Index: GIDs =================================================================== --- GIDs +++ GIDs @@ -169,7 +169,7 @@ postgrey:*:225: sqlgrey:*:226: _hfm:*:227: -# free: 228 +u2f:*:228: kismet:*:229: # free: 230 # free: 231 Index: UIDs =================================================================== --- UIDs +++ UIDs @@ -174,7 +174,7 @@ postgrey:*:225:225::0:0:Postgrey Owner:/nonexistent:/usr/sbin/nologin sqlgrey:*:226:226::0:0:SQLgrey Owner:/nonexistent:/usr/sbin/nologin _hfm:*:227:227::0:0:hfm daemon:/nonexistent:/usr/sbin/nologin -# free: 228 +u2f:*:228:228::0:0:u2f user:/nonexistent:/usr/sbin/nologin # free: 229 # free: 230 # free: 231 Index: security/libu2f-host/Makefile =================================================================== --- security/libu2f-host/Makefile +++ security/libu2f-host/Makefile @@ -1,3 +1,4 @@ +# Created by: Carlos J. Puga Medina # $FreeBSD$ PORTNAME= libu2f-host @@ -5,7 +6,7 @@ DISTVERSIONPREFIX= ${PORTNAME}- CATEGORIES= security devel -MAINTAINER= bapt@FreeBSD.org +MAINTAINER= cpm@FreeBSD.org COMMENT= Yubico Universal 2nd Factor (U2F) Host C Library LICENSE= LGPL21 GPLv3 @@ -16,14 +17,22 @@ LIB_DEPENDS= libhidapi.so:comms/hidapi \ libjson-c.so:devel/json-c +USES= autoreconf gmake libtool pkgconfig +CONFIGURE_ARGS= --disable-gtk-doc +GNU_CONFIGURE= yes +USE_LDCONFIG= yes +INSTALL_TARGET= install-strip + +SUB_FILES= pkg-message + +USERS= u2f +GROUPS= u2f + USE_GITHUB= yes GH_ACCOUNT= Yubico -USES= autoreconf pkgconfig gmake libtool -GNU_CONFIGURE= yes -USE_LDCONFIG= yes +post-install: + ${INSTALL_DATA} ${FILESDIR}/u2f.conf.sample \ + ${STAGEDIR}${PREFIX}/etc/devd -CONFIGRUE_ARGS= --disable-gtk-doc -INSTALL_TARGET= install-strip - .include Index: security/libu2f-host/files/pkg-message.in =================================================================== --- security/libu2f-host/files/pkg-message.in +++ security/libu2f-host/files/pkg-message.in @@ -0,0 +1,100 @@ +=================================================================== +You should create %%PREFIX%%/etc/devd/u2f.conf to allow u2f access +permissions. + +Here is an example u2f.conf for supported devices. + +# Yubico Yubikey +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x1050"; + match "product" "(0x0113|0x0114|0x0115|0x0116|0x0120|0x0420|0x0403|0x0406|0x0407|0x0410)"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# Happlink (formerly Plug-Up) Security KEY +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x2581"; + match "product" "0xf1d0"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# Neowave Keydo and Keydo AES +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x1e0d"; + match "product" "(0xf1d0|0xf1ae)"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# HyperSecu HyperFIDO +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "(0x096e|0x2ccf)"; + match "product" "0x0880"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# Feitian ePass FIDO +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x096e"; + match "product" "(0x0850|0x0852|0x0853|0x0854|0x0856|0x0858|0x085a|0x085b)"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# JaCarta U2F +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x24dc"; + match "product" "0x0101"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# U2F Zero +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x10c4"; + match "product" "0x8acf"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# VASCO SeccureClick +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x1a44"; + match "product" "0x00bb"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# Bluink Key +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x2abe"; + match "product" "0x1002"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +Finally, restart devd with the command: +# service devd restart + +=================================================================== Index: security/libu2f-host/files/u2f.conf.sample =================================================================== --- security/libu2f-host/files/u2f.conf.sample +++ security/libu2f-host/files/u2f.conf.sample @@ -0,0 +1,91 @@ +# Allow members of group u2f to access U2F devices + +# Yubico Yubikey +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x1050"; + match "product" "(0x0113|0x0114|0x0115|0x0116|0x0120|0x0420|0x0403|0x0406|0x0407|0x0410)"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# Happlink (formerly Plug-Up) Security KEY +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x2581"; + match "product" "0xf1d0"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# Neowave Keydo and Keydo AES +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x1e0d"; + match "product" "(0xf1d0|0xf1ae)"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# HyperSecu HyperFIDO +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "(0x096e|0x2ccf)"; + match "product" "0x0880"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# Feitian ePass FIDO +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x096e"; + match "product" "(0x0850|0x0852|0x0853|0x0854|0x0856|0x0858|0x085a|0x085b)"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# JaCarta U2F +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x24dc"; + match "product" "0x0101"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# U2F Zero +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x10c4"; + match "product" "0x8acf"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# VASCO SeccureClick +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x1a44"; + match "product" "0x00bb"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# Bluink Key +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x2abe"; + match "product" "0x1002"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; Index: security/libu2f-host/pkg-plist =================================================================== --- security/libu2f-host/pkg-plist +++ security/libu2f-host/pkg-plist @@ -8,3 +8,4 @@ lib/libu2f-host.so.0.1.3 libdata/pkgconfig/u2f-host.pc man/man1/u2f-host.1.gz +@sample etc/devd/u2f.conf.sample