From 7bc99fa31618c58e4d93529894904fb9a28de24b Mon Sep 17 00:00:00 2001 From: marcus Date: Tue, 31 Oct 2006 02:42:33 +0000 Subject: * Update to F4.0.4.13 * Configure tac_plus to run as the user tacacs after starting up [1] * Convert to USE_RC_SUBR Requested by: Ryan Steinmetz --- net/tac_plus4/Makefile | 17 +++++----- net/tac_plus4/distinfo | 6 ++-- net/tac_plus4/files/patch-Makefile.in | 54 +++++++++++++++---------------- net/tac_plus4/files/patch-ab | 14 ++++---- net/tac_plus4/files/patch-maxsess.c | 43 ++++++++---------------- net/tac_plus4/files/tac_plus.conf.example | 4 +-- net/tac_plus4/files/tac_plus.in | 25 ++++++++++++++ net/tac_plus4/files/tac_plus.sh | 25 -------------- net/tac_plus4/pkg-install | 37 +++++++++++++++++++++ net/tac_plus4/pkg-plist | 3 +- 10 files changed, 125 insertions(+), 103 deletions(-) create mode 100644 net/tac_plus4/files/tac_plus.in delete mode 100644 net/tac_plus4/files/tac_plus.sh create mode 100644 net/tac_plus4/pkg-install (limited to 'net') diff --git a/net/tac_plus4/Makefile b/net/tac_plus4/Makefile index 5a6fde79c8eb..ab8590a109a3 100644 --- a/net/tac_plus4/Makefile +++ b/net/tac_plus4/Makefile @@ -6,24 +6,25 @@ # PORTNAME= tac_plus -PORTVERSION= F4.0.4.8 +PORTVERSION= F4.0.4.13 CATEGORIES= net security MASTER_SITES= ftp://ftp.shrubbery.net/pub/tac_plus/ -DISTNAME= tacacs+-F4.0.4.8 +DISTNAME= tacacs+-F4.0.4.13 MAINTAINER= marcus@FreeBSD.org COMMENT= The Cisco remote authentication/authorization/accounting server USE_PERL5_BUILD=yes GNU_CONFIGURE= yes -USE_RC_SUBR= yes +USE_RC_SUBR= tac_plus CONFIGURE_TARGET=--build=${MACHINE_ARCH}-portbld-freebsd${OSREL} +CONFIGURE_ARGS= --with-groupid=$$(/usr/bin/id -g tacacs 2>/dev/null || echo '559') \ + --with-userid=$$(/usr/bin/id -u tacacs 2>/dev/null || echo '559') MAN5= tac_plus.conf.5 MAN8= tac_plus.8 tac_pwd.8 CONFLICTS= ru-tac+ia-[0-9]* tac_plus-libradius-[0-9]* -RC_SCRIPTS_SUB= PREFIX=${PREFIX} RC_SUBR=${RC_SUBR} # check expiration dates against 'expire' field of master.passwd file .if defined(TAC_EXPIRE_MASTER_PASSWD) @@ -52,18 +53,18 @@ CONFIGURE_ENV+= LIBS="-lopie -lmd" .endif post-patch: - @${SED} ${RC_SCRIPTS_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} \ - ${FILESDIR}/tac_plus.sh > ${WRKSRC}/tac_plus.sh @${REINPLACE_CMD} -e 's|skey_get_algorithm|skeychallenge|g' \ ${WRKSRC}/configure post-install: ${INSTALL_DATA} ${FILESDIR}/tac_plus.conf.example ${PREFIX}/etc - ${INSTALL_SCRIPT} ${WRKSRC}/tac_plus.sh ${PREFIX}/etc/rc.d/tac_plus.sh +.if !defined(PACKAGE_BUILDING) + @${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL +.endif .if !defined(NOPORTDOCS) @${MKDIR} ${PREFIX}/share/doc/tac_plus ${INSTALL_DATA} ${WRKSRC}/users_guide ${PREFIX}/share/doc/tac_plus - ${INSTALL_SCRIPT} ${WRKSRC}/convert.pl ${PREFIX}/share/doc/tac_plus + ${INSTALL_SCRIPT} ${WRKSRC}/tac_convert ${PREFIX}/share/doc/tac_plus .endif .include diff --git a/net/tac_plus4/distinfo b/net/tac_plus4/distinfo index 5309b047f542..45836e73d617 100644 --- a/net/tac_plus4/distinfo +++ b/net/tac_plus4/distinfo @@ -1,3 +1,3 @@ -MD5 (tacacs+-F4.0.4.8.tar.gz) = f794515f33b8fb6644b8942b9b296e5f -SHA256 (tacacs+-F4.0.4.8.tar.gz) = 59eaf3fc52b4c194bc0d2a2cda318b4821313e59a5297ea7b5bbb6e2b5e87410 -SIZE (tacacs+-F4.0.4.8.tar.gz) = 243651 +MD5 (tacacs+-F4.0.4.13.tar.gz) = 023de9ccc17a9255a41a9a2332471ae9 +SHA256 (tacacs+-F4.0.4.13.tar.gz) = b4052b007d416882c6067816bfd84adc6b0a0280aef8a48411c1fe5ea796c274 +SIZE (tacacs+-F4.0.4.13.tar.gz) = 249108 diff --git a/net/tac_plus4/files/patch-Makefile.in b/net/tac_plus4/files/patch-Makefile.in index 5093a44c2087..2acad8075525 100644 --- a/net/tac_plus4/files/patch-Makefile.in +++ b/net/tac_plus4/files/patch-Makefile.in @@ -1,6 +1,16 @@ ---- Makefile.in.orig Wed May 21 18:22:50 2003 -+++ Makefile.in Sun Apr 3 01:16:29 2005 -@@ -153,7 +153,7 @@ +--- Makefile.in.orig Thu Sep 14 21:41:02 2006 ++++ Makefile.in Sun Oct 29 03:04:34 2006 +@@ -71,7 +71,8 @@ am_tac_plus_OBJECTS = tac_plus.$(OBJEXT) + config.$(OBJEXT) expire.$(OBJEXT) programs.$(OBJEXT) \ + default_fn.$(OBJEXT) pw.$(OBJEXT) utils.$(OBJEXT) \ + default_v0_fn.$(OBJEXT) hash.$(OBJEXT) pwlib.$(OBJEXT) \ +- do_acct.$(OBJEXT) maxsess.$(OBJEXT) regexp.$(OBJEXT) ++ do_acct.$(OBJEXT) maxsess.$(OBJEXT) regexp.$(OBJEXT) \ ++ opie_fn.$(OBJEXT) + tac_plus_OBJECTS = $(am_tac_plus_OBJECTS) + am__DEPENDENCIES_1 = + tac_plus_DEPENDENCIES = $(am__DEPENDENCIES_1) +@@ -237,7 +238,7 @@ tac_plus_SOURCES = tac_plus.c \ config.c expire.c programs.c \ default_fn.c pw.c utils.c \ default_v0_fn.c hash.c pwlib.c \ @@ -9,36 +19,16 @@ tac_plus_LDADD = $(WRAPLIBS) LDADD = @PROFLIBS@ -@@ -166,7 +166,7 @@ - +@@ -248,7 +249,7 @@ noinst_HEADERS = md4.h mschap.h regexp.h + expire.h md5.h parse.h pathsl.h regmagic.h man_gen_MANS = tac_plus.8 tac_plus.conf.5 -man_nogen_MANS = regexp.3 tac_pwd.8 +man_nogen_MANS = tac_pwd.8 - man_MANS = $(man_gen_MANS) $(man_nogen_MANS) -@@ -200,7 +200,8 @@ - config.$(OBJEXT) expire.$(OBJEXT) programs.$(OBJEXT) \ - default_fn.$(OBJEXT) pw.$(OBJEXT) utils.$(OBJEXT) \ - default_v0_fn.$(OBJEXT) hash.$(OBJEXT) pwlib.$(OBJEXT) \ -- do_acct.$(OBJEXT) maxsess.$(OBJEXT) regexp.$(OBJEXT) -+ do_acct.$(OBJEXT) maxsess.$(OBJEXT) regexp.$(OBJEXT) \ -+ opie_fn.$(OBJEXT) - tac_plus_OBJECTS = $(am_tac_plus_OBJECTS) - tac_plus_DEPENDENCIES = - tac_plus_LDFLAGS = -@@ -227,7 +228,8 @@ - @AMDEP_TRUE@ ./$(DEPDIR)/regexp.Po ./$(DEPDIR)/report.Po \ - @AMDEP_TRUE@ ./$(DEPDIR)/sendauth.Po ./$(DEPDIR)/sendpass.Po \ - @AMDEP_TRUE@ ./$(DEPDIR)/skey_fn.Po ./$(DEPDIR)/tac_plus.Po \ --@AMDEP_TRUE@ ./$(DEPDIR)/tac_pwd.Po ./$(DEPDIR)/utils.Po -+@AMDEP_TRUE@ ./$(DEPDIR)/tac_pwd.Po ./$(DEPDIR)/utils.Po \ -+@AMDEP_TRUE@ ./$(DEPDIR)/opie_fn.Po - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) - CCLD = $(CC) -@@ -357,6 +359,7 @@ + # scripts that are built +@@ -432,6 +433,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sendauth.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sendpass.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/skey_fn.Po@am__quote@ @@ -46,3 +36,13 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tac_plus.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tac_pwd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utils.Po@am__quote@ +@@ -832,8 +834,7 @@ info: info-am + + info-am: + +-install-data-am: install-man install-pkgdataDATA \ +- install-pkgdataSCRIPTS ++install-data-am: install-man + + install-exec-am: install-binPROGRAMS + diff --git a/net/tac_plus4/files/patch-ab b/net/tac_plus4/files/patch-ab index fca2b0bfe5ab..bfbca79de758 100644 --- a/net/tac_plus4/files/patch-ab +++ b/net/tac_plus4/files/patch-ab @@ -1,10 +1,10 @@ ---- tac_plus.h.orig Sun Jun 18 13:26:54 2000 -+++ tac_plus.h Sun Dec 8 15:24:27 2002 -@@ -701,6 +702,7 @@ - extern int default_fn(); +--- tac_plus.h.orig Tue Aug 15 20:09:36 2006 ++++ tac_plus.h Sun Oct 29 02:51:10 2006 +@@ -731,6 +731,7 @@ extern int sendpass_fn(); + extern int enable_fn(); extern int default_v0_fn(); extern int skey_fn(); +extern int opie_fn(); - #ifdef MSCHAP - extern void mschap_lmchallengeresponse(); - extern void mschap_ntchallengeresponse(); + + #ifdef MAXSESS + extern void loguser(struct acct_rec *); diff --git a/net/tac_plus4/files/patch-maxsess.c b/net/tac_plus4/files/patch-maxsess.c index 0886cd4e71db..e742cce407f6 100644 --- a/net/tac_plus4/files/patch-maxsess.c +++ b/net/tac_plus4/files/patch-maxsess.c @@ -1,29 +1,14 @@ -Using tacacs I found that ckfinger() function from maxsess.c module -returns wrong count of current sessions for users with "maxsess" -parameter established in tac_plus.conf. It happens if Cisco access -server works with IOS v 12.x. -On the other hand ckfinger() works well with IOS v 11.x - -Here are patches for both maxsess.c and port's Makefile to fix -this problem (but it is just workaround, ckfinger() should be -fully rewritten). - -Best regards, -Sergey E. Levov (serg@informika.ru) - -*** maxsess.c.orig Fri Jan 19 17:16:46 2001 ---- maxsess.c Fri Jan 19 17:25:51 2001 -*************** -*** 470,476 **** ---- 470,480 ---- - } - /* Extract username, up to 10 chars wide, starting at char 13 */ - nmlen = 0; -+ #if (TAC_IOS_VERSION == 11) - name = p + 13; -+ #else -+ name = p + 15; -+ #endif - for (i = 0; *name && !isspace(*name) && (i < 10); i++) { - nmbuf[nmlen++] = *name++; - } +--- maxsess.c.orig Tue Jul 18 13:53:34 2006 ++++ maxsess.c Sun Oct 29 02:52:16 2006 +@@ -464,7 +464,11 @@ ckfinger(char *user, char *nas, struct i + } + /* Extract username, up to 10 chars wide, starting at char 13 */ + nmlen = 0; ++#if (TAC_IOS_VERSION == 11) + name = p + 13; ++#else ++ name = p + 15; ++#endif + for (i = 0; *name && !isspace((int) *name) && (i < 10); i++) { + nmbuf[nmlen++] = *name++; + } diff --git a/net/tac_plus4/files/tac_plus.conf.example b/net/tac_plus4/files/tac_plus.conf.example index 50774ed39068..ccbf11fa1f26 100644 --- a/net/tac_plus4/files/tac_plus.conf.example +++ b/net/tac_plus4/files/tac_plus.conf.example @@ -15,7 +15,7 @@ user=fred { # declaration. member = admin - expires = "May 23 2005" + expires = "May 23 2010" service = exec { # When Fred starts an exec, his connection access list is 5 @@ -76,5 +76,5 @@ group = admin { login = file /etc/passwd # group members who have no expiry date set will use this one - expires = "Jan 1 1998" + expires = "Jan 1 2038" } diff --git a/net/tac_plus4/files/tac_plus.in b/net/tac_plus4/files/tac_plus.in new file mode 100644 index 000000000000..05f13e79b7f9 --- /dev/null +++ b/net/tac_plus4/files/tac_plus.in @@ -0,0 +1,25 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# PROVIDE: tac_plus +# REQUIRE: DAEMON +# +# Add the following line to /etc/rc.conf to enable the TACACS+ daemon: +# +# tac_plus_enable="YES" +# + +tac_plus_enable=${tac_plus_enable-"NO"} +tac_plus_flags=${tac_plus_flags-"-C %%PREFIX%%/etc/tac_plus.conf"} + +. %%RC_SUBR%% + +name=tac_plus +rcvar=`set_rcvar` + +command="%%PREFIX%%/bin/tac_plus" +pidfile="/var/run/${name}.pid" + +load_rc_config ${name} +run_rc_command "$1" diff --git a/net/tac_plus4/files/tac_plus.sh b/net/tac_plus4/files/tac_plus.sh deleted file mode 100644 index 05f13e79b7f9..000000000000 --- a/net/tac_plus4/files/tac_plus.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# -# PROVIDE: tac_plus -# REQUIRE: DAEMON -# -# Add the following line to /etc/rc.conf to enable the TACACS+ daemon: -# -# tac_plus_enable="YES" -# - -tac_plus_enable=${tac_plus_enable-"NO"} -tac_plus_flags=${tac_plus_flags-"-C %%PREFIX%%/etc/tac_plus.conf"} - -. %%RC_SUBR%% - -name=tac_plus -rcvar=`set_rcvar` - -command="%%PREFIX%%/bin/tac_plus" -pidfile="/var/run/${name}.pid" - -load_rc_config ${name} -run_rc_command "$1" diff --git a/net/tac_plus4/pkg-install b/net/tac_plus4/pkg-install new file mode 100644 index 000000000000..4547214ef2f5 --- /dev/null +++ b/net/tac_plus4/pkg-install @@ -0,0 +1,37 @@ +#!/bin/sh + +case $2 in +POST-INSTALL) + USER=tacacs + GROUP=${USER} + UID=559 + GID=${UID} + PW=/usr/sbin/pw + + if ${PW} group show "${GROUP}" 2>/dev/null; then + echo "You already have a group \"${GROUP}\", so I will use it." + else + if ${PW} groupadd ${GROUP} -g ${GID}; then + echo "Added group \"${GROUP}\"." + else + echo "Adding group \"${GROUP}\" failed..." + exit 1 + fi + fi + + if ${PW} user show "${USER}" 2>/dev/null; then + echo "You already have a user \"${USER}\", so I will use it." + else + if ${PW} useradd ${USER} -u ${UID} -g ${GROUP} -h - \ + -d "/nonexistent" -s /sbin/nologin -c "TACACS+ Daemon User" + then + echo "Added user \"${USER}\"." + else + echo "Adding user \"${USER}\" failed..." + exit 1 + fi + fi + + exit 0 + ;; +esac diff --git a/net/tac_plus4/pkg-plist b/net/tac_plus4/pkg-plist index bb408645e0d6..1d38283c7595 100644 --- a/net/tac_plus4/pkg-plist +++ b/net/tac_plus4/pkg-plist @@ -1,7 +1,6 @@ bin/tac_plus bin/tac_pwd -etc/rc.d/tac_plus.sh etc/tac_plus.conf.example -%%PORTDOCS%%%%DOCSDIR%%/convert.pl +%%PORTDOCS%%%%DOCSDIR%%/tac_convert %%PORTDOCS%%%%DOCSDIR%%/users_guide %%PORTDOCS%%@dirrm %%DOCSDIR%% -- cgit