nfsshell port

security/nfsshell/Makefile

@@ -0,0 +1,27 @@
+# Makefile for:		nfsshell
+# Version required:	1.0
+# Date created:		10 Jun 1999
+# Whom:			dugsong@monkey.org
+#
+# $OpenBSD: Makefile,v 1.1.1.1 1999/06/10 16:04:34 dugsong Exp $
+
+PKGNAME=	nfsshell-1.0
+
+DISTNAME=	nfsshell
+
+CATEGORIES=	security
+
+WRKSRC=		${WRKDIR}/nfs
+
+MASTER_SITES=	ftp://ftp.cs.vu.nl/pub/leendert/
+
+MAINTAINER=	dugsong@monkey.org
+
+NO_CONFIGURE=	yes
+
+ALL_TARGET=	nfs
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/nfs ${PREFIX}/bin/nfsshell
+
+.include <bsd.port.mk>

security/nfsshell/files/md5

@@ -0,0 +1,3 @@
+SHA1 (nfsshell.tar.gz) = 3939bb683bb29cde3b47344251cce57a2eff1a5e
+RMD160 (nfsshell.tar.gz) = 1e496343b268d5683cb8fba2bba9722444011ca2
+MD5 (nfsshell.tar.gz) = d447235518691fc3176ce89a6d836ce7

security/nfsshell/patches/patch-aa

@@ -0,0 +1,23 @@
+--- Makefile.orig	Tue May 19 16:37:23 1998
++++ Makefile	Thu Jun 10 11:57:48 1999
+@@ -21,11 +21,16 @@
+ #	LIBS=-L/usr/local/lib -lreadline -lhistory -ltermlib
+ #
+ 
+-# uncomment the following 4 lines for Solaris 2.x
++# OpenBSD
+ CC		= gcc
+-CFLAGS		= -DSYSV -DREADLINE -I/usr/local/include
+-LIBS		= -lsocket -L/usr/ucblib -R/usr/ucblib -lrpcsoc -lnsl \
+-		  -L/usr/local/lib -lreadline -lhistory -ltermlib
++CFLAGS		+= -DREADLINE
++LIBS		= -lreadline -ltermcap
++
++# uncomment the following 4 lines for Solaris 2.x
++#CC		= gcc
++#CFLAGS		= -DSYSV -DREADLINE -I/usr/local/include
++#LIBS		= -lsocket -L/usr/ucblib -R/usr/ucblib -lrpcsoc -lnsl \
++#		  -L/usr/local/lib -lreadline -lhistory -ltermlib
+ 
+ # uncomment the following 3 lines for AIX
+ #CC		= gcc

security/nfsshell/patches/patch-ab

@@ -0,0 +1,70 @@
+--- nfs.c-orig	Thu Jun 10 03:42:59 1999
++++ nfs.c	Thu Jun 10 10:42:56 1999
+@@ -40,7 +40,6 @@
+ #include <stdlib.h>
+ #include <time.h>
+ #include <rpc/rpc.h>
+-#include <rpc/key_prot.h>
+ #include <rpc/pmap_clnt.h>
+ #ifdef SYSV
+ #include <rpc/clnt_soc.h>
+@@ -50,7 +49,6 @@
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
+ #include <sys/time.h>
+-#include <sys/sysmacros.h>
+ #include "mount.h"
+ #include "nfs_prot.h"
+ #include <netinet/in_systm.h>
+@@ -58,7 +56,6 @@
+ 
+ #ifdef READLINE
+ #include <readline/readline.h>
+-#include <readline/history.h>
+ #endif
+ 
+ /*
+@@ -169,7 +166,6 @@
+ int authtype = AUTH_UNIX;	/* type of authentication */
+ int uid = -2;			/* remote user id (initialy nobody) */
+ int gid = -2;			/* remote group id (initialy nobody) */
+-keybuf secretkey;		/* remote user's secret key */
+ 
+ /* server information (also used as state information) */
+ char *mountpath;		/* remote mount path */
+@@ -384,7 +380,7 @@
+ #ifdef READLINE
+     if (interact) {
+ 	char *line;
+-	if ((line = readline("nfs> ")) == NULL)
++	if ((line = readline("nfsshell> ")) == NULL)
+ 	    return 0;
+ 	strncpy(buf, line, bufsize);
+ 	add_history(line);
+@@ -394,7 +390,7 @@
+ 	    return 0;
+     }
+ #else
+-    if (interact) printf("nfs> ");
++    if (interact) printf("nfsshell> ");
+     if (fgets(buf, bufsize, stdin) == NULL)
+ 	return 0;
+ #endif
+@@ -447,16 +443,13 @@
+ do_setuid(int argc, char **argv)
+ {
+     if (argc > 3) {
+-	fprintf(stderr, "Usage: uid [<uid> [<secret-key>]]\n");
++	fprintf(stderr, "Usage: uid [<uid>]\n");
+ 	return;
+     }
+ 
+     if (argc <= 2) {
+ 	authtype = AUTH_UNIX;
+ 	uid = argc == 1 ? -2 : atoi(argv[1]);
+-    } else if (argc == 3) {
+-	authtype = AUTH_DES;
+-	memcpy(secretkey, argv[2], HEXKEYBYTES);
+     }
+ 
+     if (nfsclient) {

security/nfsshell/patches/patch-ac

@@ -0,0 +1,38 @@
+--- nfs_prot_xdr.c-orig	Thu Jun 10 10:53:42 1999
++++ nfs_prot_xdr.c	Thu Jun 10 10:54:01 1999
+@@ -62,7 +62,7 @@
+ 	if (xdrs->x_op == XDR_ENCODE) {
+ 		if (!xdr_ftype(xdrs, &objp->type))
+ 			return (FALSE);
+-		buf = XDR_INLINE(xdrs, 10 * BYTES_PER_XDR_UNIT);
++		buf = (long *)XDR_INLINE(xdrs, 10 * BYTES_PER_XDR_UNIT);
+ 		if (buf == NULL) {
+ 			if (!xdr_u_int(xdrs, &objp->mode))
+ 				return (FALSE);
+@@ -107,7 +107,7 @@
+ 	} else if (xdrs->x_op == XDR_DECODE) {
+ 		if (!xdr_ftype(xdrs, &objp->type))
+ 			return (FALSE);
+-		buf = XDR_INLINE(xdrs, 10 * BYTES_PER_XDR_UNIT);
++		buf = (long *)XDR_INLINE(xdrs, 10 * BYTES_PER_XDR_UNIT);
+ 		if (buf == NULL) {
+ 			if (!xdr_u_int(xdrs, &objp->mode))
+ 				return (FALSE);
+@@ -516,7 +516,7 @@
+ 
+ 
+ 	if (xdrs->x_op == XDR_ENCODE) {
+-		buf = XDR_INLINE(xdrs, 5 * BYTES_PER_XDR_UNIT);
++		buf = (long *)XDR_INLINE(xdrs, 5 * BYTES_PER_XDR_UNIT);
+ 		if (buf == NULL) {
+ 			if (!xdr_u_int(xdrs, &objp->tsize))
+ 				return (FALSE);
+@@ -537,7 +537,7 @@
+ 		}
+ 		return (TRUE);
+ 	} else if (xdrs->x_op == XDR_DECODE) {
+-		buf = XDR_INLINE(xdrs, 5 * BYTES_PER_XDR_UNIT);
++		buf = (long *)XDR_INLINE(xdrs, 5 * BYTES_PER_XDR_UNIT);
+ 		if (buf == NULL) {
+ 			if (!xdr_u_int(xdrs, &objp->tsize))
+ 				return (FALSE);

security/nfsshell/pkg/COMMENT

@@ -0,0 +1 @@
+NFS auditing tool

security/nfsshell/pkg/DESCR

@@ -0,0 +1,30 @@
+Date:   Mon, 18 May 1998 19:43:50 +0200
+From:   Leendert van Doorn <leendert@CS.VU.NL>
+Subject:      NFS shell
+To:     BUGTRAQ@NETSPACE.ORG
+
+I recently got a request for an nfs shell binary for AIX from one of
+our security consultants. Since I just moved to IBM Watson's GSAL group
+whose job it is to work on security I decided to look at the program
+again. I cleaned it up and since there are already so many old escaped
+versions of the program floating around I decided to put up my version.
+
+Nfs shell provides user level access to an NFS server, over UDP or TCP,
+supports source routing and "secure" (privileged port) mounts. Its a
+useful tool to manually check (or show) security problems after a security
+scanner has detected them.
+
+The sources are in:
+
+        ftp://ftp.cs.vu.nl/pub/leendert/nfsshell.tar.gz
+
+Suggestions for improvements are welcome.
+
+Just be responsible,
+
+        Leendert
+
+--
+Leendert van Doorn                                    <leendert@watson.ibm.com>
+IBM T.J. Watson Research Center                       (914) 784-7831
+30 Saw Mill River Road, Hawthorne, NY 10532

security/nfsshell/pkg/PLIST

@@ -0,0 +1 @@
+bin/nfsshell