From cf87f3bb6333051139f78014446f99dc0b33260f Mon Sep 17 00:00:00 2001 From: Torsten Blum Date: Fri, 20 Sep 2002 20:31:30 +0000 Subject: [PATCH] A tacacs server with (limited) radius proxy support. Submitted by: Martin Mersberger --- net/Makefile | 1 + net/tac_plus-libradius/Makefile | 34 +++++++++ net/tac_plus-libradius/distinfo | 2 + net/tac_plus-libradius/files/patch-aa | 95 ++++++++++++++++++++++++ net/tac_plus-libradius/files/patch-ab | 17 +++++ net/tac_plus-libradius/files/patch-ac | 19 +++++ net/tac_plus-libradius/files/patch-ad | 27 +++++++ net/tac_plus-libradius/files/patch-ae | 11 +++ net/tac_plus-libradius/files/patch-af | 38 ++++++++++ net/tac_plus-libradius/files/patch-ag | 19 +++++ net/tac_plus-libradius/files/tac_plus.sh | 20 +++++ net/tac_plus-libradius/pkg-comment | 1 + net/tac_plus-libradius/pkg-descr | 8 ++ net/tac_plus-libradius/pkg-plist | 5 ++ 14 files changed, 297 insertions(+) create mode 100644 net/tac_plus-libradius/Makefile create mode 100644 net/tac_plus-libradius/distinfo create mode 100644 net/tac_plus-libradius/files/patch-aa create mode 100644 net/tac_plus-libradius/files/patch-ab create mode 100644 net/tac_plus-libradius/files/patch-ac create mode 100644 net/tac_plus-libradius/files/patch-ad create mode 100644 net/tac_plus-libradius/files/patch-ae create mode 100644 net/tac_plus-libradius/files/patch-af create mode 100644 net/tac_plus-libradius/files/patch-ag create mode 100644 net/tac_plus-libradius/files/tac_plus.sh create mode 100644 net/tac_plus-libradius/pkg-comment create mode 100644 net/tac_plus-libradius/pkg-descr create mode 100644 net/tac_plus-libradius/pkg-plist diff --git a/net/Makefile b/net/Makefile index 67c137ed1cca..d0840b216414 100644 --- a/net/Makefile +++ b/net/Makefile @@ -530,6 +530,7 @@ SUBDIR += suckblow SUBDIR += sup SUBDIR += svnc + SUBDIR += tac_plus-libradius SUBDIR += tac_plus4 SUBDIR += tas SUBDIR += tcpcat diff --git a/net/tac_plus-libradius/Makefile b/net/tac_plus-libradius/Makefile new file mode 100644 index 000000000000..30ce84639305 --- /dev/null +++ b/net/tac_plus-libradius/Makefile @@ -0,0 +1,34 @@ +# New ports collection makefile for: tac_plus-libradius +# Date created: January, 21th. 2002 +# Whom: Martin Mersberger +# $FreeBSD$ +# + +PORTNAME= tac_plus-libradius +PORTVERSION= 5.0.0 +CATEGORIES= net +MASTER_SITES= http://www.portal-to-web.de/tacacs/ \ + http://www.santel.lu/projects/ldap-tacacs/ +DISTFILES= tac_plus.F5.0.0.alpha.tar.gz \ + tac_plus_radius.tgz + +MAINTAINER= gremlin@portal-to-web.de + +WRKPREFIX= tac_plus.F5.0.0.alpha +WRKSRC= ${WRKDIR}/${WRKPREFIX}/ + +ALL_TARGET= tac_plus +MAN1= tac_plus.1 + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/tac_plus ${PREFIX}/sbin + ${INSTALL_MAN} ${WRKSRC}/tac_plus.1 ${PREFIX}/man/man1/tac_plus.1 + @mkdir -p ${PREFIX}/etc/tac_plus + ${INSTALL_DATA} ${WRKSRC}/tac_plus.cfg ${PREFIX}/etc/tac_plus/ + ${INSTALL_DATA} ${WRKSRC}/radius.example ${PREFIX}/etc/tac_plus/ + @if [ ! -f ${PREFIX}/etc/rc.d/tac_plus.sh ]; then \ + ${ECHO} "Installing ${PREFIX}/etc/rc.d/tac_plus.sh startup file."; \ + ${INSTALL_SCRIPT} -m 751 ${FILESDIR}/tac_plus.sh ${PREFIX}/etc/rc.d/tac_plus.sh.sample; \ + fi + +.include diff --git a/net/tac_plus-libradius/distinfo b/net/tac_plus-libradius/distinfo new file mode 100644 index 000000000000..6632d37ea4c0 --- /dev/null +++ b/net/tac_plus-libradius/distinfo @@ -0,0 +1,2 @@ +MD5 (tac_plus.F5.0.0.alpha.tar.gz) = 4bdab498b1e8aef81cc72f3b3f8c750c +MD5 (tac_plus_radius.tgz) = c3fa7afdbf202aa9e6a964837640870a diff --git a/net/tac_plus-libradius/files/patch-aa b/net/tac_plus-libradius/files/patch-aa new file mode 100644 index 000000000000..1baeb7056628 --- /dev/null +++ b/net/tac_plus-libradius/files/patch-aa @@ -0,0 +1,95 @@ +*** Makefile Wed Mar 21 09:33:15 2001 +--- ../pkg/tac_plus.new/Makefile Mon Jan 21 15:51:28 2002 +*************** +*** 33,41 **** + CPPFLAGS = + CFLAGS = $(CPPFLAGS) -g -O2 + LDFLAGS = +! OSLIBS = -lldap -lldap -lc -lcrypt -lresolv -lnsl -llber -lcrypt -lc +! DEFINES = -DUSE_LDAP +! OS= -DLINUX -DGLIBC + # For AIX + # See /usr/lpp/bos/bsdport on your system for details of how to define bsdcc + # CC=bsdcc +--- 33,41 ---- + CPPFLAGS = + CFLAGS = $(CPPFLAGS) -g -O2 + LDFLAGS = +! OSLIBS = -lc -lcrypt -lcrypt -lc -I/usr/local/include -L/usr/local/lib -lradius +! DEFINES = -DUSE_RADIUS +! OS= + # For AIX + # See /usr/lpp/bos/bsdport on your system for details of how to define bsdcc + # CC=bsdcc +*************** +*** 52,58 **** + #OSLIBS=-lsocket -lnsl + + # For FreeBSD +! # OS=-DFREEBSD + # You may also need to add: + # OSLIBS=-lcrypt + # NOTE: If you want your password encryption to be compatible with +--- 52,58 ---- + #OSLIBS=-lsocket -lnsl + + # For FreeBSD +! OS=-DFREEBSD + # You may also need to add: + # OSLIBS=-lcrypt + # NOTE: If you want your password encryption to be compatible with +*************** +*** 108,114 **** + # End of customisable section of Makefile + # + +! CFLAGS = $(DEBUG) $(OPT_FLAGS) $(DEFINES) $(INCLUDES) $(FLAGS) $(OS) $(PIDFILE) $(LDFLAGS) $(DB) + + HFILES = expire.h parse.h regmagic.h md5.h regexp.h tac_plus.h + +--- 108,115 ---- + # End of customisable section of Makefile + # + +! +! CFLAGS = $(DEBUG) $(OPT_FLAGS) $(DEFINES) $(INCLUDES) $(FLAGS) $(OS) $(PIDFILE) $(LDFLAGS) $(DB) -I/usr/local/include -L/usr/local/lib + + HFILES = expire.h parse.h regmagic.h md5.h regexp.h tac_plus.h + +*************** +*** 117,123 **** + packet.c report.c sendauth.c tac_plus.c utils.c pw.c hash.c \ + parse.c regexp.c programs.c enable.c pwlib.c default_fn.c \ + skey_fn.c default_v0_fn.c sendpass.c maxsess.c tac_pam.c \ +! db.c db_null.c db_mysql.c ldap.c + + OBJS = $(SRCS:.c=.o) + +--- 118,126 ---- + packet.c report.c sendauth.c tac_plus.c utils.c pw.c hash.c \ + parse.c regexp.c programs.c enable.c pwlib.c default_fn.c \ + skey_fn.c default_v0_fn.c sendpass.c maxsess.c tac_pam.c \ +! db.c db_null.c db_mysql.c radius.c +! +! # add ldap.c and also define USE_LDAP to enable LDAP support + + OBJS = $(SRCS:.c=.o) + +*************** +*** 154,160 **** + install: + cp tac_plus ${prefix}/sbin + cp tac_plus.1 ${prefix}/man/man8/tac_plus.8 +! cp tac_plus.cfg /etc + + depend: + makedepend $(CFLAGS) $(SRCS) +--- 157,164 ---- + install: + cp tac_plus ${prefix}/sbin + cp tac_plus.1 ${prefix}/man/man8/tac_plus.8 +! cp tac_plus.cfg ${prefix}/etc/tac_plus +! cp radius.example ${prefix}/etc/tac_plus + + depend: + makedepend $(CFLAGS) $(SRCS) diff --git a/net/tac_plus-libradius/files/patch-ab b/net/tac_plus-libradius/files/patch-ab new file mode 100644 index 000000000000..b8b7730892fa --- /dev/null +++ b/net/tac_plus-libradius/files/patch-ab @@ -0,0 +1,17 @@ +*** config.c Fri Mar 16 10:04:27 2001 +--- ../../tac_plus.F5.0.0.alpha/config.c Sun Jan 20 19:49:48 2002 +*************** +*** 603,608 **** +--- 603,614 ---- + authen_default_method = sym_code; + break; + #endif ++ #ifdef USE_RADIUS ++ case S_radius: ++ fprintf(stderr,"sym_code=%i, radius\n",sym_code); ++ authen_default_method = sym_code; ++ break; ++ #endif + + + default: diff --git a/net/tac_plus-libradius/files/patch-ac b/net/tac_plus-libradius/files/patch-ac new file mode 100644 index 000000000000..851f6c8201ec --- /dev/null +++ b/net/tac_plus-libradius/files/patch-ac @@ -0,0 +1,19 @@ +*** do_acct.c Mon Dec 18 17:58:02 2000 +--- do_acct.c Sat Jan 19 15:22:46 2002 +*************** +*** 159,165 **** + #endif + entry.ut_time = utime; + +! wtmpfd = open(wtmpfile, O_CREAT | O_WRONLY | O_APPEND | O_SYNC, 0644); + if (wtmpfd < 0) { + report(LOG_ERR, "Can't open wtmp file %s -- %s", + wtmpfile, sys_errlist[errno]); +--- 159,165 ---- + #endif + entry.ut_time = utime; + +! wtmpfd = open(wtmpfile, O_CREAT | O_WRONLY | O_APPEND , 0644); + if (wtmpfd < 0) { + report(LOG_ERR, "Can't open wtmp file %s -- %s", + wtmpfile, sys_errlist[errno]); diff --git a/net/tac_plus-libradius/files/patch-ad b/net/tac_plus-libradius/files/patch-ad new file mode 100644 index 000000000000..ae996bbcb08a --- /dev/null +++ b/net/tac_plus-libradius/files/patch-ad @@ -0,0 +1,27 @@ +*** parse.c Fri Mar 16 09:14:21 2001 +--- ../../tac_plus.F5.0.0.alpha/parse.c Sun Jan 20 19:46:42 2002 +*************** +*** 99,104 **** +--- 99,107 ---- + #ifdef USE_LDAP + declare ("ldap", S_ldap); + #endif ++ #ifdef USE_RADIUS ++ declare ("radius",S_radius); ++ #endif + declare("member", S_member); + declare("message", S_message); + declare("name", S_name); +*************** +*** 177,182 **** +--- 180,189 ---- + #ifdef USE_LDAP + case S_ldap: + return ("ldap"); ++ #endif ++ #ifdef USE_RADIUS ++ case S_radius: ++ return ("radius"); + #endif + case S_expires: + return ("expires"); diff --git a/net/tac_plus-libradius/files/patch-ae b/net/tac_plus-libradius/files/patch-ae new file mode 100644 index 000000000000..26d25829f140 --- /dev/null +++ b/net/tac_plus-libradius/files/patch-ae @@ -0,0 +1,11 @@ +*** parse.h Fri Mar 16 09:18:44 2001 +--- ../../tac_plus.F5.0.0.alpha/parse.h Sat Jan 19 23:55:09 2002 +*************** +*** 85,87 **** +--- 85,90 ---- + #ifdef USE_LDAP + #define S_ldap 46 + #endif /* LDAP */ ++ #ifdef USE_RADIUS ++ #define S_radius 47 ++ #endif /* radius */ diff --git a/net/tac_plus-libradius/files/patch-af b/net/tac_plus-libradius/files/patch-af new file mode 100644 index 000000000000..1fc87d78217b --- /dev/null +++ b/net/tac_plus-libradius/files/patch-af @@ -0,0 +1,38 @@ +*** pwlib.c Fri Mar 16 14:42:54 2001 +--- ../../tac_plus.F5.0.0.alpha/pwlib.c Sat Jan 19 23:22:07 2002 +*************** +*** 40,45 **** +--- 40,49 ---- + #include "ldap.h" + #endif /* LDAP */ + ++ #ifdef USE_RADIUS ++ #include "radius.h" ++ #endif ++ + /* Generic password verification routines for des, file and cleartext + passwords */ + +*************** +*** 166,171 **** +--- 170,189 ---- + #ifdef USE_LDAP + case (S_ldap): + if (ldap_verify(name, passwd, file)==1) { ++ data->status = TAC_PLUS_AUTHEN_STATUS_FAIL; ++ return (0); ++ } else { ++ data->status = TAC_PLUS_AUTHEN_STATUS_PASS; ++ } ++ exp_date = NULL; ++ set_expiration_status(exp_date, data); ++ return (data->status == TAC_PLUS_AUTHEN_STATUS_PASS); ++ break; ++ #endif ++ ++ #ifdef USE_RADIUS ++ case (S_radius): ++ if (radius_verify(name,passwd,file)==1) { + data->status = TAC_PLUS_AUTHEN_STATUS_FAIL; + return (0); + } else { diff --git a/net/tac_plus-libradius/files/patch-ag b/net/tac_plus-libradius/files/patch-ag new file mode 100644 index 000000000000..c2d03dee7560 --- /dev/null +++ b/net/tac_plus-libradius/files/patch-ag @@ -0,0 +1,19 @@ +*** tac_plus.h Mon Dec 18 17:58:02 2000 +--- ../../tac_plus.F5.0.0.alpha/tac_plus.h Sun Jan 20 20:24:55 2002 +*************** +*** 70,76 **** + */ + /* #define REARMSIGNAL */ + +! #define VERSION "F4.0.3.alpha.v7(DB&PAM support)" + + /* + * System definitions. +--- 70,76 ---- + */ + /* #define REARMSIGNAL */ + +! #define VERSION "F4.0.3.alpha.v7(DB,PAM&libradius support - incl. mmersbers patches!)" + + /* + * System definitions. diff --git a/net/tac_plus-libradius/files/tac_plus.sh b/net/tac_plus-libradius/files/tac_plus.sh new file mode 100644 index 000000000000..5494b7c3ff9a --- /dev/null +++ b/net/tac_plus-libradius/files/tac_plus.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +if ! PREFIX=$(expr $0 : "\(/.*\)/etc/rc\.d/$(basename $0)\$"); then + echo "$0: Cannot determine the PREFIX" >&2 + exit 1 +fi + +case "$1" in +start) + [ -x ${PREFIX}/sbin/tac_plus -a -f ${PREFIX}/etc/tac_plus/tac_plus.conf ] && ${PREFIX}/sbin/tac_plus -C ${PREFIX}/etc/tac_plus/tac_plus.conf -d 1 && echo -n ' tac_plus' + ;; +stop) + killall tac_plus && echo -n ' tac_plus' + ;; +*) + echo "Usage: `basename $0` {start|stop}" >&2 + ;; +esac + +exit 0 diff --git a/net/tac_plus-libradius/pkg-comment b/net/tac_plus-libradius/pkg-comment new file mode 100644 index 000000000000..9362d053888d --- /dev/null +++ b/net/tac_plus-libradius/pkg-comment @@ -0,0 +1 @@ +The www.gazi.edu.tr tacacs+ Daemon with pam and libradius support diff --git a/net/tac_plus-libradius/pkg-descr b/net/tac_plus-libradius/pkg-descr new file mode 100644 index 000000000000..b51fbce7fd78 --- /dev/null +++ b/net/tac_plus-libradius/pkg-descr @@ -0,0 +1,8 @@ +tacacs+ s program that allow authorization and authentication via net on +remote access servers. Authenticate users, authorize commands and log +accounting information. + +This version is includes a patch to include limited libradius support which +allows to forward authentication requests to a radius server. + +WWW: http://www.portal-to-web.de/tacacs/ diff --git a/net/tac_plus-libradius/pkg-plist b/net/tac_plus-libradius/pkg-plist new file mode 100644 index 000000000000..7cf6ba0cd6bd --- /dev/null +++ b/net/tac_plus-libradius/pkg-plist @@ -0,0 +1,5 @@ +sbin/tac_plus +etc/rc.d/tac_plus.sh +etc/tac_plus/radius.example +etc/tac_plus/tac_plus.cfg +@dirrm etc/tac_plus