A tacacs server with (limited) radius proxy support.

Submitted by:	Martin Mersberger <gremlin@portal-to-web.de>

net/Makefile

@@ -530,6 +530,7 @@
     SUBDIR += suckblow
     SUBDIR += sup
     SUBDIR += svnc
+    SUBDIR += tac_plus-libradius
     SUBDIR += tac_plus4
     SUBDIR += tas
     SUBDIR += tcpcat

net/tac_plus-libradius/Makefile

@@ -0,0 +1,34 @@
+# New ports collection makefile for:	tac_plus-libradius
+# Date created:				January, 21th. 2002
+# Whom:	      				Martin Mersberger <gremlin@portal-to-web.de>
+# $FreeBSD$
+#
+
+PORTNAME=	tac_plus-libradius
+PORTVERSION=	5.0.0
+CATEGORIES=	net
+MASTER_SITES=	http://www.portal-to-web.de/tacacs/ \
+		http://www.santel.lu/projects/ldap-tacacs/
+DISTFILES=	tac_plus.F5.0.0.alpha.tar.gz \
+		tac_plus_radius.tgz
+
+MAINTAINER=	gremlin@portal-to-web.de
+
+WRKPREFIX=	tac_plus.F5.0.0.alpha
+WRKSRC=		${WRKDIR}/${WRKPREFIX}/
+
+ALL_TARGET=	tac_plus
+MAN1=		tac_plus.1
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/tac_plus ${PREFIX}/sbin
+	${INSTALL_MAN} ${WRKSRC}/tac_plus.1 ${PREFIX}/man/man1/tac_plus.1
+	@mkdir -p ${PREFIX}/etc/tac_plus
+	${INSTALL_DATA} ${WRKSRC}/tac_plus.cfg ${PREFIX}/etc/tac_plus/
+	${INSTALL_DATA} ${WRKSRC}/radius.example ${PREFIX}/etc/tac_plus/
+	@if [ ! -f ${PREFIX}/etc/rc.d/tac_plus.sh ]; then \
+		${ECHO} "Installing ${PREFIX}/etc/rc.d/tac_plus.sh startup file."; \
+		${INSTALL_SCRIPT} -m 751 ${FILESDIR}/tac_plus.sh ${PREFIX}/etc/rc.d/tac_plus.sh.sample; \
+	fi
+
+.include <bsd.port.mk>

net/tac_plus-libradius/distinfo

@@ -0,0 +1,2 @@
+MD5 (tac_plus.F5.0.0.alpha.tar.gz) = 4bdab498b1e8aef81cc72f3b3f8c750c
+MD5 (tac_plus_radius.tgz) = c3fa7afdbf202aa9e6a964837640870a

net/tac_plus-libradius/files/patch-aa

@@ -0,0 +1,95 @@
+*** Makefile	Wed Mar 21 09:33:15 2001
+--- ../pkg/tac_plus.new/Makefile	Mon Jan 21 15:51:28 2002
+***************
+*** 33,41 ****
+  CPPFLAGS = 
+  CFLAGS = $(CPPFLAGS) -g -O2
+  LDFLAGS = 
+! OSLIBS = -lldap -lldap -lc -lcrypt -lresolv -lnsl -llber -lcrypt -lc 
+! DEFINES = -DUSE_LDAP 
+! OS= -DLINUX -DGLIBC
+  # For AIX
+  # See /usr/lpp/bos/bsdport on your system for details of how to define bsdcc
+  # CC=bsdcc
+--- 33,41 ----
+  CPPFLAGS = 
+  CFLAGS = $(CPPFLAGS) -g -O2
+  LDFLAGS = 
+! OSLIBS = -lc -lcrypt -lcrypt -lc -I/usr/local/include -L/usr/local/lib -lradius
+! DEFINES = -DUSE_RADIUS 
+! OS= 
+  # For AIX
+  # See /usr/lpp/bos/bsdport on your system for details of how to define bsdcc
+  # CC=bsdcc
+***************
+*** 52,58 ****
+  #OSLIBS=-lsocket -lnsl
+  
+  # For FreeBSD
+! # OS=-DFREEBSD
+  # You may also need to add:
+  # OSLIBS=-lcrypt
+  # NOTE: If you want your password encryption to be compatible with
+--- 52,58 ----
+  #OSLIBS=-lsocket -lnsl
+  
+  # For FreeBSD
+! OS=-DFREEBSD
+  # You may also need to add:
+  # OSLIBS=-lcrypt
+  # NOTE: If you want your password encryption to be compatible with
+***************
+*** 108,114 ****
+  # End of customisable section of Makefile
+  #
+  
+! CFLAGS = $(DEBUG) $(OPT_FLAGS) $(DEFINES) $(INCLUDES) $(FLAGS) $(OS) $(PIDFILE) $(LDFLAGS) $(DB)
+  
+  HFILES = expire.h parse.h regmagic.h md5.h regexp.h tac_plus.h 
+  
+--- 108,115 ----
+  # End of customisable section of Makefile
+  #
+  
+! 
+! CFLAGS = $(DEBUG) $(OPT_FLAGS) $(DEFINES) $(INCLUDES) $(FLAGS) $(OS) $(PIDFILE) $(LDFLAGS) $(DB) -I/usr/local/include -L/usr/local/lib
+  
+  HFILES = expire.h parse.h regmagic.h md5.h regexp.h tac_plus.h 
+  
+***************
+*** 117,123 ****
+  	packet.c report.c sendauth.c tac_plus.c utils.c pw.c hash.c \
+  	parse.c regexp.c programs.c enable.c pwlib.c default_fn.c \
+  	skey_fn.c default_v0_fn.c sendpass.c maxsess.c tac_pam.c \
+! 	db.c db_null.c db_mysql.c ldap.c
+  
+  OBJS = $(SRCS:.c=.o)
+  
+--- 118,126 ----
+  	packet.c report.c sendauth.c tac_plus.c utils.c pw.c hash.c \
+  	parse.c regexp.c programs.c enable.c pwlib.c default_fn.c \
+  	skey_fn.c default_v0_fn.c sendpass.c maxsess.c tac_pam.c \
+! 	db.c db_null.c db_mysql.c radius.c
+! 
+! # add ldap.c and also define USE_LDAP to enable LDAP support
+  
+  OBJS = $(SRCS:.c=.o)
+  
+***************
+*** 154,160 ****
+  install:
+  	cp tac_plus ${prefix}/sbin
+  	cp tac_plus.1 ${prefix}/man/man8/tac_plus.8
+! 	cp tac_plus.cfg /etc
+  
+  depend:
+  	makedepend $(CFLAGS) $(SRCS)
+--- 157,164 ----
+  install:
+  	cp tac_plus ${prefix}/sbin
+  	cp tac_plus.1 ${prefix}/man/man8/tac_plus.8
+! 	cp tac_plus.cfg ${prefix}/etc/tac_plus
+! 	cp radius.example ${prefix}/etc/tac_plus
+  
+  depend:
+  	makedepend $(CFLAGS) $(SRCS)

net/tac_plus-libradius/files/patch-ab

@@ -0,0 +1,17 @@
+*** config.c	Fri Mar 16 10:04:27 2001
+--- ../../tac_plus.F5.0.0.alpha/config.c	Sun Jan 20 19:49:48 2002
+***************
+*** 603,608 ****
+--- 603,614 ----
+  		authen_default_method = sym_code;
+  		break;
+  #endif
++ #ifdef USE_RADIUS
++ 		case S_radius:
++ 		fprintf(stderr,"sym_code=%i, radius\n",sym_code);
++ 		authen_default_method = sym_code;
++                 break;
++ #endif
+                  
+   
+  		default:

net/tac_plus-libradius/files/patch-ac

@@ -0,0 +1,19 @@
+*** do_acct.c	Mon Dec 18 17:58:02 2000
+--- do_acct.c	Sat Jan 19 15:22:46 2002
+***************
+*** 159,165 ****
+  #endif
+      entry.ut_time = utime;
+  
+!     wtmpfd = open(wtmpfile, O_CREAT | O_WRONLY | O_APPEND | O_SYNC, 0644);	
+      if (wtmpfd < 0) {
+  	report(LOG_ERR, "Can't open wtmp file %s -- %s",
+  	       wtmpfile, sys_errlist[errno]);
+--- 159,165 ----
+  #endif
+      entry.ut_time = utime;
+  
+!     wtmpfd = open(wtmpfile, O_CREAT | O_WRONLY | O_APPEND , 0644);	
+      if (wtmpfd < 0) {
+  	report(LOG_ERR, "Can't open wtmp file %s -- %s",
+  	       wtmpfile, sys_errlist[errno]);

net/tac_plus-libradius/files/patch-ad

@@ -0,0 +1,27 @@
+*** parse.c	Fri Mar 16 09:14:21 2001
+--- ../../tac_plus.F5.0.0.alpha/parse.c	Sun Jan 20 19:46:42 2002
+***************
+*** 99,104 ****
+--- 99,107 ----
+  #ifdef USE_LDAP
+      declare ("ldap", S_ldap);
+  #endif
++ #ifdef USE_RADIUS
++     declare ("radius",S_radius);
++ #endif
+      declare("member", S_member);
+      declare("message", S_message);
+      declare("name", S_name);
+***************
+*** 177,182 ****
+--- 180,189 ----
+  #ifdef USE_LDAP
+      case S_ldap:
+        return ("ldap");
++ #endif
++ #ifdef USE_RADIUS
++     case S_radius:
++       return ("radius");
+  #endif
+     case S_expires:
+  	return ("expires");

net/tac_plus-libradius/files/patch-ae

@@ -0,0 +1,11 @@
+*** parse.h	Fri Mar 16 09:18:44 2001
+--- ../../tac_plus.F5.0.0.alpha/parse.h	Sat Jan 19 23:55:09 2002
+***************
+*** 85,87 ****
+--- 85,90 ----
+  #ifdef USE_LDAP
+  #define S_ldap            46
+  #endif /* LDAP */
++ #ifdef USE_RADIUS
++ #define S_radius	  47
++ #endif /* radius */

net/tac_plus-libradius/files/patch-af

@@ -0,0 +1,38 @@
+*** pwlib.c	Fri Mar 16 14:42:54 2001
+--- ../../tac_plus.F5.0.0.alpha/pwlib.c	Sat Jan 19 23:22:07 2002
+***************
+*** 40,45 ****
+--- 40,49 ----
+  #include "ldap.h"
+  #endif /* LDAP */
+  
++ #ifdef USE_RADIUS
++ #include "radius.h"
++ #endif
++ 
+  /* Generic password verification routines for des, file and cleartext
+     passwords */
+  
+***************
+*** 166,171 ****
+--- 170,189 ----
+  #ifdef USE_LDAP
+  	case (S_ldap):
+          if (ldap_verify(name, passwd, file)==1) {
++             data->status = TAC_PLUS_AUTHEN_STATUS_FAIL;
++             return (0);
++         } else {
++             data->status = TAC_PLUS_AUTHEN_STATUS_PASS;
++         }
++         exp_date = NULL;
++         set_expiration_status(exp_date, data);
++         return (data->status == TAC_PLUS_AUTHEN_STATUS_PASS);	 
++         break; 
++ #endif
++ 
++ #ifdef USE_RADIUS
++ 	case (S_radius):
++ 	if (radius_verify(name,passwd,file)==1) {
+              data->status = TAC_PLUS_AUTHEN_STATUS_FAIL;
+              return (0);
+          } else {

net/tac_plus-libradius/files/patch-ag

@@ -0,0 +1,19 @@
+*** tac_plus.h	Mon Dec 18 17:58:02 2000
+--- ../../tac_plus.F5.0.0.alpha/tac_plus.h	Sun Jan 20 20:24:55 2002
+***************
+*** 70,76 ****
+   */
+  /* #define REARMSIGNAL */
+  
+! #define VERSION "F4.0.3.alpha.v7(DB&PAM support)"
+  
+  /*
+   * System definitions. 
+--- 70,76 ----
+   */
+  /* #define REARMSIGNAL */
+  
+! #define VERSION "F4.0.3.alpha.v7(DB,PAM&libradius support - incl. mmersbers patches!)"
+  
+  /*
+   * System definitions. 

net/tac_plus-libradius/files/tac_plus.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+
+if ! PREFIX=$(expr $0 : "\(/.*\)/etc/rc\.d/$(basename $0)\$"); then
+    echo "$0: Cannot determine the PREFIX" >&2
+    exit 1
+fi
+
+case "$1" in
+start)
+	[ -x ${PREFIX}/sbin/tac_plus -a -f ${PREFIX}/etc/tac_plus/tac_plus.conf ] && ${PREFIX}/sbin/tac_plus -C ${PREFIX}/etc/tac_plus/tac_plus.conf -d 1 && echo -n ' tac_plus'
+	;;
+stop)
+	killall tac_plus && echo -n ' tac_plus'
+	;;
+*)
+	echo "Usage: `basename $0` {start|stop}" >&2
+	;;
+esac
+
+exit 0

net/tac_plus-libradius/pkg-comment

@@ -0,0 +1 @@
+The www.gazi.edu.tr tacacs+ Daemon with pam and libradius support

net/tac_plus-libradius/pkg-descr

@@ -0,0 +1,8 @@
+tacacs+ s program that allow authorization and authentication via net on
+remote access servers. Authenticate users, authorize commands and log 
+accounting information.
+
+This version is includes a patch to include limited libradius support which
+allows to forward authentication requests to a radius server.
+
+WWW: http://www.portal-to-web.de/tacacs/

net/tac_plus-libradius/pkg-plist

@@ -0,0 +1,5 @@
+sbin/tac_plus
+etc/rc.d/tac_plus.sh
+etc/tac_plus/radius.example
+etc/tac_plus/tac_plus.cfg
+@dirrm etc/tac_plus