From 6ef5ef58e9da7db6d055c2ea2e1078d6d542936d Mon Sep 17 00:00:00 2001 From: Joe Marcus Clarke Date: Thu, 9 Jul 2009 02:47:31 +0000 Subject: Update to F4.0.4.18, and add support for TACACS+ profiles to the rc.d scripts. PR: 134768 (profile support) Submitted by: Ryan T.Dean (profile support) --- net/tac_plus4/Makefile | 14 +----- net/tac_plus4/distinfo | 6 +-- net/tac_plus4/files/patch-Makefile.in | 45 +++++++++--------- net/tac_plus4/files/patch-af | 22 --------- net/tac_plus4/files/patch-configure | 11 ----- net/tac_plus4/files/patch-maxsess.c | 14 ------ net/tac_plus4/files/patch-users_guide | 48 ------------------- net/tac_plus4/files/patch-users_guide.in | 30 ++++++++++++ net/tac_plus4/files/tac_plus.in | 82 ++++++++++++++++++++++++++++++-- 9 files changed, 135 insertions(+), 137 deletions(-) delete mode 100644 net/tac_plus4/files/patch-af delete mode 100644 net/tac_plus4/files/patch-configure delete mode 100644 net/tac_plus4/files/patch-maxsess.c delete mode 100644 net/tac_plus4/files/patch-users_guide create mode 100644 net/tac_plus4/files/patch-users_guide.in (limited to 'net/tac_plus4') diff --git a/net/tac_plus4/Makefile b/net/tac_plus4/Makefile index 8381216f0ec0..7c6732dc5692 100644 --- a/net/tac_plus4/Makefile +++ b/net/tac_plus4/Makefile @@ -6,10 +6,10 @@ # PORTNAME= tac_plus -PORTVERSION= F4.0.4.15 +PORTVERSION= F4.0.4.18 CATEGORIES= net security MASTER_SITES= ftp://ftp.shrubbery.net/pub/tac_plus/ -DISTNAME= tacacs+-F4.0.4.15 +DISTNAME= tacacs+-F4.0.4.18 MAINTAINER= marcus@FreeBSD.org COMMENT= The Cisco remote authentication/authorization/accounting server @@ -30,16 +30,6 @@ CONFLICTS= ru-tac+ia-[0-9]* tac_plus-libradius-[0-9]* EXTRA_PATCHES+= ${PATCHDIR}/extra-patch-bb .endif -# finger output differs for CISCO IOS versions 11 and 12. -# Define version of your IOS (default is 12): -# Example: make TAC_IOS_VERSION=11 -# -.if defined(TAC_IOS_VERSION) -CFLAGS+= -DTAC_IOS_VERSION=${TAC_IOS_VERSION} -.else -CFLAGS+= -DTAC_IOS_VERSION=12 -.endif - .if exists(/usr/include/skey.h) && !defined(WITHOUT_SKEY) CONFIGURE_ARGS+= --with-skey .else diff --git a/net/tac_plus4/distinfo b/net/tac_plus4/distinfo index 790507cb7172..58d73547f3fb 100644 --- a/net/tac_plus4/distinfo +++ b/net/tac_plus4/distinfo @@ -1,3 +1,3 @@ -MD5 (tacacs+-F4.0.4.15.tar.gz) = b4439c7757dbd6eb4a4be5daba33e6c7 -SHA256 (tacacs+-F4.0.4.15.tar.gz) = 468626b40f103838023b3660562c1f7343325651cd731ea52e1d1c86cca64f2a -SIZE (tacacs+-F4.0.4.15.tar.gz) = 252532 +MD5 (tacacs+-F4.0.4.18.tar.gz) = 4e6158fc4c45b62707aa678d5cac457b +SHA256 (tacacs+-F4.0.4.18.tar.gz) = 9723d66f626d2b7198f6012d5b0a7adfe7175add3fe9e940004b0b951baa8aa9 +SIZE (tacacs+-F4.0.4.18.tar.gz) = 263226 diff --git a/net/tac_plus4/files/patch-Makefile.in b/net/tac_plus4/files/patch-Makefile.in index 2acad8075525..4ebae68b1d78 100644 --- a/net/tac_plus4/files/patch-Makefile.in +++ b/net/tac_plus4/files/patch-Makefile.in @@ -1,25 +1,26 @@ ---- Makefile.in.orig Thu Sep 14 21:41:02 2006 -+++ Makefile.in Sun Oct 29 03:04:34 2006 -@@ -71,7 +71,8 @@ am_tac_plus_OBJECTS = tac_plus.$(OBJEXT) - config.$(OBJEXT) expire.$(OBJEXT) programs.$(OBJEXT) \ - default_fn.$(OBJEXT) pw.$(OBJEXT) utils.$(OBJEXT) \ - default_v0_fn.$(OBJEXT) hash.$(OBJEXT) pwlib.$(OBJEXT) \ -- do_acct.$(OBJEXT) maxsess.$(OBJEXT) regexp.$(OBJEXT) -+ do_acct.$(OBJEXT) maxsess.$(OBJEXT) regexp.$(OBJEXT) \ -+ opie_fn.$(OBJEXT) +--- Makefile.in.orig 2009-03-02 12:18:21.000000000 -0500 ++++ Makefile.in 2009-07-08 22:29:00.000000000 -0400 +@@ -63,7 +63,8 @@ am__tac_plus_SOURCES_DIST = tac_plus.c a + report.c authen.c dump.c md5.c sendauth.c author.c enable.c \ + packet.c sendpass.c choose_authen.c encrypt.c parse.c config.c \ + expire.c programs.c default_fn.c pw.c utils.c default_v0_fn.c \ +- hash.c pwlib.c do_acct.c maxsess.c regexp.c skey_fn.c ++ hash.c pwlib.c do_acct.c maxsess.c regexp.c skey_fn.c \ ++ opie_fn.c + @TACSKEY_TRUE@am__objects_1 = skey_fn.$(OBJEXT) + am_tac_plus_OBJECTS = tac_plus.$(OBJEXT) acct.$(OBJEXT) \ + do_author.$(OBJEXT) md4.$(OBJEXT) report.$(OBJEXT) \ +@@ -74,7 +75,8 @@ am_tac_plus_OBJECTS = tac_plus.$(OBJEXT) + expire.$(OBJEXT) programs.$(OBJEXT) default_fn.$(OBJEXT) \ + pw.$(OBJEXT) utils.$(OBJEXT) default_v0_fn.$(OBJEXT) \ + hash.$(OBJEXT) pwlib.$(OBJEXT) do_acct.$(OBJEXT) \ +- maxsess.$(OBJEXT) regexp.$(OBJEXT) $(am__objects_1) ++ maxsess.$(OBJEXT) regexp.$(OBJEXT) \ ++ opie_fn.$(OBJEXT) $(am__objects_1) tac_plus_OBJECTS = $(am_tac_plus_OBJECTS) am__DEPENDENCIES_1 = tac_plus_DEPENDENCIES = $(am__DEPENDENCIES_1) -@@ -237,7 +238,7 @@ tac_plus_SOURCES = tac_plus.c \ - config.c expire.c programs.c \ - default_fn.c pw.c utils.c \ - default_v0_fn.c hash.c pwlib.c \ -- do_acct.c maxsess.c regexp.c -+ do_acct.c maxsess.c regexp.c opie_fn.c - - tac_plus_LDADD = $(WRAPLIBS) - LDADD = @PROFLIBS@ -@@ -248,7 +249,7 @@ noinst_HEADERS = md4.h mschap.h regexp.h +@@ -257,7 +259,7 @@ noinst_HEADERS = md4.h mschap.h regexp.h expire.h md5.h parse.h pathsl.h regmagic.h man_gen_MANS = tac_plus.8 tac_plus.conf.5 @@ -28,7 +29,7 @@ man_MANS = $(man_gen_MANS) $(man_nogen_MANS) # scripts that are built -@@ -432,6 +433,7 @@ distclean-compile: +@@ -443,6 +445,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sendauth.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sendpass.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/skey_fn.Po@am__quote@ @@ -36,7 +37,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tac_plus.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tac_pwd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utils.Po@am__quote@ -@@ -832,8 +834,7 @@ info: info-am +@@ -845,8 +848,7 @@ info: info-am info-am: @@ -44,5 +45,5 @@ - install-pkgdataSCRIPTS +install-data-am: install-man - install-exec-am: install-binPROGRAMS + install-dvi: install-dvi-am diff --git a/net/tac_plus4/files/patch-af b/net/tac_plus4/files/patch-af deleted file mode 100644 index d692decaca12..000000000000 --- a/net/tac_plus4/files/patch-af +++ /dev/null @@ -1,22 +0,0 @@ ---- report.c.orig Wed Aug 2 17:36:49 2000 -+++ report.c Wed Aug 2 17:38:39 2000 -@@ -239,12 +239,16 @@ - if (len <= 0) - return; - -- for (i = 0; i < len && i < 255; i++) { -+ if(len > 255) len = 255; -+ -+ for (i = 0; i < len; ) { - if (32 <= *p && *p <= 126) { - *bufp++ = *p++; -+ i++; - } else { -- sprintf(bufp, " 0x%x ", *p); -- bufp += strlen(bufp); -+ int n = snprintf(bufp, len-i, " 0x%x ", *p); -+ bufp += n; -+ i += n; - p++; - } - } diff --git a/net/tac_plus4/files/patch-configure b/net/tac_plus4/files/patch-configure deleted file mode 100644 index a44c1803dcf8..000000000000 --- a/net/tac_plus4/files/patch-configure +++ /dev/null @@ -1,11 +0,0 @@ ---- configure.orig Sun Apr 3 01:20:37 2005 -+++ configure Sun Apr 3 01:20:48 2005 -@@ -1758,7 +1758,7 @@ - #CPPFLAGS="$CFLAGS -I/usr/pkg/include"; export CPPFLAGS - #LDFLAGS="$LDFLAGS -L/usr/pkg/lib -Xlinker -rpath -Xlinker /usr/pkg/lib" - #export LDFLAGS -- LIBS="-lcrypt"; export LIBS -+ LIBS="-lcrypt $LIBS"; export LIBS - cat >>confdefs.h <<\_ACEOF - #define FREEBSD 1 - _ACEOF diff --git a/net/tac_plus4/files/patch-maxsess.c b/net/tac_plus4/files/patch-maxsess.c deleted file mode 100644 index e742cce407f6..000000000000 --- a/net/tac_plus4/files/patch-maxsess.c +++ /dev/null @@ -1,14 +0,0 @@ ---- maxsess.c.orig Tue Jul 18 13:53:34 2006 -+++ maxsess.c Sun Oct 29 02:52:16 2006 -@@ -464,7 +464,11 @@ ckfinger(char *user, char *nas, struct i - } - /* Extract username, up to 10 chars wide, starting at char 13 */ - nmlen = 0; -+#if (TAC_IOS_VERSION == 11) - name = p + 13; -+#else -+ name = p + 15; -+#endif - for (i = 0; *name && !isspace((int) *name) && (i < 10); i++) { - nmbuf[nmlen++] = *name++; - } diff --git a/net/tac_plus4/files/patch-users_guide b/net/tac_plus4/files/patch-users_guide deleted file mode 100644 index 5e499e741a7f..000000000000 --- a/net/tac_plus4/files/patch-users_guide +++ /dev/null @@ -1,48 +0,0 @@ ---- users_guide.orig Sun Jun 18 13:26:54 2000 -+++ users_guide Sun Dec 8 15:14:01 2002 -@@ -166,7 +166,10 @@ - crimelab.com but now it appears the only source is ftp.bellcore.com. I - suggest you try a web search for s/key source code. - --Note: S/KEY is a trademark of Bell Communications Research (Bellcore). -+To use OPIE, you must have built tac_plus with the -DWITH_OPIE flag. -+ -+Note: S/KEY and OPIE are a trademark of Bell Communications Research -+(Bellcore). - - Should you need them, there are routines for accessing password files - (getpwnam,setpwent,endpwent,setpwfile) in pw.c. -@@ -436,6 +439,15 @@ - login = skey - } - -+4. Authentication using opie. -+ -+If you have successfully built tac_plus with opie support, you can specify -+a user be authenticated via opie, as follows: -+ -+ user = marcus { -+ login = opie -+ } -+ - RECURSIVE PASSWORD LOOKUPS - --------------------------- - -@@ -1370,7 +1382,7 @@ - and then send the daemon a SIGUSR1. This will cause it to reinitialize - itself and re-read the configuration file. - --On startup, tac_plus creates the file /etc/tac_plus.pid , if possible, -+On startup, tac_plus creates the file /var/run/tac_plus.pid , if possible, - containing its process id. If you invoke the daemon so that it listens - on a non-standard port, the file created is /etc/tac_plus.pid. - instead, where is the port number the daemon is listening on. -@@ -1378,7 +1390,7 @@ - Assuming you are listening on the default port 49, something like the - following should work: - --# kill -USR1 `cat /etc/tac_plus.pid` -+# kill -USR1 `cat /var/run/tac_plus.pid` - - It's a good idea to check that the daemon is still running after - sending it a SIGUSR1, since a syntactically incorrect configuration diff --git a/net/tac_plus4/files/patch-users_guide.in b/net/tac_plus4/files/patch-users_guide.in new file mode 100644 index 000000000000..f7679a06c09e --- /dev/null +++ b/net/tac_plus4/files/patch-users_guide.in @@ -0,0 +1,30 @@ +--- users_guide.in.orig 2008-08-20 00:34:57.000000000 -0400 ++++ users_guide.in 2009-07-08 22:32:17.000000000 -0400 +@@ -164,7 +164,10 @@ for S/KEY in the Makefile. I got my S/K + crimelab.com but now it appears the only source is ftp.bellcore.com. I + suggest you try a web search for s/key source code. + +-Note: S/KEY is a trademark of Bell Communications Research (Bellcore). ++To use OPIE, you must have built tac_plus with the -DWITH_OPIE flag. ++ ++Note: S/KEY and OPIE are a trademark of Bell Communications Research ++(Bellcore). + + Should you need them, there are routines for accessing password files + (getpwnam,setpwent,endpwent,setpwfile) in pw.c. +@@ -454,6 +457,15 @@ be that for each authentiction that is a + to be wrong whether it was typed correctly or not. + + ++4. Authentication using opie. ++ ++If you have successfully built tac_plus with opie support, you can specify ++a user be authenticated via opie, as follows: ++ ++ user = marcus { ++ login = opie ++ } ++ + RECURSIVE PASSWORD LOOKUPS + --------------------------- + diff --git a/net/tac_plus4/files/tac_plus.in b/net/tac_plus4/files/tac_plus.in index 05f13e79b7f9..77d14d7d7666 100644 --- a/net/tac_plus4/files/tac_plus.in +++ b/net/tac_plus4/files/tac_plus.in @@ -7,11 +7,16 @@ # # Add the following line to /etc/rc.conf to enable the TACACS+ daemon: # -# tac_plus_enable="YES" -# - -tac_plus_enable=${tac_plus_enable-"NO"} -tac_plus_flags=${tac_plus_flags-"-C %%PREFIX%%/etc/tac_plus.conf"} +# tac_plus_enable (bool): Set to "NO" by default +# Set it to "YES" to enable tac_plus +# tac_plus_flags (str): Set to "" by default +# Extra flags to be passed to start command +# tac_plus_profiles (str): Set to "" by default +# Allows you to run multiple tac_plus daemons with +# different settings +# tac_plus_configfile (str): Set to "%%PREFIX%%/etc/tac_plus.conf" by default +# Allows you to specify a different config file for +# the tac_plus daemon . %%RC_SUBR%% @@ -20,6 +25,73 @@ rcvar=`set_rcvar` command="%%PREFIX%%/bin/tac_plus" pidfile="/var/run/${name}.pid" +tac_plus_enable=${tac_plus_enable:-"NO"} +tac_plus_flags=${tac_plus_flags:-} +tac_plus_profiles=${tac_plus_profiles:-} +tac_plus_configfile=${tac_plus_configfile:-"%%PREFIX%%/etc/tac_plus.conf"} load_rc_config ${name} + +if [ -n "$2" ]; then + profile="$2" + if [ "x${tac_plus_profiles}" != "x" ]; then + eval tac_plus_configfile="\${tac_plus_${profile}_configfile:-}" + if [ "x${tac_plus_configfile}" = "x" ]; then + echo "You must define a configuration file (tac_plus_${profile}_configfile)" + exit 1 + fi + required_files="${tac_plus_configfile}" + eval tac_plus_enable="\${tac_plus_${profile}_enable:-${tac_plus_enable}}" + eval tac_plus_flags="\${tac_plus_${profile}_flags:-${tac_plus_flags}}" + eval tac_plus_port="\${tac_plus_${profile}_port:-}" + eval tac_plus_ip="\${tac_plus_${profile}_ip:-}" + else + echo "$0: extra argument ignored" + fi +else + if [ "x${tac_plus_profiles}" != "x" -a "x$1" != "x" ]; then + for profile in ${tac_plus_profiles}; do + eval _enable="\${tac_plus_${profile}_enable}" + case "x${_enable:-${tac_plus_enable}}" in + x|x[Nn][Oo]|x[Nn][Oo][Nn][Ee]) + continue + ;; + x[Yy][Ee][Ss]) + + ;; + *) + if test -z "$_enable"; then + _var=tac_plus_enable + else + _var=tac_plus_"${profile}"_enable + fi + echo "Bad value "\ + "'${_enable:-${tac_plus_enable}}' "\ + "for ${_var}. "\ + "Profile ${profile} skipped." + continue + esac + echo "====> tac_plus profile: ${profile}" + %%PREFIX%%/etc/rc.d/tac_plus $1 ${profile} + retcode="$?" + if [ "0${retcode}" -ne 0 ]; then + failed="${profile} (${retcode}) ${failed:-}" + else + success="${profile} ${success:-}" + fi + done + exit 0 + fi +fi + +tac_plus_flags="-C ${tac_plus_configfile} ${tac_plus_flags}" +if [ "x${tac_plus_ip}" != "x" ]; then + pidfile="${pidfile}.${tac_plus_ip}" + tac_plus_flags="${tac_plus_flags} -B ${tac_plus_ip}" +fi +if [ "x${tac_plus_port}" != "x" ]; then + pidfile="${pidfile}.${tac_plus_port}" + tac_plus_flags="${tac_plus_flags} -p ${tac_plus_port}" +fi + run_rc_command "$1" -- cgit v1.2.3