidirectional-new-file skipsrc-1.0.orig/doc/ROADMAP work.new/doc/ROADMAP +--- skipsrc-1.0.orig/doc/ROADMAP Fri Oct 25 13:11:55 1996 ++++ work.new/doc/ROADMAP Mon Jan 24 12:35:38 2000 +@@ -1,6 +1,13 @@ + This directory contains documentation and legal statements for this + release. - unsigned long Spbox[8][64] = { -+{ - 0x01010400,0x00000000,0x00010000,0x01010404, - 0x01010004,0x00010404,0x00000004,0x00010000, - 0x00000400,0x01010400,0x01010404,0x00000400, -@@ -18,6 +19,7 @@ - 0x01000004,0x00000404,0x00010404,0x01010400, - 0x00000404,0x01000400,0x01000400,0x00000000, - 0x00010004,0x00010400,0x00000000,0x01010004, -+}, { - 0x80108020,0x80008000,0x00008000,0x00108020, - 0x00100000,0x00000020,0x80100020,0x80008020, - 0x80000020,0x80108020,0x80108000,0x80000000, -@@ -34,6 +36,7 @@ - 0x00100020,0x80008020,0x80000020,0x00100020, - 0x00108000,0x00000000,0x80008000,0x00008020, - 0x80000000,0x80100020,0x80108020,0x00108000, -+}, { - 0x00000208,0x08020200,0x00000000,0x08020008, - 0x08000200,0x00000000,0x00020208,0x08000200, - 0x00020008,0x08000008,0x08000008,0x00020000, -@@ -50,6 +53,7 @@ - 0x00000008,0x00020208,0x00020200,0x08000008, - 0x08020000,0x08000208,0x00000208,0x08020000, - 0x00020208,0x00000008,0x08020008,0x00020200, -+}, { - 0x00802001,0x00002081,0x00002081,0x00000080, - 0x00802080,0x00800081,0x00800001,0x00002001, - 0x00000000,0x00802000,0x00802000,0x00802081, -@@ -66,6 +70,7 @@ - 0x00800001,0x00002001,0x00802080,0x00800081, - 0x00002001,0x00002080,0x00800000,0x00802001, - 0x00000080,0x00800000,0x00002000,0x00802080, -+}, { - 0x00000100,0x02080100,0x02080000,0x42000100, - 0x00080000,0x00000100,0x40000000,0x02080000, - 0x40080100,0x00080000,0x02000100,0x40080100, -@@ -82,6 +87,7 @@ - 0x02080000,0x00000000,0x40080000,0x42000000, - 0x00080100,0x02000100,0x40000100,0x00080000, - 0x00000000,0x40080000,0x02080100,0x40000100, -+}, { - 0x20000010,0x20400000,0x00004000,0x20404010, - 0x20400000,0x00000010,0x20404010,0x00400000, - 0x20004000,0x00404010,0x00400000,0x20000010, -@@ -98,6 +104,7 @@ - 0x00000010,0x00004000,0x20400000,0x00404010, - 0x00004000,0x00400010,0x20004010,0x00000000, - 0x20404000,0x20000000,0x00400010,0x20004010, -+}, { - 0x00200000,0x04200002,0x04000802,0x00000000, - 0x00000800,0x04000802,0x00200802,0x04200800, - 0x04200802,0x00200000,0x00000000,0x04000002, -@@ -114,6 +121,7 @@ - 0x00200800,0x00000000,0x00000002,0x04200802, - 0x00000000,0x00200802,0x04200000,0x00000800, - 0x04000002,0x04000800,0x00000800,0x00200002, -+}, { - 0x10001040,0x00001000,0x00040000,0x10041040, - 0x10000000,0x10001040,0x00000040,0x10000000, - 0x00040040,0x10040000,0x10041040,0x00041000, -@@ -130,4 +138,5 @@ - 0x10040000,0x10001000,0x10001040,0x00000000, - 0x10041040,0x00041000,0x00041000,0x00001040, - 0x00001040,0x00040040,0x10000000,0x10041000, -+}, - }; ++README.FreeBSD - Notes on the FreeBSD port of SKIP. ++ ++README.FreeBSD+NAT - Notes on using SKIP with FreeBSD's NAT ++ (Network Address Translation). ++ ++All of the other documentation is NOT specific to FreeBSD: ++ + 00README - Introduction, Release notes and Build + Instructions. Read this first. You + should read this if only for the +@@ -24,3 +31,4 @@ + architecture and performance. + + usersguide.* - User's guide in various formats ++ diff --git a/security/skip/files/patch-bd b/security/skip/files/patch-bd index 77494a7d194d..6fc23297ca7f 100644 --- a/security/skip/files/patch-bd +++ b/security/skip/files/patch-bd @@ -1,12 +1,17 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/bdcmod/fast_des_cbc/descbc.c work.new/skip/bdcmod/fast_des_cbc/descbc.c ---- skipsrc-1.0.orig/skip/bdcmod/fast_des_cbc/descbc.c Fri Oct 25 13:12:36 1996 -+++ work.new/skip/bdcmod/fast_des_cbc/descbc.c Mon Mar 8 21:33:38 1999 -@@ -424,7 +424,7 @@ - return; - cs=(struct des_cbc_state *)csp; +diff -ur --unidirectional-new-file skipsrc-1.0.orig/libdb/PORT/freebsd2.1/include/compat.h work.new/libdb/PORT/freebsd2.1/include/compat.h +--- skipsrc-1.0.orig/libdb/PORT/freebsd2.1/include/compat.h Fri Oct 25 13:12:04 1996 ++++ work.new/libdb/PORT/freebsd2.1/include/compat.h Mon Jan 24 12:35:38 2000 +@@ -125,13 +125,6 @@ + #define bcopy(a, b, n) memmove(b, a, n) + #endif -- *payload = IPPROTO_ENCAP; -+ *payload = IPPROTO_IPIP; - - ks = (unsigned long *)(cs->keysched); - mod8 = (len & 0x07); /* technically this is (len % 8) */ +-#if defined(BSD) || defined(BSD4_3) +-#define strchr(a, b) index(a, b) +-#define strrchr(a, b) rindex(a, b) +-#define memcmp(a, b, n) bcmp(a, b, n) +-#define memmove(a, b, n) bcopy(b, a, n) +-#endif +- + /* + * 32-bit machine. The db routines are theoretically independent of + * the size of u_shorts and u_longs, but I don't know that anyone has diff --git a/security/skip/files/patch-be b/security/skip/files/patch-be index cb38c71c3e53..f95e2e7dd953 100644 --- a/security/skip/files/patch-be +++ b/security/skip/files/patch-be @@ -1,12 +1,58 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/bdcmod/simplecrypt/simplecrypt.c work.new/skip/bdcmod/simplecrypt/simplecrypt.c ---- skipsrc-1.0.orig/skip/bdcmod/simplecrypt/simplecrypt.c Fri Oct 25 13:12:38 1996 -+++ work.new/skip/bdcmod/simplecrypt/simplecrypt.c Mon Mar 8 21:33:38 1999 -@@ -335,7 +335,7 @@ - register char *s = keyp->buf; - register char *e = keyp->buf + keyp->len; - -- *payload_type = IPPROTO_ENCAP; -+ *payload_type = IPPROTO_IPIP; - - /* - * exclusive-or the key over the buffer +diff -ur --unidirectional-new-file skipsrc-1.0.orig/libdb/hash/hash.c work.new/libdb/hash/hash.c +--- skipsrc-1.0.orig/libdb/hash/hash.c Fri Oct 25 13:12:20 1996 ++++ work.new/libdb/hash/hash.c Mon Jan 24 12:35:38 2000 +@@ -505,7 +505,7 @@ + else + if (wsize != sizeof(HASHHDR)) { + errno = EFTYPE; +- hashp->errno = errno; ++ hashp->errnum = errno; + return (-1); + } + for (i = 0; i < NCACHED; i++) +@@ -536,7 +536,7 @@ + + hashp = (HTAB *)dbp->internal; + if (flag) { +- hashp->errno = errno = EINVAL; ++ hashp->errnum = errno = EINVAL; + return (ERROR); + } + return (hash_access(hashp, HASH_GET, (DBT *)key, data)); +@@ -553,11 +553,11 @@ + + hashp = (HTAB *)dbp->internal; + if (flag && flag != R_NOOVERWRITE) { +- hashp->errno = errno = EINVAL; ++ hashp->errnum = errno = EINVAL; + return (ERROR); + } + if ((hashp->flags & O_ACCMODE) == O_RDONLY) { +- hashp->errno = errno = EPERM; ++ hashp->errnum = errno = EPERM; + return (ERROR); + } + return (hash_access(hashp, flag == R_NOOVERWRITE ? +@@ -574,11 +574,11 @@ + + hashp = (HTAB *)dbp->internal; + if (flag && flag != R_CURSOR) { +- hashp->errno = errno = EINVAL; ++ hashp->errnum = errno = EINVAL; + return (ERROR); + } + if ((hashp->flags & O_ACCMODE) == O_RDONLY) { +- hashp->errno = errno = EPERM; ++ hashp->errnum = errno = EPERM; + return (ERROR); + } + return (hash_access(hashp, HASH_DELETE, (DBT *)key, NULL)); +@@ -729,7 +729,7 @@ + + hashp = (HTAB *)dbp->internal; + if (flag && flag != R_FIRST && flag != R_NEXT) { +- hashp->errno = errno = EINVAL; ++ hashp->errnum = errno = EINVAL; + return (ERROR); + } + #ifdef HASH_STATISTICS diff --git a/security/skip/files/patch-bf b/security/skip/files/patch-bf index 308bc3f9159b..7dc4790f6b0c 100644 --- a/security/skip/files/patch-bf +++ b/security/skip/files/patch-bf @@ -1,30 +1,12 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/common/skip_keystore.c work.new/skip/common/skip_keystore.c ---- skipsrc-1.0.orig/skip/common/skip_keystore.c Fri Oct 25 13:12:41 1996 -+++ work.new/skip/common/skip_keystore.c Tue Mar 9 20:23:43 1999 -@@ -308,7 +308,7 @@ - /* - * SKIP tunneling mode - */ -- params->payload_type = IPPROTO_ENCAP; -+ params->payload_type = IPPROTO_IPIP; - } - /* - * Return offset of data to decrypt -@@ -1177,7 +1177,7 @@ - * Returns: none - */ - void --skip_key_iterate(int (*f)(), void *arg) -+skip_key_iterate(int (*f)(skip_keycb_t *, void *), void *arg) - { - skip_keycb_t *cp, *ncp; - int i, rc; -@@ -1209,7 +1209,7 @@ - for (cp = skip_decrypt_hashtable[i]; cp; cp = ncp) { - ncp = cp->next; - -- rc = (*f)(cp); -+ rc = (*f)(cp, arg); - - if (rc) { - skip_hash_remove(cp, skip_decrypt_hashtable, +diff -ur --unidirectional-new-file skipsrc-1.0.orig/libdb/hash/hash.h work.new/libdb/hash/hash.h +--- skipsrc-1.0.orig/libdb/hash/hash.h Fri Oct 25 13:12:21 1996 ++++ work.new/libdb/hash/hash.h Mon Jan 24 12:35:38 2000 +@@ -103,7 +103,7 @@ + BUFHEAD *cpage; /* Current page */ + int cbucket; /* Current bucket */ + int cndx; /* Index of next item on cpage */ +- int errno; /* Error Number -- for DBM ++ int errnum; /* Error Number -- for DBM + * compatability */ + int new_file; /* Indicates if fd is backing store + * or no */ diff --git a/security/skip/files/patch-bg b/security/skip/files/patch-bg index f3a5efbfac11..458b5854f741 100644 --- a/security/skip/files/patch-bg +++ b/security/skip/files/patch-bg @@ -1,111 +1,21 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/Makefile work.new/skip/freebsd/Makefile ---- skipsrc-1.0.orig/skip/freebsd/Makefile Fri Oct 25 13:12:41 1996 -+++ work.new/skip/freebsd/Makefile Tue Mar 9 19:07:45 1999 -@@ -1,105 +1,3 @@ --# SKIP Source Code License Statement: --# ------------------------------------------------------------------ --# Copyright --# Sun Microsystems, Inc. --# --# --# Copyright (C) 1994, 1995, 1996 Sun Microsystems, Inc. All Rights --# Reserved. --# --# Permission is hereby granted, free of charge, to any person --# obtaining a copy of this software and associated documentation --# files (the "Software"), to deal in the Software without --# restriction, including without limitation the rights to use, --# copy, modify, merge, publish, distribute, sublicense, and/or sell --# copies of the Software or derivatives of the Software, and to --# permit persons to whom the Software or its derivatives is furnished --# to do so, subject to the following conditions: --# --# The above copyright notice and this permission notice shall be --# included in all copies or substantial portions of the Software. --# --# The Software must not be transferred to persons who are not US --# citizens or permanent residents of the US or exported outside --# the US (except Canada) in any form (including by electronic --# transmission) without prior written approval from the US --# Government. Non-compliance with these restrictions constitutes --# a violation of the U.S. Export Control Laws. --# --# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, --# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES --# OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND --# NONINFRINGEMENT. IN NO EVENT SHALL SUN MICROSYSTEMS, INC., BE LIABLE --# FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION --# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN --# CONNECTION WITH THE SOFTWARE OR DERIVATES OF THIS SOFTWARE OR --# THE USE OR OTHER DEALINGS IN THE SOFTWARE. --# --# Except as contained in this notice, the name of Sun Microsystems, Inc. --# shall not be used in advertising or otherwise to promote --# the sale, use or other dealings in this Software or its derivatives --# without prior written authorization from Sun Microsystems, Inc. --#pragma ident "@(#)Makefile 1.20 96/02/05 Sun Microsystems" -+all depend install clean: -+ MAKEFLAGS= MFLAGS= MAKELEVEL= /usr/bin/make -f Makefile.bmake $@ +diff -ur --unidirectional-new-file skipsrc-1.0.orig/libdb/hash/ndbm.c work.new/libdb/hash/ndbm.c +--- skipsrc-1.0.orig/libdb/hash/ndbm.c Fri Oct 25 13:12:22 1996 ++++ work.new/libdb/hash/ndbm.c Mon Jan 24 12:35:38 2000 +@@ -180,7 +180,7 @@ + HTAB *hp; + + hp = (HTAB *)db->internal; +- return (hp->errno); ++ return (hp->errnum); + } + + extern int +@@ -190,7 +190,7 @@ + HTAB *hp; + + hp = (HTAB *)db->internal; +- hp->errno = 0; ++ hp->errnum = 0; + return (0); + } --include ../../Makefile.defs -- --CPPOPTS = -DINET $(K_FLAGS) -D$(K_ARCH) -D__$(K_ARCH)__ \ -- -I$(COMM_INC) -I. --COPTS = ${CPPOPTS} -c --CFLAGS = ${COPTS} $(K_DEBUG) -- --CFILES = skip_wrapper.c skip_es.c -- -- --ES_OBJS = $(CFILES:%.c=$(K_DIR)/%.o) --CRYPTS = ../bdcmod/simplecrypt/$(K_DIR)/simplecrypt.o \ -- ../bdcmod/fast_des_cbc/$(K_DIR)/descbc.o \ -- ../bdcmod/fast_des_cbc/$(K_DIR)/des.o \ -- ../bdcmod/fast_des_cbc/$(K_DIR)/dessp.o \ -- ../bdcmod/des_ede_cbc/$(K_DIR)/des_ede_cbc.o \ -- ../bdcmod/des_ede_cbc/$(K_DIR)/des_ede_ecb.o \ -- ../bdcmod/safer/$(K_DIR)/skip_safercbc.o \ -- ../bdcmod/safer/$(K_DIR)/safer.o -- --COMDIR = ../common/$(K_DIR) -- --COMOBJS = $(COMDIR)/skip_hdr.o $(COMDIR)/skip_es_bypass.o \ -- $(COMDIR)/skip_crypt.o $(COMDIR)/skip_ioctl.o \ -- $(COMDIR)/skip_keystore.o $(COMDIR)/skip_keymgrmsgs.o \ -- $(COMDIR)/skip_ipsp.o $(COMDIR)/skip_nsid.o \ -- $(COMDIR)/skip_ah.o $(COMDIR)/skip_md5.o $(COMDIR)/skip_acl.o -- --MDV_OBJ = $(COMDIR)/md5.o -- --OBJS = $(ES_OBJS) $(COMOBJS) $(CRYPTS) $($(AHOBJS)) -- --HDRS = $(COMM_INC)/skip_keymgrmsgs.h $(COMM_INC)/skip_ioctl.h \ -- $(COMM_INC)/skip_key.h $(COMM_INC)/skip_crypt.h \ -- $(COMM_INC)/skip_types.h $(COMM_INC)/skip_es.h \ -- $(COMM_INC)/skip_sunos.h $(COMM_INC)/skip_proto.h \ -- skip_if.h $(COMM_INC)/skip_acl.h -- --all: $(K_DIR) $(K_DIR)/skip.o -- --$(K_DIR)/skip_wrapper.o: skip_wrapper.c -- $(CC) $(CFLAGS) -o $@ $< -- --$(K_DIR)/skip_es.o: skip_es.c -- $(CC) $(CFLAGS) -o $@ $< -- -- --$(K_DIR): -- @[ -d $(K_DIR) ] || mkdir -p $(K_DIR) -- --$(K_DIR)/skip.o: $(OBJS) -- $(LD) -r -o $(K_DIR)/skip.o $(OBJS) -- @ /usr/bin/modstat -- --clean: -- @$(RM) -r $(K_DIR) *.pp *.L -- @-$(SCCSCLEAN) -- --cleanall: -- @$(RM) -rf *bin.* -- @-$(SCCSCLEAN) -- diff --git a/security/skip/files/patch-bh b/security/skip/files/patch-bh index 4ef3dc458d4f..b465af6889b9 100644 --- a/security/skip/files/patch-bh +++ b/security/skip/files/patch-bh @@ -1,47 +1,60 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/Makefile.bmake work.new/skip/freebsd/Makefile.bmake ---- skipsrc-1.0.orig/skip/freebsd/Makefile.bmake Wed Dec 31 16:00:00 1969 -+++ work.new/skip/freebsd/Makefile.bmake Tue Mar 9 20:44:40 1999 -@@ -0,0 +1,43 @@ -+ -+.include "../../Makefile.defs" -+ -+CPPOPTS = -DINET $(K_FLAGS) -D$(K_ARCH) -D__$(K_ARCH)__ \ -+ -I$(COMM_INC) -I. -+COPTS = ${CPPOPTS} -c -+CFLAGS = ${COPTS} $(K_DEBUG) -+ -+CFILES = skip_wrapper.c skip_es.c -+ -+ES_OBJS = skip_wrapper.o skip_es.o -+ -+CRYPTS = ../bdcmod/simplecrypt/$(K_DIR)/simplecrypt.o \ -+ ../bdcmod/fast_des_cbc/$(K_DIR)/descbc.o \ -+ ../bdcmod/fast_des_cbc/$(K_DIR)/des.o \ -+ ../bdcmod/fast_des_cbc/$(K_DIR)/dessp.o \ -+ ../bdcmod/des_ede_cbc/$(K_DIR)/des_ede_cbc.o \ -+ ../bdcmod/des_ede_cbc/$(K_DIR)/des_ede_ecb.o \ -+ ../bdcmod/safer/$(K_DIR)/skip_safercbc.o \ -+ ../bdcmod/safer/$(K_DIR)/safer.o -+ -+COMDIR = ../common/$(K_DIR) -+ -+COMOBJS = $(COMDIR)/skip_hdr.o $(COMDIR)/skip_es_bypass.o \ -+ $(COMDIR)/skip_crypt.o $(COMDIR)/skip_ioctl.o \ -+ $(COMDIR)/skip_keystore.o $(COMDIR)/skip_keymgrmsgs.o \ -+ $(COMDIR)/skip_ipsp.o $(COMDIR)/skip_nsid.o \ -+ $(COMDIR)/skip_ah.o $(COMDIR)/skip_md5.o $(COMDIR)/skip_acl.o -+ -+MDV_OBJ = $(COMDIR)/md5.o -+ -+OBJS = $(ES_OBJS) $(COMOBJS) $(CRYPTS) $($(AHOBJS)) -+ -+HDRS = $(COMM_INC)/skip_keymgrmsgs.h $(COMM_INC)/skip_ioctl.h \ -+ $(COMM_INC)/skip_key.h $(COMM_INC)/skip_crypt.h \ -+ $(COMM_INC)/skip_types.h $(COMM_INC)/skip_es.h \ -+ $(COMM_INC)/skip_sunos.h $(COMM_INC)/skip_proto.h \ -+ skip_if.h $(COMM_INC)/skip_acl.h -+ -+KMOD = skip -+KLDMOD = yes -+ -+.include +diff -ur --unidirectional-new-file skipsrc-1.0.orig/mkpkgs/freebsd/Makefile work.new/mkpkgs/freebsd/Makefile +--- skipsrc-1.0.orig/mkpkgs/freebsd/Makefile Fri Oct 25 13:12:32 1996 ++++ work.new/mkpkgs/freebsd/Makefile Mon Jan 24 12:35:38 2000 +@@ -64,6 +64,8 @@ + $(BLD_DIR)/doc/SKIP_SOFTWARE_LICENSE \ + $(BLD_DIR)/doc/BN_SOFTWARE_LICENSE \ + $(BLD_DIR)/doc/README.PATENT \ ++ $(BLD_DIR)/doc/README.FreeBSD \ ++ $(BLD_DIR)/doc/README.FreeBSD+NAT \ + $(BLD_DIR)/doc/00README \ + $(BLD_DIR)/doc/INSTALL \ + $(BLD_DIR)/doc/advanced.TOPICS \ +@@ -104,10 +106,10 @@ + $(MKDIR) $(BSDPROTO)/bin + $(MKDIR) $(BSDPROTO)/doc + +- $(INSTALL) -m 0555 $(BLD_DIR)/skip/freebsd/install.skip \ +- $(BSDPROTO)/install.skip +- $(INSTALL) -m 0555 $(BLD_DIR)/admin/remove.skip \ +- $(BSDPROTO)/remove.skip ++# $(INSTALL) -m 0555 $(BLD_DIR)/skip/freebsd/install.skip \ ++# $(BSDPROTO)/install.skip ++# $(INSTALL) -m 0555 $(BLD_DIR)/admin/remove.skip \ ++# $(BSDPROTO)/remove.skip + + @echo "Initializing skip/etc directory" + $(INSTALL) -m 0444 $(BLD_DIR)/admin/SunICG_CA_selfcert \ +@@ -124,8 +126,8 @@ + $(BSDPROTO)/etc/skipd.conf + + @echo "Adding skip/drv to release" +- $(INSTALL) -m 0755 $(BLD_DIR)/skip/freebsd/bin.x86/skip.o \ +- $(BSDPROTO)/drv/skip.o ++ $(INSTALL) -m 0755 $(BLD_DIR)/skip/freebsd/skip.ko \ ++ $(BSDPROTO)/drv/skip.ko + + @echo "Adding skip/bin to release" + $(INSTALL) -m 0755 $(BLD_DIR)/skip/tools/skiptool/none.ras \ +@@ -191,6 +193,10 @@ + $(BSDPROTO)/doc/BN_SOFTWARE_LICENSE + $(INSTALL) -m 0644 $(BLD_DIR)/doc/README.PATENT \ + $(BSDPROTO)/doc/README.PATENT ++ $(INSTALL) -m 0644 $(BLD_DIR)/doc/README.FreeBSD \ ++ $(BSDPROTO)/doc/README.FreeBSD ++ $(INSTALL) -m 0644 $(BLD_DIR)/doc/README.FreeBSD+NAT \ ++ $(BSDPROTO)/doc/README.FreeBSD+NAT + $(INSTALL) -m 0644 $(BLD_DIR)/doc/00README \ + $(BSDPROTO)/doc/00README + $(INSTALL) -m 0644 $(BLD_DIR)/doc/INSTALL \ +@@ -239,8 +245,8 @@ + $(BSDPROTO)/man/man4/raw_keys.4 + $(INSTALL) -m 0644 $(BLD_DIR)/certs/man/print_cert.1m \ + $(BSDPROTO)/man/man1/print_cert.1 +- (cd $(BSDBIN); tar cvf skip.tar skip) +- (cd $(BSDBIN); compress skip.tar) ++# (cd $(BSDBIN); tar cvf skip.tar skip) ++# (cd $(BSDBIN); compress skip.tar) + + clean: + @-$(RM) -rf $(BSDBIN) diff --git a/security/skip/files/patch-bi b/security/skip/files/patch-bi index 8cb93c923c5a..737514b3c640 100644 --- a/security/skip/files/patch-bi +++ b/security/skip/files/patch-bi @@ -1,12 +1,73 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/Makefile.defs work.new/skip/freebsd/Makefile.defs ---- skipsrc-1.0.orig/skip/freebsd/Makefile.defs Fri Oct 25 13:12:42 1996 -+++ work.new/skip/freebsd/Makefile.defs Mon Mar 8 22:25:13 1999 -@@ -93,7 +93,7 @@ +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/bdcmod/des_ecb/dessp.c work.new/skip/bdcmod/des_ecb/dessp.c +--- skipsrc-1.0.orig/skip/bdcmod/des_ecb/dessp.c Fri Oct 25 13:12:34 1996 ++++ work.new/skip/bdcmod/des_ecb/dessp.c Mon Jan 24 12:35:38 2000 +@@ -2,6 +2,7 @@ + #pragma ident "@(#)dessp.c 1.2 95/11/15 Sun Microsystems" - # Kernel compilation flags - # --K_FLAGS_FREEBSD_gnu = -DKERNEL -DFREEBSD -+K_FLAGS_FREEBSD_gnu = -DKERNEL -DKLD_MODULE - - # OS Libraries - # + unsigned long Spbox[8][64] = { ++{ + 0x01010400,0x00000000,0x00010000,0x01010404, + 0x01010004,0x00010404,0x00000004,0x00010000, + 0x00000400,0x01010400,0x01010404,0x00000400, +@@ -18,6 +19,7 @@ + 0x01000004,0x00000404,0x00010404,0x01010400, + 0x00000404,0x01000400,0x01000400,0x00000000, + 0x00010004,0x00010400,0x00000000,0x01010004, ++}, { + 0x80108020,0x80008000,0x00008000,0x00108020, + 0x00100000,0x00000020,0x80100020,0x80008020, + 0x80000020,0x80108020,0x80108000,0x80000000, +@@ -34,6 +36,7 @@ + 0x00100020,0x80008020,0x80000020,0x00100020, + 0x00108000,0x00000000,0x80008000,0x00008020, + 0x80000000,0x80100020,0x80108020,0x00108000, ++}, { + 0x00000208,0x08020200,0x00000000,0x08020008, + 0x08000200,0x00000000,0x00020208,0x08000200, + 0x00020008,0x08000008,0x08000008,0x00020000, +@@ -50,6 +53,7 @@ + 0x00000008,0x00020208,0x00020200,0x08000008, + 0x08020000,0x08000208,0x00000208,0x08020000, + 0x00020208,0x00000008,0x08020008,0x00020200, ++}, { + 0x00802001,0x00002081,0x00002081,0x00000080, + 0x00802080,0x00800081,0x00800001,0x00002001, + 0x00000000,0x00802000,0x00802000,0x00802081, +@@ -66,6 +70,7 @@ + 0x00800001,0x00002001,0x00802080,0x00800081, + 0x00002001,0x00002080,0x00800000,0x00802001, + 0x00000080,0x00800000,0x00002000,0x00802080, ++}, { + 0x00000100,0x02080100,0x02080000,0x42000100, + 0x00080000,0x00000100,0x40000000,0x02080000, + 0x40080100,0x00080000,0x02000100,0x40080100, +@@ -82,6 +87,7 @@ + 0x02080000,0x00000000,0x40080000,0x42000000, + 0x00080100,0x02000100,0x40000100,0x00080000, + 0x00000000,0x40080000,0x02080100,0x40000100, ++}, { + 0x20000010,0x20400000,0x00004000,0x20404010, + 0x20400000,0x00000010,0x20404010,0x00400000, + 0x20004000,0x00404010,0x00400000,0x20000010, +@@ -98,6 +104,7 @@ + 0x00000010,0x00004000,0x20400000,0x00404010, + 0x00004000,0x00400010,0x20004010,0x00000000, + 0x20404000,0x20000000,0x00400010,0x20004010, ++}, { + 0x00200000,0x04200002,0x04000802,0x00000000, + 0x00000800,0x04000802,0x00200802,0x04200800, + 0x04200802,0x00200000,0x00000000,0x04000002, +@@ -114,6 +121,7 @@ + 0x00200800,0x00000000,0x00000002,0x04200802, + 0x00000000,0x00200802,0x04200000,0x00000800, + 0x04000002,0x04000800,0x00000800,0x00200002, ++}, { + 0x10001040,0x00001000,0x00040000,0x10041040, + 0x10000000,0x10001040,0x00000040,0x10000000, + 0x00040040,0x10040000,0x10041040,0x00041000, +@@ -130,4 +138,5 @@ + 0x10040000,0x10001000,0x10001040,0x00000000, + 0x10041040,0x00041000,0x00041000,0x00001040, + 0x00001040,0x00040040,0x10000000,0x10041000, ++}, + }; diff --git a/security/skip/files/patch-bj b/security/skip/files/patch-bj index e1649f6d01da..790a002d4030 100644 --- a/security/skip/files/patch-bj +++ b/security/skip/files/patch-bj @@ -1,146 +1,12 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/rc work.new/skip/freebsd/rc ---- skipsrc-1.0.orig/skip/freebsd/rc Fri Oct 25 13:13:19 1996 -+++ work.new/skip/freebsd/rc Wed Mar 10 09:24:17 1999 -@@ -44,22 +44,30 @@ - - #pragma ident "@(#)rc 1.5 96/10/08 Sun Microsystems" - # --PATH=/bin:/usr/bin:/sbin:/usr/ucb:/usr/etc --SKIP_PATH=${SKIP_PATH-/usr/skip} --SKIPD=/usr/skip/bin/skipd --SKIP_HOST=/usr/skip/bin/skiphost --SKIP_VAR_CMD=/usr/skip/bin/skipvar --SKIP_SECURE_HOSTS=/etc/skip/hosts --SKIP_ETC=/etc/skip --SKIP_VAR=/var/skip -+ -+PATH=/bin:/usr/bin:/sbin:/usr/sbin -+PREFIX=@@PREFIX@@ -+ -+SKIP_BIN=${PREFIX}/bin -+SKIP_ETC=${PREFIX}/etc/skip -+SKIP_LKM=${PREFIX}/modules -+ -+SKIPD=${SKIP_BIN}/skipd -+SKIP_HOST=${SKIP_BIN}/skiphost -+SKIP_MKDEV=${SKIP_ETC}/skip.mkdev -+SKIP_SECURE_HOSTS=${SKIP_ETC}/hosts -+ -+SKIP_VAR=/var/tmp - VAR_SIZE=830 --SKIP_REQ_FILES="$SKIP_PATH/drv/skip.o $SKIP_ETC/skip.mkdev" --PSEUDO_DRVS="skip" -+ -+SKIP_MOD="skip.ko" -+SKIP_REQ_FILES="${SKIP_LKM}/${SKIP_MOD} ${SKIP_ETC}/skip.mkdev" - - verify_owner() - { - me=`whoami` - if [ $me != "root" ]; then -+ echo "" - echo "skip: this script must be run as root ... fatal error" - exit 1 - fi -@@ -68,6 +76,7 @@ - pre_checks() { - for FILE in $SKIP_REQ_FILES; do - if [ ! -f $FILE ]; then -+ echo "" - echo "skip: installation problem detected" - echo "skip: $FILE not found" - echo "skip: please refer to installation guide" -@@ -76,6 +85,7 @@ - done - - if [ ! -w $SKIP_VAR ]; then -+ echo "" - echo "skip: can not write to $SKIP_VAR" - exit 1 - fi -@@ -85,11 +95,12 @@ - - sync - -- DISK_AVAIL=`df $SKIP_VAR | awk 'NR==2 {x=$4} -+ DISK_AVAIL=`df -k $SKIP_VAR | awk 'NR==2 {x=$4} - NR==3 {x=$3} - END {print x}'` - - if [ $DISK_AVAIL -lt $VAR_SIZE ]; then -+ echo "" - echo "skip: not enough space available in $SKIP_VAR" - echo "skip: $VAR_SIZE kbytes will be required to run the product" - exit 1 -@@ -98,45 +109,47 @@ - - load_driver() - { -- modstat > $SKIP_VAR/modules -- -- # load pseudo-drivers -- for driver in $PSEUDO_DRVS; do -+ kldstat | awk '{ print $5 }' | grep ${SKIP_MOD} > /dev/null 2>&1 - -- awk '{ print $8 }' $SKIP_VAR/modules | grep $driver > /dev/null 2>&1 -+ if [ $? -ne 0 ]; then - -- if [ $? -eq 0 ]; then -- echo "skip: driver already loaded" -- else -- echo "skip: loading driver" -- modload -o $SKIP_VAR/$driver \ -- -p $SKIP_ETC/$driver.mkdev \ -- $SKIP_PATH/drv/$driver.o> /dev/null -- -- -- if [ $? -ne 0 ]; then -- echo "skip: failed to load driver" -- echo "skip: perhaps too many drivers are loaded?" -- exit 1 -- fi -+ # Load KLD -+ kldload ${SKIP_LKM}/${SKIP_MOD} > /dev/null -+ if [ $? -ne 0 ]; then -+ echo "" -+ echo "skip: failed to load driver" -+ exit 1 -+ fi - -+ # Absurd hack to find out device major number -+ DEV_MAJOR=`/sbin/dmesg | grep 'skip: device major=' | tail -1 | sed 's/^.*=\([0-9]\{1,\}\),.*$/\1/g'` -+ if [ "${DEV_MAJOR}" = "" ]; then -+ echo "" -+ echo "skip: can't determine skip device major number" -+ exit 1 - fi -- done -+ -+ # Create device nodes -+ ${SKIP_MKDEV} ${DEV_MAJOR} -+ fi -+ - } - - start_daemons() { - if [ -x $SKIPD ]; then -- echo -n "starting skip key manager daemon" -- $SKIPD > /var/log/skipd.log & -- echo "." -+ $SKIPD - fi - - if [ -x $SKIP_SECURE_HOSTS -a -x $SKIP_HOST ]; then -- $SKIP_SECURE_HOSTS >> /var/log/skipd.log 2>&1 & -+ $SKIP_SECURE_HOSTS >> /var/log/skiphost.log 2>&1 & - fi - } - - # main -+ -+# keep console output pretty -+echo -n " skip" -+ - verify_owner - pre_checks - load_driver +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/bdcmod/fast_des_cbc/descbc.c work.new/skip/bdcmod/fast_des_cbc/descbc.c +--- skipsrc-1.0.orig/skip/bdcmod/fast_des_cbc/descbc.c Fri Oct 25 13:12:36 1996 ++++ work.new/skip/bdcmod/fast_des_cbc/descbc.c Mon Jan 24 12:35:38 2000 +@@ -424,7 +424,7 @@ + return; + cs=(struct des_cbc_state *)csp; + +- *payload = IPPROTO_ENCAP; ++ *payload = IPPROTO_IPIP; + + ks = (unsigned long *)(cs->keysched); + mod8 = (len & 0x07); /* technically this is (len % 8) */ diff --git a/security/skip/files/patch-bk b/security/skip/files/patch-bk index 0fdef455e9e5..4964b01a51b2 100644 --- a/security/skip/files/patch-bk +++ b/security/skip/files/patch-bk @@ -1,28 +1,12 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip.mkdev work.new/skip/freebsd/skip.mkdev ---- skipsrc-1.0.orig/skip/freebsd/skip.mkdev Fri Oct 25 13:13:20 1996 -+++ work.new/skip/freebsd/skip.mkdev Mon Mar 8 22:02:26 1999 -@@ -48,19 +48,19 @@ - SKIP_KEYMGRD_MINOR=0 - SKIP_ACL_NODE=/dev/skip - SKIP_MAX_OPENS=16 --PATH=/bin:/usr/ucb:/sbin: -+PATH=/bin:/usr/bin:/sbin:/usr/sbin +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/bdcmod/simplecrypt/simplecrypt.c work.new/skip/bdcmod/simplecrypt/simplecrypt.c +--- skipsrc-1.0.orig/skip/bdcmod/simplecrypt/simplecrypt.c Fri Oct 25 13:12:38 1996 ++++ work.new/skip/bdcmod/simplecrypt/simplecrypt.c Mon Jan 24 12:35:39 2000 +@@ -335,7 +335,7 @@ + register char *s = keyp->buf; + register char *e = keyp->buf + keyp->len; --if [ $# != 3 ]; then -- exit -+if [ $# != 1 ]; then -+ exit 1 - fi +- *payload_type = IPPROTO_ENCAP; ++ *payload_type = IPPROTO_IPIP; - echo -n skip: making skip pseudo-devices - rm -f $SKIP_KEYMGR_NODE --mknod $SKIP_KEYMGR_NODE c $3 $SKIP_KEYMGRD_MINOR -+mknod $SKIP_KEYMGR_NODE c $1 $SKIP_KEYMGRD_MINOR - i=1 - while [ $i -ne $SKIP_MAX_OPENS ]; do - rm -f $SKIP_ACL_NODE$i -- mknod $SKIP_ACL_NODE$i c $3 $i -+ mknod $SKIP_ACL_NODE$i c $1 $i - i=`expr $i + 1` - echo -n "." - done + /* + * exclusive-or the key over the buffer diff --git a/security/skip/files/patch-bl b/security/skip/files/patch-bl index ab2f351fc630..090b76e4fed7 100644 --- a/security/skip/files/patch-bl +++ b/security/skip/files/patch-bl @@ -1,304 +1,12 @@ ---- skipsrc.orig/skip/freebsd/skip_es.c Fri Oct 25 13:12:42 1996 -+++ work/skip/freebsd/skip_es.c Sat May 15 17:05:09 1999 -@@ -81,6 +81,11 @@ - static unsigned short skip_pktid; - static skip_softc_t skip_softc[SKIP_MAX_OPENS]; - -+static struct callout_handle -+ skip_timeout_handle = CALLOUT_HANDLE_INITIALIZER(&skip_timeout_handle); -+ -+MALLOC_DEFINE(M_SKIP, "skip", "SKIP control structures and buffers"); -+ - /* - * statistics - */ -@@ -116,11 +121,13 @@ - static int skip_ifoutput(struct ifnet *, struct mbuf *, - struct sockaddr *, struct rtentry *rtp); - static int skip_ifinput(struct mbuf *, int); --static void skip_inittimers(); --static void skip_uninittimers(); --static void skip_timer(); -+static void skip_inittimers(void); -+static void skip_uninittimers(void); -+static void skip_timer(void *); - static int skip_add_interface(char *); - static int skip_del_interface(char *); -+static void skip_ifwakeup(skip_softc_t *); -+static int skip_bufextend(struct mbuf *, int); - - static void skip_encrypt_done(void *, struct mbuf *, struct mbuf *, - void *, skip_arg_t *); -@@ -136,14 +143,14 @@ - /* - * From Crypt/MAC system... - */ --extern int skip_es_bypass_init(); --extern void skip_es_bypass_uninit(); --extern void skip_key_initstore(); --extern void skip_key_uninitstore(); --extern void skip_key_initcryptors(); --extern void skip_key_uninitcryptors(); --extern void skip_mac_init(); --extern void skip_mac_uninit(); -+extern int skip_es_bypass_init(void); -+extern void skip_es_bypass_uninit(void); -+extern void skip_key_initstore(void); -+extern void skip_key_uninitstore(void); -+extern void skip_key_initcryptors(void); -+extern void skip_key_uninitcryptors(void); -+extern void skip_mac_init(void); -+extern void skip_mac_uninit(void); - extern int skip_fmt_kmgr(union skip_messages *, skip_keycb_t *); - - extern struct cdevsw skipdevsw; -@@ -157,7 +164,7 @@ - * Returns: 0 on success, errno otherwise. - */ - int --skip_init() -+skip_init(void) - { - register int s, rc; - register struct protosw *pr; -@@ -252,7 +259,10 @@ - for (pr = inetdomain.dom_protosw; - pr < inetdomain.dom_protoswNPROTOSW; pr++) { - -- pr->pr_input = skip_ifinput; -+ if (pr->pr_protocol == IPPROTO_DIVERT) -+ continue; -+ pr->pr_input = -+ (void (*)(struct mbuf *, int)) skip_ifinput; - } - splx(s); - } -@@ -266,7 +276,7 @@ - * Returns: 0 on success, errno otherwise. - */ - int --skip_uninit() -+skip_uninit(void) - { - register int s; - if (skip_busy || skip_keys_stats.skip_encrypt_keys_active -@@ -319,7 +329,11 @@ - major(dev), flags); - #endif - -+#if __FreeBSD_version < 400005 - if (suser(p->p_ucred, &p->p_acflag )) { -+#else -+ if (suser(p)) { -+#endif - return (EPERM); - } - if (minor(dev) >= SKIP_MAX_OPENS) { -@@ -422,27 +436,30 @@ - * Returns: 0 if no data available, 1 otherwise - */ - int --skip_ifselect(dev, rw, p) -+skip_ifpoll(dev, events, p) - dev_t dev; -- int rw; -+ int events; - struct proc *p; - { - register skip_softc_t *sp = &skip_softc[minor(dev)]; - register int s; -+ int revents = 0; - -- if (rw == FWRITE) { -- return (1); -- } -+ /* Check readable */ - s = splimp(); -- if (sp->q.ifq_len > 0) { -- splx(s); -- return (1); -+ if (events & (POLLIN | POLLRDNORM)) { -+ if (sp->q.ifq_len > 0) -+ revents |= (events & (POLLIN | POLLRDNORM)); -+ else -+ selrecord(p, &sp->sp_si); - } - -- selrecord(p, &sp->sp_si); -+ /* Always writable */ -+ if (events & (POLLOUT | POLLWRNORM)) -+ revents |= (events & (POLLOUT | POLLWRNORM)); - - splx(s); -- return(0); -+ return(revents); - } - - /* skip_ifread() -@@ -786,9 +803,9 @@ - * Returns: None - */ - static void --skip_inittimers() -+skip_inittimers(void) - { -- timeout(skip_timer, NULL, skip_key_tick * hz); -+ skip_timeout_handle = timeout(skip_timer, NULL, skip_key_tick * hz); - } - - /* skip_uninittimers() -@@ -798,9 +815,10 @@ - * Returns: None - */ - static void --skip_uninittimers() -+skip_uninittimers(void) - { -- untimeout(skip_timer, NULL); -+ untimeout(skip_timer, NULL, skip_timeout_handle); -+ callout_handle_init(&skip_timeout_handle); - } - - /* skip_timer() -@@ -812,14 +830,13 @@ - */ - /*ARGSUSED*/ - static void --skip_timer(arg) -- caddr_t arg; -+skip_timer(void *arg) - { - /* - * run through the key store - */ - skip_key_iterate(skip_key_check, NULL); -- timeout(skip_timer, NULL, skip_key_tick * hz); -+ skip_timeout_handle = timeout(skip_timer, NULL, skip_key_tick * hz); - } - - #ifdef notdef -@@ -846,6 +863,7 @@ - } - #endif - -+#ifdef notdef - void - skip_dump_buf(char *what, unsigned char *p, int len) - { -@@ -857,7 +875,9 @@ - } - printf("].\n"); - } -+#endif - -+#ifdef notdef - void - skip_dump_ip(struct ip *ip) - { -@@ -878,6 +898,7 @@ - ip->ip_ttl, ip->ip_p, ntohs(ip->ip_sum)); - - } -+#endif - - /* - * SKIP Ioctl and Interface management routines -@@ -1107,7 +1128,7 @@ - int - skip_ifioctl(dev, cmd, data, fflag, p) - dev_t dev; -- int cmd; -+ u_long cmd; - caddr_t data; - int fflag; - struct proc *p; -@@ -1390,7 +1411,6 @@ - skip_es_t *skip_if; - int iphlen, hdrlen = 0; - struct mbuf *decryptbuf = NULL; -- extern u_char ip_protox[]; - skip_param_t params; - skip_hdr_t skip_hdr; - skip_es_hash_t *entry, **acl; -@@ -1718,7 +1738,7 @@ - */ - decryptbuf->m_data += iphlen; - -- SKIP_DEBUG2("skip_ifinput: decryptbuf m_len=%d m_data=%d\n", -+ SKIP_DEBUG2("skip_ifinput: decryptbuf m_len=%d m_data=%p\n", - decryptbuf->m_len, decryptbuf->m_data); - - } -@@ -1745,7 +1765,7 @@ - ip->ip_id = ntohs(ip->ip_id); - ip->ip_off = ntohs(ip->ip_off); - pass: -- m->m_flags &= ~ M_EOR; -+ m->m_flags &= ~ M_PROTO1; - (*inetsw_default[ip_protox[ip->ip_p]].pr_input)(m, hlen); - return (0); - } -@@ -1910,6 +1930,13 @@ - */ - IPADDRCOPY(¶ms.tunnel_addr, &newip->ip_dst); - -+ /* -+ * insert different source address if specified -+ */ -+ -+ if(params.source != 0) -+ (&newip->ip_src)->s_addr = params.source; -+ - encryptbuf->m_len += sizeof (struct ip); - - /* -@@ -2005,7 +2032,7 @@ - if (params.kp_alg) { - newip->ip_p = SKIP_NEXT_ESP; - } else { -- newip->ip_p = IPPROTO_ENCAP; -+ newip->ip_p = IPPROTO_IPIP; - } - } - skip_if->stats.skip_if_raw_out++; -@@ -2028,6 +2055,13 @@ - * insert tunnel address as destination - */ - IPADDRCOPY(¶ms.tunnel_addr, &newip->ip_dst); -+ -+ /* -+ * insert different source address if specified -+ */ -+ -+ if(params.source != 0) -+ (&newip->ip_src)->s_addr = params.source; - } - - if (params.s_nsid == 0) { -@@ -2097,7 +2131,7 @@ - register skip_param_t *params = &res->params; - register struct ip *ip = mtod(original, struct ip *); - int rc, s, iphlen; -- struct mbuf *outbuf, *new_hdr; -+ struct mbuf *outbuf; - - SKIP_PRINT("skip_decrypt_done", params); - -@@ -2125,7 +2159,7 @@ - */ - outbuf = (res->modes & SKIP_CRYPT_ON) ? m : original; - -- if (res->proto != IPPROTO_ENCAP) { -+ if (res->proto != IPPROTO_IPIP) { - /* - * transport mode, need to copy original IP header - */ -@@ -2195,7 +2229,7 @@ - /* - * tag the start of the header buffer so SKIP can recognise it - */ -- outbuf->m_flags |= M_EOR | M_PKTHDR; -+ outbuf->m_flags |= M_PROTO1 | M_PKTHDR; - - s = splimp(); - if (IF_QFULL(&ipintrq)) { +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/common/skip_ipsp.c work.new/skip/common/skip_ipsp.c +--- skipsrc-1.0.orig/skip/common/skip_ipsp.c Fri Oct 25 13:12:40 1996 ++++ work.new/skip/common/skip_ipsp.c Tue Jan 25 09:57:16 2000 +@@ -79,7 +79,7 @@ + skip_hdr_ipsp_decode(unsigned char *start, unsigned char *end, skip_hdr_t *hdr) + { + register unsigned char *p = start; +- register i; ++ register int i; + register int Akp_len = 0; + register int Ekp_len = 0; + unsigned char version; diff --git a/security/skip/files/patch-bm b/security/skip/files/patch-bm index 7861e848f13f..872f3ece11de 100644 --- a/security/skip/files/patch-bm +++ b/security/skip/files/patch-bm @@ -1,43 +1,39 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_if.h work.new/skip/freebsd/skip_if.h ---- skipsrc-1.0.orig/skip/freebsd/skip_if.h Fri Oct 25 13:12:43 1996 -+++ work.new/skip/freebsd/skip_if.h Tue Mar 9 20:30:46 1999 -@@ -86,7 +86,9 @@ - struct skip_es *next; - char if_name[SKIPSZ];/* e.g. "le0" */ - struct ifnet *ifp; /* network interface */ -- int (*if_output)(); /* default output handler */ -+ int (*if_output) /* default output handler */ -+ (struct ifnet *, struct mbuf *, -+ struct sockaddr *, struct rtentry *); - void *sd; /* skip descriptor */ - unsigned char if_mode; /* interface mode */ - int notifier; /* who to send events to */ -@@ -104,7 +106,7 @@ - /* - * returns TRUE if SKIP has processed this buffer +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/common/skip_keystore.c work.new/skip/common/skip_keystore.c +--- skipsrc-1.0.orig/skip/common/skip_keystore.c Fri Oct 25 13:12:41 1996 ++++ work.new/skip/common/skip_keystore.c Mon Jan 24 12:52:53 2000 +@@ -308,7 +308,7 @@ + /* + * SKIP tunneling mode + */ +- params->payload_type = IPPROTO_ENCAP; ++ params->payload_type = IPPROTO_IPIP; + } + /* + * Return offset of data to decrypt +@@ -1177,7 +1177,7 @@ + * Returns: none */ --#define SKIP_DECRYPTED(m) ((m)->m_flags & M_EOR) -+#define SKIP_DECRYPTED(m) ((m)->m_flags & M_PROTO1) + void +-skip_key_iterate(int (*f)(), void *arg) ++skip_key_iterate(int (*f)(skip_keycb_t *, void *), void *arg) + { + skip_keycb_t *cp, *ncp; + int i, rc; +@@ -1209,7 +1209,7 @@ + for (cp = skip_decrypt_hashtable[i]; cp; cp = ncp) { + ncp = cp->next; - /* - * Macro to retrieve an ifnet -@@ -114,14 +116,15 @@ - /* - * function prototypes - */ -+ -+int skip_init(void); -+int skip_uninit(void); - int skip_ifopen(dev_t, int, int, struct proc *); - int skip_ifclose(dev_t, int, int, struct proc *); --int skip_ifioctl(dev_t, int, caddr_t, int, struct proc *); --int skip_ifselect(dev_t, int, struct proc *); -+int skip_ifioctl(dev_t, u_long, caddr_t, int, struct proc *); -+int skip_ifpoll(dev_t, int, struct proc *); - int skip_ifwrite(dev_t, struct uio *, int); - int skip_ifread(dev_t, struct uio *, int); -- --void skip_key_tellkm( enum skip_msgs, skip_keycb_t *); +- rc = (*f)(cp); ++ rc = (*f)(cp, arg); + + if (rc) { + skip_hash_remove(cp, skip_decrypt_hashtable, +@@ -1258,7 +1258,7 @@ + return(ENOMEM); + } - /* - * exported functions +-#ifdef KERNEL ++#if defined(KERNEL) || defined(_KERNEL) + /* + * XXX 4.x only + * we have knowledge that arg is a pointer to a struct sockaddr which diff --git a/security/skip/files/patch-bn b/security/skip/files/patch-bn index dfa0aebf8df7..78a656cf8f4d 100644 --- a/security/skip/files/patch-bn +++ b/security/skip/files/patch-bn @@ -1,193 +1,111 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_os.h work.new/skip/freebsd/skip_os.h ---- skipsrc-1.0.orig/skip/freebsd/skip_os.h Fri Oct 25 13:12:43 1996 -+++ work.new/skip/freebsd/skip_os.h Tue Mar 9 19:16:28 1999 -@@ -54,7 +54,6 @@ - #ifndef KERNEL - #include - #include --#include - #include - #include - #include -@@ -69,6 +68,12 @@ - #include - #endif - -+#include -+ -+#ifdef KERNEL -+#include -+#endif -+ - #include - #include - #include -@@ -77,16 +82,19 @@ - #include - #include - #include -+#include - #include - #include - #include - #include - #include - #include -+#include - - #ifndef __cplusplus - #include - #include -+#include - #include - #endif - #include -@@ -94,8 +102,9 @@ - #include - #include - #include --#include -+#include - #endif -+#include - - /* - * Basic required types and constants -@@ -116,6 +125,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -123,19 +133,34 @@ - #include - #include - #include -+#include -+#include -+#include -+#include - - #define PANIC(s) panic(s) - - /* -+ * SKIP malloc type -+ */ -+MALLOC_DECLARE(M_SKIP); -+ -+/* - * 4.x memory management macros - */ --#define SYSMEM_ALLOC(size) malloc((u_long)size, M_PCB, M_NOWAIT) --#define SYSMEM_FREE(m, n) free(m, M_PCB) --#define BCOPY(s, d, n) bcopy((caddr_t) s, (caddr_t) d, n) --#define BZERO(s, n) bzero((caddr_t) s, n) --#define BCMP(s, d, n) bcmp((caddr_t) s, (caddr_t) d, n) -+#define SYSMEM_ALLOC(size) malloc((u_long)size, M_SKIP, M_NOWAIT) -+#define SYSMEM_FREE(m, n) free(m, M_SKIP) - #define STATIC static - -+/* -+ * The kernel doesn't have memcpy() or memcmp(), but gcc will inline them -+ */ -+#ifdef KERNEL -+extern int memcmp(const void *, const void *, size_t); -+#endif -+#define BCOPY(s, d, n) memcpy((caddr_t) (d), (caddr_t) (s), n) -+#define BCMP(s, d, n) memcmp((caddr_t) (d), (caddr_t) (s), n) -+#define BZERO(s, n) bzero((caddr_t) (s), n) - - #define ALIGNED(x) (((unsigned int)(x)&(skip_alignment - 1)) == 0) - -@@ -182,7 +207,7 @@ - /* - * 4.x timing defines - */ --#define SKIP_ES_CURRENTTIME (time.tv_sec) -+#define SKIP_ES_CURRENTTIME ((long)time_second) - #define SKIP_ES_DELTATIME(then) (SKIP_ES_CURRENTTIME - then) - - /* -@@ -204,27 +229,6 @@ - len = IPHLEN(ip); \ - } - --/* -- * ANSI prototypes for system routines -- */ --extern int splimp(); --extern int splnet(); --extern void splx(int); --extern void m_freem(struct mbuf *); --extern void panic(const char *, ...); --extern int tsleep(void *, int, char *, int); --extern void wakeup(void *); --extern int uiomove(caddr_t, int, struct uio *); --extern int copyin(void *, void *, u_int ); --extern int copyout(void *, void *, u_int); --extern int mclget(struct mbuf *); --extern int m_cpytoc(struct mbuf *, int, int, caddr_t); -- --extern void log(int, const char *, ...); -- --extern char *strncpy(char *, const char *, size_t); -- --extern void printf(const char *, ...); - #else /* KERNEL */ - - /* -@@ -251,37 +255,12 @@ - #endif - #define STATIC - --/* -- * ANSI prototypes for C library routines and syscalls -- */ --extern int gethostname(char *, int); --extern int fprintf(FILE *, const char *, ...); --extern int fflush(FILE *); --extern int fgetc(FILE *); --extern int fseek(FILE *, long, int); --extern size_t fread(void *, size_t, size_t, FILE *); --extern int fclose(FILE *); --extern int socket(int, int, int); --extern int ioctl(int, int, ...); --extern int pclose(FILE *); --/*extern int getrlimit(int, struct rlimit *); */ --extern void perror(const char *); --extern time_t time(time_t *); --extern int getopt(int, char * const *, const char *); --extern int sscanf(const char *, const char *, ...); -- - #endif /* KERNEL */ - --/* XXX Bad IPPROTO_ENCAP define ? */ --#ifdef IPPROTO_ENCAP --#undef IPPROTO_ENCAP --#endif --#define IPPROTO_ENCAP 4 +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/Makefile work.new/skip/freebsd/Makefile +--- skipsrc-1.0.orig/skip/freebsd/Makefile Fri Oct 25 13:12:41 1996 ++++ work.new/skip/freebsd/Makefile Mon Jan 24 12:35:39 2000 +@@ -1,105 +1,3 @@ +-# SKIP Source Code License Statement: +-# ------------------------------------------------------------------ +-# Copyright +-# Sun Microsystems, Inc. +-# +-# +-# Copyright (C) 1994, 1995, 1996 Sun Microsystems, Inc. All Rights +-# Reserved. +-# +-# Permission is hereby granted, free of charge, to any person +-# obtaining a copy of this software and associated documentation +-# files (the "Software"), to deal in the Software without +-# restriction, including without limitation the rights to use, +-# copy, modify, merge, publish, distribute, sublicense, and/or sell +-# copies of the Software or derivatives of the Software, and to +-# permit persons to whom the Software or its derivatives is furnished +-# to do so, subject to the following conditions: +-# +-# The above copyright notice and this permission notice shall be +-# included in all copies or substantial portions of the Software. +-# +-# The Software must not be transferred to persons who are not US +-# citizens or permanent residents of the US or exported outside +-# the US (except Canada) in any form (including by electronic +-# transmission) without prior written approval from the US +-# Government. Non-compliance with these restrictions constitutes +-# a violation of the U.S. Export Control Laws. +-# +-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES +-# OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +-# NONINFRINGEMENT. IN NO EVENT SHALL SUN MICROSYSTEMS, INC., BE LIABLE +-# FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +-# CONNECTION WITH THE SOFTWARE OR DERIVATES OF THIS SOFTWARE OR +-# THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-# +-# Except as contained in this notice, the name of Sun Microsystems, Inc. +-# shall not be used in advertising or otherwise to promote +-# the sale, use or other dealings in this Software or its derivatives +-# without prior written authorization from Sun Microsystems, Inc. +-#pragma ident "@(#)Makefile 1.20 96/02/05 Sun Microsystems" ++all depend install clean: ++ MAKEFLAGS= MFLAGS= MAKELEVEL= /usr/bin/make -f Makefile.bmake $@ + +-include ../../Makefile.defs - - /* SKIP specific */ - --#define SKIP_DIR "/etc/skip/" --#define SKIP_BIN "/usr/skip/bin" -+#define SKIP_DIR "@@PREFIX@@/etc/skip/" -+#define SKIP_BIN "@@PREFIX@@/bin" - #define KEYMGR "/dev/skip_key" - - /* -@@ -306,12 +285,6 @@ - /* General purpose */ - - typedef unsigned char byte; +-CPPOPTS = -DINET $(K_FLAGS) -D$(K_ARCH) -D__$(K_ARCH)__ \ +- -I$(COMM_INC) -I. +-COPTS = ${CPPOPTS} -c +-CFLAGS = ${COPTS} $(K_DEBUG) - --#if 0 --extern void bcopy(void *, void *, int); --extern void bzero(void *, int); --extern int bcmp(void *, void *, int); --#endif - - #define SKIP_IFCMP(if1, if2) strcmp(if1, if2) - +-CFILES = skip_wrapper.c skip_es.c +- +- +-ES_OBJS = $(CFILES:%.c=$(K_DIR)/%.o) +-CRYPTS = ../bdcmod/simplecrypt/$(K_DIR)/simplecrypt.o \ +- ../bdcmod/fast_des_cbc/$(K_DIR)/descbc.o \ +- ../bdcmod/fast_des_cbc/$(K_DIR)/des.o \ +- ../bdcmod/fast_des_cbc/$(K_DIR)/dessp.o \ +- ../bdcmod/des_ede_cbc/$(K_DIR)/des_ede_cbc.o \ +- ../bdcmod/des_ede_cbc/$(K_DIR)/des_ede_ecb.o \ +- ../bdcmod/safer/$(K_DIR)/skip_safercbc.o \ +- ../bdcmod/safer/$(K_DIR)/safer.o +- +-COMDIR = ../common/$(K_DIR) +- +-COMOBJS = $(COMDIR)/skip_hdr.o $(COMDIR)/skip_es_bypass.o \ +- $(COMDIR)/skip_crypt.o $(COMDIR)/skip_ioctl.o \ +- $(COMDIR)/skip_keystore.o $(COMDIR)/skip_keymgrmsgs.o \ +- $(COMDIR)/skip_ipsp.o $(COMDIR)/skip_nsid.o \ +- $(COMDIR)/skip_ah.o $(COMDIR)/skip_md5.o $(COMDIR)/skip_acl.o +- +-MDV_OBJ = $(COMDIR)/md5.o +- +-OBJS = $(ES_OBJS) $(COMOBJS) $(CRYPTS) $($(AHOBJS)) +- +-HDRS = $(COMM_INC)/skip_keymgrmsgs.h $(COMM_INC)/skip_ioctl.h \ +- $(COMM_INC)/skip_key.h $(COMM_INC)/skip_crypt.h \ +- $(COMM_INC)/skip_types.h $(COMM_INC)/skip_es.h \ +- $(COMM_INC)/skip_sunos.h $(COMM_INC)/skip_proto.h \ +- skip_if.h $(COMM_INC)/skip_acl.h +- +-all: $(K_DIR) $(K_DIR)/skip.o +- +-$(K_DIR)/skip_wrapper.o: skip_wrapper.c +- $(CC) $(CFLAGS) -o $@ $< +- +-$(K_DIR)/skip_es.o: skip_es.c +- $(CC) $(CFLAGS) -o $@ $< +- +- +-$(K_DIR): +- @[ -d $(K_DIR) ] || mkdir -p $(K_DIR) +- +-$(K_DIR)/skip.o: $(OBJS) +- $(LD) -r -o $(K_DIR)/skip.o $(OBJS) +- @ /usr/bin/modstat +- +-clean: +- @$(RM) -r $(K_DIR) *.pp *.L +- @-$(SCCSCLEAN) +- +-cleanall: +- @$(RM) -rf *bin.* +- @-$(SCCSCLEAN) +- diff --git a/security/skip/files/patch-bo b/security/skip/files/patch-bo index f2f0a6ba48a0..ffb8e038e657 100644 --- a/security/skip/files/patch-bo +++ b/security/skip/files/patch-bo @@ -1,114 +1,45 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_wrapper.c work.new/skip/freebsd/skip_wrapper.c ---- skipsrc-1.0.orig/skip/freebsd/skip_wrapper.c Fri Oct 25 13:12:43 1996 -+++ work.new/skip/freebsd/skip_wrapper.c Mon Mar 8 23:00:57 1999 -@@ -66,55 +66,69 @@ - #include - #include - -- --/* -- * SunOS 4.1.x loadable driver wrapper for the SKIP module -- */ --extern char skip_module_name[]; -- --/* -- * Module linkage information for the kernel. -- */ --extern int nulldev(); -- --struct cfdriver skipcd= -- { NULL, "skip", NULL, NULL, DV_DULL, 0 }; -- - struct cdevsw skipdevsw = { - skip_ifopen, skip_ifclose, skip_ifread, skip_ifwrite, skip_ifioctl, -- NULL, NULL, NULL, skip_ifselect, NULL, NULL -+ nullstop, noreset, nodevtotty, skip_ifpoll, nommap, nostrategy, -+ "skip", NULL - }; - --MOD_DEV("skipmod", LM_DT_CHAR, -1, (void *)&skipdevsw) -- --extern int skip_init(), skip_uninit(); -+static struct cdevsw *old_dev; -+static u_long skip_major; - --/*ARGSUSED*/ --int --skipmod_load(struct lkm_table *lkmtp, int cmd) -+/* -+ * Handle loading and unloading of the SKIP module. -+ */ -+static int -+skip_mod_event(module_t mod, int event, void *data) - { -+ int error = 0; -+ dev_t dev; - -- int rc; -- rc = skip_init(); -- if (rc != 0) { -- return (rc); -- } -- uprintf("skip: driver loaded\n"); -- return (0); --} -+ switch (event) { -+ case MOD_LOAD: - --skipmod_unload(struct lkm_table *lkmtp, int cmd) --{ -- -- int rc; -- rc = skip_uninit(); -- if (rc == 0) { -- uprintf("skip: driver unloaded\n"); -+ /* Add character device, getting assigned a major number */ -+ dev = (dev_t) -1; -+ if ((error = cdevsw_add(&dev, &skipdevsw, &old_dev)) != 0) { -+ log(LOG_ERR, "skip: can't add device\n"); -+ break; -+ } -+ skip_major = major(dev); +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/Makefile.bmake work.new/skip/freebsd/Makefile.bmake +--- skipsrc-1.0.orig/skip/freebsd/Makefile.bmake Wed Dec 31 16:00:00 1969 ++++ work.new/skip/freebsd/Makefile.bmake Mon Jan 24 18:25:11 2000 +@@ -0,0 +1,41 @@ + -+ /* Initialize SKIP itself */ -+ if ((error = skip_init()) != 0) { -+ /* XXX should remove char device */ -+ log(LOG_ERR, "skip: init failed\n"); -+ break; -+ } -+ log(LOG_INFO, "skip: device major=%lu, driver loaded\n", -+ skip_major); -+ break; ++.include "../../Makefile.defs" + -+ case MOD_UNLOAD: ++CPPOPTS = -DINET $(K_FLAGS) -D$(K_ARCH) -D__$(K_ARCH)__ \ ++ -I$(COMM_INC) -I. ++COPTS = ${CPPOPTS} -c ++CFLAGS = ${COPTS} $(K_DEBUG) + -+ /* Uninitialize SKIP */ -+ if ((error = skip_uninit()) != 0) { -+ log(LOG_INFO, "skip: uninit failed\n"); -+ break; -+ } ++SRCS = skip_wrapper.c skip_es.c + -+ /* Replace original device driver (if any) */ -+ dev = makedev(skip_major, 0); -+ (void) cdevsw_add(&dev, old_dev, NULL); -+ break; ++CRYPTS = ../bdcmod/simplecrypt/$(K_DIR)/simplecrypt.o \ ++ ../bdcmod/fast_des_cbc/$(K_DIR)/descbc.o \ ++ ../bdcmod/fast_des_cbc/$(K_DIR)/des.o \ ++ ../bdcmod/fast_des_cbc/$(K_DIR)/dessp.o \ ++ ../bdcmod/des_ede_cbc/$(K_DIR)/des_ede_cbc.o \ ++ ../bdcmod/des_ede_cbc/$(K_DIR)/des_ede_ecb.o \ ++ ../bdcmod/safer/$(K_DIR)/skip_safercbc.o \ ++ ../bdcmod/safer/$(K_DIR)/safer.o + -+ default: -+ error = EOPNOTSUPP; -+ break; - } -- return (rc); -+ return(error); - } - --xxxinit(struct lkm_table *lkmtp, int cmd, int ver) --{ -- DISPATCH(lkmtp, cmd, ver, skipmod_load, skipmod_unload, nosys); --} -+static moduledata_t skip_mod = { -+ "skip", -+ skip_mod_event, -+ NULL -+}; -+DECLARE_MODULE(skip, skip_mod, SI_SUB_PROTO_END, SI_ORDER_MIDDLE); ++COMDIR = ../common/$(K_DIR) + ++COMOBJS = $(COMDIR)/skip_hdr.o $(COMDIR)/skip_es_bypass.o \ ++ $(COMDIR)/skip_crypt.o $(COMDIR)/skip_ioctl.o \ ++ $(COMDIR)/skip_keystore.o $(COMDIR)/skip_keymgrmsgs.o \ ++ $(COMDIR)/skip_ipsp.o $(COMDIR)/skip_nsid.o \ ++ $(COMDIR)/skip_ah.o $(COMDIR)/skip_md5.o $(COMDIR)/skip_acl.o ++ ++MDV_OBJ = $(COMDIR)/md5.o ++ ++OBJS = $(COMOBJS) $(CRYPTS) $($(AHOBJS)) ++ ++HDRS = $(COMM_INC)/skip_keymgrmsgs.h $(COMM_INC)/skip_ioctl.h \ ++ $(COMM_INC)/skip_key.h $(COMM_INC)/skip_crypt.h \ ++ $(COMM_INC)/skip_types.h $(COMM_INC)/skip_es.h \ ++ $(COMM_INC)/skip_sunos.h $(COMM_INC)/skip_proto.h \ ++ skip_if.h $(COMM_INC)/skip_acl.h ++ ++KMOD = skip ++KLDMOD = yes ++ ++.include diff --git a/security/skip/files/patch-bp b/security/skip/files/patch-bp index a49079adfed1..a776eea7b5d4 100644 --- a/security/skip/files/patch-bp +++ b/security/skip/files/patch-bp @@ -1,12 +1,12 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/include/skip_conf.h work.new/skip/include/skip_conf.h ---- skipsrc-1.0.orig/skip/include/skip_conf.h Fri Oct 25 13:12:44 1996 -+++ work.new/skip/include/skip_conf.h Mon Mar 8 21:33:38 1999 -@@ -58,7 +58,7 @@ - #define SKIP_CERTSBASE SKIP_DIR"certdb" - #define SKIP_SECRET_CACHE SKIP_DIR"secret_cache" - #define SKIP_RAW_FILE SKIP_DIR"raw_keys" --#define SKIP_PID SKIP_DIR"skipd.pid" -+#define SKIP_PID "/var/run/skipd.pid" +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/Makefile.defs work.new/skip/freebsd/Makefile.defs +--- skipsrc-1.0.orig/skip/freebsd/Makefile.defs Fri Oct 25 13:12:42 1996 ++++ work.new/skip/freebsd/Makefile.defs Mon Jan 24 13:45:40 2000 +@@ -93,7 +93,7 @@ - /* - * Key manager Crypt algorithms supported + # Kernel compilation flags + # +-K_FLAGS_FREEBSD_gnu = -DKERNEL -DFREEBSD ++K_FLAGS_FREEBSD_gnu = -DKERNEL -D_KERNEL -DKLD_MODULE + + # OS Libraries + # diff --git a/security/skip/files/patch-bq b/security/skip/files/patch-bq index 0703103c8e21..079615dcbf38 100644 --- a/security/skip/files/patch-bq +++ b/security/skip/files/patch-bq @@ -1,42 +1,146 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/include/skip_key.h work.new/skip/include/skip_key.h ---- skipsrc-1.0.orig/skip/include/skip_key.h Fri Oct 25 13:12:44 1996 -+++ work.new/skip/include/skip_key.h Tue Mar 9 20:24:01 1999 -@@ -209,24 +209,22 @@ - void *, skip_arg_t *) - ); - #endif --void skip_close(); -+void skip_close(void *sd); - int skip_encrypt(void *, SKIP_BUF_T *, SKIP_BUF_T *, - skip_param_t *, void *); - int skip_decrypt(void *, SKIP_BUF_T *, SKIP_BUF_T *, - skip_hdr_t *hdr, int, void *); - int skip_key_check(skip_keycb_t *, void *); --void skip_key_iterate(int (*)(), void *); -+void skip_key_iterate(int (*)(skip_keycb_t *, void *), void *); - int skip_hdr_encode(skip_hdr_t *, unsigned char *); - int skip_iv_encode(skip_hdr_t *, unsigned char *); - void skip_hdr_init(skip_keycb_t *); - --void skip_key_tellkm(enum skip_msgs, skip_keycb_t *); --void skip_key_fromkm(union skip_messages *, unsigned int); - void skip_update_encrypt_key(struct Encrypted_key_rsp *); - void skip_update_decrypt_key(struct Decrypted_key_rsp *); - --void skip_local_keyid_init(); --void skip_local_keyid_uninit(); -+void skip_local_keyid_init(void); -+void skip_local_keyid_uninit(void); - void skip_set_local_keyid(unsigned char , skip_key_var_t *); - int skip_check_keyid(unsigned char , skip_key_var_t *, boolean_t); - int skip_get_default_keyid(unsigned char, unsigned char *); -@@ -254,8 +252,8 @@ - * function prototypes - */ - void skip_key_fromkm(union skip_messages *, unsigned int); -+void skip_key_tellkm(enum skip_msgs, skip_keycb_t *); - #endif +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/rc work.new/skip/freebsd/rc +--- skipsrc-1.0.orig/skip/freebsd/rc Fri Oct 25 13:13:19 1996 ++++ work.new/skip/freebsd/rc Mon Jan 24 12:35:39 2000 +@@ -44,22 +44,30 @@ + + #pragma ident "@(#)rc 1.5 96/10/08 Sun Microsystems" + # +-PATH=/bin:/usr/bin:/sbin:/usr/ucb:/usr/etc +-SKIP_PATH=${SKIP_PATH-/usr/skip} +-SKIPD=/usr/skip/bin/skipd +-SKIP_HOST=/usr/skip/bin/skiphost +-SKIP_VAR_CMD=/usr/skip/bin/skipvar +-SKIP_SECURE_HOSTS=/etc/skip/hosts +-SKIP_ETC=/etc/skip +-SKIP_VAR=/var/skip ++ ++PATH=/bin:/usr/bin:/sbin:/usr/sbin ++PREFIX=@@PREFIX@@ ++ ++SKIP_BIN=${PREFIX}/bin ++SKIP_ETC=${PREFIX}/etc/skip ++SKIP_LKM=${PREFIX}/modules ++ ++SKIPD=${SKIP_BIN}/skipd ++SKIP_HOST=${SKIP_BIN}/skiphost ++SKIP_MKDEV=${SKIP_ETC}/skip.mkdev ++SKIP_SECURE_HOSTS=${SKIP_ETC}/hosts ++ ++SKIP_VAR=/var/tmp + VAR_SIZE=830 +-SKIP_REQ_FILES="$SKIP_PATH/drv/skip.o $SKIP_ETC/skip.mkdev" +-PSEUDO_DRVS="skip" ++ ++SKIP_MOD="skip.ko" ++SKIP_REQ_FILES="${SKIP_LKM}/${SKIP_MOD} ${SKIP_ETC}/skip.mkdev" + + verify_owner() + { + me=`whoami` + if [ $me != "root" ]; then ++ echo "" + echo "skip: this script must be run as root ... fatal error" + exit 1 + fi +@@ -68,6 +76,7 @@ + pre_checks() { + for FILE in $SKIP_REQ_FILES; do + if [ ! -f $FILE ]; then ++ echo "" + echo "skip: installation problem detected" + echo "skip: $FILE not found" + echo "skip: please refer to installation guide" +@@ -76,6 +85,7 @@ + done + + if [ ! -w $SKIP_VAR ]; then ++ echo "" + echo "skip: can not write to $SKIP_VAR" + exit 1 + fi +@@ -85,11 +95,12 @@ + + sync + +- DISK_AVAIL=`df $SKIP_VAR | awk 'NR==2 {x=$4} ++ DISK_AVAIL=`df -k $SKIP_VAR | awk 'NR==2 {x=$4} + NR==3 {x=$3} + END {print x}'` + + if [ $DISK_AVAIL -lt $VAR_SIZE ]; then ++ echo "" + echo "skip: not enough space available in $SKIP_VAR" + echo "skip: $VAR_SIZE kbytes will be required to run the product" + exit 1 +@@ -98,45 +109,47 @@ + + load_driver() + { +- modstat > $SKIP_VAR/modules - +- # load pseudo-drivers +- for driver in $PSEUDO_DRVS; do ++ kldstat | awk '{ print $5 }' | grep ${SKIP_MOD} > /dev/null 2>&1 + +- awk '{ print $8 }' $SKIP_VAR/modules | grep $driver > /dev/null 2>&1 ++ if [ $? -ne 0 ]; then + +- if [ $? -eq 0 ]; then +- echo "skip: driver already loaded" +- else +- echo "skip: loading driver" +- modload -o $SKIP_VAR/$driver \ +- -p $SKIP_ETC/$driver.mkdev \ +- $SKIP_PATH/drv/$driver.o> /dev/null +- +- +- if [ $? -ne 0 ]; then +- echo "skip: failed to load driver" +- echo "skip: perhaps too many drivers are loaded?" +- exit 1 +- fi ++ # Load KLD ++ kldload ${SKIP_LKM}/${SKIP_MOD} > /dev/null ++ if [ $? -ne 0 ]; then ++ echo "" ++ echo "skip: failed to load driver" ++ exit 1 ++ fi + ++ # Absurd hack to find out device major number ++ DEV_MAJOR=`/sbin/dmesg | grep 'skip: device major=' | tail -1 | sed 's/^.*=\([0-9]\{1,\}\),.*$/\1/g'` ++ if [ "${DEV_MAJOR}" = "" ]; then ++ echo "" ++ echo "skip: can't determine skip device major number" ++ exit 1 + fi +- done ++ ++ # Create device nodes ++ ${SKIP_MKDEV} ${DEV_MAJOR} ++ fi ++ + } + + start_daemons() { + if [ -x $SKIPD ]; then +- echo -n "starting skip key manager daemon" +- $SKIPD > /var/log/skipd.log & +- echo "." ++ $SKIPD + fi + + if [ -x $SKIP_SECURE_HOSTS -a -x $SKIP_HOST ]; then +- $SKIP_SECURE_HOSTS >> /var/log/skipd.log 2>&1 & ++ $SKIP_SECURE_HOSTS >> /var/log/skiphost.log 2>&1 & + fi + } - /* - * external variables + # main ++ ++# keep console output pretty ++echo -n " skip" ++ + verify_owner + pre_checks + load_driver diff --git a/security/skip/files/patch-br b/security/skip/files/patch-br index 0eda3d87970e..a2464f4dd562 100644 --- a/security/skip/files/patch-br +++ b/security/skip/files/patch-br @@ -1,11 +1,28 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/include/skip_types.h work.new/skip/include/skip_types.h ---- skipsrc-1.0.orig/skip/include/skip_types.h Fri Oct 25 13:12:45 1996 -+++ work.new/skip/include/skip_types.h Mon Mar 8 21:33:38 1999 -@@ -142,6 +142,7 @@ - unsigned char flags; /* ACL info for this system */ - struct in_addr mask; /* network/host mask */ - struct in_addr tunnel_addr; /* tunneling address */ -+ unsigned long source; /* source address */ - } skip_param_t; +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip.mkdev work.new/skip/freebsd/skip.mkdev +--- skipsrc-1.0.orig/skip/freebsd/skip.mkdev Fri Oct 25 13:13:20 1996 ++++ work.new/skip/freebsd/skip.mkdev Mon Jan 24 12:35:39 2000 +@@ -48,19 +48,19 @@ + SKIP_KEYMGRD_MINOR=0 + SKIP_ACL_NODE=/dev/skip + SKIP_MAX_OPENS=16 +-PATH=/bin:/usr/ucb:/sbin: ++PATH=/bin:/usr/bin:/sbin:/usr/sbin - /* +-if [ $# != 3 ]; then +- exit ++if [ $# != 1 ]; then ++ exit 1 + fi + + echo -n skip: making skip pseudo-devices + rm -f $SKIP_KEYMGR_NODE +-mknod $SKIP_KEYMGR_NODE c $3 $SKIP_KEYMGRD_MINOR ++mknod $SKIP_KEYMGR_NODE c $1 $SKIP_KEYMGRD_MINOR + i=1 + while [ $i -ne $SKIP_MAX_OPENS ]; do + rm -f $SKIP_ACL_NODE$i +- mknod $SKIP_ACL_NODE$i c $3 $i ++ mknod $SKIP_ACL_NODE$i c $1 $i + i=`expr $i + 1` + echo -n "." + done diff --git a/security/skip/files/patch-bs b/security/skip/files/patch-bs index dffe535a2b54..4de36f9cc465 100644 --- a/security/skip/files/patch-bs +++ b/security/skip/files/patch-bs @@ -1,24 +1,305 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/keymgrd/cdp_queue.C work.new/skip/keymgrd/cdp_queue.C ---- skipsrc-1.0.orig/skip/keymgrd/cdp_queue.C Fri Oct 25 13:12:47 1996 -+++ work.new/skip/keymgrd/cdp_queue.C Mon Mar 8 21:33:38 1999 -@@ -91,17 +91,17 @@ - - switch (kind) { - case RESOLVER_PING: -- skip_log(SKIP_NOTICE, "add_cdp_resolver(@) (bilateral)"); -+ skip_log(SKIP_INFO, "add_cdp_resolver(@) (bilateral)"); - break; - - case RESOLVER_TUNNEL: -- skip_log(SKIP_NOTICE, "add_cdp_resolver(=) (tunnel)"); -+ skip_log(SKIP_INFO, "add_cdp_resolver(=) (tunnel)"); - break; - - case RESOLVER_HOST: - if (parse_ip_address(&r.server, arg)) - return; -- skip_log(SKIP_NOTICE, "add_cdp_resolver(%s)", arg); -+ skip_log(SKIP_INFO, "add_cdp_resolver(%s)", arg); - break; - - default: +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_es.c work.new/skip/freebsd/skip_es.c +--- skipsrc-1.0.orig/skip/freebsd/skip_es.c Fri Oct 25 13:12:42 1996 ++++ work.new/skip/freebsd/skip_es.c Mon Jan 24 12:35:39 2000 +@@ -81,6 +81,11 @@ + static unsigned short skip_pktid; + static skip_softc_t skip_softc[SKIP_MAX_OPENS]; + ++static struct callout_handle ++ skip_timeout_handle = CALLOUT_HANDLE_INITIALIZER(&skip_timeout_handle); ++ ++MALLOC_DEFINE(M_SKIP, "skip", "SKIP control structures and buffers"); ++ + /* + * statistics + */ +@@ -116,11 +121,13 @@ + static int skip_ifoutput(struct ifnet *, struct mbuf *, + struct sockaddr *, struct rtentry *rtp); + static int skip_ifinput(struct mbuf *, int); +-static void skip_inittimers(); +-static void skip_uninittimers(); +-static void skip_timer(); ++static void skip_inittimers(void); ++static void skip_uninittimers(void); ++static void skip_timer(void *); + static int skip_add_interface(char *); + static int skip_del_interface(char *); ++static void skip_ifwakeup(skip_softc_t *); ++static int skip_bufextend(struct mbuf *, int); + + static void skip_encrypt_done(void *, struct mbuf *, struct mbuf *, + void *, skip_arg_t *); +@@ -136,14 +143,14 @@ + /* + * From Crypt/MAC system... + */ +-extern int skip_es_bypass_init(); +-extern void skip_es_bypass_uninit(); +-extern void skip_key_initstore(); +-extern void skip_key_uninitstore(); +-extern void skip_key_initcryptors(); +-extern void skip_key_uninitcryptors(); +-extern void skip_mac_init(); +-extern void skip_mac_uninit(); ++extern int skip_es_bypass_init(void); ++extern void skip_es_bypass_uninit(void); ++extern void skip_key_initstore(void); ++extern void skip_key_uninitstore(void); ++extern void skip_key_initcryptors(void); ++extern void skip_key_uninitcryptors(void); ++extern void skip_mac_init(void); ++extern void skip_mac_uninit(void); + extern int skip_fmt_kmgr(union skip_messages *, skip_keycb_t *); + + extern struct cdevsw skipdevsw; +@@ -157,7 +164,7 @@ + * Returns: 0 on success, errno otherwise. + */ + int +-skip_init() ++skip_init(void) + { + register int s, rc; + register struct protosw *pr; +@@ -252,7 +259,10 @@ + for (pr = inetdomain.dom_protosw; + pr < inetdomain.dom_protoswNPROTOSW; pr++) { + +- pr->pr_input = skip_ifinput; ++ if (pr->pr_protocol == IPPROTO_DIVERT) ++ continue; ++ pr->pr_input = ++ (void (*)(struct mbuf *, int)) skip_ifinput; + } + splx(s); + } +@@ -266,7 +276,7 @@ + * Returns: 0 on success, errno otherwise. + */ + int +-skip_uninit() ++skip_uninit(void) + { + register int s; + if (skip_busy || skip_keys_stats.skip_encrypt_keys_active +@@ -319,7 +329,11 @@ + major(dev), flags); + #endif + ++#if __FreeBSD_version < 400005 + if (suser(p->p_ucred, &p->p_acflag )) { ++#else ++ if (suser(p)) { ++#endif + return (EPERM); + } + if (minor(dev) >= SKIP_MAX_OPENS) { +@@ -422,27 +436,30 @@ + * Returns: 0 if no data available, 1 otherwise + */ + int +-skip_ifselect(dev, rw, p) ++skip_ifpoll(dev, events, p) + dev_t dev; +- int rw; ++ int events; + struct proc *p; + { + register skip_softc_t *sp = &skip_softc[minor(dev)]; + register int s; ++ int revents = 0; + +- if (rw == FWRITE) { +- return (1); +- } ++ /* Check readable */ + s = splimp(); +- if (sp->q.ifq_len > 0) { +- splx(s); +- return (1); ++ if (events & (POLLIN | POLLRDNORM)) { ++ if (sp->q.ifq_len > 0) ++ revents |= (events & (POLLIN | POLLRDNORM)); ++ else ++ selrecord(p, &sp->sp_si); + } + +- selrecord(p, &sp->sp_si); ++ /* Always writable */ ++ if (events & (POLLOUT | POLLWRNORM)) ++ revents |= (events & (POLLOUT | POLLWRNORM)); + + splx(s); +- return(0); ++ return(revents); + } + + /* skip_ifread() +@@ -786,9 +803,9 @@ + * Returns: None + */ + static void +-skip_inittimers() ++skip_inittimers(void) + { +- timeout(skip_timer, NULL, skip_key_tick * hz); ++ skip_timeout_handle = timeout(skip_timer, NULL, skip_key_tick * hz); + } + + /* skip_uninittimers() +@@ -798,9 +815,10 @@ + * Returns: None + */ + static void +-skip_uninittimers() ++skip_uninittimers(void) + { +- untimeout(skip_timer, NULL); ++ untimeout(skip_timer, NULL, skip_timeout_handle); ++ callout_handle_init(&skip_timeout_handle); + } + + /* skip_timer() +@@ -812,14 +830,13 @@ + */ + /*ARGSUSED*/ + static void +-skip_timer(arg) +- caddr_t arg; ++skip_timer(void *arg) + { + /* + * run through the key store + */ + skip_key_iterate(skip_key_check, NULL); +- timeout(skip_timer, NULL, skip_key_tick * hz); ++ skip_timeout_handle = timeout(skip_timer, NULL, skip_key_tick * hz); + } + + #ifdef notdef +@@ -846,6 +863,7 @@ + } + #endif + ++#ifdef notdef + void + skip_dump_buf(char *what, unsigned char *p, int len) + { +@@ -857,7 +875,9 @@ + } + printf("].\n"); + } ++#endif + ++#ifdef notdef + void + skip_dump_ip(struct ip *ip) + { +@@ -878,6 +898,7 @@ + ip->ip_ttl, ip->ip_p, ntohs(ip->ip_sum)); + + } ++#endif + + /* + * SKIP Ioctl and Interface management routines +@@ -1107,7 +1128,7 @@ + int + skip_ifioctl(dev, cmd, data, fflag, p) + dev_t dev; +- int cmd; ++ u_long cmd; + caddr_t data; + int fflag; + struct proc *p; +@@ -1390,7 +1411,6 @@ + skip_es_t *skip_if; + int iphlen, hdrlen = 0; + struct mbuf *decryptbuf = NULL; +- extern u_char ip_protox[]; + skip_param_t params; + skip_hdr_t skip_hdr; + skip_es_hash_t *entry, **acl; +@@ -1718,7 +1738,7 @@ + */ + decryptbuf->m_data += iphlen; + +- SKIP_DEBUG2("skip_ifinput: decryptbuf m_len=%d m_data=%d\n", ++ SKIP_DEBUG2("skip_ifinput: decryptbuf m_len=%d m_data=%p\n", + decryptbuf->m_len, decryptbuf->m_data); + + } +@@ -1745,7 +1765,7 @@ + ip->ip_id = ntohs(ip->ip_id); + ip->ip_off = ntohs(ip->ip_off); + pass: +- m->m_flags &= ~ M_EOR; ++ m->m_flags &= ~ M_PROTO1; + (*inetsw_default[ip_protox[ip->ip_p]].pr_input)(m, hlen); + return (0); + } +@@ -1910,6 +1930,13 @@ + */ + IPADDRCOPY(¶ms.tunnel_addr, &newip->ip_dst); + ++ /* ++ * insert different source address if specified ++ */ ++ ++ if(params.source != 0) ++ (&newip->ip_src)->s_addr = params.source; ++ + encryptbuf->m_len += sizeof (struct ip); + + /* +@@ -2005,7 +2032,7 @@ + if (params.kp_alg) { + newip->ip_p = SKIP_NEXT_ESP; + } else { +- newip->ip_p = IPPROTO_ENCAP; ++ newip->ip_p = IPPROTO_IPIP; + } + } + skip_if->stats.skip_if_raw_out++; +@@ -2028,6 +2055,13 @@ + * insert tunnel address as destination + */ + IPADDRCOPY(¶ms.tunnel_addr, &newip->ip_dst); ++ ++ /* ++ * insert different source address if specified ++ */ ++ ++ if(params.source != 0) ++ (&newip->ip_src)->s_addr = params.source; + } + + if (params.s_nsid == 0) { +@@ -2097,7 +2131,7 @@ + register skip_param_t *params = &res->params; + register struct ip *ip = mtod(original, struct ip *); + int rc, s, iphlen; +- struct mbuf *outbuf, *new_hdr; ++ struct mbuf *outbuf; + + SKIP_PRINT("skip_decrypt_done", params); + +@@ -2125,7 +2159,7 @@ + */ + outbuf = (res->modes & SKIP_CRYPT_ON) ? m : original; + +- if (res->proto != IPPROTO_ENCAP) { ++ if (res->proto != IPPROTO_IPIP) { + /* + * transport mode, need to copy original IP header + */ +@@ -2195,7 +2229,7 @@ + /* + * tag the start of the header buffer so SKIP can recognise it + */ +- outbuf->m_flags |= M_EOR | M_PKTHDR; ++ outbuf->m_flags |= M_PROTO1 | M_PKTHDR; + + s = splimp(); + if (IF_QFULL(&ipintrq)) { diff --git a/security/skip/files/patch-bt b/security/skip/files/patch-bt index 5e6d78fc77fb..097999241e8a 100644 --- a/security/skip/files/patch-bt +++ b/security/skip/files/patch-bt @@ -1,24 +1,43 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/keymgrd/skip_init.C work.new/skip/keymgrd/skip_init.C ---- skipsrc-1.0.orig/skip/keymgrd/skip_init.C Fri Oct 25 13:12:49 1996 -+++ work.new/skip/keymgrd/skip_init.C Mon Mar 8 21:33:38 1999 -@@ -81,7 +81,7 @@ - return; - } +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_if.h work.new/skip/freebsd/skip_if.h +--- skipsrc-1.0.orig/skip/freebsd/skip_if.h Fri Oct 25 13:12:43 1996 ++++ work.new/skip/freebsd/skip_if.h Mon Jan 24 12:35:39 2000 +@@ -86,7 +86,9 @@ + struct skip_es *next; + char if_name[SKIPSZ];/* e.g. "le0" */ + struct ifnet *ifp; /* network interface */ +- int (*if_output)(); /* default output handler */ ++ int (*if_output) /* default output handler */ ++ (struct ifnet *, struct mbuf *, ++ struct sockaddr *, struct rtentry *); + void *sd; /* skip descriptor */ + unsigned char if_mode; /* interface mode */ + int notifier; /* who to send events to */ +@@ -104,7 +106,7 @@ + /* + * returns TRUE if SKIP has processed this buffer + */ +-#define SKIP_DECRYPTED(m) ((m)->m_flags & M_EOR) ++#define SKIP_DECRYPTED(m) ((m)->m_flags & M_PROTO1) -- skip_log(SKIP_NOTICE, "local name nsid=%d mkid=%s", -+ skip_log(SKIP_INFO, "local name nsid=%d mkid=%s", - nsid, keyid.get_info_str()); - } + /* + * Macro to retrieve an ifnet +@@ -114,14 +116,15 @@ + /* + * function prototypes + */ ++ ++int skip_init(void); ++int skip_uninit(void); + int skip_ifopen(dev_t, int, int, struct proc *); + int skip_ifclose(dev_t, int, int, struct proc *); +-int skip_ifioctl(dev_t, int, caddr_t, int, struct proc *); +-int skip_ifselect(dev_t, int, struct proc *); ++int skip_ifioctl(dev_t, u_long, caddr_t, int, struct proc *); ++int skip_ifpoll(dev_t, int, struct proc *); + int skip_ifwrite(dev_t, struct uio *, int); + int skip_ifread(dev_t, struct uio *, int); +- +-void skip_key_tellkm( enum skip_msgs, skip_keycb_t *); -@@ -135,9 +135,9 @@ - { - // Let the random number generator kick off its entropy gathering - -- skip_log(SKIP_NOTICE, "Initializing random number generator..."); -+ skip_log(SKIP_INFO, "Initializing random number generator..."); - Bstream dummy = get_random_bytes(1); -- skip_log(SKIP_NOTICE, "done"); -+ skip_log(SKIP_INFO, "done"); - } - - auth.load(SKIP_DIR); + /* + * exported functions diff --git a/security/skip/files/patch-bu b/security/skip/files/patch-bu index f9de5e7fac29..28c0de649b19 100644 --- a/security/skip/files/patch-bu +++ b/security/skip/files/patch-bu @@ -1,11 +1,212 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/keymgrd/skip_keymgrsubr.C work.new/skip/keymgrd/skip_keymgrsubr.C ---- skipsrc-1.0.orig/skip/keymgrd/skip_keymgrsubr.C Fri Oct 25 13:12:49 1996 -+++ work.new/skip/keymgrd/skip_keymgrsubr.C Mon Mar 8 21:33:38 1999 -@@ -59,7 +59,6 @@ - #include "SkipCert.h" - #include "X509skip.h" - #include "HashCert.h" --#include "malloc.h" - #include "utils.h" - #include "Sig.h" - #include "skip_log.h" +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_os.h work.new/skip/freebsd/skip_os.h +--- skipsrc-1.0.orig/skip/freebsd/skip_os.h Fri Oct 25 13:12:43 1996 ++++ work.new/skip/freebsd/skip_os.h Mon Jan 24 16:14:32 2000 +@@ -51,10 +51,9 @@ + /* + * FreeBSD + */ +-#ifndef KERNEL ++#if !defined(KERNEL) && !defined(_KERNEL) + #include + #include +-#include + #include + #include + #include +@@ -69,6 +68,12 @@ + #include + #endif + ++#include ++ ++#if defined(KERNEL) || defined(_KERNEL) ++#include ++#endif ++ + #include + #include + #include +@@ -77,16 +82,19 @@ + #include + #include + #include ++#include + #include + #include + #include + #include + #include + #include ++#include + + #ifndef __cplusplus + #include + #include ++#include + #include + #endif + #include +@@ -94,8 +102,9 @@ + #include + #include + #include +-#include ++#include + #endif ++#include + + /* + * Basic required types and constants +@@ -108,34 +117,54 @@ + #define B_FALSE 0 + #endif + +-#ifdef KERNEL ++#if defined(KERNEL) || defined(_KERNEL) + #include + #include + #include + #include + #include + #include ++#if __FreeBSD_version < 400004 + #include ++#endif ++#include + #include + #include + #include + #include + #include + #include ++#if __FreeBSD_version < 400012 + #include ++#endif ++#include ++#include ++#include ++#include + + #define PANIC(s) panic(s) + + /* ++ * SKIP malloc type ++ */ ++MALLOC_DECLARE(M_SKIP); ++ ++/* + * 4.x memory management macros + */ +-#define SYSMEM_ALLOC(size) malloc((u_long)size, M_PCB, M_NOWAIT) +-#define SYSMEM_FREE(m, n) free(m, M_PCB) +-#define BCOPY(s, d, n) bcopy((caddr_t) s, (caddr_t) d, n) +-#define BZERO(s, n) bzero((caddr_t) s, n) +-#define BCMP(s, d, n) bcmp((caddr_t) s, (caddr_t) d, n) ++#define SYSMEM_ALLOC(size) malloc((u_long)size, M_SKIP, M_NOWAIT) ++#define SYSMEM_FREE(m, n) free(m, M_SKIP) + #define STATIC static + ++/* ++ * The kernel doesn't have memcpy() or memcmp(), but gcc will inline them ++ */ ++#if defined(KERNEL) || defined(_KERNEL) ++extern int memcmp(const void *, const void *, size_t); ++#endif ++#define BCOPY(s, d, n) memcpy((caddr_t) (d), (caddr_t) (s), n) ++#define BCMP(s, d, n) memcmp((caddr_t) (d), (caddr_t) (s), n) ++#define BZERO(s, n) bzero((caddr_t) (s), n) + + #define ALIGNED(x) (((unsigned int)(x)&(skip_alignment - 1)) == 0) + +@@ -182,7 +211,7 @@ + /* + * 4.x timing defines + */ +-#define SKIP_ES_CURRENTTIME (time.tv_sec) ++#define SKIP_ES_CURRENTTIME ((long)time_second) + #define SKIP_ES_DELTATIME(then) (SKIP_ES_CURRENTTIME - then) + + /* +@@ -204,28 +233,7 @@ + len = IPHLEN(ip); \ + } + +-/* +- * ANSI prototypes for system routines +- */ +-extern int splimp(); +-extern int splnet(); +-extern void splx(int); +-extern void m_freem(struct mbuf *); +-extern void panic(const char *, ...); +-extern int tsleep(void *, int, char *, int); +-extern void wakeup(void *); +-extern int uiomove(caddr_t, int, struct uio *); +-extern int copyin(void *, void *, u_int ); +-extern int copyout(void *, void *, u_int); +-extern int mclget(struct mbuf *); +-extern int m_cpytoc(struct mbuf *, int, int, caddr_t); +- +-extern void log(int, const char *, ...); +- +-extern char *strncpy(char *, const char *, size_t); +- +-extern void printf(const char *, ...); +-#else /* KERNEL */ ++#else /* KERNEL || _KERNEL */ + + /* + * User space buffer management macros +@@ -251,37 +259,12 @@ + #endif + #define STATIC + +-/* +- * ANSI prototypes for C library routines and syscalls +- */ +-extern int gethostname(char *, int); +-extern int fprintf(FILE *, const char *, ...); +-extern int fflush(FILE *); +-extern int fgetc(FILE *); +-extern int fseek(FILE *, long, int); +-extern size_t fread(void *, size_t, size_t, FILE *); +-extern int fclose(FILE *); +-extern int socket(int, int, int); +-extern int ioctl(int, int, ...); +-extern int pclose(FILE *); +-/*extern int getrlimit(int, struct rlimit *); */ +-extern void perror(const char *); +-extern time_t time(time_t *); +-extern int getopt(int, char * const *, const char *); +-extern int sscanf(const char *, const char *, ...); +- + #endif /* KERNEL */ + +-/* XXX Bad IPPROTO_ENCAP define ? */ +-#ifdef IPPROTO_ENCAP +-#undef IPPROTO_ENCAP +-#endif +-#define IPPROTO_ENCAP 4 +- + /* SKIP specific */ + +-#define SKIP_DIR "/etc/skip/" +-#define SKIP_BIN "/usr/skip/bin" ++#define SKIP_DIR "@@PREFIX@@/etc/skip/" ++#define SKIP_BIN "@@PREFIX@@/bin" + #define KEYMGR "/dev/skip_key" + + /* +@@ -306,12 +289,6 @@ + /* General purpose */ + + typedef unsigned char byte; +- +-#if 0 +-extern void bcopy(void *, void *, int); +-extern void bzero(void *, int); +-extern int bcmp(void *, void *, int); +-#endif + + #define SKIP_IFCMP(if1, if2) strcmp(if1, if2) + diff --git a/security/skip/files/patch-bv b/security/skip/files/patch-bv index 92b7bdc28136..f5660002307e 100644 --- a/security/skip/files/patch-bv +++ b/security/skip/files/patch-bv @@ -1,39 +1,160 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/keymgrd/skip_log.C work.new/skip/keymgrd/skip_log.C ---- skipsrc-1.0.orig/skip/keymgrd/skip_log.C Fri Oct 25 13:12:50 1996 -+++ work.new/skip/keymgrd/skip_log.C Mon Mar 8 21:33:38 1999 -@@ -60,7 +60,7 @@ - strcpy(outbuf,buf); - } +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_wrapper.c work.new/skip/freebsd/skip_wrapper.c +--- skipsrc-1.0.orig/skip/freebsd/skip_wrapper.c Fri Oct 25 13:12:43 1996 ++++ work.new/skip/freebsd/skip_wrapper.c Tue Jan 25 16:22:40 2000 +@@ -66,55 +66,113 @@ + #include + #include --FILE *skip_log_fp = NULL; -+int skip_log_syslog = 0; ++#define SKIP_CDEV_MAJOR 142 ++#define SKIP_NUM_MINOR 16 ++static struct cdevsw skip_cdevsw = { ++ /* open */ skip_ifopen, ++ /* close */ skip_ifclose, ++ /* read */ skip_ifread, ++ /* write */ skip_ifwrite, ++ /* ioctl */ skip_ifioctl, ++#if __FreeBSD_version < 400011 ++ /* stop */ nullstop, ++ /* reset */ noreset, ++ /* devtotty */ nodevtotty, ++#endif ++ /* poll */ skip_ifpoll, ++ /* mmap */ nommap, ++ /* strategy */ nostrategy, ++ /* name */ "skip", ++#if __FreeBSD_version < 400011 ++ /* maj */ NULL ++#else ++ /* maj */ SKIP_CDEV_MAJOR, ++ /* dump */ nodump, ++ /* psize */ nopsize, ++ /* flags */ 0, ++ /* bmaj */ -1 ++#endif ++}; - void skip_log(int severity, char *control,...) - { -@@ -71,15 +71,15 @@ - get_time(buf); - va_start(va,control); +-/* +- * SunOS 4.1.x loadable driver wrapper for the SKIP module +- */ +-extern char skip_module_name[]; ++#if __FreeBSD_version < 400011 ++static struct cdevsw *old_dev; ++static u_long skip_major; ++static dev_t dev; ++#else ++static u_long skip_major = SKIP_CDEV_MAJOR; ++static dev_t devs[SKIP_NUM_MINOR]; ++#endif -- if (skip_log_fp) -- out = skip_log_fp; -- else if (severity == SKIP_NOTICE) -- out=stdout; -- else -- out=stderr; + /* +- * Module linkage information for the kernel. ++ * Handle loading and unloading of the SKIP module. + */ +-extern int nulldev(); - -- fprintf(out,"%s",buf); -- vfprintf(out, control,va); -- fprintf(out,"\n"); -- fflush(out); -+ if (skip_log_syslog) { -+ vsyslog(severity, control, va); -+ } else { -+ out = (severity == SKIP_NOTICE) ? stdout : stderr; -+ fprintf(out, "%s",buf); -+ vfprintf(out, control, va); -+ fprintf(out, "\n"); -+ fflush(out); -+ } -+ va_end(va); - } +-struct cfdriver skipcd= +- { NULL, "skip", NULL, NULL, DV_DULL, 0 }; +- +-struct cdevsw skipdevsw = { +- skip_ifopen, skip_ifclose, skip_ifread, skip_ifwrite, skip_ifioctl, +- NULL, NULL, NULL, skip_ifselect, NULL, NULL +-}; +- +-MOD_DEV("skipmod", LM_DT_CHAR, -1, (void *)&skipdevsw) +- +-extern int skip_init(), skip_uninit(); +- +-/*ARGSUSED*/ +-int +-skipmod_load(struct lkm_table *lkmtp, int cmd) ++static int ++skip_mod_event(module_t mod, int event, void *data) + { +- +- int rc; +- rc = skip_init(); +- if (rc != 0) { +- return (rc); ++ int error = 0; ++#if __FreeBSD_version >= 400011 ++ int minor; ++#endif + ++ switch (event) { ++ case MOD_LOAD: ++ ++ /* Add character device */ ++#if __FreeBSD_version < 400011 ++ dev = (dev_t)-1; ++ if ((error = cdevsw_add(&dev, &skip_cdevsw, &old_dev)) != 0) { ++ log(LOG_ERR, "skip: can't add device\n"); ++ break; ++ } ++ skip_major = major(dev); ++#else ++ devs[0] = make_dev(&skip_cdevsw, 0, ++ UID_ROOT, GID_WHEEL, 0644, "skip_key"); ++ for (minor = 1; minor < SKIP_NUM_MINOR; minor++) { ++ devs[minor] = make_dev(&skip_cdevsw, minor, ++ UID_ROOT, GID_WHEEL, 0644, "skip%d", minor); ++ } ++#endif ++ ++ /* Initialize SKIP itself */ ++ if ((error = skip_init()) != 0) { ++ /* XXX should remove char device */ ++ log(LOG_ERR, "skip: init failed\n"); ++ break; ++ } ++ log(LOG_INFO, "skip: device major=%lu, driver loaded\n", ++ skip_major); ++ break; ++ ++ case MOD_UNLOAD: ++ ++ /* Uninitialize SKIP */ ++ if ((error = skip_uninit()) != 0) { ++ log(LOG_INFO, "skip: uninit failed\n"); ++ break; ++ } ++ ++ /* Replace original device driver (if any) */ ++#if __FreeBSD_version < 400011 ++ dev = makedev(skip_major, 0); ++ (void) cdevsw_add(&dev, old_dev, NULL); ++#else ++ for (minor = 0; minor < SKIP_NUM_MINOR; minor++) ++ destroy_dev(devs[minor]); ++#endif ++ break; ++ ++ default: ++ error = EOPNOTSUPP; ++ break; + } +- uprintf("skip: driver loaded\n"); +- return (0); ++ return(error); + } + +-skipmod_unload(struct lkm_table *lkmtp, int cmd) +-{ +- +- int rc; +- rc = skip_uninit(); +- if (rc == 0) { +- uprintf("skip: driver unloaded\n"); +- } +- return (rc); +-} ++static moduledata_t skip_mod = { ++ "skip", ++ skip_mod_event, ++ NULL ++}; ++DECLARE_MODULE(skip, skip_mod, SI_SUB_PROTO_END, SI_ORDER_MIDDLE); + +-xxxinit(struct lkm_table *lkmtp, int cmd, int ver) +-{ +- DISPATCH(lkmtp, cmd, ver, skipmod_load, skipmod_unload, nosys); +-} diff --git a/security/skip/files/patch-bw b/security/skip/files/patch-bw index df1b6338642a..ebc3140503fd 100644 --- a/security/skip/files/patch-bw +++ b/security/skip/files/patch-bw @@ -1,12 +1,12 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/keymgrd/skip_log.h work.new/skip/keymgrd/skip_log.h ---- skipsrc-1.0.orig/skip/keymgrd/skip_log.h Fri Oct 25 13:12:51 1996 -+++ work.new/skip/keymgrd/skip_log.h Mon Mar 8 21:33:38 1999 -@@ -45,5 +45,6 @@ - #pragma ident "@(#)skip_log.h 1.3 95/11/17" - - void skip_log(int,char*,...); --#define SKIP_ERROR 1 --#define SKIP_NOTICE 2 -+#define SKIP_ERROR LOG_ERR -+#define SKIP_NOTICE LOG_NOTICE -+#define SKIP_INFO LOG_INFO +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/include/skip_conf.h work.new/skip/include/skip_conf.h +--- skipsrc-1.0.orig/skip/include/skip_conf.h Fri Oct 25 13:12:44 1996 ++++ work.new/skip/include/skip_conf.h Mon Jan 24 12:35:40 2000 +@@ -58,7 +58,7 @@ + #define SKIP_CERTSBASE SKIP_DIR"certdb" + #define SKIP_SECRET_CACHE SKIP_DIR"secret_cache" + #define SKIP_RAW_FILE SKIP_DIR"raw_keys" +-#define SKIP_PID SKIP_DIR"skipd.pid" ++#define SKIP_PID "/var/run/skipd.pid" + + /* + * Key manager Crypt algorithms supported diff --git a/security/skip/files/patch-bx b/security/skip/files/patch-bx index 95d228ac0fa3..f22f5dd212c3 100644 --- a/security/skip/files/patch-bx +++ b/security/skip/files/patch-bx @@ -1,21 +1,42 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/keymgrd/skip_msgs.C work.new/skip/keymgrd/skip_msgs.C ---- skipsrc-1.0.orig/skip/keymgrd/skip_msgs.C Fri Oct 25 13:12:51 1996 -+++ work.new/skip/keymgrd/skip_msgs.C Mon Mar 8 21:33:38 1999 -@@ -82,7 +82,7 @@ - set.msgtype = SKIP_SET_CDP_SERVER_PORT; - set.port = cdp_port; - -- skip_log(SKIP_NOTICE, "Setting CDP port=%d", cdp_port); -+ skip_log(SKIP_INFO, "Setting CDP port=%d", cdp_port); - fflush(stdout); - - if (put_kernel_message(fd, &set, sizeof(set)) < 0) { -@@ -107,7 +107,7 @@ - set.version = version; - set.kij_alg = kij_alg; - -- skip_log(SKIP_NOTICE, "Setting supported kij alg=%d for version %d", -+ skip_log(SKIP_INFO, "Setting supported kij alg=%d for version %d", - kij_alg, version); - fflush(stdout); - +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/include/skip_key.h work.new/skip/include/skip_key.h +--- skipsrc-1.0.orig/skip/include/skip_key.h Fri Oct 25 13:12:44 1996 ++++ work.new/skip/include/skip_key.h Mon Jan 24 12:35:40 2000 +@@ -209,24 +209,22 @@ + void *, skip_arg_t *) + ); + #endif +-void skip_close(); ++void skip_close(void *sd); + int skip_encrypt(void *, SKIP_BUF_T *, SKIP_BUF_T *, + skip_param_t *, void *); + int skip_decrypt(void *, SKIP_BUF_T *, SKIP_BUF_T *, + skip_hdr_t *hdr, int, void *); + int skip_key_check(skip_keycb_t *, void *); +-void skip_key_iterate(int (*)(), void *); ++void skip_key_iterate(int (*)(skip_keycb_t *, void *), void *); + int skip_hdr_encode(skip_hdr_t *, unsigned char *); + int skip_iv_encode(skip_hdr_t *, unsigned char *); + void skip_hdr_init(skip_keycb_t *); + +-void skip_key_tellkm(enum skip_msgs, skip_keycb_t *); +-void skip_key_fromkm(union skip_messages *, unsigned int); + void skip_update_encrypt_key(struct Encrypted_key_rsp *); + void skip_update_decrypt_key(struct Decrypted_key_rsp *); + +-void skip_local_keyid_init(); +-void skip_local_keyid_uninit(); ++void skip_local_keyid_init(void); ++void skip_local_keyid_uninit(void); + void skip_set_local_keyid(unsigned char , skip_key_var_t *); + int skip_check_keyid(unsigned char , skip_key_var_t *, boolean_t); + int skip_get_default_keyid(unsigned char, unsigned char *); +@@ -254,8 +252,8 @@ + * function prototypes + */ + void skip_key_fromkm(union skip_messages *, unsigned int); ++void skip_key_tellkm(enum skip_msgs, skip_keycb_t *); + #endif +- + + /* + * external variables diff --git a/security/skip/files/patch-by b/security/skip/files/patch-by index 626f94ee5dcd..98fb35c85d21 100644 --- a/security/skip/files/patch-by +++ b/security/skip/files/patch-by @@ -1,12 +1,11 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/keymgrd/skipca.C work.new/skip/keymgrd/skipca.C ---- skipsrc-1.0.orig/skip/keymgrd/skipca.C Fri Oct 25 13:12:53 1996 -+++ work.new/skip/keymgrd/skipca.C Mon Mar 8 21:33:38 1999 -@@ -307,7 +307,7 @@ - } - if (overwrite) { - int ret; -- sprintf(buf,"/usr/bin/rm -rf %s", CA_PATH); -+ sprintf(buf,"/bin/rm -rf %s", CA_PATH); - ret = system(buf); - if (ret) { - fprintf(stderr,"Unable to Clean old directory %s \n", +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/include/skip_types.h work.new/skip/include/skip_types.h +--- skipsrc-1.0.orig/skip/include/skip_types.h Fri Oct 25 13:12:45 1996 ++++ work.new/skip/include/skip_types.h Mon Jan 24 12:35:40 2000 +@@ -142,6 +142,7 @@ + unsigned char flags; /* ACL info for this system */ + struct in_addr mask; /* network/host mask */ + struct in_addr tunnel_addr; /* tunneling address */ ++ unsigned long source; /* source address */ + } skip_param_t; + + /* diff --git a/security/skip/files/patch-bz b/security/skip/files/patch-bz index 8636e69adc25..3c8ecd2959e8 100644 --- a/security/skip/files/patch-bz +++ b/security/skip/files/patch-bz @@ -1,76 +1,12 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/keymgrd/skipd.C work.new/skip/keymgrd/skipd.C ---- skipsrc-1.0.orig/skip/keymgrd/skipd.C Fri Oct 25 13:12:54 1996 -+++ work.new/skip/keymgrd/skipd.C Mon Mar 8 21:33:38 1999 -@@ -48,6 +48,7 @@ - * System includes - */ - #include -+#include - - /* - * SKIP includes -@@ -84,8 +85,9 @@ - { - int c; - int errflag = 0; -+ int noFork = 0; - -- while ((c = getopt(argc, argv, "vV?")) != EOF) { -+ while ((c = getopt(argc, argv, "nvV?")) != EOF) { - switch(c) { - case 'v': - verbose = 1; -@@ -95,6 +97,9 @@ - verbose = 2; - break; - -+ case 'n': -+ noFork = 1; -+ break; - case '?': - default: - errflag++; -@@ -106,34 +111,18 @@ - exit(1); - } - -+ if (!noFork) - { -- extern FILE *skip_log_fp; -- -- skip_log_fp = fopen("/var/log/skipd.log", "w+"); -+ extern int skip_log_syslog; - -- // if open fails, skip_log will default to stdout/stderr -+ /* output to syslog */ -+ openlog("skipd", 0, LOG_DAEMON); -+ skip_log_syslog = 1; -+ -+ /* become a background daemon */ -+ if (daemon(0, 0)) -+ err(1, "daemon"); - } -- -- --// put ourselves into the background -- -- switch (fork()) { -- case -1: -- skip_log(SKIP_ERROR, "fork failed"); -- exit(1); -- -- case 0: -- break; -- -- default: -- exit(0); -- } -- -- setsid(); -- -- freopen("/dev/null", "r", stdin); -- freopen("/dev/null", "w", stdout); -- freopen("/dev/null", "w", stderr); - - skip_init(); - skipd_loop(); +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/keymgrd/cdp.h work.new/skip/keymgrd/cdp.h +--- skipsrc-1.0.orig/skip/keymgrd/cdp.h Fri Oct 25 13:12:46 1996 ++++ work.new/skip/keymgrd/cdp.h Tue Jan 25 09:58:30 2000 +@@ -172,7 +172,7 @@ + void cdp_putfail(u_char nsid, const Bstream& mkid); + + Bstream encode(); +- decode(Bstream &); ++ int decode(Bstream &); + + void print(); + void clear(); diff --git a/security/skip/files/patch-ca b/security/skip/files/patch-ca index 89bf28fe41b1..720dbe94f488 100644 --- a/security/skip/files/patch-ca +++ b/security/skip/files/patch-ca @@ -1,13 +1,24 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/keymgrd/skiplocal.C work.new/skip/keymgrd/skiplocal.C ---- skipsrc-1.0.orig/skip/keymgrd/skiplocal.C Fri Oct 25 13:12:55 1996 -+++ work.new/skip/keymgrd/skiplocal.C Mon Mar 8 21:33:38 1999 -@@ -88,8 +88,7 @@ +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/keymgrd/cdp_queue.C work.new/skip/keymgrd/cdp_queue.C +--- skipsrc-1.0.orig/skip/keymgrd/cdp_queue.C Fri Oct 25 13:12:47 1996 ++++ work.new/skip/keymgrd/cdp_queue.C Mon Jan 24 12:35:40 2000 +@@ -91,17 +91,17 @@ - void - usage(char *s){ -- fprintf(stderr, "%s [add|export|extract|list|keygen|rm" -- , s); -+ fprintf(stderr, "%s [add|export|extract|list|keygen|rm]\n", s); - exit(1); - } + switch (kind) { + case RESOLVER_PING: +- skip_log(SKIP_NOTICE, "add_cdp_resolver(@) (bilateral)"); ++ skip_log(SKIP_INFO, "add_cdp_resolver(@) (bilateral)"); + break; + case RESOLVER_TUNNEL: +- skip_log(SKIP_NOTICE, "add_cdp_resolver(=) (tunnel)"); ++ skip_log(SKIP_INFO, "add_cdp_resolver(=) (tunnel)"); + break; + + case RESOLVER_HOST: + if (parse_ip_address(&r.server, arg)) + return; +- skip_log(SKIP_NOTICE, "add_cdp_resolver(%s)", arg); ++ skip_log(SKIP_INFO, "add_cdp_resolver(%s)", arg); + break; + + default: diff --git a/security/skip/files/patch-cb b/security/skip/files/patch-cb index 9e7c4771141e..8fbbde020f90 100644 --- a/security/skip/files/patch-cb +++ b/security/skip/files/patch-cb @@ -1,13 +1,15 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/keymgrd/t_mem.c work.new/skip/keymgrd/t_mem.c ---- skipsrc-1.0.orig/skip/keymgrd/t_mem.c Fri Oct 25 13:12:55 1996 -+++ work.new/skip/keymgrd/t_mem.c Mon Mar 8 21:33:38 1999 -@@ -45,8 +45,7 @@ - #pragma ident "@(#)t_mem.c 1.2 95/11/23 Sun Microsystems" - - #include "global.h" --#include --#include -+#include - #include - - void T_memset(POINTER s, int c, unsigned int n ) +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/keymgrd/certreq.C work.new/skip/keymgrd/certreq.C +--- skipsrc-1.0.orig/skip/keymgrd/certreq.C Fri Oct 25 13:12:47 1996 ++++ work.new/skip/keymgrd/certreq.C Tue Jan 25 12:56:21 2000 +@@ -120,7 +120,11 @@ + FD_SET(sock,&f); + n=select(sock+1,&f,NULL,NULL,&tv); + if (n > 0) { ++#if __FreeBSD_version < 400013 + int fromlen; ++#else ++ socklen_t fromlen; ++#endif + fromlen=sizeof(from); + n=recvfrom(sock, (char *)buf,sizeof(buf),0, + (sockaddr *)&from,&fromlen); diff --git a/security/skip/files/patch-cc b/security/skip/files/patch-cc index 9c3a6cfd9a24..a05475606eca 100644 --- a/security/skip/files/patch-cc +++ b/security/skip/files/patch-cc @@ -1,27 +1,24 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/man/install_skip_keys.1m work.new/skip/man/install_skip_keys.1m ---- skipsrc-1.0.orig/skip/man/install_skip_keys.1m Fri Oct 25 13:12:56 1996 -+++ work.new/skip/man/install_skip_keys.1m Mon Mar 8 21:33:39 1999 -@@ -41,20 +41,13 @@ - .RE - .P - .SH FILES --.SS Solaris 1.x systems: - .P --/etc/skip/certdb.dir -+@@PREFIX@@/etc/skip/certdb.dir - .br --/etc/skip/localid/.. -+@@PREFIX@@/etc/skip/localid/.. - .br --/etc/skip/CAs/... -+@@PREFIX@@/etc/skip/CAs/... - .br --.P --.SS Solaris 2.x systems: --.P --/etc/opt/SUNWicg/skip/certdb --/etc/opt/SUNWicg/skip/localid/... --/etc/opt/SUNWicg/skip/CAs/... - .P - .SH NOTES - Currently the name of the Certificate is hard coded into the code. We +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/keymgrd/skip_init.C work.new/skip/keymgrd/skip_init.C +--- skipsrc-1.0.orig/skip/keymgrd/skip_init.C Fri Oct 25 13:12:49 1996 ++++ work.new/skip/keymgrd/skip_init.C Mon Jan 24 12:35:40 2000 +@@ -81,7 +81,7 @@ + return; + } + +- skip_log(SKIP_NOTICE, "local name nsid=%d mkid=%s", ++ skip_log(SKIP_INFO, "local name nsid=%d mkid=%s", + nsid, keyid.get_info_str()); + } + +@@ -135,9 +135,9 @@ + { + // Let the random number generator kick off its entropy gathering + +- skip_log(SKIP_NOTICE, "Initializing random number generator..."); ++ skip_log(SKIP_INFO, "Initializing random number generator..."); + Bstream dummy = get_random_bytes(1); +- skip_log(SKIP_NOTICE, "done"); ++ skip_log(SKIP_INFO, "done"); + } + + auth.load(SKIP_DIR); diff --git a/security/skip/files/patch-cd b/security/skip/files/patch-cd index 0a127397084f..2e70ee6cf65b 100644 --- a/security/skip/files/patch-cd +++ b/security/skip/files/patch-cd @@ -1,14 +1,14 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/man/raw_keys.4 work.new/skip/man/raw_keys.4 ---- skipsrc-1.0.orig/skip/man/raw_keys.4 Fri Oct 25 13:12:56 1996 -+++ work.new/skip/man/raw_keys.4 Mon Mar 8 21:33:39 1999 -@@ -42,9 +42,4 @@ - link. - .SH FILES - .P --.SH Solaris 2.x systems: --/etc/opt/SUNWicg/skip/raw_keys --.P --.SH Other systems: --.P --/etc/skip/raw_keys -+@@PREFIX@@/etc/skip/raw_keys +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/keymgrd/skip_keymgr.h work.new/skip/keymgrd/skip_keymgr.h +--- skipsrc-1.0.orig/skip/keymgrd/skip_keymgr.h Fri Oct 25 13:12:49 1996 ++++ work.new/skip/keymgrd/skip_keymgr.h Tue Jan 25 09:58:59 2000 +@@ -128,8 +128,10 @@ + Bstream skip_kp_to_Ekp(Bstream, u_char, int); + extern Bstream get_random_bytes(int len); + Bstream kijtokijn(Bstream, u_long); ++#if 0 + skip_get_raw_keys(int , u_char , Bstream , ENC_ALG_TYPE , MAC_ALG_TYPE , + u_long , Bstream &, Bstream &, Bstream &); ++#endif + + void set_kij_alg(int , unsigned char , unsigned char ); + extern int skip_set_cdp_port(int, unsigned short); diff --git a/security/skip/files/patch-ce b/security/skip/files/patch-ce index 27867ce5c659..c628fbe0c259 100644 --- a/security/skip/files/patch-ce +++ b/security/skip/files/patch-ce @@ -1,21 +1,11 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/man/skip_certd.1m work.new/skip/man/skip_certd.1m ---- skipsrc-1.0.orig/skip/man/skip_certd.1m Fri Oct 25 13:12:56 1996 -+++ work.new/skip/man/skip_certd.1m Mon Mar 8 21:33:39 1999 -@@ -14,15 +14,10 @@ - .SH FILES - .br - /tmp/skip_certd.log --.SS Solaris 1.x systems: - .P --/etc/skip/certs.dir -+@@PREFIX@@/etc/skip/certs.dir - .br --/etc/skip/certs.pag -+@@PREFIX@@/etc/skip/certs.pag - .P --.SS Solaris 2.x systems: --.P --/etc/opt/SUNWicg/skip/certs.dir --/etc/opt/SUNWicg/skip/certs.pag - .SH SEE ALSO - caping(1) +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/keymgrd/skip_keymgrsubr.C work.new/skip/keymgrd/skip_keymgrsubr.C +--- skipsrc-1.0.orig/skip/keymgrd/skip_keymgrsubr.C Fri Oct 25 13:12:49 1996 ++++ work.new/skip/keymgrd/skip_keymgrsubr.C Mon Jan 24 12:35:40 2000 +@@ -59,7 +59,6 @@ + #include "SkipCert.h" + #include "X509skip.h" + #include "HashCert.h" +-#include "malloc.h" + #include "utils.h" + #include "Sig.h" + #include "skip_log.h" diff --git a/security/skip/files/patch-cf b/security/skip/files/patch-cf index 12928d01a2cc..81a77c6738c2 100644 --- a/security/skip/files/patch-cf +++ b/security/skip/files/patch-cf @@ -1,14 +1,39 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/man/skip_conf.1m work.new/skip/man/skip_conf.1m ---- skipsrc-1.0.orig/skip/man/skip_conf.1m Fri Oct 25 13:12:56 1996 -+++ work.new/skip/man/skip_conf.1m Mon Mar 8 21:33:39 1999 -@@ -28,9 +28,4 @@ - and remove any max_certdb_size lines from \fIskipd.conf\fP. - .SH FILES - .P --.SH Solaris 2.x systems: --/etc/opt/SUNWicg/skip/skipd.conf --.P --.SH Other systems: --.P --/etc/skip/skipd.conf -+@@PREFIX@@/etc/skip/skipd.conf +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/keymgrd/skip_log.C work.new/skip/keymgrd/skip_log.C +--- skipsrc-1.0.orig/skip/keymgrd/skip_log.C Fri Oct 25 13:12:50 1996 ++++ work.new/skip/keymgrd/skip_log.C Mon Jan 24 12:35:40 2000 +@@ -60,7 +60,7 @@ + strcpy(outbuf,buf); + } + +-FILE *skip_log_fp = NULL; ++int skip_log_syslog = 0; + + void skip_log(int severity, char *control,...) + { +@@ -71,15 +71,15 @@ + get_time(buf); + va_start(va,control); + +- if (skip_log_fp) +- out = skip_log_fp; +- else if (severity == SKIP_NOTICE) +- out=stdout; +- else +- out=stderr; +- +- fprintf(out,"%s",buf); +- vfprintf(out, control,va); +- fprintf(out,"\n"); +- fflush(out); ++ if (skip_log_syslog) { ++ vsyslog(severity, control, va); ++ } else { ++ out = (severity == SKIP_NOTICE) ? stdout : stderr; ++ fprintf(out, "%s",buf); ++ vfprintf(out, control, va); ++ fprintf(out, "\n"); ++ fflush(out); ++ } ++ va_end(va); + } ++ diff --git a/security/skip/files/patch-cg b/security/skip/files/patch-cg index 61f07bb5e38c..d0236aab7228 100644 --- a/security/skip/files/patch-cg +++ b/security/skip/files/patch-cg @@ -1,20 +1,12 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/man/skipca.1m work.new/skip/man/skipca.1m ---- skipsrc-1.0.orig/skip/man/skipca.1m Fri Oct 25 13:12:57 1996 -+++ work.new/skip/man/skipca.1m Mon Mar 8 21:33:39 1999 -@@ -81,14 +81,10 @@ - .SH FILES - .SS Solaris 1.x systems: - .P --/etc/skip/CAs -+@@PREFIX@@/etc/skip/CAs - .br --.SS Solaris 2.x systems: --.P --/etc/opt/SUNWicg/skip/CAs --.P - .SH SEE ALSO - .BR skipdb(1m) --.BR skiplocala(1m) -+.BR skiplocal(1m) - .BR skipd(1m) - +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/keymgrd/skip_log.h work.new/skip/keymgrd/skip_log.h +--- skipsrc-1.0.orig/skip/keymgrd/skip_log.h Fri Oct 25 13:12:51 1996 ++++ work.new/skip/keymgrd/skip_log.h Mon Jan 24 12:35:40 2000 +@@ -45,5 +45,6 @@ + #pragma ident "@(#)skip_log.h 1.3 95/11/17" + + void skip_log(int,char*,...); +-#define SKIP_ERROR 1 +-#define SKIP_NOTICE 2 ++#define SKIP_ERROR LOG_ERR ++#define SKIP_NOTICE LOG_NOTICE ++#define SKIP_INFO LOG_INFO diff --git a/security/skip/files/patch-ch b/security/skip/files/patch-ch index 1053e00ff258..908883f7c53b 100644 --- a/security/skip/files/patch-ch +++ b/security/skip/files/patch-ch @@ -1,24 +1,27 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/man/skipd.1m work.new/skip/man/skipd.1m ---- skipsrc-1.0.orig/skip/man/skipd.1m Fri Oct 25 13:12:57 1996 -+++ work.new/skip/man/skipd.1m Mon Mar 8 21:33:39 1999 -@@ -62,17 +62,9 @@ - skipd.conf(4) - .P - .SH FILES --.SH Solaris 2.x systems: --/etc/opt/SUNWicg/skip/skipd.conf --.br --/etc/opt/SUNWicg/skip/CAs/ --.br --/etc/opt/SUNWicg/skip/localid/ --.P --.SH Other systems: - .P --/etc/skip/skipd.conf -+@@PREFIX@@/etc/skip/skipd.conf - .br --/etc/skip/CAs/ -+@@PREFIX@@/etc/skip/CAs/ - .br --/etc/skip/localid/ -+@@PREFIX@@/etc/skip/localid/ +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/keymgrd/skip_machdep.C work.new/skip/keymgrd/skip_machdep.C +--- skipsrc-1.0.orig/skip/keymgrd/skip_machdep.C Fri Oct 25 13:12:51 1996 ++++ work.new/skip/keymgrd/skip_machdep.C Tue Jan 25 12:02:52 2000 +@@ -303,7 +303,11 @@ + Bstream read_sock(int sock) + { + char buf[65535]; ++#if __FreeBSD_version < 400013 + int len = sizeof(sock_partner); ++#else ++ socklen_t len = sizeof(sock_partner); ++#endif + int n; + + n = recvfrom(sock, buf, sizeof(buf), 0, +@@ -324,7 +328,11 @@ + + void write_sock(int sock, const Bstream& data) + { ++#if __FreeBSD_version < 400013 + int len = sizeof(sock_partner); ++#else ++ socklen_t len = sizeof(sock_partner); ++#endif + int n; + + n = sendto(sock, (const char *)data.getdatap(), diff --git a/security/skip/files/patch-ci b/security/skip/files/patch-ci index 7823b652ade7..8199999eae31 100644 --- a/security/skip/files/patch-ci +++ b/security/skip/files/patch-ci @@ -1,14 +1,21 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/man/skipd.conf.4 work.new/skip/man/skipd.conf.4 ---- skipsrc-1.0.orig/skip/man/skipd.conf.4 Fri Oct 25 13:12:57 1996 -+++ work.new/skip/man/skipd.conf.4 Mon Mar 8 21:33:40 1999 -@@ -85,9 +85,4 @@ - \fIskipd.conf\fP options may be set with the \fIskip_conf\fP command. - .SH FILES - .P --.SH Solaris 2.x systems: --/etc/opt/SUNWicg/skip/skipd.conf --.P --.SH Other systems: --.P --/etc/skip/skipd.conf -+@@PREFIX@@/etc/skip/skipd.conf +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/keymgrd/skip_msgs.C work.new/skip/keymgrd/skip_msgs.C +--- skipsrc-1.0.orig/skip/keymgrd/skip_msgs.C Fri Oct 25 13:12:51 1996 ++++ work.new/skip/keymgrd/skip_msgs.C Mon Jan 24 12:35:40 2000 +@@ -82,7 +82,7 @@ + set.msgtype = SKIP_SET_CDP_SERVER_PORT; + set.port = cdp_port; + +- skip_log(SKIP_NOTICE, "Setting CDP port=%d", cdp_port); ++ skip_log(SKIP_INFO, "Setting CDP port=%d", cdp_port); + fflush(stdout); + + if (put_kernel_message(fd, &set, sizeof(set)) < 0) { +@@ -107,7 +107,7 @@ + set.version = version; + set.kij_alg = kij_alg; + +- skip_log(SKIP_NOTICE, "Setting supported kij alg=%d for version %d", ++ skip_log(SKIP_INFO, "Setting supported kij alg=%d for version %d", + kij_alg, version); + fflush(stdout); + diff --git a/security/skip/files/patch-cj b/security/skip/files/patch-cj index 4442c55a735a..9b5df6dbd4a1 100644 --- a/security/skip/files/patch-cj +++ b/security/skip/files/patch-cj @@ -1,19 +1,12 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/man/skipd_restart.1m work.new/skip/man/skipd_restart.1m ---- skipsrc-1.0.orig/skip/man/skipd_restart.1m Fri Oct 25 13:12:57 1996 -+++ work.new/skip/man/skipd_restart.1m Mon Mar 8 21:33:40 1999 -@@ -9,13 +9,6 @@ - You must be root to run this command. - .SH FILES - .P --.SH Solaris 2.x systems: --/etc/opt/SUNWicg/skip/skipd.pid -+/var/run/skipd.pid - .br --/opt/SUNWicg/bin/skipd --.P --.SH Other systems: --.P --/etc/skip/skipd.pid --.br --/usr/skip/bin/skipd -+@@PREFIX@@/bin/skipd +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/keymgrd/skipca.C work.new/skip/keymgrd/skipca.C +--- skipsrc-1.0.orig/skip/keymgrd/skipca.C Fri Oct 25 13:12:53 1996 ++++ work.new/skip/keymgrd/skipca.C Mon Jan 24 12:35:40 2000 +@@ -307,7 +307,7 @@ + } + if (overwrite) { + int ret; +- sprintf(buf,"/usr/bin/rm -rf %s", CA_PATH); ++ sprintf(buf,"/bin/rm -rf %s", CA_PATH); + ret = system(buf); + if (ret) { + fprintf(stderr,"Unable to Clean old directory %s \n", diff --git a/security/skip/files/patch-ck b/security/skip/files/patch-ck index 034015c38eaf..711d80578b0d 100644 --- a/security/skip/files/patch-ck +++ b/security/skip/files/patch-ck @@ -1,18 +1,76 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/man/skipdb.1m work.new/skip/man/skipdb.1m ---- skipsrc-1.0.orig/skip/man/skipdb.1m Fri Oct 25 13:12:57 1996 -+++ work.new/skip/man/skipdb.1m Mon Mar 8 21:33:40 1999 -@@ -79,13 +79,9 @@ - skipdb will always return 0 on Success and non-zero on error. An appropriate - error message will be written to standard error. - .SH FILES --.SS Solaris 1.x systems: - .P --/etc/skip/certdb -+@@PREFIX@@/etc/skip/certdb - .br --.SS Solaris 2.x systems: --.P --/etc/opt/SUNWicg/skip/certdb - .P - .SH SEE ALSO - .BR skiplocal(1m) +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/keymgrd/skipd.C work.new/skip/keymgrd/skipd.C +--- skipsrc-1.0.orig/skip/keymgrd/skipd.C Fri Oct 25 13:12:54 1996 ++++ work.new/skip/keymgrd/skipd.C Mon Jan 24 12:35:40 2000 +@@ -48,6 +48,7 @@ + * System includes + */ + #include ++#include + + /* + * SKIP includes +@@ -84,8 +85,9 @@ + { + int c; + int errflag = 0; ++ int noFork = 0; + +- while ((c = getopt(argc, argv, "vV?")) != EOF) { ++ while ((c = getopt(argc, argv, "nvV?")) != EOF) { + switch(c) { + case 'v': + verbose = 1; +@@ -95,6 +97,9 @@ + verbose = 2; + break; + ++ case 'n': ++ noFork = 1; ++ break; + case '?': + default: + errflag++; +@@ -106,34 +111,18 @@ + exit(1); + } + ++ if (!noFork) + { +- extern FILE *skip_log_fp; +- +- skip_log_fp = fopen("/var/log/skipd.log", "w+"); ++ extern int skip_log_syslog; + +- // if open fails, skip_log will default to stdout/stderr ++ /* output to syslog */ ++ openlog("skipd", 0, LOG_DAEMON); ++ skip_log_syslog = 1; ++ ++ /* become a background daemon */ ++ if (daemon(0, 0)) ++ err(1, "daemon"); + } +- +- +-// put ourselves into the background +- +- switch (fork()) { +- case -1: +- skip_log(SKIP_ERROR, "fork failed"); +- exit(1); +- +- case 0: +- break; +- +- default: +- exit(0); +- } +- +- setsid(); +- +- freopen("/dev/null", "r", stdin); +- freopen("/dev/null", "w", stdout); +- freopen("/dev/null", "w", stderr); + + skip_init(); + skipd_loop(); diff --git a/security/skip/files/patch-cl b/security/skip/files/patch-cl index afb5853292ff..ba3542f6a670 100644 --- a/security/skip/files/patch-cl +++ b/security/skip/files/patch-cl @@ -1,39 +1,13 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/man/skiphost.1m work.new/skip/man/skiphost.1m ---- skipsrc-1.0.orig/skip/man/skiphost.1m Fri Oct 25 13:12:57 1996 -+++ work.new/skip/man/skiphost.1m Mon Mar 8 21:33:38 1999 -@@ -42,6 +42,8 @@ - .BI \-s " sender NSID " \-S " sender key ID"... - .if n .ti +8n - .BI \-v " SKIP version " \-A " tunnel address " \-T -+.if n .ti +8n -+.BI \-f " source IP address " - ] - .if n .ti +5n - [ -@@ -53,9 +55,13 @@ - .if n .ti +8n - .BI \-r " receiver NSID " \-R " receiver key ID"... - .if n .ti +8n -+.BI \-f " source IP address " -+.if n .ti +8n - .BI \-s " sender NSID " \-S " sender key ID"... - .if n .ti +8n - .BI \-v " SKIP version " \-A " tunnel address " \-T -+.if n .ti +8n -+.BI \-f " source IP address " - ] - .SH DESCRIPTION - .B -@@ -185,6 +191,12 @@ - address in outgoing packets with the supplied value. - This permits hiding of network topology. - By default, the tunnel address is set to the destination address. -+.TP -+.BI \-f " source IP address" -+This option is used in tunneling mode to replace the source IP -+address in outgoing packets with the supplied value. -+This permits hiding of network topology. -+By default, the source address is not changed when the packet is encrypted. - .TP - .BI \-T - Encrypt or authenticate only the data part of the IP packet. By default, +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/keymgrd/skiplocal.C work.new/skip/keymgrd/skiplocal.C +--- skipsrc-1.0.orig/skip/keymgrd/skiplocal.C Fri Oct 25 13:12:55 1996 ++++ work.new/skip/keymgrd/skiplocal.C Mon Jan 24 12:35:41 2000 +@@ -88,8 +88,7 @@ + + void + usage(char *s){ +- fprintf(stderr, "%s [add|export|extract|list|keygen|rm" +- , s); ++ fprintf(stderr, "%s [add|export|extract|list|keygen|rm]\n", s); + exit(1); + } + diff --git a/security/skip/files/patch-cm b/security/skip/files/patch-cm index fac6a91655fc..700efc43d2c6 100644 --- a/security/skip/files/patch-cm +++ b/security/skip/files/patch-cm @@ -1,17 +1,13 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/man/skipif.1m work.new/skip/man/skipif.1m ---- skipsrc-1.0.orig/skip/man/skipif.1m Fri Oct 25 13:12:58 1996 -+++ work.new/skip/man/skipif.1m Mon Mar 8 21:33:40 1999 -@@ -104,12 +104,8 @@ - skipif will advise so. - .SH FILES - .br --.SS Solaris 2.x systems: - .P --/etc/opt/SUNWicg/skip/acl. --.SS Other systems: --.P --/etc/skip/acl. -+@@PREFIX@@/etc/skip/acl. - .P - .SH SEE ALSO - skiphost(1M), skipstat(1M), skiptool(1M), ifconfig(1M) +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/keymgrd/t_mem.c work.new/skip/keymgrd/t_mem.c +--- skipsrc-1.0.orig/skip/keymgrd/t_mem.c Fri Oct 25 13:12:55 1996 ++++ work.new/skip/keymgrd/t_mem.c Mon Jan 24 12:35:41 2000 +@@ -45,8 +45,7 @@ + #pragma ident "@(#)t_mem.c 1.2 95/11/23 Sun Microsystems" + + #include "global.h" +-#include +-#include ++#include + #include + + void T_memset(POINTER s, int c, unsigned int n ) diff --git a/security/skip/files/patch-cn b/security/skip/files/patch-cn index 4c2b107677a8..6372cdbce8a6 100644 --- a/security/skip/files/patch-cn +++ b/security/skip/files/patch-cn @@ -1,18 +1,27 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/man/skiplocal.1m work.new/skip/man/skiplocal.1m ---- skipsrc-1.0.orig/skip/man/skiplocal.1m Fri Oct 25 13:12:58 1996 -+++ work.new/skip/man/skiplocal.1m Mon Mar 8 21:33:40 1999 -@@ -171,13 +171,9 @@ - \fBskipd_restart\fP in order for the changes to take effect. +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/man/install_skip_keys.1m work.new/skip/man/install_skip_keys.1m +--- skipsrc-1.0.orig/skip/man/install_skip_keys.1m Fri Oct 25 13:12:56 1996 ++++ work.new/skip/man/install_skip_keys.1m Mon Jan 24 12:35:41 2000 +@@ -41,20 +41,13 @@ + .RE .P .SH FILES -.SS Solaris 1.x systems: .P --/etc/skip/localids -+@@PREFIX@@/etc/skip/localids +-/etc/skip/certdb.dir ++@@PREFIX@@/etc/skip/certdb.dir .br +-/etc/skip/localid/.. ++@@PREFIX@@/etc/skip/localid/.. + .br +-/etc/skip/CAs/... ++@@PREFIX@@/etc/skip/CAs/... + .br +-.P -.SS Solaris 2.x systems: -.P --/etc/opt/SUNWicg/skip/localids +-/etc/opt/SUNWicg/skip/certdb +-/etc/opt/SUNWicg/skip/localid/... +-/etc/opt/SUNWicg/skip/CAs/... .P - .SH BUGS - skiplocal export does not work well for communicating with multiple keys. + .SH NOTES + Currently the name of the Certificate is hard coded into the code. We diff --git a/security/skip/files/patch-co b/security/skip/files/patch-co index f82d4dae0ae9..aa5e67d5dab5 100644 --- a/security/skip/files/patch-co +++ b/security/skip/files/patch-co @@ -1,92 +1,14 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/tools/lib/skip_freebsd.c work.new/skip/tools/lib/skip_freebsd.c ---- skipsrc-1.0.orig/skip/tools/lib/skip_freebsd.c Fri Oct 25 13:13:02 1996 -+++ work.new/skip/tools/lib/skip_freebsd.c Mon Mar 8 21:33:38 1999 -@@ -235,7 +235,7 @@ - char * - skip_default_if() - { --#define SKIP_DEFAULT_IF "eth0" /* 3com 3c589 */ -+#define SKIP_DEFAULT_IF "ed1" - static char devname[MAXPATHLEN]; - char cbuf[sizeof(struct ifreq) * 16]; - struct ifconf ifc; -@@ -244,6 +244,7 @@ - struct sockaddr_in *sa; - char hostname[MAXHOSTNAMELEN]; - int s, n; -+ int goodness = 0; - - strcpy(devname, SKIP_DEFAULT_IF); - -@@ -253,11 +254,13 @@ - - hp = _skip_gethostbyname(hostname); - -+#if 0 - if (hp == NULL) { - return(devname); - } -+#endif - -- if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { -+ if ((s = socket(PF_INET, SOCK_RAW, 0)) < 0) { - return (devname); - } - -@@ -276,33 +279,37 @@ - * just in case the primary can't be found. - * - */ -- end = (struct ifreq *) (ifc.ifc_buf + ifc.ifc_len); -- while (ifr < end) { -+ for (end = (struct ifreq *) (ifc.ifc_buf + ifc.ifc_len), -+ ifr = ifc.ifc_req; -+ ifr < end; -+ ifr = (struct ifreq *) -+ ((char *) &ifr->ifr_addr + ifr->ifr_addr.sa_len)) -+ { -+ int newgoodness = 0; - - strcpy(ifflags.ifr_name, ifr->ifr_name); - if (ioctl(s, SIOCGIFFLAGS, (char *) &ifflags) < 0) { -- /*goto out;*/ -+ continue; - } - if ((ifflags.ifr_flags & (IFF_LOOPBACK|IFF_UP|IFF_RUNNING)) == - (IFF_UP|IFF_RUNNING)) { -- /* -- * note the interface name just in case -- */ -- strcpy(devname, ifr->ifr_name); -- /* -- * but try to find an exact match -- */ -- sa = (struct sockaddr_in *) &ifr->ifr_addr; -- if (memcmp(hp->h_addr_list[0], (void *) &sa->sin_addr, -- hp->h_length) == 0) { -- break; -+ /* try to find an exact match */ -+ if (hp && ifr->ifr_addr.sa_family == AF_INET) { -+ sa = (struct sockaddr_in *) &ifr->ifr_addr; -+ if (memcmp(hp->h_addr_list[0], -+ (void *) &sa->sin_addr, hp->h_length) == 0) -+ break; -+ } -+ /* try to prefer ethernet interfaces */ -+ if (ifflags.ifr_flags & IFF_BROADCAST) -+ newgoodness += 1; -+ if (!(ifflags.ifr_flags & IFF_POINTOPOINT)) -+ newgoodness += 1; -+ if (newgoodness > goodness) { -+ strcpy(devname, ifr->ifr_name); -+ goodness = newgoodness; - } - } -- if(ifr->ifr_addr.sa_len) /* Dohw! */ -- ifr = (struct ifreq *) ((caddr_t) ifr + -- ifr->ifr_addr.sa_len - -- sizeof(struct sockaddr)); -- ifr++; - } - out: - (void) close(s); +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/man/raw_keys.4 work.new/skip/man/raw_keys.4 +--- skipsrc-1.0.orig/skip/man/raw_keys.4 Fri Oct 25 13:12:56 1996 ++++ work.new/skip/man/raw_keys.4 Mon Jan 24 12:35:41 2000 +@@ -42,9 +42,4 @@ + link. + .SH FILES + .P +-.SH Solaris 2.x systems: +-/etc/opt/SUNWicg/skip/raw_keys +-.P +-.SH Other systems: +-.P +-/etc/skip/raw_keys ++@@PREFIX@@/etc/skip/raw_keys diff --git a/security/skip/files/patch-cp b/security/skip/files/patch-cp index aa9dc8fe5974..f34032ef323f 100644 --- a/security/skip/files/patch-cp +++ b/security/skip/files/patch-cp @@ -1,161 +1,21 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/tools/skiphost/skiphost.c work.new/skip/tools/skiphost/skiphost.c ---- skipsrc-1.0.orig/skip/tools/skiphost/skiphost.c Fri Oct 25 13:13:03 1996 -+++ work.new/skip/tools/skiphost/skiphost.c Mon Mar 8 21:33:39 1999 -@@ -76,6 +76,7 @@ - static char *skip_version = NULL; - static char *skip_mode = NULL; - static char *tunnel = NULL; -+static char *srcaddr = NULL; - - static int opt, opt_cpt; - static int opt_action, opt_more; -@@ -89,11 +90,14 @@ - static int opt_prt, opt_sh, opt_sel; - static int opt_trs, opt_tunnel; - static int opt_msk, opt_nomadic; -+static int opt_source; - - boolean_t on_boot = B_FALSE; - - #define SKIP_HOST_MASK "255.255.255.255" - -+struct in_addr source_addr; -+ - static void usage(); - - /* -@@ -218,6 +222,11 @@ - if (params->ip_addr.s_addr != params->tunnel_addr.s_addr) { - printf(" -A %s", inet_ntoa(params->tunnel_addr)); - } -+ -+ if(params->source != 0) { -+ source_addr.s_addr = params->source; -+ printf(" -f %s", inet_ntoa(source_addr)); -+ } - - switch (params->version) { - -@@ -376,6 +385,11 @@ - printf(" tunnel=%s", inet_ntoa(params->tunnel_addr)); - } - -+ if (params->source != 0) { -+ source_addr.s_addr = params->source; -+ printf(" source=%s", inet_ntoa(source_addr)); -+ } -+ - switch (params->version) { - - case SKIP_NONE: -@@ -907,12 +921,18 @@ - } - } - -+ if(opt_source) { -+ parms.source = inet_addr(srcaddr); -+ } else { -+ parms.source = 0; -+ } -+ - /* - * Check if a cleartext host... - */ - opt_sel = opt_r_nsid + opt_s_nsid + opt_r_keyid; - opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp; -- opt_sel += opt_vers + opt_nomadic + opt_tunnel; -+ opt_sel += opt_vers + opt_nomadic + opt_tunnel + opt_source; - - if (!opt_sel) { - /* -@@ -1531,6 +1551,7 @@ - "\t\t[-r ] [-R ]...\n" - "\t\t[-s ] [-S ]...\n" - "\t\t[-v ] [-A ] [-T]\n" -+ "\t\t[-f ]\n" - "\t%s [-i ] " - "-x [-M ]...\n" - "\t\t[-k ] [-t ]...\n" -@@ -1592,6 +1613,7 @@ - opt_trs = opt_msk = 0; - opt_prt = opt_sh = opt_mode = 0; - opt_nomadic = opt_tunnel = 0; -+ opt_source = 0; - - ifname = skip_default_if(); - -@@ -1614,7 +1636,7 @@ - */ - optind = 1; - while ((opt = getopt(argc, argv, -- "phuPVTa:d:o:x:i:s:r:S:R:k:t:m:c:v:M:A:")) != -1) { -+ "phuPVTa:d:o:x:i:s:r:S:R:k:t:m:c:v:M:A:f:")) != -1) { - - switch (opt) { - -@@ -1761,7 +1783,10 @@ - SKIP_ONE(&opt_tunnel); - tunnel = optarg; - break; -- -+ case 'f': -+ SKIP_ONE(&opt_source); -+ srcaddr = optarg; -+ break; - case 'h': - default: - usage(); -@@ -1890,7 +1915,7 @@ - opt_sel = opt_r_nsid + opt_s_nsid + opt_r_keyid + opt_s_keyid; - opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp; - opt_sel += opt_mode + opt_vers + opt_trs + opt_msk; -- opt_sel += opt_tunnel; -+ opt_sel += opt_tunnel + opt_source; - - if (opt_sel) { - fprintf(stderr, "%s -u does not take options\n", -@@ -1912,7 +1937,7 @@ - opt_sel = opt_r_nsid + opt_s_nsid + opt_r_keyid + opt_s_keyid; - opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp; - opt_sel += opt_mode + opt_vers + opt_trs + opt_msk; -- opt_sel += opt_tunnel; -+ opt_sel += opt_tunnel + opt_source; - - if (opt_sel) { - fprintf(stderr, "%s -p does not take options\n", -@@ -1941,7 +1966,7 @@ - opt_sel = opt_r_nsid + opt_s_nsid + opt_r_keyid + opt_s_keyid; - opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp; - opt_sel += opt_mode + opt_vers + opt_trs + opt_msk; -- opt_sel += opt_tunnel; -+ opt_sel += opt_tunnel + opt_source; - - if (opt_sel) { - fprintf(stderr, "%s -P does not take options\n", -@@ -1963,7 +1988,7 @@ - opt_sel = opt_r_nsid + opt_s_nsid + opt_r_keyid + opt_s_keyid; - opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp; - opt_sel += opt_mode + opt_vers + opt_trs + opt_msk; -- opt_sel += opt_tunnel; -+ opt_sel += opt_tunnel + opt_source; - - if (opt_sel) { - fprintf(stderr, "%s -V does not take options\n", -@@ -1985,7 +2010,7 @@ - opt_sel = opt_r_nsid + opt_s_nsid + opt_r_keyid + opt_s_keyid; - opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp; - opt_sel += opt_vers + opt_trs + opt_msk; -- opt_sel += opt_tunnel; -+ opt_sel += opt_tunnel + opt_source; - - if (opt_sel) { - usage(); -@@ -2018,7 +2043,7 @@ - */ - opt_sel = opt_s_nsid + opt_s_keyid; - opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp; -- opt_sel += opt_mode + opt_trs + opt_tunnel; -+ opt_sel += opt_mode + opt_trs + opt_tunnel + opt_source; - - if (opt_sel) { - usage(); +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/man/skip_certd.1m work.new/skip/man/skip_certd.1m +--- skipsrc-1.0.orig/skip/man/skip_certd.1m Fri Oct 25 13:12:56 1996 ++++ work.new/skip/man/skip_certd.1m Mon Jan 24 12:35:41 2000 +@@ -14,15 +14,10 @@ + .SH FILES + .br + /tmp/skip_certd.log +-.SS Solaris 1.x systems: + .P +-/etc/skip/certs.dir ++@@PREFIX@@/etc/skip/certs.dir + .br +-/etc/skip/certs.pag ++@@PREFIX@@/etc/skip/certs.pag + .P +-.SS Solaris 2.x systems: +-.P +-/etc/opt/SUNWicg/skip/certs.dir +-/etc/opt/SUNWicg/skip/certs.pag + .SH SEE ALSO + caping(1) diff --git a/security/skip/files/patch-cq b/security/skip/files/patch-cq index 7ef80ce0a98a..24972c8d580d 100644 --- a/security/skip/files/patch-cq +++ b/security/skip/files/patch-cq @@ -1,19 +1,14 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/tools/skiptool/Makefile work.new/skip/tools/skiptool/Makefile ---- skipsrc-1.0.orig/skip/tools/skiptool/Makefile Fri Oct 25 13:13:05 1996 -+++ work.new/skip/tools/skiptool/Makefile Mon Mar 8 21:33:40 1999 -@@ -97,11 +97,15 @@ - - # Compiler flags. - -+PREFIX?= @@PREFIX@@ -+ - DYNAMIC_PATH = $(DYNAMIC_$(OSNAME)) - CFLAGS += $(U_DEBUG) $(OS) -DSKIP_RELEASE="\"$(SKIP_RELEASE)\"" - SKIPINC_DIR = -I../lib -I$(COMM_INC) -I$(DRVDIR) - CPPFLAGS += -I$(WIN_HOME)/include -DMAIN $(SKIPINC_DIR) - CPPFLAGS += -I$(WIN_HOME)/include/pixrect -+CPPFLAGS += -I${PREFIX}/include -+CPPFLAGS += -I${PREFIX}/include/pixrect - LDFLAGS += -L$(WIN_HOME)/lib $(DYNAMIC_PATH) - LDLIBS += ../lib/$(SKIP_LIB) $(OS_LIB) -lxview -lolgx -lX11 - +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/man/skip_conf.1m work.new/skip/man/skip_conf.1m +--- skipsrc-1.0.orig/skip/man/skip_conf.1m Fri Oct 25 13:12:56 1996 ++++ work.new/skip/man/skip_conf.1m Mon Jan 24 12:35:41 2000 +@@ -28,9 +28,4 @@ + and remove any max_certdb_size lines from \fIskipd.conf\fP. + .SH FILES + .P +-.SH Solaris 2.x systems: +-/etc/opt/SUNWicg/skip/skipd.conf +-.P +-.SH Other systems: +-.P +-/etc/skip/skipd.conf ++@@PREFIX@@/etc/skip/skipd.conf diff --git a/security/skip/files/patch-cr b/security/skip/files/patch-cr index 670871b8d617..d7807b837468 100644 --- a/security/skip/files/patch-cr +++ b/security/skip/files/patch-cr @@ -1,12 +1,20 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/tools/skiptool/es_glue.c work.new/skip/tools/skiptool/es_glue.c ---- skipsrc-1.0.orig/skip/tools/skiptool/es_glue.c Fri Oct 25 13:13:05 1996 -+++ work.new/skip/tools/skiptool/es_glue.c Mon Mar 8 21:33:39 1999 -@@ -1948,7 +1948,7 @@ - void - stats(int which) - { -- char *opt, *t, s[STRSZ], *argv[12]; -+ char *opt = NULL, *t = NULL, s[STRSZ], *argv[12]; - char ifstats[STRSZ], *optarg = NULL; +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/man/skipca.1m work.new/skip/man/skipca.1m +--- skipsrc-1.0.orig/skip/man/skipca.1m Fri Oct 25 13:12:57 1996 ++++ work.new/skip/man/skipca.1m Mon Jan 24 12:35:41 2000 +@@ -81,14 +81,10 @@ + .SH FILES + .SS Solaris 1.x systems: + .P +-/etc/skip/CAs ++@@PREFIX@@/etc/skip/CAs + .br +-.SS Solaris 2.x systems: +-.P +-/etc/opt/SUNWicg/skip/CAs +-.P + .SH SEE ALSO + .BR skipdb(1m) +-.BR skiplocala(1m) ++.BR skiplocal(1m) + .BR skipd(1m) - switch (which) { diff --git a/security/skip/files/patch-cs b/security/skip/files/patch-cs index 51ed887cd852..5f716b7941cf 100644 --- a/security/skip/files/patch-cs +++ b/security/skip/files/patch-cs @@ -1,17 +1,24 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/tools/skiptool/es_ras.c work.new/skip/tools/skiptool/es_ras.c ---- skipsrc-1.0.orig/skip/tools/skiptool/es_ras.c Fri Oct 25 13:13:06 1996 -+++ work.new/skip/tools/skiptool/es_ras.c Mon Mar 8 21:33:39 1999 -@@ -92,6 +92,13 @@ - if (stat(path, &st) == 0) { - return (path); - } -+ -+ strcpy(path, SKIP_DIR); -+ strcat(path, "/"); -+ strcat(path, name); -+ if (stat(path, &st) == 0) { -+ return (path); -+ } - return (NULL); - } - +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/man/skipd.1m work.new/skip/man/skipd.1m +--- skipsrc-1.0.orig/skip/man/skipd.1m Fri Oct 25 13:12:57 1996 ++++ work.new/skip/man/skipd.1m Mon Jan 24 12:35:41 2000 +@@ -62,17 +62,9 @@ + skipd.conf(4) + .P + .SH FILES +-.SH Solaris 2.x systems: +-/etc/opt/SUNWicg/skip/skipd.conf +-.br +-/etc/opt/SUNWicg/skip/CAs/ +-.br +-/etc/opt/SUNWicg/skip/localid/ +-.P +-.SH Other systems: + .P +-/etc/skip/skipd.conf ++@@PREFIX@@/etc/skip/skipd.conf + .br +-/etc/skip/CAs/ ++@@PREFIX@@/etc/skip/CAs/ + .br +-/etc/skip/localid/ ++@@PREFIX@@/etc/skip/localid/ diff --git a/security/skip/files/patch-ct b/security/skip/files/patch-ct index 3cd88e45c605..c643d79c00ac 100644 --- a/security/skip/files/patch-ct +++ b/security/skip/files/patch-ct @@ -1,378 +1,14 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/tools/skiptool/skiptool_stubs.c work.new/skip/tools/skiptool/skiptool_stubs.c ---- skipsrc-1.0.orig/skip/tools/skiptool/skiptool_stubs.c Fri Oct 25 13:13:10 1996 -+++ work.new/skip/tools/skiptool/skiptool_stubs.c Mon Mar 8 21:33:39 1999 -@@ -68,6 +68,10 @@ - - #include "es_glue.h" - -+#ifndef __GNUC__ -+#define __attribute__ (x) -+#endif -+ - /* - * Global object definitions. - */ -@@ -173,7 +177,7 @@ - Menu_item - skiptool_menu_item0_callback(Menu_item item, Menu_generate op) - { -- skiptool_base_window_objects * ip = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); -+ skiptool_base_window_objects * ip __attribute__ ((unused)) = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); - - switch (op) { - case MENU_DISPLAY: -@@ -206,7 +210,7 @@ - void - skiptool_base_window_access_ctrl_notify_callback(Panel_item item, int value, Event *event) - { -- skiptool_base_window_objects *ip = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); -+ skiptool_base_window_objects *ip __attribute__ ((unused)) = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); - - - /* gxv_start_connections DO NOT EDIT THIS SECTION */ -@@ -231,7 +235,7 @@ - void - skiptool_base_window_access_mode_notify_callback(Panel_item item, int value, Event *event) - { -- skiptool_base_window_objects *ip = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); -+ skiptool_base_window_objects *ip __attribute__ ((unused)) = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); - - - /* gxv_start_connections DO NOT EDIT THIS SECTION */ -@@ -261,7 +265,7 @@ - void - skiptool_base_window_delete_button_notify_callback(Panel_item item, Event *event) - { -- skiptool_base_window_objects *ip = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); -+ skiptool_base_window_objects *ip __attribute__ ((unused)) = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); - - - /* gxv_start_connections DO NOT EDIT THIS SECTION */ -@@ -280,7 +284,7 @@ - void - skiptool_key_params_win_key_apply_notify_callback(Panel_item item, Event *event) - { -- skiptool_key_params_win_objects *ip = (skiptool_key_params_win_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); -+ skiptool_key_params_win_objects *ip __attribute__ ((unused)) = (skiptool_key_params_win_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); - - - /* gxv_start_connections DO NOT EDIT THIS SECTION */ -@@ -302,7 +306,7 @@ - void - skiptool_key_params_win_key_default_notify_callback(Panel_item item, Event *event) - { -- skiptool_key_params_win_objects *ip = (skiptool_key_params_win_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); -+ skiptool_key_params_win_objects *ip __attribute__ ((unused)) = (skiptool_key_params_win_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); - - - /* gxv_start_connections DO NOT EDIT THIS SECTION */ -@@ -322,7 +326,7 @@ - void - skiptool_required_win_required_add_notify_callback(Panel_item item, Event *event) - { -- skiptool_required_win_objects *ip = (skiptool_required_win_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); -+ skiptool_required_win_objects *ip __attribute__ ((unused)) = (skiptool_required_win_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); - - - /* gxv_start_connections DO NOT EDIT THIS SECTION */ -@@ -341,7 +345,7 @@ - void - skiptool_required_win_required_cancel_notify_callback(Panel_item item, Event *event) - { -- skiptool_required_win_objects *ip = (skiptool_required_win_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); -+ skiptool_required_win_objects *ip __attribute__ ((unused)) = (skiptool_required_win_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); - - - /* gxv_start_connections DO NOT EDIT THIS SECTION */ -@@ -360,7 +364,7 @@ - Menu_item - skiptool_help_menu_item1_callback(Menu_item item, Menu_generate op) - { -- skiptool_base_window_objects * ip = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); -+ skiptool_base_window_objects * ip __attribute__ ((unused)) = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); - - switch (op) { - case MENU_DISPLAY: -@@ -405,7 +409,7 @@ - Menu_item - skiptool_stats_menu_item0_callback(Menu_item item, Menu_generate op) - { -- Xv_opaque ip = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); -+ Xv_opaque ip __attribute__ ((unused)) = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); - - switch (op) { - case MENU_DISPLAY: -@@ -438,7 +442,7 @@ - Menu_item - skiptool_stats_menu_item1_callback(Menu_item item, Menu_generate op) - { -- Xv_opaque ip = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); -+ Xv_opaque ip __attribute__ ((unused)) = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); - - switch (op) { - case MENU_DISPLAY: -@@ -471,7 +475,7 @@ - Menu_item - skiptool_stats_menu_item2_callback(Menu_item item, Menu_generate op) - { -- Xv_opaque ip = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); -+ Xv_opaque ip __attribute__ ((unused)) = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); - - switch (op) { - case MENU_DISPLAY: -@@ -504,7 +508,7 @@ - Menu_item - skiptool_stats_menu_item3_callback(Menu_item item, Menu_generate op) - { -- Xv_opaque ip = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); -+ Xv_opaque ip __attribute__ ((unused)) = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); - - switch (op) { - case MENU_DISPLAY: -@@ -537,7 +541,7 @@ - void - skiptool_hostwin_v2_s_nsid_notify_callback(Panel_item item, int value, Event *event) - { -- skiptool_hostwin_v2_objects *ip = (skiptool_hostwin_v2_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); -+ skiptool_hostwin_v2_objects *ip __attribute__ ((unused)) = (skiptool_hostwin_v2_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); - - - /* gxv_start_connections DO NOT EDIT THIS SECTION */ -@@ -572,6 +576,10 @@ - - case PANEL_LIST_OP_DELETE: - break; -+ -+ case PANEL_LIST_OP_DESELECT: -+ case PANEL_LIST_OP_DBL_CLICK: -+ break; - } - /* gxv_start_connections DO NOT EDIT THIS SECTION */ - -@@ -601,6 +609,10 @@ - - case PANEL_LIST_OP_DELETE: - break; -+ -+ case PANEL_LIST_OP_DESELECT: -+ case PANEL_LIST_OP_DBL_CLICK: -+ break; - } - - /* gxv_start_connections DO NOT EDIT THIS SECTION */ -@@ -616,7 +628,7 @@ - void - skiptool_base_window_delete_xbutton_notify_callback(Panel_item item, Event *event) - { -- skiptool_base_window_objects *ip = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); -+ skiptool_base_window_objects *ip __attribute__ ((unused)) = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); - - /* gxv_start_connections DO NOT EDIT THIS SECTION */ - -@@ -634,7 +646,7 @@ - void - skiptool_base_window_to_x_notify_callback(Panel_item item, Event *event) - { -- skiptool_base_window_objects *ip = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); -+ skiptool_base_window_objects *ip __attribute__ ((unused)) = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); - - /* gxv_start_connections DO NOT EDIT THIS SECTION */ - -@@ -652,7 +664,7 @@ - void - skiptool_base_window_to_a_notify_callback(Panel_item item, Event *event) - { -- skiptool_base_window_objects *ip = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); -+ skiptool_base_window_objects *ip __attribute__ ((unused)) = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); - - /* gxv_start_connections DO NOT EDIT THIS SECTION */ - -@@ -670,7 +682,7 @@ - Menu_item - skiptool_stats_menu_item4_callback(Menu_item item, Menu_generate op) - { -- Xv_opaque ip = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); -+ Xv_opaque ip __attribute__ ((unused)) = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); - - switch (op) { - case MENU_DISPLAY: -@@ -703,7 +715,7 @@ - Menu_item - skiptool_stats_menu_item5_callback(Menu_item item, Menu_generate op) - { -- Xv_opaque ip = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); -+ Xv_opaque ip __attribute__ ((unused)) = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); - - switch (op) { - case MENU_DISPLAY: -@@ -736,7 +748,7 @@ - Menu_item - skiptool_menu_item1_callback(Menu_item item, Menu_generate op) - { -- skiptool_base_window_objects * ip = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); -+ skiptool_base_window_objects * ip __attribute__ ((unused)) = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); - - switch (op) { - case MENU_DISPLAY: -@@ -772,7 +784,7 @@ - Menu_item - skiptool_menu_item3_callback(Menu_item item, Menu_generate op) - { -- skiptool_base_window_objects * ip = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); -+ skiptool_base_window_objects * ip __attribute__ ((unused)) = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); - - switch (op) { - case MENU_DISPLAY: -@@ -805,7 +817,7 @@ - Menu_item - skiptool_menu_item4_callback(Menu_item item, Menu_generate op) - { -- skiptool_base_window_objects * ip = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); -+ skiptool_base_window_objects * ip __attribute__ ((unused)) = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); - - switch (op) { - case MENU_DISPLAY: -@@ -838,7 +850,7 @@ - Menu_item - skiptool_version_menu_item0_callback(Menu_item item, Menu_generate op) - { -- Xv_opaque ip = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); -+ Xv_opaque ip __attribute__ ((unused)) = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); - - switch (op) { - case MENU_DISPLAY: -@@ -869,7 +881,7 @@ - Menu_item - skiptool_version_menu_item1_callback(Menu_item item, Menu_generate op) - { -- Xv_opaque ip = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); -+ Xv_opaque ip __attribute__ ((unused)) = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); - - switch (op) { - case MENU_DISPLAY: -@@ -900,7 +912,7 @@ - Menu_item - skiptool_version_menu_item2_callback(Menu_item item, Menu_generate op) - { -- Xv_opaque ip = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); -+ Xv_opaque ip __attribute__ ((unused)) = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); - - switch (op) { - case MENU_DISPLAY: -@@ -931,7 +943,7 @@ - Menu_item - skiptool_version_menu_nom_item0_callback(Menu_item item, Menu_generate op) - { -- Xv_opaque ip = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); -+ Xv_opaque ip __attribute__ ((unused)) = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); - - switch (op) { - case MENU_DISPLAY: -@@ -962,7 +974,7 @@ - Menu_item - skiptool_version_menu_nom_item1_callback(Menu_item item, Menu_generate op) - { -- Xv_opaque ip = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); -+ Xv_opaque ip __attribute__ ((unused)) = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); - - switch (op) { - case MENU_DISPLAY: -@@ -993,7 +1005,7 @@ - Menu_item - skiptool_version_menu_net_item0_callback(Menu_item item, Menu_generate op) - { -- Xv_opaque ip = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); -+ Xv_opaque ip __attribute__ ((unused)) = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); - - switch (op) { - case MENU_DISPLAY: -@@ -1024,7 +1036,7 @@ - Menu_item - skiptool_version_menu_net_item1_callback(Menu_item item, Menu_generate op) - { -- Xv_opaque ip = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); -+ Xv_opaque ip __attribute__ ((unused)) = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); - - switch (op) { - case MENU_DISPLAY: -@@ -1055,7 +1067,7 @@ - Menu_item - skiptool_version_menu_net_item2_callback(Menu_item item, Menu_generate op) - { -- Xv_opaque ip = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); -+ Xv_opaque ip __attribute__ ((unused)) = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); - - switch (op) { - case MENU_DISPLAY: -@@ -1086,7 +1098,7 @@ - Menu_item - skiptool_version_menu_net_item3_callback(Menu_item item, Menu_generate op) - { -- Xv_opaque ip = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); -+ Xv_opaque ip __attribute__ ((unused)) = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); - - switch (op) { - case MENU_DISPLAY: -@@ -1346,7 +1358,7 @@ - Menu_item - skiptool_version_menu_item3_callback(Menu_item item, Menu_generate op) - { -- Xv_opaque ip = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); -+ Xv_opaque ip __attribute__ ((unused)) = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); - - switch (op) { - case MENU_DISPLAY: -@@ -1377,7 +1389,7 @@ - Menu_item - skiptool_xversion_menu_nom_item0_callback(Menu_item item, Menu_generate op) - { -- Xv_opaque ip = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); -+ Xv_opaque ip __attribute__ ((unused)) = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); - - switch (op) { - case MENU_DISPLAY: -@@ -1410,7 +1422,7 @@ - Menu_item - skiptool_xversion_menu_nom_item1_callback(Menu_item item, Menu_generate op) - { -- Xv_opaque ip = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); -+ Xv_opaque ip __attribute__ ((unused)) = (Xv_opaque) xv_get(item, XV_KEY_DATA, INSTANCE); - - switch (op) { - case MENU_DISPLAY: -@@ -1443,7 +1455,7 @@ - Menu_item - skiptool_exc_menu_item0_callback(Menu_item item, Menu_generate op) - { -- skiptool_base_window_objects * ip = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); -+ skiptool_base_window_objects * ip __attribute__ ((unused)) = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); - - switch (op) { - case MENU_DISPLAY: -@@ -1476,7 +1488,7 @@ - Menu_item - skiptool_exc_menu_item1_callback(Menu_item item, Menu_generate op) - { -- skiptool_base_window_objects * ip = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); -+ skiptool_base_window_objects * ip __attribute__ ((unused)) = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); - - switch (op) { - case MENU_DISPLAY: -@@ -1842,7 +1854,7 @@ - void - skiptool_nomwin_v2_skip_mode_notify_callback(Panel_item item, int value, Event *event) - { -- skiptool_nomwin_v2_objects *ip = (skiptool_nomwin_v2_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); -+ skiptool_nomwin_v2_objects *ip __attribute__ ((unused)) = (skiptool_nomwin_v2_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); - - - /* gxv_start_connections DO NOT EDIT THIS SECTION */ -@@ -1910,7 +1922,7 @@ - void - skiptool_base_window_about_button_notify_callback(Panel_item item, Event *event) - { -- skiptool_base_window_objects *ip = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); -+ skiptool_base_window_objects *ip __attribute__ ((unused)) = (skiptool_base_window_objects *) xv_get(item, XV_KEY_DATA, INSTANCE); - - /* gxv_start_connections DO NOT EDIT THIS SECTION */ - +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/man/skipd.conf.4 work.new/skip/man/skipd.conf.4 +--- skipsrc-1.0.orig/skip/man/skipd.conf.4 Fri Oct 25 13:12:57 1996 ++++ work.new/skip/man/skipd.conf.4 Mon Jan 24 12:35:41 2000 +@@ -85,9 +85,4 @@ + \fIskipd.conf\fP options may be set with the \fIskip_conf\fP command. + .SH FILES + .P +-.SH Solaris 2.x systems: +-/etc/opt/SUNWicg/skip/skipd.conf +-.P +-.SH Other systems: +-.P +-/etc/skip/skipd.conf ++@@PREFIX@@/etc/skip/skipd.conf diff --git a/security/skip/files/patch-cu b/security/skip/files/patch-cu index cc2aef7a23af..e9b2660a6c3c 100644 --- a/security/skip/files/patch-cu +++ b/security/skip/files/patch-cu @@ -1,69 +1,19 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/doc/README.FreeBSD+NAT work.new/doc/README.FreeBSD+NAT ---- skipsrc-1.0.orig/doc/README.FreeBSD+NAT Wed Dec 31 16:00:00 1969 -+++ work.new/doc/README.FreeBSD+NAT Thu Jul 22 11:02:18 1999 -@@ -0,0 +1,65 @@ -+Using SKIP and FreeBSD's NAT (Network Address Translation) together -+------------------------------------------------------------------- -+ -+Skip and NAT are two very popular strategies for building secure -+networks with FreeBSD. They are sometimes believed to be incompatable -+when applied to the same interface. They will work together, however, -+when correctly configured. This document addresses the reference -+implementation of SKIP (1.0) and natd as implemented through ipfw. -+ -+The key to understanding the operation of SKIP and NAT in parallel is to -+realize that inbound packets traverse the ipfw ruleset twice - once as an -+encapsulated packet and once as an de-encapsulated packet with the -+original destination address restored. Outbound packets, on the other -+hand, make a single pass in the unencapsulated state. This understanding -+can be used to advantage in building a nomadic SKIP server. A nomadic SKIP -+server allows any host equipped with a SKIP client to connect to the -+Internet (eg. via a dialup connection to an ISP) and then establish a -+secure connection to the nomadic SKIP server allowing full access to a -+Local Area Network. Because the remote host may have a different IP -+address each time it connects it is known as a nomad and its KeyID is -+used for identification rather than the IP address identification normally -+used to establish authenticity. -+ -+The primary difficulty in setting up a nomadic server in conjunction with -+NAT is not in reaching in to the LAN but in returning a response to the -+remote host. The remote host IP address cannot, by definition, be known -+in advance. Further - authentication of the remote host and -+identification of its IP address by the SKIP module does not proceed to -+update the routing tables in the kernel. A LAN host receiving a -+connection request has insufficient information to reply to the remote -+host either via a static route or by dynamic routing. -+ -+This leads to the requirement that the nomadic server must be in-line -+between the Internet and the LAN so that all packets not destined for the -+LAN are routed to the nomadic server by the gateway address in the LAN -+host. -+ -+The second requirement is to prevent NAT from interfering. NAT does -+not bother the SKIP pass as the packet header is directed to the -+nat/skiphost. You can count the inbound SKIP packets as they -+can be identified by the SKIP protocol (57). Use an ipfw rule -+before the NAT rule such as: -+ -+00010 allow skip from any to any in recv fxp0 -+00100 divert 8668 ip from any to any via fxp0 -+ -+assuming that skip is identified as 57 in /etc/protocols. -+ -+A rule is required for the de-encrypted packets to allow them to be -+forwarded to the LAN by the routing mechanism without interference from -+NAT during the second pass: -+ -+00010 allow skip from any to any in recv fxp0 -+00020 allow ip from any to 192.168.0.0/24 in recv fxp0 -+00100 divert 8668 ip from any to any via fxp0 -+ -+Now you can have nomadic hosts connect securely as part of the LAN and -+hosts on the LAN can continue to access the Internet through NAT. Of -+course, you have to configure the skiphost ACL correctly and setup the -+SKIP client on the nomad to match but that's covered in the -+documentation. -+ -+Jim Flowers -+#4 ISP on C|NET, #1 in Ohio -+ +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/man/skipd_restart.1m work.new/skip/man/skipd_restart.1m +--- skipsrc-1.0.orig/skip/man/skipd_restart.1m Fri Oct 25 13:12:57 1996 ++++ work.new/skip/man/skipd_restart.1m Mon Jan 24 12:35:41 2000 +@@ -9,13 +9,6 @@ + You must be root to run this command. + .SH FILES + .P +-.SH Solaris 2.x systems: +-/etc/opt/SUNWicg/skip/skipd.pid ++/var/run/skipd.pid + .br +-/opt/SUNWicg/bin/skipd +-.P +-.SH Other systems: +-.P +-/etc/skip/skipd.pid +-.br +-/usr/skip/bin/skipd ++@@PREFIX@@/bin/skipd diff --git a/security/skip/files/patch-cv b/security/skip/files/patch-cv new file mode 100644 index 000000000000..3aee17eb46e1 --- /dev/null +++ b/security/skip/files/patch-cv @@ -0,0 +1,18 @@ +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/man/skipdb.1m work.new/skip/man/skipdb.1m +--- skipsrc-1.0.orig/skip/man/skipdb.1m Fri Oct 25 13:12:57 1996 ++++ work.new/skip/man/skipdb.1m Mon Jan 24 12:35:41 2000 +@@ -79,13 +79,9 @@ + skipdb will always return 0 on Success and non-zero on error. An appropriate + error message will be written to standard error. + .SH FILES +-.SS Solaris 1.x systems: + .P +-/etc/skip/certdb ++@@PREFIX@@/etc/skip/certdb + .br +-.SS Solaris 2.x systems: +-.P +-/etc/opt/SUNWicg/skip/certdb + .P + .SH SEE ALSO + .BR skiplocal(1m) diff --git a/security/skip/files/patch-cw b/security/skip/files/patch-cw new file mode 100644 index 000000000000..de055631d913 --- /dev/null +++ b/security/skip/files/patch-cw @@ -0,0 +1,39 @@ +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/man/skiphost.1m work.new/skip/man/skiphost.1m +--- skipsrc-1.0.orig/skip/man/skiphost.1m Fri Oct 25 13:12:57 1996 ++++ work.new/skip/man/skiphost.1m Mon Jan 24 12:35:41 2000 +@@ -42,6 +42,8 @@ + .BI \-s " sender NSID " \-S " sender key ID"... + .if n .ti +8n + .BI \-v " SKIP version " \-A " tunnel address " \-T ++.if n .ti +8n ++.BI \-f " source IP address " + ] + .if n .ti +5n + [ +@@ -53,9 +55,13 @@ + .if n .ti +8n + .BI \-r " receiver NSID " \-R " receiver key ID"... + .if n .ti +8n ++.BI \-f " source IP address " ++.if n .ti +8n + .BI \-s " sender NSID " \-S " sender key ID"... + .if n .ti +8n + .BI \-v " SKIP version " \-A " tunnel address " \-T ++.if n .ti +8n ++.BI \-f " source IP address " + ] + .SH DESCRIPTION + .B +@@ -185,6 +191,12 @@ + address in outgoing packets with the supplied value. + This permits hiding of network topology. + By default, the tunnel address is set to the destination address. ++.TP ++.BI \-f " source IP address" ++This option is used in tunneling mode to replace the source IP ++address in outgoing packets with the supplied value. ++This permits hiding of network topology. ++By default, the source address is not changed when the packet is encrypted. + .TP + .BI \-T + Encrypt or authenticate only the data part of the IP packet. By default, diff --git a/security/skip/files/patch-cx b/security/skip/files/patch-cx new file mode 100644 index 000000000000..edc5e1498cd7 --- /dev/null +++ b/security/skip/files/patch-cx @@ -0,0 +1,17 @@ +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/man/skipif.1m work.new/skip/man/skipif.1m +--- skipsrc-1.0.orig/skip/man/skipif.1m Fri Oct 25 13:12:58 1996 ++++ work.new/skip/man/skipif.1m Mon Jan 24 12:35:41 2000 +@@ -104,12 +104,8 @@ + skipif will advise so. + .SH FILES + .br +-.SS Solaris 2.x systems: + .P +-/etc/opt/SUNWicg/skip/acl. +-.SS Other systems: +-.P +-/etc/skip/acl. ++@@PREFIX@@/etc/skip/acl. + .P + .SH SEE ALSO + skiphost(1M), skipstat(1M), skiptool(1M), ifconfig(1M) diff --git a/security/skip/files/patch-cy b/security/skip/files/patch-cy new file mode 100644 index 000000000000..b867da63add3 --- /dev/null +++ b/security/skip/files/patch-cy @@ -0,0 +1,18 @@ +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/man/skiplocal.1m work.new/skip/man/skiplocal.1m +--- skipsrc-1.0.orig/skip/man/skiplocal.1m Fri Oct 25 13:12:58 1996 ++++ work.new/skip/man/skiplocal.1m Mon Jan 24 12:35:41 2000 +@@ -171,13 +171,9 @@ + \fBskipd_restart\fP in order for the changes to take effect. + .P + .SH FILES +-.SS Solaris 1.x systems: + .P +-/etc/skip/localids ++@@PREFIX@@/etc/skip/localids + .br +-.SS Solaris 2.x systems: +-.P +-/etc/opt/SUNWicg/skip/localids + .P + .SH BUGS + skiplocal export does not work well for communicating with multiple keys. diff --git a/security/skip/files/patch-cz b/security/skip/files/patch-cz new file mode 100644 index 000000000000..3d0b7b17e657 --- /dev/null +++ b/security/skip/files/patch-cz @@ -0,0 +1,92 @@ +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/tools/lib/skip_freebsd.c work.new/skip/tools/lib/skip_freebsd.c +--- skipsrc-1.0.orig/skip/tools/lib/skip_freebsd.c Fri Oct 25 13:13:02 1996 ++++ work.new/skip/tools/lib/skip_freebsd.c Mon Jan 24 12:35:42 2000 +@@ -235,7 +235,7 @@ + char * + skip_default_if() + { +-#define SKIP_DEFAULT_IF "eth0" /* 3com 3c589 */ ++#define SKIP_DEFAULT_IF "ed1" + static char devname[MAXPATHLEN]; + char cbuf[sizeof(struct ifreq) * 16]; + struct ifconf ifc; +@@ -244,6 +244,7 @@ + struct sockaddr_in *sa; + char hostname[MAXHOSTNAMELEN]; + int s, n; ++ int goodness = 0; + + strcpy(devname, SKIP_DEFAULT_IF); + +@@ -253,11 +254,13 @@ + + hp = _skip_gethostbyname(hostname); + ++#if 0 + if (hp == NULL) { + return(devname); + } ++#endif + +- if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { ++ if ((s = socket(PF_INET, SOCK_RAW, 0)) < 0) { + return (devname); + } + +@@ -276,33 +279,37 @@ + * just in case the primary can't be found. + * + */ +- end = (struct ifreq *) (ifc.ifc_buf + ifc.ifc_len); +- while (ifr < end) { ++ for (end = (struct ifreq *) (ifc.ifc_buf + ifc.ifc_len), ++ ifr = ifc.ifc_req; ++ ifr < end; ++ ifr = (struct ifreq *) ++ ((char *) &ifr->ifr_addr + ifr->ifr_addr.sa_len)) ++ { ++ int newgoodness = 0; + + strcpy(ifflags.ifr_name, ifr->ifr_name); + if (ioctl(s, SIOCGIFFLAGS, (char *) &ifflags) < 0) { +- /*goto out;*/ ++ continue; + } + if ((ifflags.ifr_flags & (IFF_LOOPBACK|IFF_UP|IFF_RUNNING)) == + (IFF_UP|IFF_RUNNING)) { +- /* +- * note the interface name just in case +- */ +- strcpy(devname, ifr->ifr_name); +- /* +- * but try to find an exact match +- */ +- sa = (struct sockaddr_in *) &ifr->ifr_addr; +- if (memcmp(hp->h_addr_list[0], (void *) &sa->sin_addr, +- hp->h_length) == 0) { +- break; ++ /* try to find an exact match */ ++ if (hp && ifr->ifr_addr.sa_family == AF_INET) { ++ sa = (struct sockaddr_in *) &ifr->ifr_addr; ++ if (memcmp(hp->h_addr_list[0], ++ (void *) &sa->sin_addr, hp->h_length) == 0) ++ break; ++ } ++ /* try to prefer ethernet interfaces */ ++ if (ifflags.ifr_flags & IFF_BROADCAST) ++ newgoodness += 1; ++ if (!(ifflags.ifr_flags & IFF_POINTOPOINT)) ++ newgoodness += 1; ++ if (newgoodness > goodness) { ++ strcpy(devname, ifr->ifr_name); ++ goodness = newgoodness; + } + } +- if(ifr->ifr_addr.sa_len) /* Dohw! */ +- ifr = (struct ifreq *) ((caddr_t) ifr + +- ifr->ifr_addr.sa_len - +- sizeof(struct sockaddr)); +- ifr++; + } + out: + (void) close(s); diff --git a/security/skip/files/patch-da b/security/skip/files/patch-da new file mode 100644 index 000000000000..a7b683282b92 --- /dev/null +++ b/security/skip/files/patch-da @@ -0,0 +1,161 @@ +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/tools/skiphost/skiphost.c work.new/skip/tools/skiphost/skiphost.c +--- skipsrc-1.0.orig/skip/tools/skiphost/skiphost.c Fri Oct 25 13:13:03 1996 ++++ work.new/skip/tools/skiphost/skiphost.c Mon Jan 24 12:35:42 2000 +@@ -76,6 +76,7 @@ + static char *skip_version = NULL; + static char *skip_mode = NULL; + static char *tunnel = NULL; ++static char *srcaddr = NULL; + + static int opt, opt_cpt; + static int opt_action, opt_more; +@@ -89,11 +90,14 @@ + static int opt_prt, opt_sh, opt_sel; + static int opt_trs, opt_tunnel; + static int opt_msk, opt_nomadic; ++static int opt_source; + + boolean_t on_boot = B_FALSE; + + #define SKIP_HOST_MASK "255.255.255.255" + ++struct in_addr source_addr; ++ + static void usage(); + + /* +@@ -218,6 +222,11 @@ + if (params->ip_addr.s_addr != params->tunnel_addr.s_addr) { + printf(" -A %s", inet_ntoa(params->tunnel_addr)); + } ++ ++ if(params->source != 0) { ++ source_addr.s_addr = params->source; ++ printf(" -f %s", inet_ntoa(source_addr)); ++ } + + switch (params->version) { + +@@ -376,6 +385,11 @@ + printf(" tunnel=%s", inet_ntoa(params->tunnel_addr)); + } + ++ if (params->source != 0) { ++ source_addr.s_addr = params->source; ++ printf(" source=%s", inet_ntoa(source_addr)); ++ } ++ + switch (params->version) { + + case SKIP_NONE: +@@ -907,12 +921,18 @@ + } + } + ++ if(opt_source) { ++ parms.source = inet_addr(srcaddr); ++ } else { ++ parms.source = 0; ++ } ++ + /* + * Check if a cleartext host... + */ + opt_sel = opt_r_nsid + opt_s_nsid + opt_r_keyid; + opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp; +- opt_sel += opt_vers + opt_nomadic + opt_tunnel; ++ opt_sel += opt_vers + opt_nomadic + opt_tunnel + opt_source; + + if (!opt_sel) { + /* +@@ -1531,6 +1551,7 @@ + "\t\t[-r ] [-R ]...\n" + "\t\t[-s ] [-S ]...\n" + "\t\t[-v ] [-A ] [-T]\n" ++ "\t\t[-f ]\n" + "\t%s [-i ] " + "-x [-M ]...\n" + "\t\t[-k ] [-t ]...\n" +@@ -1592,6 +1613,7 @@ + opt_trs = opt_msk = 0; + opt_prt = opt_sh = opt_mode = 0; + opt_nomadic = opt_tunnel = 0; ++ opt_source = 0; + + ifname = skip_default_if(); + +@@ -1614,7 +1636,7 @@ + */ + optind = 1; + while ((opt = getopt(argc, argv, +- "phuPVTa:d:o:x:i:s:r:S:R:k:t:m:c:v:M:A:")) != -1) { ++ "phuPVTa:d:o:x:i:s:r:S:R:k:t:m:c:v:M:A:f:")) != -1) { + + switch (opt) { + +@@ -1761,7 +1783,10 @@ + SKIP_ONE(&opt_tunnel); + tunnel = optarg; + break; +- ++ case 'f': ++ SKIP_ONE(&opt_source); ++ srcaddr = optarg; ++ break; + case 'h': + default: + usage(); +@@ -1890,7 +1915,7 @@ + opt_sel = opt_r_nsid + opt_s_nsid + opt_r_keyid + opt_s_keyid; + opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp; + opt_sel += opt_mode + opt_vers + opt_trs + opt_msk; +- opt_sel += opt_tunnel; ++ opt_sel += opt_tunnel + opt_source; + + if (opt_sel) { + fprintf(stderr, "%s -u does not take options\n", +@@ -1912,7 +1937,7 @@ + opt_sel = opt_r_nsid + opt_s_nsid + opt_r_keyid + opt_s_keyid; + opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp; + opt_sel += opt_mode + opt_vers + opt_trs + opt_msk; +- opt_sel += opt_tunnel; ++ opt_sel += opt_tunnel + opt_source; + + if (opt_sel) { + fprintf(stderr, "%s -p does not take options\n", +@@ -1941,7 +1966,7 @@ + opt_sel = opt_r_nsid + opt_s_nsid + opt_r_keyid + opt_s_keyid; + opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp; + opt_sel += opt_mode + opt_vers + opt_trs + opt_msk; +- opt_sel += opt_tunnel; ++ opt_sel += opt_tunnel + opt_source; + + if (opt_sel) { + fprintf(stderr, "%s -P does not take options\n", +@@ -1963,7 +1988,7 @@ + opt_sel = opt_r_nsid + opt_s_nsid + opt_r_keyid + opt_s_keyid; + opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp; + opt_sel += opt_mode + opt_vers + opt_trs + opt_msk; +- opt_sel += opt_tunnel; ++ opt_sel += opt_tunnel + opt_source; + + if (opt_sel) { + fprintf(stderr, "%s -V does not take options\n", +@@ -1985,7 +2010,7 @@ + opt_sel = opt_r_nsid + opt_s_nsid + opt_r_keyid + opt_s_keyid; + opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp; + opt_sel += opt_vers + opt_trs + opt_msk; +- opt_sel += opt_tunnel; ++ opt_sel += opt_tunnel + opt_source; + + if (opt_sel) { + usage(); +@@ -2018,7 +2043,7 @@ + */ + opt_sel = opt_s_nsid + opt_s_keyid; + opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp; +- opt_sel += opt_mode + opt_trs + opt_tunnel; ++ opt_sel += opt_mode + opt_trs + opt_tunnel + opt_source; + + if (opt_sel) { + usage(); diff --git a/security/skip/files/patch-db b/security/skip/files/patch-db new file mode 100644 index 000000000000..3100b946ab9a --- /dev/null +++ b/security/skip/files/patch-db @@ -0,0 +1,30 @@ +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/tools/skiplog/skiplog.c work.new/skip/tools/skiplog/skiplog.c +--- skipsrc-1.0.orig/skip/tools/skiplog/skiplog.c Fri Oct 25 13:13:04 1996 ++++ work.new/skip/tools/skiplog/skiplog.c Tue Jan 25 12:54:49 2000 +@@ -514,7 +514,7 @@ + destroy_msgs(msgs); + } + +-void ++int + main(int argc, char *argv[]) + { + char msg[STRSZ], *msgs[MAXMSGS] = { NULL }; +@@ -524,7 +524,7 @@ + + if (argc > 2) { + fprintf(stderr, "usage: %s [ interface ]\n", argv[0]); +- exit(1); ++ return(1); + } + + if (argc == 2) { +@@ -543,7 +543,7 @@ + fprintf(stderr, "%s: error - %s\n", argv[0], + skip_errmsg); + } +- exit (1); ++ return (1); + } + + if (skip_var_init(argv[0], ifname)) { diff --git a/security/skip/files/patch-dc b/security/skip/files/patch-dc new file mode 100644 index 000000000000..951c4b77b003 --- /dev/null +++ b/security/skip/files/patch-dc @@ -0,0 +1,19 @@ +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/tools/skiptool/Makefile work.new/skip/tools/skiptool/Makefile +--- skipsrc-1.0.orig/skip/tools/skiptool/Makefile Fri Oct 25 13:13:05 1996 ++++ work.new/skip/tools/skiptool/Makefile Mon Jan 24 12:35:42 2000 +@@ -97,11 +97,15 @@ + + # Compiler flags. + ++PREFIX?= @@PREFIX@@ ++ + DYNAMIC_PATH = $(DYNAMIC_$(OSNAME)) + CFLAGS += $(U_DEBUG) $(OS) -DSKIP_RELEASE="\"$(SKIP_RELEASE)\"" + SKIPINC_DIR = -I../lib -I$(COMM_INC) -I$(DRVDIR) + CPPFLAGS += -I$(WIN_HOME)/include -DMAIN $(SKIPINC_DIR) + CPPFLAGS += -I$(WIN_HOME)/include/pixrect ++CPPFLAGS += -I${PREFIX}/include ++CPPFLAGS += -I${PREFIX}/include/pixrect + LDFLAGS += -L$(WIN_HOME)/lib $(DYNAMIC_PATH) + LDLIBS += ../lib/$(SKIP_LIB) $(OS_LIB) -lxview -lolgx -lX11 + diff --git a/security/skip/files/patch-dd b/security/skip/files/patch-dd new file mode 100644 index 000000000000..3f9f586b1c22 --- /dev/null +++ b/security/skip/files/patch-dd @@ -0,0 +1,12 @@ +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/tools/skiptool/es_glue.c work.new/skip/tools/skiptool/es_glue.c +--- skipsrc-1.0.orig/skip/tools/skiptool/es_glue.c Fri Oct 25 13:13:05 1996 ++++ work.new/skip/tools/skiptool/es_glue.c Mon Jan 24 12:35:42 2000 +@@ -1948,7 +1948,7 @@ + void + stats(int which) + { +- char *opt, *t, s[STRSZ], *argv[12]; ++ char *opt = NULL, *t = NULL, s[STRSZ], *argv[12]; + char ifstats[STRSZ], *optarg = NULL; + + switch (which) { diff --git a/security/skip/files/patch-de b/security/skip/files/patch-de new file mode 100644 index 000000000000..83cd5df1e246 --- /dev/null +++ b/security/skip/files/patch-de @@ -0,0 +1,17 @@ +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/tools/skiptool/es_ras.c work.new/skip/tools/skiptool/es_ras.c +--- skipsrc-1.0.orig/skip/tools/skiptool/es_ras.c Fri Oct 25 13:13:06 1996 ++++ work.new/skip/tools/skiptool/es_ras.c Mon Jan 24 12:35:42 2000 +@@ -92,6 +92,13 @@ + if (stat(path, &st) == 0) { + return (path); + } ++ ++ strcpy(path, SKIP_DIR); ++ strcat(path, "/"); ++ strcat(path, name); ++ if (stat(path, &st) == 0) { ++ return (path); ++ } + return (NULL); + } + diff --git a/security/skip/files/patch-df b/security/skip/files/patch-df new file mode 100644 index 000000000000..d1787e37a2b4 --- /dev/null +++ b/security/skip/files/patch-df @@ -0,0 +1,12 @@ +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/tools/skiptool/es_timers.c work.new/skip/tools/skiptool/es_timers.c +--- skipsrc-1.0.orig/skip/tools/skiptool/es_timers.c Fri Oct 25 13:13:07 1996 ++++ work.new/skip/tools/skiptool/es_timers.c Tue Jan 25 09:59:23 2000 +@@ -302,7 +302,7 @@ + print_timers() + { + timerentry_t *curr = my_timers; +- register abs=0; ++ register int abs=0; + + while (curr) { + abs += curr->t_timeout; -- cgit