ports/177833: Update version of port tac_plus to 4.0.4.26
Mike Stupalov
landy2005 at gmail.com
Sat Apr 13 10:50:00 UTC 2013
>Number: 177833
>Category: ports
>Synopsis: Update version of port tac_plus to 4.0.4.26
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Sat Apr 13 10:50:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Mike Stupalov
>Release:
>Organization:
>Environment:
FreeBSD ice 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec 4 09:23:10 UTC 2012 root at farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
Subj.
Patch included.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
diff -ruN tac_plus4.orig/Makefile tac_plus4/Makefile
--- tac_plus4.orig/Makefile 2013-03-08 15:32:11.000000000 +0400
+++ tac_plus4/Makefile 2013-04-13 14:29:56.000000000 +0400
@@ -2,10 +2,10 @@
# $FreeBSD: net/tac_plus4/Makefile 313635 2013-03-08 11:32:11Z bapt $
PORTNAME= tac_plus
-PORTVERSION= F4.0.4.19
+PORTVERSION= F4.0.4.26
CATEGORIES= net security
MASTER_SITES= ftp://ftp.shrubbery.net/pub/tac_plus/
-DISTNAME= tacacs+-F4.0.4.19
+DISTNAME= tacacs+-F4.0.4.26
MAINTAINER= marcus at FreeBSD.org
COMMENT= The Cisco remote authentication/authorization/accounting server
diff -ruN tac_plus4.orig/distinfo tac_plus4/distinfo
--- tac_plus4.orig/distinfo 2012-07-14 18:29:18.000000000 +0400
+++ tac_plus4/distinfo 2013-04-13 13:13:50.000000000 +0400
@@ -1,2 +1,2 @@
-SHA256 (tacacs+-F4.0.4.19.tar.gz) = 582dcdb5723c844e50036b1ed9eaee53239e7791d0ac5e5c22fba8ac4790596b
-SIZE (tacacs+-F4.0.4.19.tar.gz) = 500593
+SHA256 (tacacs+-F4.0.4.26.tar.gz) = 9051824e8ddc164001f80ec2a723c904d8382aadb5b29a951909761b3d42d6ec
+SIZE (tacacs+-F4.0.4.26.tar.gz) = 519796
diff -ruN tac_plus4.orig/files/extra-patch-bb tac_plus4/files/extra-patch-bb
--- tac_plus4.orig/files/extra-patch-bb 2012-07-14 18:29:18.000000000 +0400
+++ tac_plus4/files/extra-patch-bb 2013-04-13 13:30:56.000000000 +0400
@@ -13,9 +13,9 @@
------------------------------ cut here ---------------------------
---- pwlib.c.orig Fri Dec 1 15:07:03 2000
-+++ pwlib.c Fri Dec 1 15:07:48 2000
-@@ -195,7 +195,7 @@
+--- pwlib.c.orig 2012-06-07 02:54:23.000000000 +0400
++++ pwlib.c 2013-04-13 13:26:17.000000000 +0400
+@@ -303,7 +303,7 @@
struct passwd *pw;
char *exp_date;
char *cfg_passwd;
@@ -24,8 +24,8 @@
char buf[12];
#endif /* SHADOW_PASSWORDS */
-@@ -217,7 +217,20 @@
- return (0);
+@@ -325,7 +325,20 @@
+ return(0);
}
cfg_passwd = pw->pw_passwd;
+#ifdef FREEBSD
diff -ruN tac_plus4.orig/files/patch-Makefile.in tac_plus4/files/patch-Makefile.in
--- tac_plus4.orig/files/patch-Makefile.in 2012-07-14 18:29:18.000000000 +0400
+++ tac_plus4/files/patch-Makefile.in 2013-04-13 13:43:52.000000000 +0400
@@ -1,33 +1,24 @@
---- Makefile.in.orig 2009-07-28 15:18:02.000000000 -0400
-+++ Makefile.in 2009-10-10 16:24:28.000000000 -0400
-@@ -97,7 +97,7 @@ am__tac_plus_SOURCES_DIST = acct.c authe
+--- Makefile.in.orig 2012-04-17 02:56:54.000000000 +0400
++++ Makefile.in 2013-04-13 13:43:18.000000000 +0400
+@@ -98,7 +98,7 @@
config.c default_fn.c default_v0_fn.c do_acct.c do_author.c \
- dump.c enable.c encrypt.c expire.c hash.c maxsess.c parse.c \
- programs.c pw.c pwlib.c regexp.c report.c sendauth.c \
-- sendpass.c tac_plus.c utils.c skey_fn.c
-+ sendpass.c tac_plus.c utils.c skey_fn.c opie_fn.c
+ dump.c enable.c encrypt.c expire.c hash.c maxsessint.c parse.c \
+ programs.c pw.c pwlib.c report.c sendauth.c sendpass.c \
+- tac_plus.c utils.c skey_fn.c aceclnt_fn.c
++ tac_plus.c utils.c skey_fn.c aceclnt_fn.c opie_fn.c
@TACSKEY_TRUE at am__objects_1 = skey_fn.$(OBJEXT)
+ @TACACECLNT_TRUE at am__objects_2 = aceclnt_fn.$(OBJEXT)
am_tac_plus_OBJECTS = acct.$(OBJEXT) authen.$(OBJEXT) author.$(OBJEXT) \
- choose_authen.$(OBJEXT) config.$(OBJEXT) default_fn.$(OBJEXT) \
-@@ -107,7 +107,7 @@ am_tac_plus_OBJECTS = acct.$(OBJEXT) aut
+@@ -109,7 +109,7 @@
parse.$(OBJEXT) programs.$(OBJEXT) pw.$(OBJEXT) \
- pwlib.$(OBJEXT) regexp.$(OBJEXT) report.$(OBJEXT) \
- sendauth.$(OBJEXT) sendpass.$(OBJEXT) tac_plus.$(OBJEXT) \
-- utils.$(OBJEXT) $(am__objects_1)
-+ utils.$(OBJEXT) opie_fn.$(OBJEXT) $(am__objects_1)
+ pwlib.$(OBJEXT) report.$(OBJEXT) sendauth.$(OBJEXT) \
+ sendpass.$(OBJEXT) tac_plus.$(OBJEXT) utils.$(OBJEXT) \
+- $(am__objects_1) $(am__objects_2)
++ opie_fn.$(OBJEXT) $(am__objects_1) $(am__objects_2)
tac_plus_OBJECTS = $(am_tac_plus_OBJECTS)
am__DEPENDENCIES_1 =
tac_plus_DEPENDENCIES = $(am__DEPENDENCIES_1)
-@@ -326,7 +326,7 @@ noinst_HEADERS = md4.h mschap.h regexp.h
- expire.h md5.h parse.h pathsl.h regmagic.h
-
- man_gen_MANS = tac_plus.8 tac_plus.conf.5
--man_nogen_MANS = regexp.3 tac_pwd.8
-+man_nogen_MANS = tac_pwd.8
- man_MANS = $(man_gen_MANS) $(man_nogen_MANS)
-
- # scripts that are built
-@@ -581,6 +581,7 @@ distclean-compile:
+@@ -592,6 +592,7 @@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/sendauth.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/sendpass.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/skey_fn.Po at am__quote@
@@ -35,7 +26,7 @@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/tac_plus.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/tac_pwd.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/utils.Po at am__quote@
-@@ -1061,8 +1062,7 @@ info: info-am
+@@ -1049,8 +1050,7 @@
info-am:
diff -ruN tac_plus4.orig/files/patch-ab tac_plus4/files/patch-ab
--- tac_plus4.orig/files/patch-ab 2012-07-14 18:29:18.000000000 +0400
+++ tac_plus4/files/patch-ab 1970-01-01 03:00:00.000000000 +0300
@@ -1,30 +0,0 @@
---- tac_plus.h.orig 2009-07-27 20:11:53.000000000 -0400
-+++ tac_plus.h 2010-02-12 18:13:49.000000000 -0500
-@@ -86,6 +86,7 @@
- #ifdef FREEBSD
- #define CONST_SYSERRLIST
- #define NO_PWAGE
-+#include <sys/param.h>
- #endif
-
- #ifdef BSDI
-@@ -138,7 +139,11 @@
- # include <sys/syslog.h>
- #endif
-
-+#if defined(FREEBSD) && __FreeBSD_version >= 900007
-+#include <utmpx.h>
-+#else
- #include <utmp.h>
-+#endif
-
- #include <unistd.h>
-
-@@ -655,6 +660,7 @@ int sendpass_fn(struct authen_data *data
- int enable_fn(struct authen_data *data);
- int default_v0_fn(struct authen_data *data);
- int skey_fn(struct authen_data *data);
-+int opie_fn(struct authen_data *data);
-
- #ifdef MAXSESS
- void loguser(struct acct_rec *);
diff -ruN tac_plus4.orig/files/patch-choose_authen.c tac_plus4/files/patch-choose_authen.c
--- tac_plus4.orig/files/patch-choose_authen.c 2012-07-14 18:29:18.000000000 +0400
+++ tac_plus4/files/patch-choose_authen.c 2013-04-13 13:57:04.000000000 +0400
@@ -1,8 +1,8 @@
---- choose_authen.c.orig Sun Jun 18 13:26:53 2000
-+++ choose_authen.c Sun Dec 8 15:26:08 2002
-@@ -118,10 +118,27 @@
+--- choose_authen.c.orig 2012-04-17 01:42:55.000000000 +0400
++++ choose_authen.c 2013-04-13 13:55:20.000000000 +0400
+@@ -130,12 +130,29 @@
#else /* SKEY */
- report(LOG_ERR,
+ report(LOG_ERR,
"%s %s: user %s s/key support has not been compiled in",
- name ? name : "<unknown>",
- session.peer, session.port);
@@ -10,8 +10,8 @@
+ name ? name : "<unknown>");
return(CHOOSE_FAILED);
#endif /* SKEY */
-+ }
-+
+ }
+
+ if (cfg_passwd && STREQ(cfg_passwd, "opie")) {
+ if (debug & DEBUG_PASSWD_FLAG)
+ report(LOG_DEBUG, "%s %s: user %s requires opie",
@@ -27,6 +27,8 @@
+ name ? name : "<unknown>");
+ return(CHOOSE_FAILED);
+#endif /* OPIE */
- }
-
- /* Not an skey user. Must be none, des, cleartext or file password */
++ }
++
+ /* Does this user require aceclnt */
+ cfg_passwd = cfg_get_login_secret(name, TAC_PLUS_RECURSE);
+ if (cfg_passwd && STREQ(cfg_passwd, "aceclnt")) {
diff -ruN tac_plus4.orig/files/patch-do_acct.c tac_plus4/files/patch-do_acct.c
--- tac_plus4.orig/files/patch-do_acct.c 2012-07-14 18:29:18.000000000 +0400
+++ tac_plus4/files/patch-do_acct.c 1970-01-01 03:00:00.000000000 +0300
@@ -1,78 +0,0 @@
---- do_acct.c.orig 2010-01-23 16:17:36.000000000 -0500
-+++ do_acct.c 2010-02-12 18:19:44.000000000 -0500
-@@ -202,23 +202,42 @@ do_acct_syslog(struct acct_rec *rec)
- int
- wtmp_entry(char *line, char *name, char *host, time_t utime)
- {
-+#if defined(FREEBSD) && __FreeBSD_version >= 900007
-+#define HAVE_UTMPX_H 1
-+ struct utmpx entry;
-+ struct timeval tv;
-+#else
- struct utmp entry;
-+#endif
-
-+#ifndef HAVE_UTMPX_H
- if (!wtmpfile) {
- return(1);
- }
-+#endif
-
- memset(&entry, 0, sizeof entry);
-+#ifdef HAVE_UTMPX_H
-+ entry.ut_type = *name != '\0' ? USER_PROCESS : DEAD_PROCESS;
-+ snprintf(entry.ut_id, sizeof entry.ut_id, "%xtac", getpid());
-+#endif
-
- if (strlen(line) < sizeof entry.ut_line)
- strcpy(entry.ut_line, line);
- else
- memcpy(entry.ut_line, line, sizeof(entry.ut_line));
-
-+#ifdef HAVE_UTMPX_H
-+ if (strlen(name) < sizeof entry.ut_user)
-+ strcpy(entry.ut_user, name);
-+ else
-+ memcpy(entry.ut_user, name, sizeof(entry.ut_user));
-+#else
- if (strlen(name) < sizeof entry.ut_name)
- strcpy(entry.ut_name, name);
- else
- memcpy(entry.ut_name, name, sizeof(entry.ut_name));
-+#endif
-
- #ifndef SOLARIS
- if (strlen(host) < sizeof entry.ut_host)
-@@ -226,13 +245,24 @@ wtmp_entry(char *line, char *name, char
- else
- memcpy(entry.ut_host, host, sizeof(entry.ut_host));
- #endif
-+#ifdef HAVE_UTMPX_H
-+ memset(&entry.ut_tv, 0, sizeof(entry.ut_tv));
-+ tv.tv_sec = utime;
-+ memcpy(&entry.ut_tv, &tv, sizeof(entry.ut_tv));
-+#else
- entry.ut_time = utime;
-+#endif
-
- #ifdef FREEBSD
-+#ifdef HAVE_UTMPX_H
-+ pututxline(&entry);
-+#else
- wtmpfd = open(wtmpfile, O_CREAT | O_WRONLY | O_APPEND, 0644);
-+#endif
- #else
- wtmpfd = open(wtmpfile, O_CREAT | O_WRONLY | O_APPEND | O_SYNC, 0644);
- #endif
-+#ifndef HAVE_UTMPX_H
- if (wtmpfd < 0) {
- report(LOG_ERR, "Can't open wtmp file %s -- %s",
- wtmpfile, strerror(errno));
-@@ -251,6 +281,7 @@ wtmp_entry(char *line, char *name, char
- }
-
- close(wtmpfd);
-+#endif
-
- if (debug & DEBUG_ACCT_FLAG) {
- report(LOG_DEBUG, "wtmp: %s, %s %s %d", line, name, host, utime);
diff -ruN tac_plus4.orig/files/patch-parse.h tac_plus4/files/patch-parse.h
--- tac_plus4.orig/files/patch-parse.h 2012-07-14 18:29:18.000000000 +0400
+++ tac_plus4/files/patch-parse.h 2013-04-13 14:06:52.000000000 +0400
@@ -1,7 +1,10 @@
---- parse.h.orig Sun Dec 8 15:22:51 2002
-+++ parse.h Sun Dec 8 15:23:26 2002
-@@ -76,3 +76,4 @@
+--- parse.h.orig 2012-04-10 22:34:40.000000000 +0400
++++ parse.h 2013-04-13 14:02:27.000000000 +0400
+@@ -74,6 +74,7 @@
#ifdef MSCHAP
#define S_mschap 42
#endif /* MSCHAP */
+#define S_opie 43
+ #define S_enable 43
+ #ifdef ACLS
+ # define S_acl 44
diff -ruN tac_plus4.orig/files/patch-skey_fn.c tac_plus4/files/patch-skey_fn.c
--- tac_plus4.orig/files/patch-skey_fn.c 2012-07-14 18:29:18.000000000 +0400
+++ tac_plus4/files/patch-skey_fn.c 2013-04-13 14:09:28.000000000 +0400
@@ -1,11 +1,11 @@
---- skey_fn.c.orig Sun Apr 3 01:41:00 2005
-+++ skey_fn.c Sun Apr 3 01:41:08 2005
-@@ -168,7 +168,7 @@
+--- skey_fn.c.orig 2012-06-06 22:34:55.000000000 +0400
++++ skey_fn.c 2013-04-13 14:08:31.000000000 +0400
+@@ -164,7 +164,7 @@
return(1);
}
- if (skeychallenge(&p->skey, name, skeyprompt, 80) == 0) {
+ if (skeychallenge(&p->skey, name, skeyprompt) == 0) {
char buf[256];
- sprintf(buf, "%s\nPassword: ", skeyprompt);
+ snprintf(buf, sizeof(buf), "%s\nS/Key challenge: ", skeyprompt);
data->server_msg = tac_strdup(buf);
diff -ruN tac_plus4.orig/files/patch-tac_plus.h tac_plus4/files/patch-tac_plus.h
--- tac_plus4.orig/files/patch-tac_plus.h 1970-01-01 03:00:00.000000000 +0300
+++ tac_plus4/files/patch-tac_plus.h 2013-04-13 13:50:44.000000000 +0400
@@ -0,0 +1,10 @@
+--- tac_plus.h.orig 2013-04-13 13:45:20.000000000 +0400
++++ tac_plus.h 2013-04-13 13:50:14.000000000 +0400
+@@ -452,6 +452,7 @@
+ int sendauth_fn(struct authen_data *data);
+ int sendpass_fn(struct authen_data *data);
+ int skey_fn(struct authen_data *data);
++int opie_fn(struct authen_data *data);
+
+ /* tac_plus.c */
+ void open_logfile(void);
diff -ruN tac_plus4.orig/files/patch-tacacs.h tac_plus4/files/patch-tacacs.h
--- tac_plus4.orig/files/patch-tacacs.h 2012-07-14 18:29:18.000000000 +0400
+++ tac_plus4/files/patch-tacacs.h 1970-01-01 03:00:00.000000000 +0300
@@ -1,25 +0,0 @@
---- tacacs.h.orig 2010-02-12 18:13:56.000000000 -0500
-+++ tacacs.h 2010-02-12 18:14:51.000000000 -0500
-@@ -83,6 +83,10 @@ XXX unknown
- #define MSCHAP_DIGEST_LEN 49
- #endif /* MSCHAP */
-
-+#ifdef FREEBSD
-+#include <sys/param.h>
-+#endif
-+
- #if HAVE_STRING_H
- # include <string.h>
- #endif
-@@ -124,7 +128,11 @@ XXX unknown
- # include <sys/syslog.h>
- #endif
-
-+#if defined(FREEBSD) && __FreeBSD_version >= 900007
-+#include <utmpx.h>
-+#else
- #include <utmp.h>
-+#endif
-
- #include <unistd.h>
-
diff -ruN tac_plus4.orig/files/patch-users_guide.in tac_plus4/files/patch-users_guide.in
--- tac_plus4.orig/files/patch-users_guide.in 2012-07-14 18:29:18.000000000 +0400
+++ tac_plus4/files/patch-users_guide.in 2013-04-13 14:17:05.000000000 +0400
@@ -1,6 +1,6 @@
---- users_guide.in.orig 2008-08-20 00:34:57.000000000 -0400
-+++ users_guide.in 2009-07-08 22:32:17.000000000 -0400
-@@ -164,7 +164,10 @@ for S/KEY in the Makefile. I got my S/K
+--- users_guide.in.orig 2011-05-28 02:11:57.000000000 +0400
++++ users_guide.in 2013-04-13 14:16:37.000000000 +0400
+@@ -164,7 +164,10 @@
crimelab.com but now it appears the only source is ftp.bellcore.com. I
suggest you try a web search for s/key source code.
@@ -12,11 +12,12 @@
Should you need them, there are routines for accessing password files
(getpwnam,setpwent,endpwent,setpwfile) in pw.c.
-@@ -454,6 +457,15 @@ be that for each authentiction that is a
- to be wrong whether it was typed correctly or not.
+@@ -414,7 +417,16 @@
+ login = skey
+ }
-
-+4. Authentication using opie.
+-4). Authentication using PAM (Pluggable Authentication Modules)
++4). Authentication using opie.
+
+If you have successfully built tac_plus with opie support, you can specify
+a user be authenticated via opie, as follows:
@@ -25,6 +26,7 @@
+ login = opie
+ }
+
- RECURSIVE PASSWORD LOOKUPS
- ---------------------------
++5). Authentication using PAM (Pluggable Authentication Modules)
+ Assuming that your OS supports it, tac_plus can be configured to use PAM
+ for authentication, which may make it possible to use LDAP, SecureID, etc
diff -ruN tac_plus4.orig/files/tac_plus.in tac_plus4/files/tac_plus.in
--- tac_plus4.orig/files/tac_plus.in 2012-07-14 18:29:18.000000000 +0400
+++ tac_plus4/files/tac_plus.in 2012-01-14 12:56:29.000000000 +0400
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $FreeBSD: net/tac_plus4/files/tac_plus.in 300897 2012-07-14 14:29:18Z beat $
+# $FreeBSD: ports/net/tac_plus4/files/tac_plus.in,v 1.4 2012/01/14 08:56:29 dougb Exp $
#
# PROVIDE: tac_plus
# REQUIRE: DAEMON
diff -ruN tac_plus4.orig/pkg-descr tac_plus4/pkg-descr
--- tac_plus4.orig/pkg-descr 2012-07-14 18:29:18.000000000 +0400
+++ tac_plus4/pkg-descr 2013-04-13 14:19:12.000000000 +0400
@@ -9,4 +9,4 @@
To enable MSCHAP you need to optain a key from Microsoft, see the FAQ
section in the users guide. Therefore this isn't enabled by default.
-WWW: http://www.cisco.com/warp/public/480/tacplus.shtml
+WWW: http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800946a3.shtml
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list