Date: Sat, 13 Apr 2013 10:46:11 GMT From: Mike Stupalov <landy2005@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/177833: Update version of port tac_plus to 4.0.4.26 Message-ID: <201304131046.r3DAkBAe084212@red.freebsd.org> Resent-Message-ID: <201304131050.r3DAo0Gf043575@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 177833 >Category: ports >Synopsis: Update version of port tac_plus to 4.0.4.26 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sat Apr 13 10:50:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Mike Stupalov >Release: >Organization: >Environment: FreeBSD ice 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec 4 09:23:10 UTC 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 >Description: Subj. Patch included. >How-To-Repeat: >Fix: Patch attached with submission follows: diff -ruN tac_plus4.orig/Makefile tac_plus4/Makefile --- tac_plus4.orig/Makefile 2013-03-08 15:32:11.000000000 +0400 +++ tac_plus4/Makefile 2013-04-13 14:29:56.000000000 +0400 @@ -2,10 +2,10 @@ # $FreeBSD: net/tac_plus4/Makefile 313635 2013-03-08 11:32:11Z bapt $ PORTNAME= tac_plus -PORTVERSION= F4.0.4.19 +PORTVERSION= F4.0.4.26 CATEGORIES= net security MASTER_SITES= ftp://ftp.shrubbery.net/pub/tac_plus/ -DISTNAME= tacacs+-F4.0.4.19 +DISTNAME= tacacs+-F4.0.4.26 MAINTAINER= marcus@FreeBSD.org COMMENT= The Cisco remote authentication/authorization/accounting server diff -ruN tac_plus4.orig/distinfo tac_plus4/distinfo --- tac_plus4.orig/distinfo 2012-07-14 18:29:18.000000000 +0400 +++ tac_plus4/distinfo 2013-04-13 13:13:50.000000000 +0400 @@ -1,2 +1,2 @@ -SHA256 (tacacs+-F4.0.4.19.tar.gz) = 582dcdb5723c844e50036b1ed9eaee53239e7791d0ac5e5c22fba8ac4790596b -SIZE (tacacs+-F4.0.4.19.tar.gz) = 500593 +SHA256 (tacacs+-F4.0.4.26.tar.gz) = 9051824e8ddc164001f80ec2a723c904d8382aadb5b29a951909761b3d42d6ec +SIZE (tacacs+-F4.0.4.26.tar.gz) = 519796 diff -ruN tac_plus4.orig/files/extra-patch-bb tac_plus4/files/extra-patch-bb --- tac_plus4.orig/files/extra-patch-bb 2012-07-14 18:29:18.000000000 +0400 +++ tac_plus4/files/extra-patch-bb 2013-04-13 13:30:56.000000000 +0400 @@ -13,9 +13,9 @@ ------------------------------ cut here --------------------------- ---- pwlib.c.orig Fri Dec 1 15:07:03 2000 -+++ pwlib.c Fri Dec 1 15:07:48 2000 -@@ -195,7 +195,7 @@ +--- pwlib.c.orig 2012-06-07 02:54:23.000000000 +0400 ++++ pwlib.c 2013-04-13 13:26:17.000000000 +0400 +@@ -303,7 +303,7 @@ struct passwd *pw; char *exp_date; char *cfg_passwd; @@ -24,8 +24,8 @@ char buf[12]; #endif /* SHADOW_PASSWORDS */ -@@ -217,7 +217,20 @@ - return (0); +@@ -325,7 +325,20 @@ + return(0); } cfg_passwd = pw->pw_passwd; +#ifdef FREEBSD diff -ruN tac_plus4.orig/files/patch-Makefile.in tac_plus4/files/patch-Makefile.in --- tac_plus4.orig/files/patch-Makefile.in 2012-07-14 18:29:18.000000000 +0400 +++ tac_plus4/files/patch-Makefile.in 2013-04-13 13:43:52.000000000 +0400 @@ -1,33 +1,24 @@ ---- Makefile.in.orig 2009-07-28 15:18:02.000000000 -0400 -+++ Makefile.in 2009-10-10 16:24:28.000000000 -0400 -@@ -97,7 +97,7 @@ am__tac_plus_SOURCES_DIST = acct.c authe +--- Makefile.in.orig 2012-04-17 02:56:54.000000000 +0400 ++++ Makefile.in 2013-04-13 13:43:18.000000000 +0400 +@@ -98,7 +98,7 @@ config.c default_fn.c default_v0_fn.c do_acct.c do_author.c \ - dump.c enable.c encrypt.c expire.c hash.c maxsess.c parse.c \ - programs.c pw.c pwlib.c regexp.c report.c sendauth.c \ -- sendpass.c tac_plus.c utils.c skey_fn.c -+ sendpass.c tac_plus.c utils.c skey_fn.c opie_fn.c + dump.c enable.c encrypt.c expire.c hash.c maxsessint.c parse.c \ + programs.c pw.c pwlib.c report.c sendauth.c sendpass.c \ +- tac_plus.c utils.c skey_fn.c aceclnt_fn.c ++ tac_plus.c utils.c skey_fn.c aceclnt_fn.c opie_fn.c @TACSKEY_TRUE@am__objects_1 = skey_fn.$(OBJEXT) + @TACACECLNT_TRUE@am__objects_2 = aceclnt_fn.$(OBJEXT) am_tac_plus_OBJECTS = acct.$(OBJEXT) authen.$(OBJEXT) author.$(OBJEXT) \ - choose_authen.$(OBJEXT) config.$(OBJEXT) default_fn.$(OBJEXT) \ -@@ -107,7 +107,7 @@ am_tac_plus_OBJECTS = acct.$(OBJEXT) aut +@@ -109,7 +109,7 @@ parse.$(OBJEXT) programs.$(OBJEXT) pw.$(OBJEXT) \ - pwlib.$(OBJEXT) regexp.$(OBJEXT) report.$(OBJEXT) \ - sendauth.$(OBJEXT) sendpass.$(OBJEXT) tac_plus.$(OBJEXT) \ -- utils.$(OBJEXT) $(am__objects_1) -+ utils.$(OBJEXT) opie_fn.$(OBJEXT) $(am__objects_1) + pwlib.$(OBJEXT) report.$(OBJEXT) sendauth.$(OBJEXT) \ + sendpass.$(OBJEXT) tac_plus.$(OBJEXT) utils.$(OBJEXT) \ +- $(am__objects_1) $(am__objects_2) ++ opie_fn.$(OBJEXT) $(am__objects_1) $(am__objects_2) tac_plus_OBJECTS = $(am_tac_plus_OBJECTS) am__DEPENDENCIES_1 = tac_plus_DEPENDENCIES = $(am__DEPENDENCIES_1) -@@ -326,7 +326,7 @@ noinst_HEADERS = md4.h mschap.h regexp.h - expire.h md5.h parse.h pathsl.h regmagic.h - - man_gen_MANS = tac_plus.8 tac_plus.conf.5 --man_nogen_MANS = regexp.3 tac_pwd.8 -+man_nogen_MANS = tac_pwd.8 - man_MANS = $(man_gen_MANS) $(man_nogen_MANS) - - # scripts that are built -@@ -581,6 +581,7 @@ distclean-compile: +@@ -592,6 +592,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sendauth.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sendpass.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/skey_fn.Po@am__quote@ @@ -35,7 +26,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tac_plus.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tac_pwd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utils.Po@am__quote@ -@@ -1061,8 +1062,7 @@ info: info-am +@@ -1049,8 +1050,7 @@ info-am: diff -ruN tac_plus4.orig/files/patch-ab tac_plus4/files/patch-ab --- tac_plus4.orig/files/patch-ab 2012-07-14 18:29:18.000000000 +0400 +++ tac_plus4/files/patch-ab 1970-01-01 03:00:00.000000000 +0300 @@ -1,30 +0,0 @@ ---- tac_plus.h.orig 2009-07-27 20:11:53.000000000 -0400 -+++ tac_plus.h 2010-02-12 18:13:49.000000000 -0500 -@@ -86,6 +86,7 @@ - #ifdef FREEBSD - #define CONST_SYSERRLIST - #define NO_PWAGE -+#include <sys/param.h> - #endif - - #ifdef BSDI -@@ -138,7 +139,11 @@ - # include <sys/syslog.h> - #endif - -+#if defined(FREEBSD) && __FreeBSD_version >= 900007 -+#include <utmpx.h> -+#else - #include <utmp.h> -+#endif - - #include <unistd.h> - -@@ -655,6 +660,7 @@ int sendpass_fn(struct authen_data *data - int enable_fn(struct authen_data *data); - int default_v0_fn(struct authen_data *data); - int skey_fn(struct authen_data *data); -+int opie_fn(struct authen_data *data); - - #ifdef MAXSESS - void loguser(struct acct_rec *); diff -ruN tac_plus4.orig/files/patch-choose_authen.c tac_plus4/files/patch-choose_authen.c --- tac_plus4.orig/files/patch-choose_authen.c 2012-07-14 18:29:18.000000000 +0400 +++ tac_plus4/files/patch-choose_authen.c 2013-04-13 13:57:04.000000000 +0400 @@ -1,8 +1,8 @@ ---- choose_authen.c.orig Sun Jun 18 13:26:53 2000 -+++ choose_authen.c Sun Dec 8 15:26:08 2002 -@@ -118,10 +118,27 @@ +--- choose_authen.c.orig 2012-04-17 01:42:55.000000000 +0400 ++++ choose_authen.c 2013-04-13 13:55:20.000000000 +0400 +@@ -130,12 +130,29 @@ #else /* SKEY */ - report(LOG_ERR, + report(LOG_ERR, "%s %s: user %s s/key support has not been compiled in", - name ? name : "<unknown>", - session.peer, session.port); @@ -10,8 +10,8 @@ + name ? name : "<unknown>"); return(CHOOSE_FAILED); #endif /* SKEY */ -+ } -+ + } + + if (cfg_passwd && STREQ(cfg_passwd, "opie")) { + if (debug & DEBUG_PASSWD_FLAG) + report(LOG_DEBUG, "%s %s: user %s requires opie", @@ -27,6 +27,8 @@ + name ? name : "<unknown>"); + return(CHOOSE_FAILED); +#endif /* OPIE */ - } - - /* Not an skey user. Must be none, des, cleartext or file password */ ++ } ++ + /* Does this user require aceclnt */ + cfg_passwd = cfg_get_login_secret(name, TAC_PLUS_RECURSE); + if (cfg_passwd && STREQ(cfg_passwd, "aceclnt")) { diff -ruN tac_plus4.orig/files/patch-do_acct.c tac_plus4/files/patch-do_acct.c --- tac_plus4.orig/files/patch-do_acct.c 2012-07-14 18:29:18.000000000 +0400 +++ tac_plus4/files/patch-do_acct.c 1970-01-01 03:00:00.000000000 +0300 @@ -1,78 +0,0 @@ ---- do_acct.c.orig 2010-01-23 16:17:36.000000000 -0500 -+++ do_acct.c 2010-02-12 18:19:44.000000000 -0500 -@@ -202,23 +202,42 @@ do_acct_syslog(struct acct_rec *rec) - int - wtmp_entry(char *line, char *name, char *host, time_t utime) - { -+#if defined(FREEBSD) && __FreeBSD_version >= 900007 -+#define HAVE_UTMPX_H 1 -+ struct utmpx entry; -+ struct timeval tv; -+#else - struct utmp entry; -+#endif - -+#ifndef HAVE_UTMPX_H - if (!wtmpfile) { - return(1); - } -+#endif - - memset(&entry, 0, sizeof entry); -+#ifdef HAVE_UTMPX_H -+ entry.ut_type = *name != '\0' ? USER_PROCESS : DEAD_PROCESS; -+ snprintf(entry.ut_id, sizeof entry.ut_id, "%xtac", getpid()); -+#endif - - if (strlen(line) < sizeof entry.ut_line) - strcpy(entry.ut_line, line); - else - memcpy(entry.ut_line, line, sizeof(entry.ut_line)); - -+#ifdef HAVE_UTMPX_H -+ if (strlen(name) < sizeof entry.ut_user) -+ strcpy(entry.ut_user, name); -+ else -+ memcpy(entry.ut_user, name, sizeof(entry.ut_user)); -+#else - if (strlen(name) < sizeof entry.ut_name) - strcpy(entry.ut_name, name); - else - memcpy(entry.ut_name, name, sizeof(entry.ut_name)); -+#endif - - #ifndef SOLARIS - if (strlen(host) < sizeof entry.ut_host) -@@ -226,13 +245,24 @@ wtmp_entry(char *line, char *name, char - else - memcpy(entry.ut_host, host, sizeof(entry.ut_host)); - #endif -+#ifdef HAVE_UTMPX_H -+ memset(&entry.ut_tv, 0, sizeof(entry.ut_tv)); -+ tv.tv_sec = utime; -+ memcpy(&entry.ut_tv, &tv, sizeof(entry.ut_tv)); -+#else - entry.ut_time = utime; -+#endif - - #ifdef FREEBSD -+#ifdef HAVE_UTMPX_H -+ pututxline(&entry); -+#else - wtmpfd = open(wtmpfile, O_CREAT | O_WRONLY | O_APPEND, 0644); -+#endif - #else - wtmpfd = open(wtmpfile, O_CREAT | O_WRONLY | O_APPEND | O_SYNC, 0644); - #endif -+#ifndef HAVE_UTMPX_H - if (wtmpfd < 0) { - report(LOG_ERR, "Can't open wtmp file %s -- %s", - wtmpfile, strerror(errno)); -@@ -251,6 +281,7 @@ wtmp_entry(char *line, char *name, char - } - - close(wtmpfd); -+#endif - - if (debug & DEBUG_ACCT_FLAG) { - report(LOG_DEBUG, "wtmp: %s, %s %s %d", line, name, host, utime); diff -ruN tac_plus4.orig/files/patch-parse.h tac_plus4/files/patch-parse.h --- tac_plus4.orig/files/patch-parse.h 2012-07-14 18:29:18.000000000 +0400 +++ tac_plus4/files/patch-parse.h 2013-04-13 14:06:52.000000000 +0400 @@ -1,7 +1,10 @@ ---- parse.h.orig Sun Dec 8 15:22:51 2002 -+++ parse.h Sun Dec 8 15:23:26 2002 -@@ -76,3 +76,4 @@ +--- parse.h.orig 2012-04-10 22:34:40.000000000 +0400 ++++ parse.h 2013-04-13 14:02:27.000000000 +0400 +@@ -74,6 +74,7 @@ #ifdef MSCHAP #define S_mschap 42 #endif /* MSCHAP */ +#define S_opie 43 + #define S_enable 43 + #ifdef ACLS + # define S_acl 44 diff -ruN tac_plus4.orig/files/patch-skey_fn.c tac_plus4/files/patch-skey_fn.c --- tac_plus4.orig/files/patch-skey_fn.c 2012-07-14 18:29:18.000000000 +0400 +++ tac_plus4/files/patch-skey_fn.c 2013-04-13 14:09:28.000000000 +0400 @@ -1,11 +1,11 @@ ---- skey_fn.c.orig Sun Apr 3 01:41:00 2005 -+++ skey_fn.c Sun Apr 3 01:41:08 2005 -@@ -168,7 +168,7 @@ +--- skey_fn.c.orig 2012-06-06 22:34:55.000000000 +0400 ++++ skey_fn.c 2013-04-13 14:08:31.000000000 +0400 +@@ -164,7 +164,7 @@ return(1); } - if (skeychallenge(&p->skey, name, skeyprompt, 80) == 0) { + if (skeychallenge(&p->skey, name, skeyprompt) == 0) { char buf[256]; - sprintf(buf, "%s\nPassword: ", skeyprompt); + snprintf(buf, sizeof(buf), "%s\nS/Key challenge: ", skeyprompt); data->server_msg = tac_strdup(buf); diff -ruN tac_plus4.orig/files/patch-tac_plus.h tac_plus4/files/patch-tac_plus.h --- tac_plus4.orig/files/patch-tac_plus.h 1970-01-01 03:00:00.000000000 +0300 +++ tac_plus4/files/patch-tac_plus.h 2013-04-13 13:50:44.000000000 +0400 @@ -0,0 +1,10 @@ +--- tac_plus.h.orig 2013-04-13 13:45:20.000000000 +0400 ++++ tac_plus.h 2013-04-13 13:50:14.000000000 +0400 +@@ -452,6 +452,7 @@ + int sendauth_fn(struct authen_data *data); + int sendpass_fn(struct authen_data *data); + int skey_fn(struct authen_data *data); ++int opie_fn(struct authen_data *data); + + /* tac_plus.c */ + void open_logfile(void); diff -ruN tac_plus4.orig/files/patch-tacacs.h tac_plus4/files/patch-tacacs.h --- tac_plus4.orig/files/patch-tacacs.h 2012-07-14 18:29:18.000000000 +0400 +++ tac_plus4/files/patch-tacacs.h 1970-01-01 03:00:00.000000000 +0300 @@ -1,25 +0,0 @@ ---- tacacs.h.orig 2010-02-12 18:13:56.000000000 -0500 -+++ tacacs.h 2010-02-12 18:14:51.000000000 -0500 -@@ -83,6 +83,10 @@ XXX unknown - #define MSCHAP_DIGEST_LEN 49 - #endif /* MSCHAP */ - -+#ifdef FREEBSD -+#include <sys/param.h> -+#endif -+ - #if HAVE_STRING_H - # include <string.h> - #endif -@@ -124,7 +128,11 @@ XXX unknown - # include <sys/syslog.h> - #endif - -+#if defined(FREEBSD) && __FreeBSD_version >= 900007 -+#include <utmpx.h> -+#else - #include <utmp.h> -+#endif - - #include <unistd.h> - diff -ruN tac_plus4.orig/files/patch-users_guide.in tac_plus4/files/patch-users_guide.in --- tac_plus4.orig/files/patch-users_guide.in 2012-07-14 18:29:18.000000000 +0400 +++ tac_plus4/files/patch-users_guide.in 2013-04-13 14:17:05.000000000 +0400 @@ -1,6 +1,6 @@ ---- users_guide.in.orig 2008-08-20 00:34:57.000000000 -0400 -+++ users_guide.in 2009-07-08 22:32:17.000000000 -0400 -@@ -164,7 +164,10 @@ for S/KEY in the Makefile. I got my S/K +--- users_guide.in.orig 2011-05-28 02:11:57.000000000 +0400 ++++ users_guide.in 2013-04-13 14:16:37.000000000 +0400 +@@ -164,7 +164,10 @@ crimelab.com but now it appears the only source is ftp.bellcore.com. I suggest you try a web search for s/key source code. @@ -12,11 +12,12 @@ Should you need them, there are routines for accessing password files (getpwnam,setpwent,endpwent,setpwfile) in pw.c. -@@ -454,6 +457,15 @@ be that for each authentiction that is a - to be wrong whether it was typed correctly or not. +@@ -414,7 +417,16 @@ + login = skey + } - -+4. Authentication using opie. +-4). Authentication using PAM (Pluggable Authentication Modules) ++4). Authentication using opie. + +If you have successfully built tac_plus with opie support, you can specify +a user be authenticated via opie, as follows: @@ -25,6 +26,7 @@ + login = opie + } + - RECURSIVE PASSWORD LOOKUPS - --------------------------- ++5). Authentication using PAM (Pluggable Authentication Modules) + Assuming that your OS supports it, tac_plus can be configured to use PAM + for authentication, which may make it possible to use LDAP, SecureID, etc diff -ruN tac_plus4.orig/files/tac_plus.in tac_plus4/files/tac_plus.in --- tac_plus4.orig/files/tac_plus.in 2012-07-14 18:29:18.000000000 +0400 +++ tac_plus4/files/tac_plus.in 2012-01-14 12:56:29.000000000 +0400 @@ -1,6 +1,6 @@ #!/bin/sh # -# $FreeBSD: net/tac_plus4/files/tac_plus.in 300897 2012-07-14 14:29:18Z beat $ +# $FreeBSD: ports/net/tac_plus4/files/tac_plus.in,v 1.4 2012/01/14 08:56:29 dougb Exp $ # # PROVIDE: tac_plus # REQUIRE: DAEMON diff -ruN tac_plus4.orig/pkg-descr tac_plus4/pkg-descr --- tac_plus4.orig/pkg-descr 2012-07-14 18:29:18.000000000 +0400 +++ tac_plus4/pkg-descr 2013-04-13 14:19:12.000000000 +0400 @@ -9,4 +9,4 @@ To enable MSCHAP you need to optain a key from Microsoft, see the FAQ section in the users guide. Therefore this isn't enabled by default. -WWW: http://www.cisco.com/warp/public/480/tacplus.shtml +WWW: http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800946a3.shtml >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201304131046.r3DAkBAe084212>