cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to 4.0.4.26

Browse Source 
PR:             177833
Submitted by:   Mike Stupalov <landy2005@gmail.com>
This commit is contained in:
Joe Marcus Clarke 2013-04-28 23:03:17 +00:00
parent 4f3c4b8d7f
commit 2384a0ff88
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=316768
13 changed files with 67 additions and 192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
net/tac_plus4/Makefile
View File

@ -2,10 +2,10 @@
# $FreeBSD$
PORTNAME= tac_plus
PORTVERSION= F4.0.4.19
PORTVERSION= F4.0.4.26
CATEGORIES= net security
MASTER_SITES= ftp://ftp.shrubbery.net/pub/tac_plus/
DISTNAME= tacacs+-F4.0.4.19
DISTNAME= tacacs+-F4.0.4.26
MAINTAINER= marcus@FreeBSD.org
COMMENT= The Cisco remote authentication/authorization/accounting server

4
net/tac_plus4/distinfo
View File

@ -1,2 +1,2 @@
SHA256 (tacacs+-F4.0.4.19.tar.gz) = 582dcdb5723c844e50036b1ed9eaee53239e7791d0ac5e5c22fba8ac4790596b
SIZE (tacacs+-F4.0.4.19.tar.gz) = 500593
SHA256 (tacacs+-F4.0.4.26.tar.gz) = 9051824e8ddc164001f80ec2a723c904d8382aadb5b29a951909761b3d42d6ec
SIZE (tacacs+-F4.0.4.26.tar.gz) = 519796

10
net/tac_plus4/files/extra-patch-bb
View File

@ -13,9 +13,9 @@ Sergey Levov (serg@informika.ru)
------------------------------ cut here ---------------------------
--- pwlib.c.orig Fri Dec 1 15:07:03 2000
+++ pwlib.c Fri Dec 1 15:07:48 2000
@@ -195,7 +195,7 @@
--- pwlib.c.orig 2012-06-07 02:54:23.000000000 +0400
+++ pwlib.c 2013-04-13 13:26:17.000000000 +0400
@@ -303,7 +303,7 @@
struct passwd *pw;
char *exp_date;
char *cfg_passwd;
@ -24,8 +24,8 @@ Sergey Levov (serg@informika.ru)
char buf[12];
#endif /* SHADOW_PASSWORDS */
@@ -217,7 +217,20 @@
return (0);
@@ -325,7 +325,20 @@
return(0);
}
cfg_passwd = pw->pw_passwd;
+#ifdef FREEBSD

39
net/tac_plus4/files/patch-Makefile.in
View File

@ -1,33 +1,24 @@
--- Makefile.in.orig 2009-07-28 15:18:02.000000000 -0400
+++ Makefile.in 2009-10-10 16:24:28.000000000 -0400
@@ -97,7 +97,7 @@ am__tac_plus_SOURCES_DIST = acct.c authe
--- Makefile.in.orig 2012-04-17 02:56:54.000000000 +0400
+++ Makefile.in 2013-04-13 13:43:18.000000000 +0400
@@ -98,7 +98,7 @@
config.c default_fn.c default_v0_fn.c do_acct.c do_author.c \
dump.c enable.c encrypt.c expire.c hash.c maxsess.c parse.c \
programs.c pw.c pwlib.c regexp.c report.c sendauth.c \
- sendpass.c tac_plus.c utils.c skey_fn.c
+ sendpass.c tac_plus.c utils.c skey_fn.c opie_fn.c
dump.c enable.c encrypt.c expire.c hash.c maxsessint.c parse.c \
programs.c pw.c pwlib.c report.c sendauth.c sendpass.c \
- tac_plus.c utils.c skey_fn.c aceclnt_fn.c
+ tac_plus.c utils.c skey_fn.c aceclnt_fn.c opie_fn.c
@TACSKEY_TRUE@am__objects_1 = skey_fn.$(OBJEXT)
@TACACECLNT_TRUE@am__objects_2 = aceclnt_fn.$(OBJEXT)
am_tac_plus_OBJECTS = acct.$(OBJEXT) authen.$(OBJEXT) author.$(OBJEXT) \
choose_authen.$(OBJEXT) config.$(OBJEXT) default_fn.$(OBJEXT) \
@@ -107,7 +107,7 @@ am_tac_plus_OBJECTS = acct.$(OBJEXT) aut
@@ -109,7 +109,7 @@
parse.$(OBJEXT) programs.$(OBJEXT) pw.$(OBJEXT) \
pwlib.$(OBJEXT) regexp.$(OBJEXT) report.$(OBJEXT) \
sendauth.$(OBJEXT) sendpass.$(OBJEXT) tac_plus.$(OBJEXT) \
- utils.$(OBJEXT) $(am__objects_1)
+ utils.$(OBJEXT) opie_fn.$(OBJEXT) $(am__objects_1)
pwlib.$(OBJEXT) report.$(OBJEXT) sendauth.$(OBJEXT) \
sendpass.$(OBJEXT) tac_plus.$(OBJEXT) utils.$(OBJEXT) \
- $(am__objects_1) $(am__objects_2)
+ opie_fn.$(OBJEXT) $(am__objects_1) $(am__objects_2)
tac_plus_OBJECTS = $(am_tac_plus_OBJECTS)
am__DEPENDENCIES_1 =
tac_plus_DEPENDENCIES = $(am__DEPENDENCIES_1)
@@ -326,7 +326,7 @@ noinst_HEADERS = md4.h mschap.h regexp.h
expire.h md5.h parse.h pathsl.h regmagic.h
man_gen_MANS = tac_plus.8 tac_plus.conf.5
-man_nogen_MANS = regexp.3 tac_pwd.8
+man_nogen_MANS = tac_pwd.8
man_MANS = $(man_gen_MANS) $(man_nogen_MANS)
# scripts that are built
@@ -581,6 +581,7 @@ distclean-compile:
@@ -592,6 +592,7 @@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sendauth.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sendpass.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/skey_fn.Po@am__quote@
@ -35,7 +26,7 @@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tac_plus.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tac_pwd.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utils.Po@am__quote@
@@ -1061,8 +1062,7 @@ info: info-am
@@ -1049,8 +1050,7 @@
info-am:

30
net/tac_plus4/files/patch-ab
View File

@ -1,30 +0,0 @@
--- tac_plus.h.orig 2009-07-27 20:11:53.000000000 -0400
+++ tac_plus.h 2010-02-12 18:13:49.000000000 -0500
@@ -86,6 +86,7 @@
#ifdef FREEBSD
#define CONST_SYSERRLIST
#define NO_PWAGE
+#include <sys/param.h>
#endif
#ifdef BSDI
@@ -138,7 +139,11 @@
# include <sys/syslog.h>
#endif
+#if defined(FREEBSD) && __FreeBSD_version >= 900007
+#include <utmpx.h>
+#else
#include <utmp.h>
+#endif
#include <unistd.h>
@@ -655,6 +660,7 @@ int sendpass_fn(struct authen_data *data
int enable_fn(struct authen_data *data);
int default_v0_fn(struct authen_data *data);
int skey_fn(struct authen_data *data);
+int opie_fn(struct authen_data *data);
#ifdef MAXSESS
void loguser(struct acct_rec *);

20
net/tac_plus4/files/patch-choose_authen.c
View File

@ -1,8 +1,8 @@
--- choose_authen.c.orig Sun Jun 18 13:26:53 2000
+++ choose_authen.c Sun Dec 8 15:26:08 2002
@@ -118,10 +118,27 @@
--- choose_authen.c.orig 2012-04-17 01:42:55.000000000 +0400
+++ choose_authen.c 2013-04-13 13:55:20.000000000 +0400
@@ -130,12 +130,29 @@
#else /* SKEY */
report(LOG_ERR,
report(LOG_ERR,
"%s %s: user %s s/key support has not been compiled in",
- name ? name : "<unknown>",
- session.peer, session.port);
@ -10,8 +10,8 @@
+ name ? name : "<unknown>");
return(CHOOSE_FAILED);
#endif /* SKEY */
+ }
+
}
+ if (cfg_passwd && STREQ(cfg_passwd, "opie")) {
+ if (debug & DEBUG_PASSWD_FLAG)
+ report(LOG_DEBUG, "%s %s: user %s requires opie",
@ -27,6 +27,8 @@
+ name ? name : "<unknown>");
+ return(CHOOSE_FAILED);
+#endif /* OPIE */
}
/* Not an skey user. Must be none, des, cleartext or file password */
+ }
+
/* Does this user require aceclnt */
cfg_passwd = cfg_get_login_secret(name, TAC_PLUS_RECURSE);
if (cfg_passwd && STREQ(cfg_passwd, "aceclnt")) {

78
net/tac_plus4/files/patch-do_acct.c
View File

@ -1,78 +0,0 @@
--- do_acct.c.orig 2010-01-23 16:17:36.000000000 -0500
+++ do_acct.c 2010-02-12 18:19:44.000000000 -0500
@@ -202,23 +202,42 @@ do_acct_syslog(struct acct_rec *rec)
int
wtmp_entry(char *line, char *name, char *host, time_t utime)
{
+#if defined(FREEBSD) && __FreeBSD_version >= 900007
+#define HAVE_UTMPX_H 1
+ struct utmpx entry;
+ struct timeval tv;
+#else
struct utmp entry;
+#endif
+#ifndef HAVE_UTMPX_H
if (!wtmpfile) {
return(1);
}
+#endif
memset(&entry, 0, sizeof entry);
+#ifdef HAVE_UTMPX_H
+ entry.ut_type = *name != '\0' ? USER_PROCESS : DEAD_PROCESS;
+ snprintf(entry.ut_id, sizeof entry.ut_id, "%xtac", getpid());
+#endif
if (strlen(line) < sizeof entry.ut_line)
strcpy(entry.ut_line, line);
else
memcpy(entry.ut_line, line, sizeof(entry.ut_line));
+#ifdef HAVE_UTMPX_H
+ if (strlen(name) < sizeof entry.ut_user)
+ strcpy(entry.ut_user, name);
+ else
+ memcpy(entry.ut_user, name, sizeof(entry.ut_user));
+#else
if (strlen(name) < sizeof entry.ut_name)
strcpy(entry.ut_name, name);
else
memcpy(entry.ut_name, name, sizeof(entry.ut_name));
+#endif
#ifndef SOLARIS
if (strlen(host) < sizeof entry.ut_host)
@@ -226,13 +245,24 @@ wtmp_entry(char *line, char *name, char
else
memcpy(entry.ut_host, host, sizeof(entry.ut_host));
#endif
+#ifdef HAVE_UTMPX_H
+ memset(&entry.ut_tv, 0, sizeof(entry.ut_tv));
+ tv.tv_sec = utime;
+ memcpy(&entry.ut_tv, &tv, sizeof(entry.ut_tv));
+#else
entry.ut_time = utime;
+#endif
#ifdef FREEBSD
+#ifdef HAVE_UTMPX_H
+ pututxline(&entry);
+#else
wtmpfd = open(wtmpfile, O_CREAT | O_WRONLY | O_APPEND, 0644);
+#endif
#else
wtmpfd = open(wtmpfile, O_CREAT | O_WRONLY | O_APPEND | O_SYNC, 0644);
#endif
+#ifndef HAVE_UTMPX_H
if (wtmpfd < 0) {
report(LOG_ERR, "Can't open wtmp file %s -- %s",
wtmpfile, strerror(errno));
@@ -251,6 +281,7 @@ wtmp_entry(char *line, char *name, char
}
close(wtmpfd);
+#endif
if (debug & DEBUG_ACCT_FLAG) {
report(LOG_DEBUG, "wtmp: %s, %s %s %d", line, name, host, utime);

9
net/tac_plus4/files/patch-parse.h
View File

@ -1,7 +1,10 @@
--- parse.h.orig Sun Dec 8 15:22:51 2002
+++ parse.h Sun Dec 8 15:23:26 2002
@@ -76,3 +76,4 @@
--- parse.h.orig 2012-04-10 22:34:40.000000000 +0400
+++ parse.h 2013-04-13 14:02:27.000000000 +0400
@@ -74,6 +74,7 @@
#ifdef MSCHAP
#define S_mschap 42
#endif /* MSCHAP */
+#define S_opie 43
#define S_enable 43
#ifdef ACLS
# define S_acl 44

8
net/tac_plus4/files/patch-skey_fn.c
View File

@ -1,11 +1,11 @@
--- skey_fn.c.orig Sun Apr 3 01:41:00 2005
+++ skey_fn.c Sun Apr 3 01:41:08 2005
@@ -168,7 +168,7 @@
--- skey_fn.c.orig 2012-06-06 22:34:55.000000000 +0400
+++ skey_fn.c 2013-04-13 14:08:31.000000000 +0400
@@ -164,7 +164,7 @@
return(1);
}
- if (skeychallenge(&p->skey, name, skeyprompt, 80) == 0) {
+ if (skeychallenge(&p->skey, name, skeyprompt) == 0) {
char buf[256];
sprintf(buf, "%s\nPassword: ", skeyprompt);
snprintf(buf, sizeof(buf), "%s\nS/Key challenge: ", skeyprompt);
data->server_msg = tac_strdup(buf);

10
net/tac_plus4/files/patch-tac_plus.h Normal file
View File

@ -0,0 +1,10 @@
--- tac_plus.h.orig 2013-04-13 13:45:20.000000000 +0400
+++ tac_plus.h 2013-04-13 13:50:14.000000000 +0400
@@ -452,6 +452,7 @@
int sendauth_fn(struct authen_data *data);
int sendpass_fn(struct authen_data *data);
int skey_fn(struct authen_data *data);
+int opie_fn(struct authen_data *data);
/* tac_plus.c */
void open_logfile(void);

25
net/tac_plus4/files/patch-tacacs.h
View File

@ -1,25 +0,0 @@
--- tacacs.h.orig 2010-02-12 18:13:56.000000000 -0500
+++ tacacs.h 2010-02-12 18:14:51.000000000 -0500
@@ -83,6 +83,10 @@ XXX unknown
#define MSCHAP_DIGEST_LEN 49
#endif /* MSCHAP */
+#ifdef FREEBSD
+#include <sys/param.h>
+#endif
+
#if HAVE_STRING_H
# include <string.h>
#endif
@@ -124,7 +128,11 @@ XXX unknown
# include <sys/syslog.h>
#endif
+#if defined(FREEBSD) && __FreeBSD_version >= 900007
+#include <utmpx.h>
+#else
#include <utmp.h>
+#endif
#include <unistd.h>

20
net/tac_plus4/files/patch-users_guide.in
View File

@ -1,6 +1,6 @@
--- users_guide.in.orig 2008-08-20 00:34:57.000000000 -0400
+++ users_guide.in 2009-07-08 22:32:17.000000000 -0400
@@ -164,7 +164,10 @@ for S/KEY in the Makefile. I got my S/K
--- users_guide.in.orig 2011-05-28 02:11:57.000000000 +0400
+++ users_guide.in 2013-04-13 14:16:37.000000000 +0400
@@ -164,7 +164,10 @@
crimelab.com but now it appears the only source is ftp.bellcore.com. I
suggest you try a web search for s/key source code.
@ -12,11 +12,12 @@
Should you need them, there are routines for accessing password files
(getpwnam,setpwent,endpwent,setpwfile) in pw.c.
@@ -454,6 +457,15 @@ be that for each authentiction that is a
to be wrong whether it was typed correctly or not.
@@ -414,7 +417,16 @@
login = skey
}
+4. Authentication using opie.
-4). Authentication using PAM (Pluggable Authentication Modules)
+4). Authentication using opie.
+
+If you have successfully built tac_plus with opie support, you can specify
+a user be authenticated via opie, as follows:
@ -25,6 +26,7 @@
+ login = opie
+ }
+
RECURSIVE PASSWORD LOOKUPS
---------------------------
+5). Authentication using PAM (Pluggable Authentication Modules)
Assuming that your OS supports it, tac_plus can be configured to use PAM
for authentication, which may make it possible to use LDAP, SecureID, etc

2
net/tac_plus4/pkg-descr
View File

@ -9,4 +9,4 @@ Improved features among others and bugfixes: Microsoft CHAP support.
To enable MSCHAP you need to optain a key from Microsoft, see the FAQ
section in the users guide. Therefore this isn't enabled by default.
WWW: http://www.cisco.com/warp/public/480/tacplus.shtml
WWW: http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800946a3.shtml