6 files changed, 166 insertions, 12 deletions

diff --git a/net/tac_plus4/Makefile b/net/tac_plus4/Makefile
index ecb051ca9631..8031028b52f5 100644
--- a/net/tac_plus4/Makefile
+++ b/net/tac_plus4/Makefile
@@ -17,18 +17,23 @@ MAINTAINER=	igor@zynaps.ru
 EXTRACT_BEFORE_ARGS=	-C ${WRKDIR} -xf
 ALL_TARGET=	tac_plus
 MAN8=		tac_plus.8
+EXTRA_PATCH=	patch-ba
 
-post-patch:
-	@${MV} -f ${WRKSRC}/tac_plus.1 ${WRKSRC}/tac_plus.8
+# To change the text displayed when users are prompted to enter
+# a username, set appropriately TAC_CHANGE_PROMPT variable.
+.if defined(TAC_CHANGE_PROMPT) && ${TAC_CHANGE_PROMPT} == YES
+pre-patch:
+	@${CP} ${FILESDIR}/${EXTRA_PATCH} ${PATCHDIR}
+.endif
 
 do-install:
 	${INSTALL_PROGRAM} ${WRKSRC}/tac_plus ${PREFIX}/sbin
-	${INSTALL_MAN} ${WRKSRC}/tac_plus.8 ${PREFIX}/man/man8
-	${INSTALL_DATA} ${FILESDIR}/tacacs.conf.example ${PREFIX}/etc/
+	${INSTALL_MAN} ${WRKSRC}/tac_plus.1 ${PREFIX}/man/man8/tac_plus.8
+	${INSTALL_DATA} ${FILESDIR}/tac_plus.conf.example ${PREFIX}/etc/
 	@if [ ! -f ${PREFIX}/etc/rc.d/tac_plus.sh ]; then \
 		${ECHO} "Installing ${PREFIX}/etc/rc.d/tac_plus.sh startup file."; \
 		echo "#!/bin/sh" > ${PREFIX}/etc/rc.d/tac_plus.sh; \
-		echo "[ -x ${PREFIX}/sbin/tac_plus -a -f ${PREFIX}/etc/tac_plus.conf ] && ${PREFIX}/sbin/tac_plus -C ${PREFIX}/etc/tacacs.conf && echo -n ' tac_plus'" >> ${PREFIX}/etc/rc.d/tac_plus.sh; \
+		echo "[ -x ${PREFIX}/sbin/tac_plus -a -f ${PREFIX}/etc/tac_plus.conf ] && ${PREFIX}/sbin/tac_plus -C ${PREFIX}/etc/tac_plus.conf && echo -n ' tac_plus'" >> ${PREFIX}/etc/rc.d/tac_plus.sh; \
 		chmod 751 ${PREFIX}/etc/rc.d/tac_plus.sh; \
 	fi
 .if !defined(NOPORTDOCS)
@@ -36,4 +41,7 @@ do-install:
 	${INSTALL_DATA} ${WRKSRC}/users_guide ${PREFIX}/share/doc/tac_plus
 .endif
 
+pre-clean:
+	@${RM} -f ${PATCHDIR}/${EXTRA_PATCH}
+
 .include <bsd.port.mk>
diff --git a/net/tac_plus4/files/extra-patch-ba b/net/tac_plus4/files/extra-patch-ba
new file mode 100644
index 000000000000..9cb5ff36426d
--- /dev/null
+++ b/net/tac_plus4/files/extra-patch-ba
@@ -0,0 +1,69 @@
+*** authen.c.orig	Sat Jul 29 02:49:15 1995
+--- authen.c	Wed Jul 16 15:00:40 1997
+***************
+*** 209,217 ****
+  
+  	    datap->status = TAC_PLUS_AUTHEN_STATUS_GETUSER;
+  	    if (datap->service == TAC_PLUS_AUTHEN_SVC_LOGIN) {
+! 		prompt = "\nUser Access Verification\n\nUsername: ";
+  	    } else {
+! 		prompt = "Username: ";
+  	    }
+  	    send_authen_reply(TAC_PLUS_AUTHEN_STATUS_GETUSER, /* status */
+  			      prompt, /* msg */
+--- 209,217 ----
+  
+  	    datap->status = TAC_PLUS_AUTHEN_STATUS_GETUSER;
+  	    if (datap->service == TAC_PLUS_AUTHEN_SVC_LOGIN) {
+! 		prompt = "\nUser Access Verification\n\nlogin: ";
+  	    } else {
+! 		prompt = "login: ";
+  	    }
+  	    send_authen_reply(TAC_PLUS_AUTHEN_STATUS_GETUSER, /* status */
+  			      prompt, /* msg */
+*** default_fn.c.orig	Sat Jul 29 02:49:18 1995
+--- default_fn.c	Wed Jul 16 15:00:52 1997
+***************
+*** 76,84 ****
+  	    /* No username. Try requesting one */
+  	    data->status = TAC_PLUS_AUTHEN_STATUS_GETUSER;
+  	    if (data->service == TAC_PLUS_AUTHEN_SVC_LOGIN) {
+! 		prompt = "\nUser Access Verification\n\nUsername: ";
+  	    } else {
+! 		prompt = "Username: ";
+  	    }
+  	    data->server_msg = tac_strdup(prompt);
+  	    p->state = STATE_AUTHEN_GETUSER;
+--- 76,84 ----
+  	    /* No username. Try requesting one */
+  	    data->status = TAC_PLUS_AUTHEN_STATUS_GETUSER;
+  	    if (data->service == TAC_PLUS_AUTHEN_SVC_LOGIN) {
+! 		prompt = "\nUser Access Verification\n\nlogin: ";
+  	    } else {
+! 		prompt = "login: ";
+  	    }
+  	    data->server_msg = tac_strdup(prompt);
+  	    p->state = STATE_AUTHEN_GETUSER;
+*** skey_fn.c.orig	Wed Jul 16 14:38:34 1997
+--- skey_fn.c	Wed Jul 16 15:01:01 1997
+***************
+*** 104,112 ****
+  	    /* No username. Try requesting one */
+  	    data->status = TAC_PLUS_AUTHEN_STATUS_GETUSER;
+  	    if (data->service == TAC_PLUS_AUTHEN_SVC_LOGIN) {
+! 		prompt = "\nUser Access Verification\n\nUsername: ";
+  	    } else {
+! 		prompt = "Username: ";
+  	    }
+  	    data->server_msg = tac_strdup(prompt);
+  	    p->state = STATE_AUTHEN_GETUSER;
+--- 104,112 ----
+  	    /* No username. Try requesting one */
+  	    data->status = TAC_PLUS_AUTHEN_STATUS_GETUSER;
+  	    if (data->service == TAC_PLUS_AUTHEN_SVC_LOGIN) {
+! 		prompt = "\nUser Access Verification\n\nlogin: ";
+  	    } else {
+! 		prompt = "login: ";
+  	    }
+  	    data->server_msg = tac_strdup(prompt);
+  	    p->state = STATE_AUTHEN_GETUSER;
diff --git a/net/tac_plus4/files/tac_plus.conf.example b/net/tac_plus4/files/tac_plus.conf.example
new file mode 100644
index 000000000000..0d7b273210a6
--- /dev/null
+++ b/net/tac_plus4/files/tac_plus.conf.example
@@ -0,0 +1,76 @@
+# /usr/local/etc/tac_plus.conf
+
+user=fred {
+    name = "Fred Flintstone"
+    login = des mEX027bHtzTlQ
+
+    # Remember that authorization is also recursive over groups, in
+    # the same way that password lookups are recursive. Thus, if you
+    # place a user in a group, the daemon will look in the group for
+    # authorization parameters if it cannot find them in the user
+    # declaration.
+    member = admin
+
+    expires = "May 23 2005"
+ 
+    service = exec {
+        # When Fred starts an exec, his connection access list is 5
+        acl = 5
+ 
+        # We require this autocmd to be done at startup
+        autocmd = "telnet foo"
+    }
+ 
+    # All commands except telnet 131.108.13.* are denied for Fred
+    cmd = telnet {
+        # Fred can run the following telnet command
+        permit 131\.108\.13\.[0-9]+
+
+        deny .*
+    }
+ 
+    service = ppp protocol = ip {
+        # Fred can run ip over ppp only if he uses one 
+        # of the following mandatory addresses If he supplies no
+        # address, the first one here will be mandated
+        addr=131.108.12.11
+        addr=131.108.12.12
+        addr=131.108.12.13
+        addr=131.108.12.14
+ 
+        # Fred's mandatory input access list number is 101
+        inacl=101
+ 
+        # We will suggest an output access list of 102, but Fred may
+        # choose to ignore or override it
+        optional outacl=102
+    }
+
+    service = slip {
+        # Fred can run slip. When he does, he will have to use
+        # these mandatory access lists
+        inacl=101
+        outacl=102
+    }
+ 
+    # set a timeout in the lcp layer of ppp
+    service = ppp protocol = lcp {
+        timeout = 10
+    }
+}
+
+user = wilma {
+    # Wilma has no password of her own, but she's a group member so
+    # she'll use the group password if there is one. Same for her
+    # password expiry date
+    member = admin
+}
+ 
+group = admin {
+    # group members who don't have their own password will be looked
+    # up in /etc/passwd
+    login = file /etc/passwd
+ 
+    # group members who have no expiry date set will use this one
+    expires = "Jan 1 1998"
+}
diff --git a/net/tac_plus4/pkg-comment b/net/tac_plus4/pkg-comment
index b7f8aec88b4e..b7c8d4530c34 100644
--- a/net/tac_plus4/pkg-comment
+++ b/net/tac_plus4/pkg-comment
@@ -1 +1 @@
-a remote authentication/authorization/accounting server
+A remote authentication/authorization/accounting server.
diff --git a/net/tac_plus4/pkg-descr b/net/tac_plus4/pkg-descr
index e82d355ed9f1..c0db6131ed2e 100644
--- a/net/tac_plus4/pkg-descr
+++ b/net/tac_plus4/pkg-descr
@@ -1,8 +1,9 @@
-tac_plus provides Cisco systems routers and access servers
-with authentication, authorisation and accounting services.
- 
-A configuration file controls the details of authentication,
-authorisation and accounting.
+tacacs+ services network requests for authentication
+and authorization, verifies identities, grants or denies
+authorizations, and logs accounting records. 
+
+Details are described at:
+http://www.cisco.com/warp/public/146/187.html
 
 -- Igor
 igor@zynaps.ru
diff --git a/net/tac_plus4/pkg-plist b/net/tac_plus4/pkg-plist
index 0c3a00efa67d..631a77599691 100644
--- a/net/tac_plus4/pkg-plist
+++ b/net/tac_plus4/pkg-plist
@@ -1,6 +1,6 @@
 sbin/tac_plus
 etc/rc.d/tac_plus.sh
-etc/tacacs.conf.example
+etc/tac_plus.conf.example
 man/man8/tac_plus.8.gz
 share/doc/tac_plus/users_guide
 @dirrm share/doc/tac_plus