6 files changed, 376 insertions, 0 deletions

diff --git a/security/hamachi/Makefile b/security/hamachi/Makefile
new file mode 100644
index 000000000000..5d771f47d9ee
--- /dev/null
+++ b/security/hamachi/Makefile
@@ -0,0 +1,39 @@
+# New ports collection makefile for:	hamachi
+# Date created:				2006-11-17
+# Whom:					Lapo Luchini <lapo@lapo.it>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	hamachi
+DISTVERSION=	0.9.9.9-20
+DISTVERSIONSUFFIX=	-lnx
+CATEGORIES=	security linux
+MASTER_SITES=	http://files.hamachi.cc/linux/
+PKGNAMEPREFIX=	linux-
+
+MAINTAINER=	lapo@lapo.it
+COMMENT=	Fast, secure, simple VPN software with NAT-traversal
+
+PATCH_DEPENDS=	upx:${PORTSDIR}/archivers/upx
+
+NO_BUILD=	yes
+ONLY_FOR_ARCHS=	i386 amd64
+USE_LINUX=	yes
+
+USE_RC_SUBR=	hamachi.sh
+PLIST_FILES=	bin/hamachi bin/hamachi-init sbin/hamachi-tuncfg
+PORTDOCS=	README CHANGES
+
+post-patch:
+	${RM} -f ${WRKSRC}/tuncfg/tuncfg
+	${CC} ${CFLAGS} -o ${WRKSRC}/tuncfg/tuncfg ${WRKSRC}/tuncfg/tuncfg.c
+	upx -d ${WRKSRC}/hamachi
+
+post-install:
+.if !defined(NOPORTDOCS)
+	${MKDIR} ${DOCSDIR}
+	cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR}
+.endif
+
+.include <bsd.port.mk>
diff --git a/security/hamachi/distinfo b/security/hamachi/distinfo
new file mode 100644
index 000000000000..93e95ca382ac
--- /dev/null
+++ b/security/hamachi/distinfo
@@ -0,0 +1,3 @@
+MD5 (hamachi-0.9.9.9-20-lnx.tar.gz) = 27e4c926d0aa03de3573c0b7acf032a6
+SHA256 (hamachi-0.9.9.9-20-lnx.tar.gz) = 9e4b733558377d0c971ee2a19e04c0f5956e069033e8d13865f7c4dcb6d7f31b
+SIZE (hamachi-0.9.9.9-20-lnx.tar.gz) = 344866
diff --git a/security/hamachi/files/hamachi.sh.in b/security/hamachi/files/hamachi.sh.in
new file mode 100644
index 000000000000..49ebf427d8a6
--- /dev/null
+++ b/security/hamachi/files/hamachi.sh.in
@@ -0,0 +1,65 @@
+#!/bin/sh
+#
+# hamachi.sh - load tap driver and start Hamachi's tuncfg daemon
+#
+# (C) Copyright 2007 by Lapo Luchini
+# (loosely based on ports/security/openvpn/files/openvpn.sh.in 1.9 by Matthias Andree)
+#
+# $FreeBSD$
+# 
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; either version 2 of the License, or (at your option) any later
+# version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+# details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this program; if not, write to the Free Software Foundation, Inc., 51 Franklin
+# Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# PROVIDE: hamachi
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+
+#TODO: serve la KEYWORD:shutdown? che fa?
+
+# Note that we deliberately refrain from unloading drivers.
+
+. %%RC_SUBR%%
+
+name="hamachi"
+rcvar=`set_rcvar`
+
+load_rc_config $name
+
+: ${hamachi_enable="NO"}
+
+command="%%PREFIX%%/sbin/hamachi-tuncfg"
+start_precmd="hamachi_precmd"
+
+hamachi_precmd() {
+	# FreeBSD <= 5.4 does not know kldstat's -m option
+	# FreeBSD >= 6.0 does not add debug.* sysctl information
+	# in the default build - we check both to keep things simple
+	if ! sysctl debug.if_tap_debug >/dev/null 2>&1 \
+			&& ! kldstat -m if_tap >/dev/null 2>&1 ; then
+		if ! kldload if_tap ; then
+			warn "Could not load tap module."
+			return 1
+		fi
+	fi
+	if ! sysctl compat.linux >/dev/null 2>&1 \
+			&& ! kldstat -m linuxelf >/dev/null 2>&1 ; then
+		if ! kldload linux ; then
+			warn "Could not load linux module."
+			return 1
+		fi
+	fi
+	return 0
+}
+
+run_rc_command "$1"
diff --git a/security/hamachi/files/patch-Makefile b/security/hamachi/files/patch-Makefile
new file mode 100644
index 000000000000..6da80a312e15
--- /dev/null
+++ b/security/hamachi/files/patch-Makefile
@@ -0,0 +1,26 @@
+--- Makefile.orig	Tue Jun 20 21:47:28 2006
++++ Makefile	Thu Mar 22 14:02:01 2007
+@@ -2,12 +2,12 @@
+ #
+ #	Where hamachi and its symbolic link hamachi-init goes
+ #
+-HAMACHI_DST ?= /usr/bin
++HAMACHI_DST ?= /usr/local/bin
+ 
+ #
+ #	Where root-level tunnel device configuration daemon tuncfg goes
+ #
+-TUNCFG_DST  ?= /sbin
++TUNCFG_DST  ?= /usr/local/sbin
+ 
+ .phony: install
+ 
+@@ -26,7 +26,7 @@
+ 	fi;
+ 	
+ 	@echo Copying tuncfg into $(TUNCFG_DST) ..
+-	@install -s -m 700 tuncfg/tuncfg $(TUNCFG_DST)
++	@install -s -m 700 tuncfg/tuncfg $(TUNCFG_DST)/hamachi-tuncfg
+ 
+ 	@echo
+ 	@echo "Hamachi is installed. See README for what to do next." 
diff --git a/security/hamachi/files/patch-tuncfg_tuncfg.c b/security/hamachi/files/patch-tuncfg_tuncfg.c
new file mode 100644
index 000000000000..cdde008bc9c9
--- /dev/null
+++ b/security/hamachi/files/patch-tuncfg_tuncfg.c
@@ -0,0 +1,240 @@
+--- tuncfg/tuncfg.c.orig	Tue Jun 20 21:47:28 2006
++++ tuncfg/tuncfg.c	Fri Nov 17 11:14:51 2006
+@@ -20,7 +20,7 @@
+  *	normally required by a private networking software. Namely -
+  *
+  *	* creation of tunneling devices; this requires an access to 
+- *	  /dev/net/tun file, which _usually_ has 700 access mask
++ *	  /dev/tapXX files, which _usually_ has 700 access mask
+  *
+  *	* configuration of the tunneling device using ifconfig, which is
+  *	  always a root-level operation
+@@ -29,7 +29,7 @@
+  *	open a listening domain socket /var/run/tuncfg.sock.
+  *
+  *	Upon accepting the connection on this socket, it will issue an open()
+- *	call for /dev/net/tun file (thus instantiating the tunneling device) 
++ *	call for /dev/tapXX file (iterating over first 16 XX values)
+  *	and pass obtained FD to the peer process. It will also query and pass
+  *	the MAC address of the device to the peer process.
+  *
+@@ -48,10 +48,12 @@
+ #include <sys/un.h>
+ #include <sys/ioctl.h>
+ #include <sys/stat.h>
++#include <sys/sysctl.h>
+ #include <arpa/inet.h>
+ 
+-#include <linux/if.h>
+-#include <linux/if_tun.h>
++#include <net/if.h>
++#include <net/if_dl.h>
++#include <netinet/in.h>
+ 
+ #include <unistd.h>
+ #include <errno.h>
+@@ -59,6 +61,7 @@
+ #include <fcntl.h>
+ #include <stdarg.h>
+ #include <stdlib.h>
++#include <string.h>
+ 
+ /*
+  *
+@@ -68,7 +71,7 @@
+ 
+ #define TUNTAP_URL  "http://www.hamachi.cc/tuntap"
+ 
+-#define MAX_CLIENTS 64
++#define MAX_CLIENTS 16
+ 
+ struct context
+ {
+@@ -90,6 +93,7 @@
+ 	struct stat st;
+ 	pid_t pid;
+ 	int   fd, r, i;
++	int   debug = 0;
+ 
+ 	struct context ctx[MAX_CLIENTS];
+ 	int ctx_n = 0;
+@@ -98,18 +102,28 @@
+ 	if (getuid() != 0)
+ 		errorf("tuncfg: must be run with superuser permissions\n");
+ 
+-	// lcok
+-	fd = open(LOCK_PATH, O_CREAT);
++	//
++	if (argc > 1)
++	{
++		debug = (strcmp(argv[1], "-d") == 0);
++	}
++
++	// lock
++	fd = open(LOCK_PATH, O_CREAT | O_RDWR);
+ 	if (fd < 0)
+ 		errorf("tuncfg: cannot open lock file %s -- %s\n",
+ 			LOCK_PATH, strerror(errno));
+ 
++	//
+ 	if (flock(fd, LOCK_EX | LOCK_NB) < 0)
+-		errorf("tuncfg: already running\n");
++	{
++		errorf("tuncfg: already running, "
++		       "use 'killall tuncfg; tuncfg' to restart it\n");
++	}
+ 
+ 	// check there's /dev/net/tun
+-	if (stat("/dev/net/tun", &st) < 0)
+-		errorf("tuncfg: cannot stat() /dev/net/tun -- %s\n"
++	if (stat("/dev/tap0", &st) < 0)
++		errorf("tuncfg: cannot stat() /dev/tap0 -- %s\n"
+ 		       "tuncfg: visit %s for more information\n",
+ 		       strerror(errno), TUNTAP_URL);
+ 	
+@@ -143,7 +157,7 @@
+ 			SOCK_PATH, strerror(errno));
+ 
+ 	// daemonize
+-	if (argc < 2 || strcmp(argv[1], "-d"))
++	if (! debug)
+ 	{
+ 		chdir("/");
+ 
+@@ -196,8 +210,13 @@
+ 		if (FD_ISSET(fd, &fdr))
+ 		{
+ 			struct context * p;
+-			struct ifreq   ifr;
+ 			char buf[4+6];
++			int mib[6];
++			size_t len;
++			struct if_msghdr * msg = NULL;
++			struct sockaddr_dl * sa;
++			char dev_name[32];
++			int i;
+ 			int cli, dev = -1, tmp = -1;
+ 
+ 			cli = accept(fd, (void*)&addr, &alen);
+@@ -213,48 +232,64 @@
+ 				goto done;
+ 			}
+ 
+-			// open tap device
+-			dev = open("/dev/net/tun", O_RDWR);
+-			printf("tuncfg: open() %d %d\n", dev, errno);
++			// open first available tap device
++			for (i=0; i<MAX_CLIENTS; i++)
++			{
++				snprintf(dev_name, sizeof(dev_name),
++						"/dev/tap%d", i);
++
++				dev = open(dev_name, O_RDWR);
++				printf("tuncfg: open(%s) %d %d\n", 
++						dev_name, dev, errno);
++				if (dev >= 0)
++					break;
++			}
+ 			if (dev < 0)
+ 			{
+-				r = (0x02 << 24) | errno;
++				r = (0x02 << 24);
+ 				goto done;
+ 			}
+ 
+-			// bring it up
+-			strcpy(ifr.ifr_name, "ham%d");
+-			ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
+-			if (ioctl(dev, TUNSETIFF, (ulong)&ifr) < 0)
++			// query mac
++			mib[0] = CTL_NET;
++			mib[1] = AF_ROUTE;
++			mib[2] = 0;
++			mib[3] = AF_LINK;
++			mib[4] = NET_RT_IFLIST;
++			mib[5] = if_nametoindex("tap0");
++
++			if (! mib[5])
+ 			{
+-				printf("tuncfg: ioctl() -1 %d\n", errno);
+ 				r = (0x03 << 24) | errno;
+ 				goto done;
+ 			}
+-			printf("tuncfg: ioctl() 0 %s\n", ifr.ifr_name);
+ 
+-			// query mac
+-			tmp = socket(AF_INET, SOCK_DGRAM, 0);
+-			if (tmp < 0)
++			if (sysctl(mib, 6, NULL, &len, NULL, 0) < 0)
+ 			{
+-				printf("tuncfg: socket(mac) %d\n", errno);
+ 				r = (0x04 << 24) | errno;
+ 				goto done;
+ 			}
+-			
+-			if (ioctl(tmp, SIOCGIFHWADDR, (ulong)&ifr) < 0)
++
++			msg = malloc(len);
++			if (! msg)
++			{
++				r = (0x05 << 24) | errno;
++				goto done;
++			}
++
++			if (sysctl(mib, 6, msg, &len, NULL, 0) < 0)
+ 			{
+-				printf("tuncfg: ioctl(mac) %d\n", errno);
+ 				r = (0x05 << 24) | errno;
+ 				goto done;
+ 			}
+ 
+-			memcpy(buf+4, &ifr.ifr_hwaddr.sa_data, 6);
++			sa = (void*)(msg + 1);
++			memcpy(buf+4, LLADDR(sa), 6);
+ 
+ 			// remember
+ 			p = &ctx[ctx_n++];
+ 			p->fd = cli;
+-			strncpy(p->dev, ifr.ifr_name, sizeof(p->dev));
++			strncpy(p->dev, dev_name+5, 5);
+ 
+ 			r = 0;
+ done:
+@@ -264,6 +299,7 @@
+ 				send_with_fd(cli, buf, sizeof(buf), dev); 
+ 			}
+ 
++			free(msg);
+ 			if (tmp != -1)  close(tmp);
+ 			if (dev != -1)  close(dev);
+ 			if (r != 0)     close(cli);
+@@ -295,7 +331,7 @@
+ 				goto ack;
+ 			}
+ 
+-			/* v[0] = ham<n>, v[1] = ip, v[2] = mask */
++			/* v[0] = ip, v[1] = mask */
+ 			if ( (v[0] & 0xff000000) != 0x05000000 ||
+ 			     (v[1] & 0xff000000) != 0xff000000 )
+ 			{
+@@ -324,9 +360,13 @@
+ 
+ 			r = system(cmd);
+ 			printf("tuncfg: system(%s) %d %d\n", cmd, r, errno);
+-
++			if (r != 0)
++			{
++				r = (0x08 << 24) | (r & 0x00ffffff);
++				goto ack;
++			}
+ ack:
+-			printf("tuncfg: config() %08x", r);
++			printf("tuncfg: config() %08x\n", r);
+ 			send_with_fd(ctx[i].fd, &r, sizeof(r), -1);
+ 		}
+ 	}
+@@ -360,4 +400,3 @@
+ 
+ 	return sendmsg(fd, &msg, 0);
+ }
+-
diff --git a/security/hamachi/pkg-descr b/security/hamachi/pkg-descr
new file mode 100644
index 000000000000..081f8fb8403b
--- /dev/null
+++ b/security/hamachi/pkg-descr
@@ -0,0 +1,3 @@
+Hamachi is a zero-configuration virtual private networking tool.
+
+WWW: http://hamachi.cc/