svn commit: r455847 - in head/security: . u2f-devd u2f-devd/files
Carlos J. Puga Medina
cpm at FreeBSD.org
Sat Dec 9 11:55:46 UTC 2017
Author: cpm
Date: Sat Dec 9 11:55:44 2017
New Revision: 455847
URL: https://svnweb.freebsd.org/changeset/ports/455847
Log:
security/u2f-devd: Devd hotplug rules for Universal 2nd Factor (U2F) tokens
Automatic device permission handling for Universal 2nd Factor (U2F) USB
authentication tokens.
PR: 224199
Submitted by: Greg V <greg at unrelenting.technology>
Added:
head/security/u2f-devd/
head/security/u2f-devd/Makefile (contents, props changed)
head/security/u2f-devd/files/
head/security/u2f-devd/files/pkg-message.in (contents, props changed)
head/security/u2f-devd/files/u2f.conf (contents, props changed)
head/security/u2f-devd/pkg-descr (contents, props changed)
Modified:
head/security/Makefile
Modified: head/security/Makefile
==============================================================================
--- head/security/Makefile Sat Dec 9 11:48:42 2017 (r455846)
+++ head/security/Makefile Sat Dec 9 11:55:44 2017 (r455847)
@@ -1237,6 +1237,7 @@
SUBDIR += truecrypt
SUBDIR += tsshbatch
SUBDIR += tthsum
+ SUBDIR += u2f-devd
SUBDIR += umit
SUBDIR += unhide
SUBDIR += unicornscan
Added: head/security/u2f-devd/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/u2f-devd/Makefile Sat Dec 9 11:55:44 2017 (r455847)
@@ -0,0 +1,25 @@
+# Created by: Greg V <greg at unrelenting.technology>
+# $FreeBSD$
+
+PORTNAME= u2f-devd
+PORTVERSION= 1.0.0
+CATEGORIES= security
+MASTER_SITES= #
+DISTFILES= #
+
+MAINTAINER= greg at unrelenting.technology
+COMMENT= Devd hotplug rules for Universal 2nd Factor (U2F) tokens
+
+LICENSE= BSD2CLAUSE
+
+NO_BUILD= yes
+SUB_FILES= pkg-message
+
+GROUPS= u2f
+
+PLIST_FILES= etc/devd/u2f.conf
+
+do-install:
+ ${INSTALL_DATA} ${FILESDIR}/u2f.conf ${STAGEDIR}${PREFIX}/etc/devd
+
+.include <bsd.port.mk>
Added: head/security/u2f-devd/files/pkg-message.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/u2f-devd/files/pkg-message.in Sat Dec 9 11:55:44 2017 (r455847)
@@ -0,0 +1,14 @@
+======================================================================
+
+U2F authentication requires read/write access to USB devices. To
+facilitate such access it comes with a devd.conf(5) file, but you
+still need to restart devd(8), add the desired users to "u2f" group
+and log those out of the current session. For example:
+
+# service devd restart
+# pw group mod u2f -m <user>
+$ exit
+
+For details, see %%PREFIX%%/etc/devd/u2f.conf
+
+======================================================================
Added: head/security/u2f-devd/files/u2f.conf
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/u2f-devd/files/u2f.conf Sat Dec 9 11:55:44 2017 (r455847)
@@ -0,0 +1,163 @@
+# Allow members of group u2f to access U2F authentication tokens.
+# 'notify' rules work on /dev/usb/* (used by libu2f-host),
+# 'attach' rules work on /dev/uhid* (used by web browsers)
+
+# Yubico Yubikey
+notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x1050";
+ match "product" "(0x0113|0x0114|0x0115|0x0116|0x0120|0x0200|0x0420|0x0403|0x0406|0x0407|0x0410)";
+ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
+};
+
+attach 100 {
+ match "vendor" "0x1050";
+ match "product" "(0x0113|0x0114|0x0115|0x0116|0x0120|0x0200|0x0420|0x0403|0x0406|0x0407|0x0410)";
+ action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
+};
+
+# Happlink (formerly Plug-Up) Security KEY
+notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x2581";
+ match "product" "0xf1d0";
+ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
+};
+
+attach 100 {
+ match "vendor" "0x2581";
+ match "product" "0xf1d0";
+ action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
+};
+
+# Neowave Keydo and Keydo AES
+notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x1e0d";
+ match "product" "(0xf1d0|0xf1ae)";
+ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
+};
+
+attach 100 {
+ match "vendor" "0x1e0d";
+ match "product" "(0xf1d0|0xf1ae)";
+ action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
+};
+
+# HyperSecu HyperFIDO
+notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "(0x096e|0x2ccf)";
+ match "product" "0x0880";
+ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
+};
+
+attach 100 {
+ match "vendor" "(0x096e|0x2ccf)";
+ match "product" "0x0880";
+ action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
+};
+
+# Feitian ePass FIDO
+notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x096e";
+ match "product" "(0x0850|0x0852|0x0853|0x0854|0x0856|0x0858|0x085a|0x085b)";
+ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
+};
+
+attach 100 {
+ match "vendor" "0x096e";
+ match "product" "(0x0850|0x0852|0x0853|0x0854|0x0856|0x0858|0x085a|0x085b)";
+ action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
+};
+
+# JaCarta U2F
+notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x24dc";
+ match "product" "0x0101";
+ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
+};
+
+attach 100 {
+ match "vendor" "0x24dc";
+ match "product" "0x0101";
+ action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
+};
+
+# U2F Zero
+notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x10c4";
+ match "product" "0x8acf";
+ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
+};
+
+attach 100 {
+ match "vendor" "0x10c4";
+ match "product" "0x8acf";
+ action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
+};
+
+# VASCO SeccureClick
+notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x1a44";
+ match "product" "0x00bb";
+ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
+};
+
+attach 100 {
+ match "vendor" "0x1a44";
+ match "product" "0x00bb";
+ action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
+};
+
+# Bluink Key
+notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x2abe";
+ match "product" "0x1002";
+ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
+};
+
+attach 100 {
+ match "vendor" "0x2abe";
+ match "product" "0x1002";
+ action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
+};
+
+# Thetis Key
+notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x1ea8";
+ match "product" "0xf025";
+ action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
+};
+
+attach 100 {
+ match "vendor" "0x1ea8";
+ match "product" "0xf025";
+ action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
+};
Added: head/security/u2f-devd/pkg-descr
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/u2f-devd/pkg-descr Sat Dec 9 11:55:44 2017 (r455847)
@@ -0,0 +1,2 @@
+Automatic device permission handling for Universal 2nd Factor (U2F) USB
+authentication tokens.
More information about the svn-ports-head
mailing list