diff options
author | Kurt Jaeger <pi@FreeBSD.org> | 2019-08-13 18:49:10 +0000 |
---|---|---|
committer | Kurt Jaeger <pi@FreeBSD.org> | 2019-08-13 18:49:10 +0000 |
commit | 6c6c1c441b926950db4dfacf21898d5c2fde134f (patch) | |
tree | 1ded1b897614170d01463fb355190d2f062e3354 /net/tacacs | |
parent | 058c01c4b6947483f562d0a1b882a37025e71635 (diff) | |
download | ports-6c6c1c441b926950db4dfacf21898d5c2fde134f.tar.gz ports-6c6c1c441b926950db4dfacf21898d5c2fde134f.zip |
New port: net/tacacs
tac_plus is a TACACS+ daemon. It provides Cisco Systems routers and
access servers with authentication, authorisation and accounting services.
This version is a major rewrite of the original Cisco source code.
Key features include:
- NAS specific host keys, prompts, enable passwords
- NAS- and ACL-dependent group memberships
- Flexible external backends for user profiles (e.g. via PERL scripts or C;
LDAP (including ActiveDirectory), RADIUS and others are included )
- Connection multiplexing (multiple concurrent NAS clients per process)
- Session multiplexing
- Scalable, no limit on users, clients or servers
- CLI context aware. At the time of writing this, no other TACACS+ daemon is.
- Both IPv4 and IPv6 are fully supported.
- Compliant to latest TACACS+ protocol specification (draft 1.78)
WWW: http://www.pro-bono-publico.de/projects/tac_plus.html
PR: 239755
Submitted by: akuz84@gmail.com
Notes
Notes:
svn path=/head/; revision=508845
Diffstat (limited to 'net/tacacs')
-rw-r--r-- | net/tacacs/Makefile | 65 | ||||
-rw-r--r-- | net/tacacs/distinfo | 3 | ||||
-rw-r--r-- | net/tacacs/files/tac_plus.in | 83 | ||||
-rw-r--r-- | net/tacacs/pkg-descr | 17 | ||||
-rw-r--r-- | net/tacacs/pkg-message | 13 | ||||
-rw-r--r-- | net/tacacs/pkg-plist | 129 |
6 files changed, 310 insertions, 0 deletions
diff --git a/net/tacacs/Makefile b/net/tacacs/Makefile new file mode 100644 index 000000000000..fb2cf198764a --- /dev/null +++ b/net/tacacs/Makefile @@ -0,0 +1,65 @@ +# $FreeBSD$ + +PORTNAME= tacacs +PORTVERSION= 201906100936 +CATEGORIES= net +MASTER_SITES= http://www.pro-bono-publico.de/projects/src/ + +MAINTAINER= akuz84@gmail.com +COMMENT= This is a TACACS+ daemon from pro-bono + +LICENSE= BSD3CLAUSE + +USES= gmake perl5 ssl shebangfix + +WRKSRC= ${WRKDIR}/PROJECTS + +CONFLICTS= tac_plus4 + +HAS_CONFIGURE= yes + +CONFIGURE_ARGS= --with-ssl \ + --with-zlib \ + --libdir=${LOCALBASE}/lib \ + --installroot=${STAGEDIR} mavis spawnd mavisd tac_plus + +USE_LDCONFIG= yes + +OPTIONS_DEFINE= CURL FREERADIUS SCTP PCRE +OPTIONS_DEFAULT= SCTP + +MAKE_JOBS_UNSAFE=yes + +SCTP_DESC= SCTP support +SCTP_CONFIGURE_WITH= sctp + +PCRE_DESC= PCRE support +PCRE_LIB_DEPENDS= libpcre.so:devel/pcre +PCRE_CONFIGURE_ON= --with-pcre-lib=${LOCALBASE}/lib +PCRE_CONFIGURE_OFF= + +CURL_DESC= Curl support +CURL_LIB_DEPENDS= libcurl.so:ftp/curl +CURL_CONFIGURE_ON= --with-curl-lib=${LOCALBASE}/lib +CURL_CONFIGURE_OFF= + +FREERADIUS_DESC= Freeradius support +FREERADIUS_LIB_DEPENDS= libfreeradius-radius.so:net/freeradius3 +FREERADIUS_CONFIGURE_ON= --with-pcre-lib=${LOCALBASE}/lib +FREERADIUS_CONFIGURE_OFF= + +USERS= tacacs +GROUPS= tacacs + +WRKSRC= ${WRKDIR}/PROJECTS + +SHEBANG_FILES= tac_plus/sample/tac_plus.cfg + +USE_RC_SUBR?= tac_plus + +post-build: + @${REINPLACE_CMD} -e '1d' ${WRKSRC}/tac_plus/sample/tac_plus.cfg + +post-install: + +.include <bsd.port.mk> diff --git a/net/tacacs/distinfo b/net/tacacs/distinfo new file mode 100644 index 000000000000..036ee1ff5d86 --- /dev/null +++ b/net/tacacs/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1563548166 +SHA256 (tacacs-201906100936.tar.gz) = 5d0d6a12b84ec40d4b53e798076fcef338eecc8495e459146966dc34d0ea2d3b +SIZE (tacacs-201906100936.tar.gz) = 3107300 diff --git a/net/tacacs/files/tac_plus.in b/net/tacacs/files/tac_plus.in new file mode 100644 index 000000000000..09c17625d34f --- /dev/null +++ b/net/tacacs/files/tac_plus.in @@ -0,0 +1,83 @@ +#!/bin/sh +# +# PROVIDE: tac_plus +# REQUIRE: DAEMON +# +# Add the following line to /etc/rc.conf to enable the TACACS+ daemon: +# +# tac_plus_enable (bool): Set to "NO" by default +# Set it to "YES" to enable tac_plus +# tac_plus_flags (str): Set to "" by default +# Extra flags to be passed to start command +# tac_plus_configfile (str): Set to "/usr/local/etc/tac_plus.conf" by default +# Allows you to specify a different config file for +# the tac_plus daemon + +. /etc/rc.subr + +name=tac_plus +rcvar=tac_plus_enable + +command="/usr/local/sbin/tac_plus" +pidfile="/var/run/${name}.pid" +tac_plus_enable=${tac_plus_enable:-"NO"} +tac_plus_flags=${tac_plus_flags:-"-b"} +tac_plus_configfile=${tac_plus_configfile:-"/usr/local/etc/tac_plus.conf"} + +load_rc_config ${name} + +if [ -n "$2" ]; then + profile="$2" + if [ "x${tac_plus_profiles}" != "x" ]; then + eval tac_plus_configfile="\${tac_plus_${profile}_configfile:-}" + if [ "x${tac_plus_configfile}" = "x" ]; then + echo "You must define a configuration file (tac_plus_${profile}_configfile)" + exit 1 + fi + required_files="${tac_plus_configfile}" + eval tac_plus_enable="\${tac_plus_${profile}_enable:-${tac_plus_enable}}" + eval tac_plus_flags="\${tac_plus_${profile}_flags:-${tac_plus_flags}}" + eval tac_plus_port="\${tac_plus_${profile}_port:-}" + eval tac_plus_ip="\${tac_plus_${profile}_ip:-}" + else + echo "$0: extra argument ignored" + fi +else + if [ "x${tac_plus_profiles}" != "x" -a "x$1" != "x" ]; then + for profile in ${tac_plus_profiles}; do + eval _enable="\${tac_plus_${profile}_enable}" + case "x${_enable:-${tac_plus_enable}}" in + x|x[Nn][Oo]|x[Nn][Oo][Nn][Ee]) + continue + ;; + x[Yy][Ee][Ss]) + + ;; + *) + if test -z "$_enable"; then + _var=tac_plus_enable + else + _var=tac_plus_"${profile}"_enable + fi + echo "Bad value "\ + "'${_enable:-${tac_plus_enable}}' "\ + "for ${_var}. "\ + "Profile ${profile} skipped." + continue + esac + echo "====> tac_plus profile: ${profile}" + /usr/local/etc/rc.d/tac_plus $1 ${profile} + retcode="$?" + if [ "0${retcode}" -ne 0 ]; then + failed="${profile} (${retcode}) ${failed:-}" + else + success="${profile} ${success:-}" + fi + done + exit 0 + fi +fi + +tac_plus_flags="${tac_plus_flags} -p ${pidfile} ${tac_plus_configfile}" + +run_rc_command "$1" diff --git a/net/tacacs/pkg-descr b/net/tacacs/pkg-descr new file mode 100644 index 000000000000..96081d1145bb --- /dev/null +++ b/net/tacacs/pkg-descr @@ -0,0 +1,17 @@ +tac_plus is a TACACS+ daemon. It provides Cisco Systems routers and +access servers with authentication, authorisation and accounting services. + +This version is a major rewrite of the original Cisco source code. +Key features include: +- NAS specific host keys, prompts, enable passwords +- NAS- and ACL-dependent group memberships +- Flexible external backends for user profiles (e.g. via PERL scripts or C; + LDAP (including ActiveDirectory), RADIUS and others are included ) +- Connection multiplexing (multiple concurrent NAS clients per process) +- Session multiplexing +- Scalable, no limit on users, clients or servers +- CLI context aware. At the time of writing this, no other TACACS+ daemon is. +- Both IPv4 and IPv6 are fully supported. +- Compliant to latest TACACS+ protocol specification (draft 1.78) + +WWW: http://www.pro-bono-publico.de/projects/tac_plus.html diff --git a/net/tacacs/pkg-message b/net/tacacs/pkg-message new file mode 100644 index 000000000000..1882e8927e66 --- /dev/null +++ b/net/tacacs/pkg-message @@ -0,0 +1,13 @@ +To run tac_plus at startup, add the following line to rc.conf: + + tac_plus_enable="YES" + +Extra options can be foud in the startup script. + +The code written by Marc Huber is distributed under the following license: +Copyright (C) 1999-2015 Marc Huber (<Marc.Huber@web.de>). All rights reserved. +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: +- Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. +- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. +- The end-user documentation included with the redistribution, if any, must include the following acknowledgment: + This product includes software developed by Marc Huber (<Marc.Huber@web.de>). diff --git a/net/tacacs/pkg-plist b/net/tacacs/pkg-plist new file mode 100644 index 000000000000..c3a96127a1e3 --- /dev/null +++ b/net/tacacs/pkg-plist @@ -0,0 +1,129 @@ +@dir etc/mavis +@dir etc/mavis/sample +@dir lib/mavis +@dir lib/mavis/extra +@dir share/mavis +@dir share/mavis/railroad +@dir share/mavis/railroad/mavis +@dir share/mavis/railroad/tac_plus +@dir share/mavis/railroad/spawnd +@dir share/mavis/railroad/mavisd +etc/mavis/sample/tac_plus.cfg +bin/mavistest +lib/libmavis.so.0.1 +lib/libmavis.so.0 +lib/libmavis.so +lib/mavis/libmavis_userdb.so +lib/mavis/libmavis_remote.so +lib/mavis/libmavis_system.so +lib/mavis/mavis_tacplus_ldap.pl +lib/mavis/mavis_tacplus_ldap_authonly.pl +lib/mavis/Mavis.pm +lib/mavis/mavis_tacplus_sms.pl +lib/mavis/mavis_tacplus_radius.pl +lib/mavis/mavis_tacplus_opie.pl +lib/mavis/libmavis_asciiftp.so +lib/mavis/libmavis_pam.so +lib/mavis/libmavis_auth.so +lib/mavis/libmavis_tee.so +lib/mavis/libmavis_groups.so +lib/mavis/libmavis_external.so +lib/mavis/libmavis_anonftp.so +lib/mavis/extra/tacacs.schema +lib/mavis/extra/tacacs_schema.ldif +lib/mavis/extra/tacacs.schema-fedora-ds +lib/mavis/libmavis_null.so +lib/mavis/libmavis_limit.so +lib/mavis/mavis_tacplus_shadow.pl +lib/mavis/libmavis_cache.so +lib/mavis/mavis_ldap_authonly.pl +lib/mavis/libmavis_log.so +lib/mavis/mavis_tacplus_ads.pl +lib/mavis/mavis_tacplus_passwd.pl +lib/mavis/mavis_ftp_passwd.pl +sbin/mavisd +sbin/spawnd +sbin/tac_plus +sbin/pammavis +share/mavis/ftpd.txt +share/mavis/tac_plus.pdf +share/mavis/tac_plus.html +share/mavis/railroad/mavis/TimespecDecl.gif +share/mavis/railroad/mavis/AuthConf.gif +share/mavis/railroad/mavis/LimitConf.gif +share/mavis/railroad/mavis/ASCIIftpConf.gif +share/mavis/railroad/mavis/UserDBConf.gif +share/mavis/railroad/mavis/CIDR.gif +share/mavis/railroad/mavis/CacheConf.gif +share/mavis/railroad/mavis/PAMConf.gif +share/mavis/railroad/mavis/SystemConf.gif +share/mavis/railroad/mavis/AnonftpConf.gif +share/mavis/railroad/mavis/MavisScript.gif +share/mavis/railroad/mavis/MavisDecl.gif +share/mavis/railroad/mavis/MavisAction.gif +share/mavis/railroad/mavis/ExternalConf.gif +share/mavis/railroad/mavis/TeeConf.gif +share/mavis/railroad/mavis/MavisCond.gif +share/mavis/railroad/mavis/RemoteConf.gif +share/mavis/railroad/tac_plus/GroupAttr.gif +share/mavis/railroad/tac_plus/TacAction.gif +share/mavis/railroad/tac_plus/ShellCommandDecl.gif +share/mavis/railroad/tac_plus/TacScript.gif +share/mavis/railroad/tac_plus/PasswordExpr.gif +share/mavis/railroad/tac_plus/PasswordExprHash.gif +share/mavis/railroad/tac_plus/TacCond.gif +share/mavis/railroad/tac_plus/GroupOnlyAttr.gif +share/mavis/railroad/tac_plus/Acl.gif +share/mavis/railroad/tac_plus/ACLDecl.gif +share/mavis/railroad/tac_plus/TimespecDecl.gif +share/mavis/railroad/tac_plus/GroupDecl.gif +share/mavis/railroad/tac_plus/Debug.gif +share/mavis/railroad/tac_plus/ACLExpr.gif +share/mavis/railroad/tac_plus/UserMessage.gif +share/mavis/railroad/tac_plus/AVPair.gif +share/mavis/railroad/tac_plus/GlobalDecl.gif +share/mavis/railroad/tac_plus/ProtoDefault.gif +share/mavis/railroad/tac_plus/ServiceDecl.gif +share/mavis/railroad/tac_plus/ShellDecl.gif +share/mavis/railroad/tac_plus/HostAttr.gif +share/mavis/railroad/tac_plus/UserAttr.gif +share/mavis/railroad/tac_plus/CmdDefault.gif +share/mavis/railroad/tac_plus/RealmAttr.gif +share/mavis/railroad/tac_plus/UserDecl.gif +share/mavis/railroad/tac_plus/AttrDefault.gif +share/mavis/railroad/tac_plus/RealmAttrAuthen.gif +share/mavis/railroad/tac_plus/EnableExpr.gif +share/mavis/railroad/tac_plus/RealmDecl.gif +share/mavis/railroad/tac_plus/CIDR.gif +share/mavis/railroad/tac_plus/ShellAttr.gif +share/mavis/railroad/tac_plus/ServiceAttr.gif +share/mavis/railroad/tac_plus/ProtoDecl.gif +share/mavis/railroad/tac_plus/TacplusConfig.gif +share/mavis/railroad/tac_plus/HostDecl.gif +share/mavis/railroad/spawnd/AclDecl.gif +share/mavis/railroad/spawnd/Debug.gif +share/mavis/railroad/spawnd/MiscDecl.gif +share/mavis/railroad/spawnd/ChildDecl.gif +share/mavis/railroad/spawnd/ListenDecl.gif +share/mavis/railroad/spawnd/Config.gif +share/mavis/railroad/spawnd/SpawndConfig.gif +share/mavis/railroad/spawnd/CIDR.gif +share/mavis/railroad/spawnd/SyslogDecl.gif +share/mavis/railroad/mavisd/SyslogDecl.gif +share/mavis/railroad/mavisd/CIDR.gif +share/mavis/railroad/mavisd/Config.gif +share/mavis/spawnd.pdf +share/mavis/tcprelay.html +share/mavis/spawnd.html +share/mavis/tcprelay.pdf +share/mavis/mavis.html +share/mavis/ftpd.html +share/mavis/mavisd.txt +share/mavis/mavis.pdf +share/mavis/tac_plus.txt +share/mavis/ftpd.pdf +share/mavis/spawnd.txt +share/mavis/tcprelay.txt +share/mavis/mavisd.html +share/mavis/mavisd.pdf +share/mavis/mavis.txt |