Index: GIDs =================================================================== --- GIDs +++ GIDs @@ -169,7 +169,7 @@ postgrey:*:225: sqlgrey:*:226: _hfm:*:227: -# free: 228 +u2f:*:228: kismet:*:229: # free: 230 # free: 231 Index: UIDs =================================================================== --- UIDs +++ UIDs @@ -174,7 +174,7 @@ postgrey:*:225:225::0:0:Postgrey Owner:/nonexistent:/usr/sbin/nologin sqlgrey:*:226:226::0:0:SQLgrey Owner:/nonexistent:/usr/sbin/nologin _hfm:*:227:227::0:0:hfm daemon:/nonexistent:/usr/sbin/nologin -# free: 228 +u2f:*:228:228::0:0:u2f user:/nonexistent:/usr/sbin/nologin # free: 229 # free: 230 # free: 231 Index: security/libu2f-host/Makefile =================================================================== --- security/libu2f-host/Makefile +++ security/libu2f-host/Makefile @@ -5,7 +5,7 @@ DISTVERSIONPREFIX= ${PORTNAME}- CATEGORIES= security devel -MAINTAINER= bapt@FreeBSD.org +MAINTAINER= cpm@FreeBSD.org COMMENT= Yubico Universal 2nd Factor (U2F) Host C Library LICENSE= LGPL21 GPLv3 @@ -26,4 +26,13 @@ CONFIGRUE_ARGS= --disable-gtk-doc INSTALL_TARGET= install-strip +SUB_FILES= pkg-message + +USERS= u2f +GROUPS= u2f + +post-install: + ${INSTALL_DATA} ${FILESDIR}/u2f.conf.sample \ + ${STAGEDIR}${PREFIX}/etc/devd + .include Index: security/libu2f-host/files/pkg-message.in =================================================================== --- security/libu2f-host/files/pkg-message.in +++ security/libu2f-host/files/pkg-message.in @@ -0,0 +1,100 @@ +=================================================================== +You should create %%PREFIX%%/etc/devd/u2f.conf to allow u2f access +permissions. + +Here is an example u2f.conf for supported devices. + +# Yubico Yubikey +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x1050"; + match "product" "(0x0113|0x0114|0x0115|0x0116|0x0120|0x0420|0x0403|0x0406|0x0407|0x0410)"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# Happlink (formerly Plug-Up) Security KEY +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x2581"; + match "product" "0xf1d0"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# Neowave Keydo and Keydo AES +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x1e0d"; + match "product" "(0xf1d0|0xf1ae)"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# HyperSecu HyperFIDO +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "(0x096e|0x2ccf)"; + match "product" "0x0880"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# Feitian ePass FIDO +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x096e"; + match "product" "(0x0850|0x0852|0x0853|0x0854|0x0856|0x0858|0x085a|0x085b)"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# JaCarta U2F +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x24dc"; + match "product" "0x0101"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# U2F Zero +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x10c4"; + match "product" "0x8acf"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# VASCO SeccureClick +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x1a44"; + match "product" "0x00bb"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# Bluink Key +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x2abe"; + match "product" "0x1002"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +Finally, restart devd with the command: +# service devd restart + +=================================================================== Index: security/libu2f-host/files/u2f.conf.sample =================================================================== --- security/libu2f-host/files/u2f.conf.sample +++ security/libu2f-host/files/u2f.conf.sample @@ -0,0 +1,91 @@ +# Allow members of group u2f to access U2F devices + +# Yubico Yubikey +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x1050"; + match "product" "(0x0113|0x0114|0x0115|0x0116|0x0120|0x0420|0x0403|0x0406|0x0407|0x0410)"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# Happlink (formerly Plug-Up) Security KEY +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x2581"; + match "product" "0xf1d0"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# Neowave Keydo and Keydo AES +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x1e0d"; + match "product" "(0xf1d0|0xf1ae)"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# HyperSecu HyperFIDO +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "(0x096e|0x2ccf)"; + match "product" "0x0880"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# Feitian ePass FIDO +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x096e"; + match "product" "(0x0850|0x0852|0x0853|0x0854|0x0856|0x0858|0x085a|0x085b)"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# JaCarta U2F +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x24dc"; + match "product" "0x0101"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# U2F Zero +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x10c4"; + match "product" "0x8acf"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# VASCO SeccureClick +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x1a44"; + match "product" "0x00bb"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +# Bluink Key +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x2abe"; + match "product" "0x1002"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; Index: security/libu2f-host/pkg-plist =================================================================== --- security/libu2f-host/pkg-plist +++ security/libu2f-host/pkg-plist @@ -8,3 +8,4 @@ lib/libu2f-host.so.0.1.3 libdata/pkgconfig/u2f-host.pc man/man1/u2f-host.1.gz +@sample etc/devd/u2f.conf.sample