New port: net/tacacs

tac_plus is a TACACS+ daemon. It provides Cisco Systems routers and
access servers with authentication, authorisation and accounting services.

This version is a major rewrite of the original Cisco source code.
Key features include:
- NAS specific host keys, prompts, enable passwords
- NAS- and ACL-dependent group memberships
- Flexible external backends for user profiles (e.g. via PERL scripts or C;
  LDAP (including ActiveDirectory), RADIUS and others are included )
- Connection multiplexing (multiple concurrent NAS clients per process)
- Session multiplexing
- Scalable, no limit on users, clients or servers
- CLI context aware. At the time of writing this, no other TACACS+ daemon is.
- Both IPv4 and IPv6 are fully supported.
- Compliant to latest TACACS+ protocol specification (draft 1.78)

WWW: http://www.pro-bono-publico.de/projects/tac_plus.html

PR:		239755
Submitted by:	akuz84@gmail.com

6 files changed, 310 insertions, 0 deletions

diff --git a/net/tacacs/Makefile b/net/tacacs/Makefile
new file mode 100644
index 000000000000..fb2cf198764a
--- /dev/null
+++ b/net/tacacs/Makefile
@@ -0,0 +1,65 @@
+# $FreeBSD$
+
+PORTNAME=	tacacs
+PORTVERSION=	201906100936
+CATEGORIES=	net
+MASTER_SITES=	http://www.pro-bono-publico.de/projects/src/
+
+MAINTAINER=	akuz84@gmail.com
+COMMENT=	This is a TACACS+ daemon from pro-bono
+
+LICENSE=	BSD3CLAUSE
+
+USES=		gmake perl5 ssl shebangfix
+
+WRKSRC=		${WRKDIR}/PROJECTS
+
+CONFLICTS=	tac_plus4
+
+HAS_CONFIGURE=	yes
+
+CONFIGURE_ARGS=	--with-ssl \
+		--with-zlib \
+		--libdir=${LOCALBASE}/lib \
+		--installroot=${STAGEDIR} mavis spawnd mavisd tac_plus
+
+USE_LDCONFIG=			yes
+
+OPTIONS_DEFINE=			CURL FREERADIUS SCTP PCRE
+OPTIONS_DEFAULT=		SCTP
+
+MAKE_JOBS_UNSAFE=yes
+
+SCTP_DESC=			SCTP support
+SCTP_CONFIGURE_WITH=		sctp
+
+PCRE_DESC=			PCRE support
+PCRE_LIB_DEPENDS=		libpcre.so:devel/pcre
+PCRE_CONFIGURE_ON=		--with-pcre-lib=${LOCALBASE}/lib
+PCRE_CONFIGURE_OFF=
+
+CURL_DESC=			Curl support
+CURL_LIB_DEPENDS=		libcurl.so:ftp/curl
+CURL_CONFIGURE_ON=		--with-curl-lib=${LOCALBASE}/lib
+CURL_CONFIGURE_OFF=
+
+FREERADIUS_DESC=		Freeradius support
+FREERADIUS_LIB_DEPENDS=		libfreeradius-radius.so:net/freeradius3
+FREERADIUS_CONFIGURE_ON=	--with-pcre-lib=${LOCALBASE}/lib
+FREERADIUS_CONFIGURE_OFF=
+
+USERS=		tacacs
+GROUPS=		tacacs
+
+WRKSRC=		${WRKDIR}/PROJECTS
+
+SHEBANG_FILES=	tac_plus/sample/tac_plus.cfg
+
+USE_RC_SUBR?=	tac_plus
+
+post-build:
+	@${REINPLACE_CMD} -e '1d' ${WRKSRC}/tac_plus/sample/tac_plus.cfg
+
+post-install:
+
+.include <bsd.port.mk>
diff --git a/net/tacacs/distinfo b/net/tacacs/distinfo
new file mode 100644
index 000000000000..036ee1ff5d86
--- /dev/null
+++ b/net/tacacs/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1563548166
+SHA256 (tacacs-201906100936.tar.gz) = 5d0d6a12b84ec40d4b53e798076fcef338eecc8495e459146966dc34d0ea2d3b
+SIZE (tacacs-201906100936.tar.gz) = 3107300
diff --git a/net/tacacs/files/tac_plus.in b/net/tacacs/files/tac_plus.in
new file mode 100644
index 000000000000..09c17625d34f
--- /dev/null
+++ b/net/tacacs/files/tac_plus.in
@@ -0,0 +1,83 @@
+#!/bin/sh
+#
+# PROVIDE: tac_plus
+# REQUIRE: DAEMON
+#
+# Add the following line to /etc/rc.conf to enable the TACACS+ daemon:
+#
+# tac_plus_enable (bool):    Set to "NO" by default
+#    Set it to "YES" to enable tac_plus
+# tac_plus_flags (str):      Set to "" by default
+#    Extra flags to be passed to start command
+# tac_plus_configfile (str): Set to "/usr/local/etc/tac_plus.conf" by default
+#    Allows you to specify a different config file for
+#    the tac_plus daemon
+
+. /etc/rc.subr
+
+name=tac_plus
+rcvar=tac_plus_enable
+
+command="/usr/local/sbin/tac_plus"
+pidfile="/var/run/${name}.pid"
+tac_plus_enable=${tac_plus_enable:-"NO"}
+tac_plus_flags=${tac_plus_flags:-"-b"}
+tac_plus_configfile=${tac_plus_configfile:-"/usr/local/etc/tac_plus.conf"}
+
+load_rc_config ${name}
+
+if [ -n "$2" ]; then
+    profile="$2"
+    if [ "x${tac_plus_profiles}" != "x" ]; then
+	eval tac_plus_configfile="\${tac_plus_${profile}_configfile:-}"
+	if [ "x${tac_plus_configfile}" = "x" ]; then
+	    echo "You must define a configuration file (tac_plus_${profile}_configfile)"
+	    exit 1
+	fi
+	required_files="${tac_plus_configfile}"
+	eval tac_plus_enable="\${tac_plus_${profile}_enable:-${tac_plus_enable}}"
+	eval tac_plus_flags="\${tac_plus_${profile}_flags:-${tac_plus_flags}}"
+	eval tac_plus_port="\${tac_plus_${profile}_port:-}"
+	eval tac_plus_ip="\${tac_plus_${profile}_ip:-}"
+    else
+	echo "$0: extra argument ignored"
+    fi
+else
+    if [ "x${tac_plus_profiles}" != "x" -a "x$1" != "x" ]; then
+	for profile in ${tac_plus_profiles}; do
+	    eval _enable="\${tac_plus_${profile}_enable}"
+	    case "x${_enable:-${tac_plus_enable}}" in
+		x|x[Nn][Oo]|x[Nn][Oo][Nn][Ee])
+			continue
+			;;
+		x[Yy][Ee][Ss])
+
+			;;
+		*)
+			if test -z "$_enable"; then
+			    _var=tac_plus_enable
+			else
+			    _var=tac_plus_"${profile}"_enable
+			fi
+			echo "Bad value "\
+				"'${_enable:-${tac_plus_enable}}' "\
+				"for ${_var}.  "\
+				"Profile ${profile} skipped."
+			continue
+	    esac
+	    echo "====> tac_plus profile: ${profile}"
+	    /usr/local/etc/rc.d/tac_plus $1 ${profile}
+	    retcode="$?"
+	    if [ "0${retcode}" -ne 0 ]; then
+	        failed="${profile} (${retcode}) ${failed:-}"
+	    else
+	        success="${profile} ${success:-}"
+	    fi
+	done
+	exit 0
+    fi
+fi
+
+tac_plus_flags="${tac_plus_flags} -p ${pidfile} ${tac_plus_configfile}"
+
+run_rc_command "$1"
diff --git a/net/tacacs/pkg-descr b/net/tacacs/pkg-descr
new file mode 100644
index 000000000000..96081d1145bb
--- /dev/null
+++ b/net/tacacs/pkg-descr
@@ -0,0 +1,17 @@
+tac_plus is a TACACS+ daemon. It provides Cisco Systems routers and
+access servers with authentication, authorisation and accounting services.
+
+This version is a major rewrite of the original Cisco source code.
+Key features include:
+- NAS specific host keys, prompts, enable passwords
+- NAS- and ACL-dependent group memberships
+- Flexible external backends for user profiles (e.g. via PERL scripts or C;
+ LDAP (including ActiveDirectory), RADIUS and others are included )
+- Connection multiplexing (multiple concurrent NAS clients per process)
+- Session multiplexing
+- Scalable, no limit on users, clients or servers
+- CLI context aware. At the time of writing this, no other TACACS+ daemon is.
+- Both IPv4 and IPv6 are fully supported.
+- Compliant to latest TACACS+ protocol specification (draft 1.78)
+
+WWW: http://www.pro-bono-publico.de/projects/tac_plus.html
diff --git a/net/tacacs/pkg-message b/net/tacacs/pkg-message
new file mode 100644
index 000000000000..1882e8927e66
--- /dev/null
+++ b/net/tacacs/pkg-message
@@ -0,0 +1,13 @@
+To run tac_plus at startup, add the following line to rc.conf:
+
+	tac_plus_enable="YES"
+
+Extra options can be foud in the startup script.
+
+The code written by Marc Huber is distributed under the following license:
+Copyright (C) 1999-2015 Marc Huber (<Marc.Huber@web.de>). All rights reserved.
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+- Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+- The end-user documentation included with the redistribution, if any, must include the following acknowledgment:
+	This product includes software developed by Marc Huber (<Marc.Huber@web.de>).
diff --git a/net/tacacs/pkg-plist b/net/tacacs/pkg-plist
new file mode 100644
index 000000000000..c3a96127a1e3
--- /dev/null
+++ b/net/tacacs/pkg-plist
@@ -0,0 +1,129 @@
+@dir etc/mavis
+@dir etc/mavis/sample
+@dir lib/mavis
+@dir lib/mavis/extra
+@dir share/mavis
+@dir share/mavis/railroad
+@dir share/mavis/railroad/mavis
+@dir share/mavis/railroad/tac_plus
+@dir share/mavis/railroad/spawnd
+@dir share/mavis/railroad/mavisd
+etc/mavis/sample/tac_plus.cfg
+bin/mavistest
+lib/libmavis.so.0.1
+lib/libmavis.so.0
+lib/libmavis.so
+lib/mavis/libmavis_userdb.so
+lib/mavis/libmavis_remote.so
+lib/mavis/libmavis_system.so
+lib/mavis/mavis_tacplus_ldap.pl
+lib/mavis/mavis_tacplus_ldap_authonly.pl
+lib/mavis/Mavis.pm
+lib/mavis/mavis_tacplus_sms.pl
+lib/mavis/mavis_tacplus_radius.pl
+lib/mavis/mavis_tacplus_opie.pl
+lib/mavis/libmavis_asciiftp.so
+lib/mavis/libmavis_pam.so
+lib/mavis/libmavis_auth.so
+lib/mavis/libmavis_tee.so
+lib/mavis/libmavis_groups.so
+lib/mavis/libmavis_external.so
+lib/mavis/libmavis_anonftp.so
+lib/mavis/extra/tacacs.schema
+lib/mavis/extra/tacacs_schema.ldif
+lib/mavis/extra/tacacs.schema-fedora-ds
+lib/mavis/libmavis_null.so
+lib/mavis/libmavis_limit.so
+lib/mavis/mavis_tacplus_shadow.pl
+lib/mavis/libmavis_cache.so
+lib/mavis/mavis_ldap_authonly.pl
+lib/mavis/libmavis_log.so
+lib/mavis/mavis_tacplus_ads.pl
+lib/mavis/mavis_tacplus_passwd.pl
+lib/mavis/mavis_ftp_passwd.pl
+sbin/mavisd
+sbin/spawnd
+sbin/tac_plus
+sbin/pammavis
+share/mavis/ftpd.txt
+share/mavis/tac_plus.pdf
+share/mavis/tac_plus.html
+share/mavis/railroad/mavis/TimespecDecl.gif
+share/mavis/railroad/mavis/AuthConf.gif
+share/mavis/railroad/mavis/LimitConf.gif
+share/mavis/railroad/mavis/ASCIIftpConf.gif
+share/mavis/railroad/mavis/UserDBConf.gif
+share/mavis/railroad/mavis/CIDR.gif
+share/mavis/railroad/mavis/CacheConf.gif
+share/mavis/railroad/mavis/PAMConf.gif
+share/mavis/railroad/mavis/SystemConf.gif
+share/mavis/railroad/mavis/AnonftpConf.gif
+share/mavis/railroad/mavis/MavisScript.gif
+share/mavis/railroad/mavis/MavisDecl.gif
+share/mavis/railroad/mavis/MavisAction.gif
+share/mavis/railroad/mavis/ExternalConf.gif
+share/mavis/railroad/mavis/TeeConf.gif
+share/mavis/railroad/mavis/MavisCond.gif
+share/mavis/railroad/mavis/RemoteConf.gif
+share/mavis/railroad/tac_plus/GroupAttr.gif
+share/mavis/railroad/tac_plus/TacAction.gif
+share/mavis/railroad/tac_plus/ShellCommandDecl.gif
+share/mavis/railroad/tac_plus/TacScript.gif
+share/mavis/railroad/tac_plus/PasswordExpr.gif
+share/mavis/railroad/tac_plus/PasswordExprHash.gif
+share/mavis/railroad/tac_plus/TacCond.gif
+share/mavis/railroad/tac_plus/GroupOnlyAttr.gif
+share/mavis/railroad/tac_plus/Acl.gif
+share/mavis/railroad/tac_plus/ACLDecl.gif
+share/mavis/railroad/tac_plus/TimespecDecl.gif
+share/mavis/railroad/tac_plus/GroupDecl.gif
+share/mavis/railroad/tac_plus/Debug.gif
+share/mavis/railroad/tac_plus/ACLExpr.gif
+share/mavis/railroad/tac_plus/UserMessage.gif
+share/mavis/railroad/tac_plus/AVPair.gif
+share/mavis/railroad/tac_plus/GlobalDecl.gif
+share/mavis/railroad/tac_plus/ProtoDefault.gif
+share/mavis/railroad/tac_plus/ServiceDecl.gif
+share/mavis/railroad/tac_plus/ShellDecl.gif
+share/mavis/railroad/tac_plus/HostAttr.gif
+share/mavis/railroad/tac_plus/UserAttr.gif
+share/mavis/railroad/tac_plus/CmdDefault.gif
+share/mavis/railroad/tac_plus/RealmAttr.gif
+share/mavis/railroad/tac_plus/UserDecl.gif
+share/mavis/railroad/tac_plus/AttrDefault.gif
+share/mavis/railroad/tac_plus/RealmAttrAuthen.gif
+share/mavis/railroad/tac_plus/EnableExpr.gif
+share/mavis/railroad/tac_plus/RealmDecl.gif
+share/mavis/railroad/tac_plus/CIDR.gif
+share/mavis/railroad/tac_plus/ShellAttr.gif
+share/mavis/railroad/tac_plus/ServiceAttr.gif
+share/mavis/railroad/tac_plus/ProtoDecl.gif
+share/mavis/railroad/tac_plus/TacplusConfig.gif
+share/mavis/railroad/tac_plus/HostDecl.gif
+share/mavis/railroad/spawnd/AclDecl.gif
+share/mavis/railroad/spawnd/Debug.gif
+share/mavis/railroad/spawnd/MiscDecl.gif
+share/mavis/railroad/spawnd/ChildDecl.gif
+share/mavis/railroad/spawnd/ListenDecl.gif
+share/mavis/railroad/spawnd/Config.gif
+share/mavis/railroad/spawnd/SpawndConfig.gif
+share/mavis/railroad/spawnd/CIDR.gif
+share/mavis/railroad/spawnd/SyslogDecl.gif
+share/mavis/railroad/mavisd/SyslogDecl.gif
+share/mavis/railroad/mavisd/CIDR.gif
+share/mavis/railroad/mavisd/Config.gif
+share/mavis/spawnd.pdf
+share/mavis/tcprelay.html
+share/mavis/spawnd.html
+share/mavis/tcprelay.pdf
+share/mavis/mavis.html
+share/mavis/ftpd.html
+share/mavis/mavisd.txt
+share/mavis/mavis.pdf
+share/mavis/tac_plus.txt
+share/mavis/ftpd.pdf
+share/mavis/spawnd.txt
+share/mavis/tcprelay.txt
+share/mavis/mavisd.html
+share/mavis/mavisd.pdf
+share/mavis/mavis.txt