Date: Sat, 9 Dec 2017 11:55:44 +0000 (UTC) From: "Carlos J. Puga Medina" <cpm@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r455847 - in head/security: . u2f-devd u2f-devd/files Message-ID: <201712091155.vB9BtiR3000477@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cpm Date: Sat Dec 9 11:55:44 2017 New Revision: 455847 URL: https://svnweb.freebsd.org/changeset/ports/455847 Log: security/u2f-devd: Devd hotplug rules for Universal 2nd Factor (U2F) tokens Automatic device permission handling for Universal 2nd Factor (U2F) USB authentication tokens. PR: 224199 Submitted by: Greg V <greg@unrelenting.technology> Added: head/security/u2f-devd/ head/security/u2f-devd/Makefile (contents, props changed) head/security/u2f-devd/files/ head/security/u2f-devd/files/pkg-message.in (contents, props changed) head/security/u2f-devd/files/u2f.conf (contents, props changed) head/security/u2f-devd/pkg-descr (contents, props changed) Modified: head/security/Makefile Modified: head/security/Makefile ============================================================================== --- head/security/Makefile Sat Dec 9 11:48:42 2017 (r455846) +++ head/security/Makefile Sat Dec 9 11:55:44 2017 (r455847) @@ -1237,6 +1237,7 @@ SUBDIR += truecrypt SUBDIR += tsshbatch SUBDIR += tthsum + SUBDIR += u2f-devd SUBDIR += umit SUBDIR += unhide SUBDIR += unicornscan Added: head/security/u2f-devd/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/u2f-devd/Makefile Sat Dec 9 11:55:44 2017 (r455847) @@ -0,0 +1,25 @@ +# Created by: Greg V <greg@unrelenting.technology> +# $FreeBSD$ + +PORTNAME= u2f-devd +PORTVERSION= 1.0.0 +CATEGORIES= security +MASTER_SITES= # +DISTFILES= # + +MAINTAINER= greg@unrelenting.technology +COMMENT= Devd hotplug rules for Universal 2nd Factor (U2F) tokens + +LICENSE= BSD2CLAUSE + +NO_BUILD= yes +SUB_FILES= pkg-message + +GROUPS= u2f + +PLIST_FILES= etc/devd/u2f.conf + +do-install: + ${INSTALL_DATA} ${FILESDIR}/u2f.conf ${STAGEDIR}${PREFIX}/etc/devd + +.include <bsd.port.mk> Added: head/security/u2f-devd/files/pkg-message.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/u2f-devd/files/pkg-message.in Sat Dec 9 11:55:44 2017 (r455847) @@ -0,0 +1,14 @@ +====================================================================== + +U2F authentication requires read/write access to USB devices. To +facilitate such access it comes with a devd.conf(5) file, but you +still need to restart devd(8), add the desired users to "u2f" group +and log those out of the current session. For example: + +# service devd restart +# pw group mod u2f -m <user> +$ exit + +For details, see %%PREFIX%%/etc/devd/u2f.conf + +====================================================================== Added: head/security/u2f-devd/files/u2f.conf ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/u2f-devd/files/u2f.conf Sat Dec 9 11:55:44 2017 (r455847) @@ -0,0 +1,163 @@ +# Allow members of group u2f to access U2F authentication tokens. +# 'notify' rules work on /dev/usb/* (used by libu2f-host), +# 'attach' rules work on /dev/uhid* (used by web browsers) + +# Yubico Yubikey +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x1050"; + match "product" "(0x0113|0x0114|0x0115|0x0116|0x0120|0x0200|0x0420|0x0403|0x0406|0x0407|0x0410)"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +attach 100 { + match "vendor" "0x1050"; + match "product" "(0x0113|0x0114|0x0115|0x0116|0x0120|0x0200|0x0420|0x0403|0x0406|0x0407|0x0410)"; + action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name"; +}; + +# Happlink (formerly Plug-Up) Security KEY +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x2581"; + match "product" "0xf1d0"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +attach 100 { + match "vendor" "0x2581"; + match "product" "0xf1d0"; + action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name"; +}; + +# Neowave Keydo and Keydo AES +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x1e0d"; + match "product" "(0xf1d0|0xf1ae)"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +attach 100 { + match "vendor" "0x1e0d"; + match "product" "(0xf1d0|0xf1ae)"; + action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name"; +}; + +# HyperSecu HyperFIDO +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "(0x096e|0x2ccf)"; + match "product" "0x0880"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +attach 100 { + match "vendor" "(0x096e|0x2ccf)"; + match "product" "0x0880"; + action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name"; +}; + +# Feitian ePass FIDO +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x096e"; + match "product" "(0x0850|0x0852|0x0853|0x0854|0x0856|0x0858|0x085a|0x085b)"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +attach 100 { + match "vendor" "0x096e"; + match "product" "(0x0850|0x0852|0x0853|0x0854|0x0856|0x0858|0x085a|0x085b)"; + action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name"; +}; + +# JaCarta U2F +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x24dc"; + match "product" "0x0101"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +attach 100 { + match "vendor" "0x24dc"; + match "product" "0x0101"; + action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name"; +}; + +# U2F Zero +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x10c4"; + match "product" "0x8acf"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +attach 100 { + match "vendor" "0x10c4"; + match "product" "0x8acf"; + action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name"; +}; + +# VASCO SeccureClick +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x1a44"; + match "product" "0x00bb"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +attach 100 { + match "vendor" "0x1a44"; + match "product" "0x00bb"; + action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name"; +}; + +# Bluink Key +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x2abe"; + match "product" "0x1002"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +attach 100 { + match "vendor" "0x2abe"; + match "product" "0x1002"; + action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name"; +}; + +# Thetis Key +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x1ea8"; + match "product" "0xf025"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +attach 100 { + match "vendor" "0x1ea8"; + match "product" "0xf025"; + action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name"; +}; Added: head/security/u2f-devd/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/u2f-devd/pkg-descr Sat Dec 9 11:55:44 2017 (r455847) @@ -0,0 +1,2 @@ +Automatic device permission handling for Universal 2nd Factor (U2F) USB +authentication tokens.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201712091155.vB9BtiR3000477>