From owner-freebsd-ports  Wed Sep 25 22:28:22 2002
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1890637B401
	for <ports@freebsd.org>; Wed, 25 Sep 2002 22:28:19 -0700 (PDT)
Received: from srv1.cosmo-project.de (srv1.cosmo-project.de [213.83.6.106])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1DAB443E75
	for <ports@freebsd.org>; Wed, 25 Sep 2002 22:28:18 -0700 (PDT)
	(envelope-from andreas@klemm.gtn.com)
Received: from srv1.cosmo-project.de (localhost [IPv6:::1])
	by srv1.cosmo-project.de (8.12.5/8.12.5) with ESMTP id g8Q5SF6K054938
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO);
	Thu, 26 Sep 2002 07:28:16 +0200 (CEST)
	(envelope-from andreas@klemm.gtn.com)
Received: (from uucp@localhost)
	by srv1.cosmo-project.de (8.12.5/8.12.5/Submit) with UUCP id g8Q5SFvi054937;
	Thu, 26 Sep 2002 07:28:15 +0200 (CEST)
	(envelope-from andreas@klemm.gtn.com)
Received: from titan.klemm.apsfilter.org (localhost.klemm.apsfilter.org [127.0.0.1])
	by klemm.gtn.com (8.12.6/8.12.3) with ESMTP id g8Q5RnoT003586;
	Thu, 26 Sep 2002 07:27:55 +0200 (CEST)
	(envelope-from andreas@titan.klemm.apsfilter.org)
Received: (from andreas@localhost)
	by titan.klemm.apsfilter.org (8.12.6/8.12.6/Submit) id g8Q5RcTT003585;
	Thu, 26 Sep 2002 07:27:38 +0200 (CEST)
Date: Thu, 26 Sep 2002 07:27:38 +0200
From: Andreas Klemm <andreas@klemm.gtn.com>
To: "Vladimir A. Jakovenko" <vovik@lucky.net>
Cc: ports@freebsd.org, andreas_and_joe@tao.org.uk
Subject: Re: FreeBSD TACACS+ port
Message-ID: <20020926052738.GB3500@titan.klemm.apsfilter.org>
References: <20020925205621.GA49680@lucky.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020925205621.GA49680@lucky.net>
X-Operating-System: FreeBSD 4.7-RC SMP
X-Disclaimer: A free society is one where it is safe to be unpopular
User-Agent: Mutt/1.5.1i
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ports.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ports>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ports>
X-Loop: FreeBSD.org

Thanks Vladimir,

I don't have the time to do it. And I don't have a Cisco at home
anymore. So if Joe doesn't mail you back the best would be to send
it as problem report to the FreeBSD ports team, so that somebody
else can make the change.

And yes you are right IOS 12 should be the default now.

	Andreas ///

On Wed, Sep 25, 2002 at 11:56:21PM +0300, Vladimir A. Jakovenko wrote:
> Dear Sirs,
> 
>  Below is attached two patches to actual FreeBSD tac_plus port which extends
>  it functionality to support wrapping tac_plus requests by TCP_Wrappers.
> 
>  It will be nice if you find time and update official port with such changes.
> 
>  I also would like to recommend you to change default TAC_IOS_VERSION to 12.
> 
> -- 
> Regards,
> Vladimir.
> 

> --- Makefile.old        Wed Sep 25 18:21:43 2002
> +++ Makefile    Wed Sep 25 23:54:26 2002
> @@ -37,8 +37,14 @@
>  .else
>  CFLAGS+=       -DTAC_IOS_VERSION=11
>  .endif
>  
> +# TCP_Wrappers support
> +.if defined(USE_LIBWRAP) && ${USE_LIBWRAP} == YES
> +CFLAGS+=       -DLIBWRAP -lwrap
> +EXTRA_PATCHES+= ${PATCHDIR}/extra-patch-bc
> +.endif
> +
>  do-install:
>         ${INSTALL_PROGRAM} ${WRKSRC}/tac_plus ${PREFIX}/sbin
>         ${INSTALL_MAN} ${WRKSRC}/tac_plus.1 ${PREFIX}/man/man1/tac_plus.1
>         ${INSTALL_DATA} ${FILESDIR}/tac_plus.conf.example ${PREFIX}/etc/
> 

> --- tac_plus.c.orig     Wed Sep 25 23:42:41 2002
> +++ tac_plus.c  Wed Sep 25 23:44:32 2002
> @@ -27,8 +27,15 @@
>  #include "tac_plus.h"
>  #include "sys/wait.h"
>  #include "signal.h"
>  
> +#ifdef LIBWRAP
> +#include <tcpd.h>
> +#include <syslog.h>
> +int allow_severity = LOG_INFO;
> +int deny_severity = LOG_WARNING;
> +#endif /* LIBWRAP */
> +
>  static int standalone  = 1; /* running standalone (1) or under inetd (0) */
>  static int initialised = 0; /* data structures have been allocated */
>  int sendauth_only      = 0; /* don't respond to sendpass requests */
>  int debug              = 0; /* debugging flags */
> @@ -494,8 +501,26 @@
>         if (pid == 0) {
>             /* child */
>             if (!single)
>                 close(s);
> +#ifdef LIBWRAP
> +        /* Check whether requests are denied from this host. */
> +        {
> +                struct request_info req;
> +
> +                request_init(&req, RQ_DAEMON, basename(argv[0]), RQ_FILE, newso
> ckfd, 0);
> +                fromhost(&req);
> +
> +                if (!hosts_access(&req)) {
> +                       shutdown(session.sock, 2);
> +                       close(session.sock);
> +                        refuse(&req);
> +                        /* NOTREACHED */
> +                        report(LOG_ERR, "libwrap refuse returns");
> +                }
> +        }
> +#endif /* LIBWRAP */
> +
>             session.sock = newsockfd;
>             start_session();
>             shutdown(session.sock, 2);
>             close(session.sock);
> 


-- 
Andreas Klemm                             /\/\/\/\/\/\/\/\/\/\/\
http://www.64bits.de                     <  Powered by FreeBSD  >
http://www.apsfilter.org/                 \   www.FreeBSD.org  /
http://people.FreeBSD.ORG/~andreas         \/\/\/\/\/\/\/\/\/\/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message