FreeBSD Bugzilla – Attachment 133370 Details for
Bug 177833
Update version of net/tac_plus4 to 4.0.4.26
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 14.45 KB, created by
landy2005
on 2013-04-13 11:50:00 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
landy2005
Created:
2013-04-13 11:50:00 UTC
Size:
14.45 KB
patch
obsolete
>diff -ruN tac_plus4.orig/Makefile tac_plus4/Makefile >--- tac_plus4.orig/Makefile 2013-03-08 15:32:11.000000000 +0400 >+++ tac_plus4/Makefile 2013-04-13 14:29:56.000000000 +0400 >@@ -2,10 +2,10 @@ > # $FreeBSD: net/tac_plus4/Makefile 313635 2013-03-08 11:32:11Z bapt $ > > PORTNAME= tac_plus >-PORTVERSION= F4.0.4.19 >+PORTVERSION= F4.0.4.26 > CATEGORIES= net security > MASTER_SITES= ftp://ftp.shrubbery.net/pub/tac_plus/ >-DISTNAME= tacacs+-F4.0.4.19 >+DISTNAME= tacacs+-F4.0.4.26 > > MAINTAINER= marcus@FreeBSD.org > COMMENT= The Cisco remote authentication/authorization/accounting server >diff -ruN tac_plus4.orig/distinfo tac_plus4/distinfo >--- tac_plus4.orig/distinfo 2012-07-14 18:29:18.000000000 +0400 >+++ tac_plus4/distinfo 2013-04-13 13:13:50.000000000 +0400 >@@ -1,2 +1,2 @@ >-SHA256 (tacacs+-F4.0.4.19.tar.gz) = 582dcdb5723c844e50036b1ed9eaee53239e7791d0ac5e5c22fba8ac4790596b >-SIZE (tacacs+-F4.0.4.19.tar.gz) = 500593 >+SHA256 (tacacs+-F4.0.4.26.tar.gz) = 9051824e8ddc164001f80ec2a723c904d8382aadb5b29a951909761b3d42d6ec >+SIZE (tacacs+-F4.0.4.26.tar.gz) = 519796 >diff -ruN tac_plus4.orig/files/extra-patch-bb tac_plus4/files/extra-patch-bb >--- tac_plus4.orig/files/extra-patch-bb 2012-07-14 18:29:18.000000000 +0400 >+++ tac_plus4/files/extra-patch-bb 2013-04-13 13:30:56.000000000 +0400 >@@ -13,9 +13,9 @@ > > ------------------------------ cut here --------------------------- > >---- pwlib.c.orig Fri Dec 1 15:07:03 2000 >-+++ pwlib.c Fri Dec 1 15:07:48 2000 >-@@ -195,7 +195,7 @@ >+--- pwlib.c.orig 2012-06-07 02:54:23.000000000 +0400 >++++ pwlib.c 2013-04-13 13:26:17.000000000 +0400 >+@@ -303,7 +303,7 @@ > struct passwd *pw; > char *exp_date; > char *cfg_passwd; >@@ -24,8 +24,8 @@ > char buf[12]; > #endif /* SHADOW_PASSWORDS */ > >-@@ -217,7 +217,20 @@ >- return (0); >+@@ -325,7 +325,20 @@ >+ return(0); > } > cfg_passwd = pw->pw_passwd; > +#ifdef FREEBSD >diff -ruN tac_plus4.orig/files/patch-Makefile.in tac_plus4/files/patch-Makefile.in >--- tac_plus4.orig/files/patch-Makefile.in 2012-07-14 18:29:18.000000000 +0400 >+++ tac_plus4/files/patch-Makefile.in 2013-04-13 13:43:52.000000000 +0400 >@@ -1,33 +1,24 @@ >---- Makefile.in.orig 2009-07-28 15:18:02.000000000 -0400 >-+++ Makefile.in 2009-10-10 16:24:28.000000000 -0400 >-@@ -97,7 +97,7 @@ am__tac_plus_SOURCES_DIST = acct.c authe >+--- Makefile.in.orig 2012-04-17 02:56:54.000000000 +0400 >++++ Makefile.in 2013-04-13 13:43:18.000000000 +0400 >+@@ -98,7 +98,7 @@ > config.c default_fn.c default_v0_fn.c do_acct.c do_author.c \ >- dump.c enable.c encrypt.c expire.c hash.c maxsess.c parse.c \ >- programs.c pw.c pwlib.c regexp.c report.c sendauth.c \ >-- sendpass.c tac_plus.c utils.c skey_fn.c >-+ sendpass.c tac_plus.c utils.c skey_fn.c opie_fn.c >+ dump.c enable.c encrypt.c expire.c hash.c maxsessint.c parse.c \ >+ programs.c pw.c pwlib.c report.c sendauth.c sendpass.c \ >+- tac_plus.c utils.c skey_fn.c aceclnt_fn.c >++ tac_plus.c utils.c skey_fn.c aceclnt_fn.c opie_fn.c > @TACSKEY_TRUE@am__objects_1 = skey_fn.$(OBJEXT) >+ @TACACECLNT_TRUE@am__objects_2 = aceclnt_fn.$(OBJEXT) > am_tac_plus_OBJECTS = acct.$(OBJEXT) authen.$(OBJEXT) author.$(OBJEXT) \ >- choose_authen.$(OBJEXT) config.$(OBJEXT) default_fn.$(OBJEXT) \ >-@@ -107,7 +107,7 @@ am_tac_plus_OBJECTS = acct.$(OBJEXT) aut >+@@ -109,7 +109,7 @@ > parse.$(OBJEXT) programs.$(OBJEXT) pw.$(OBJEXT) \ >- pwlib.$(OBJEXT) regexp.$(OBJEXT) report.$(OBJEXT) \ >- sendauth.$(OBJEXT) sendpass.$(OBJEXT) tac_plus.$(OBJEXT) \ >-- utils.$(OBJEXT) $(am__objects_1) >-+ utils.$(OBJEXT) opie_fn.$(OBJEXT) $(am__objects_1) >+ pwlib.$(OBJEXT) report.$(OBJEXT) sendauth.$(OBJEXT) \ >+ sendpass.$(OBJEXT) tac_plus.$(OBJEXT) utils.$(OBJEXT) \ >+- $(am__objects_1) $(am__objects_2) >++ opie_fn.$(OBJEXT) $(am__objects_1) $(am__objects_2) > tac_plus_OBJECTS = $(am_tac_plus_OBJECTS) > am__DEPENDENCIES_1 = > tac_plus_DEPENDENCIES = $(am__DEPENDENCIES_1) >-@@ -326,7 +326,7 @@ noinst_HEADERS = md4.h mschap.h regexp.h >- expire.h md5.h parse.h pathsl.h regmagic.h >- >- man_gen_MANS = tac_plus.8 tac_plus.conf.5 >--man_nogen_MANS = regexp.3 tac_pwd.8 >-+man_nogen_MANS = tac_pwd.8 >- man_MANS = $(man_gen_MANS) $(man_nogen_MANS) >- >- # scripts that are built >-@@ -581,6 +581,7 @@ distclean-compile: >+@@ -592,6 +592,7 @@ > @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sendauth.Po@am__quote@ > @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sendpass.Po@am__quote@ > @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/skey_fn.Po@am__quote@ >@@ -35,7 +26,7 @@ > @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tac_plus.Po@am__quote@ > @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tac_pwd.Po@am__quote@ > @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utils.Po@am__quote@ >-@@ -1061,8 +1062,7 @@ info: info-am >+@@ -1049,8 +1050,7 @@ > > info-am: > >diff -ruN tac_plus4.orig/files/patch-ab tac_plus4/files/patch-ab >--- tac_plus4.orig/files/patch-ab 2012-07-14 18:29:18.000000000 +0400 >+++ tac_plus4/files/patch-ab 1970-01-01 03:00:00.000000000 +0300 >@@ -1,30 +0,0 @@ >---- tac_plus.h.orig 2009-07-27 20:11:53.000000000 -0400 >-+++ tac_plus.h 2010-02-12 18:13:49.000000000 -0500 >-@@ -86,6 +86,7 @@ >- #ifdef FREEBSD >- #define CONST_SYSERRLIST >- #define NO_PWAGE >-+#include <sys/param.h> >- #endif >- >- #ifdef BSDI >-@@ -138,7 +139,11 @@ >- # include <sys/syslog.h> >- #endif >- >-+#if defined(FREEBSD) && __FreeBSD_version >= 900007 >-+#include <utmpx.h> >-+#else >- #include <utmp.h> >-+#endif >- >- #include <unistd.h> >- >-@@ -655,6 +660,7 @@ int sendpass_fn(struct authen_data *data >- int enable_fn(struct authen_data *data); >- int default_v0_fn(struct authen_data *data); >- int skey_fn(struct authen_data *data); >-+int opie_fn(struct authen_data *data); >- >- #ifdef MAXSESS >- void loguser(struct acct_rec *); >diff -ruN tac_plus4.orig/files/patch-choose_authen.c tac_plus4/files/patch-choose_authen.c >--- tac_plus4.orig/files/patch-choose_authen.c 2012-07-14 18:29:18.000000000 +0400 >+++ tac_plus4/files/patch-choose_authen.c 2013-04-13 13:57:04.000000000 +0400 >@@ -1,8 +1,8 @@ >---- choose_authen.c.orig Sun Jun 18 13:26:53 2000 >-+++ choose_authen.c Sun Dec 8 15:26:08 2002 >-@@ -118,10 +118,27 @@ >+--- choose_authen.c.orig 2012-04-17 01:42:55.000000000 +0400 >++++ choose_authen.c 2013-04-13 13:55:20.000000000 +0400 >+@@ -130,12 +130,29 @@ > #else /* SKEY */ >- report(LOG_ERR, >+ report(LOG_ERR, > "%s %s: user %s s/key support has not been compiled in", > - name ? name : "<unknown>", > - session.peer, session.port); >@@ -10,8 +10,8 @@ > + name ? name : "<unknown>"); > return(CHOOSE_FAILED); > #endif /* SKEY */ >-+ } >-+ >+ } >+ > + if (cfg_passwd && STREQ(cfg_passwd, "opie")) { > + if (debug & DEBUG_PASSWD_FLAG) > + report(LOG_DEBUG, "%s %s: user %s requires opie", >@@ -27,6 +27,8 @@ > + name ? name : "<unknown>"); > + return(CHOOSE_FAILED); > +#endif /* OPIE */ >- } >- >- /* Not an skey user. Must be none, des, cleartext or file password */ >++ } >++ >+ /* Does this user require aceclnt */ >+ cfg_passwd = cfg_get_login_secret(name, TAC_PLUS_RECURSE); >+ if (cfg_passwd && STREQ(cfg_passwd, "aceclnt")) { >diff -ruN tac_plus4.orig/files/patch-do_acct.c tac_plus4/files/patch-do_acct.c >--- tac_plus4.orig/files/patch-do_acct.c 2012-07-14 18:29:18.000000000 +0400 >+++ tac_plus4/files/patch-do_acct.c 1970-01-01 03:00:00.000000000 +0300 >@@ -1,78 +0,0 @@ >---- do_acct.c.orig 2010-01-23 16:17:36.000000000 -0500 >-+++ do_acct.c 2010-02-12 18:19:44.000000000 -0500 >-@@ -202,23 +202,42 @@ do_acct_syslog(struct acct_rec *rec) >- int >- wtmp_entry(char *line, char *name, char *host, time_t utime) >- { >-+#if defined(FREEBSD) && __FreeBSD_version >= 900007 >-+#define HAVE_UTMPX_H 1 >-+ struct utmpx entry; >-+ struct timeval tv; >-+#else >- struct utmp entry; >-+#endif >- >-+#ifndef HAVE_UTMPX_H >- if (!wtmpfile) { >- return(1); >- } >-+#endif >- >- memset(&entry, 0, sizeof entry); >-+#ifdef HAVE_UTMPX_H >-+ entry.ut_type = *name != '\0' ? USER_PROCESS : DEAD_PROCESS; >-+ snprintf(entry.ut_id, sizeof entry.ut_id, "%xtac", getpid()); >-+#endif >- >- if (strlen(line) < sizeof entry.ut_line) >- strcpy(entry.ut_line, line); >- else >- memcpy(entry.ut_line, line, sizeof(entry.ut_line)); >- >-+#ifdef HAVE_UTMPX_H >-+ if (strlen(name) < sizeof entry.ut_user) >-+ strcpy(entry.ut_user, name); >-+ else >-+ memcpy(entry.ut_user, name, sizeof(entry.ut_user)); >-+#else >- if (strlen(name) < sizeof entry.ut_name) >- strcpy(entry.ut_name, name); >- else >- memcpy(entry.ut_name, name, sizeof(entry.ut_name)); >-+#endif >- >- #ifndef SOLARIS >- if (strlen(host) < sizeof entry.ut_host) >-@@ -226,13 +245,24 @@ wtmp_entry(char *line, char *name, char >- else >- memcpy(entry.ut_host, host, sizeof(entry.ut_host)); >- #endif >-+#ifdef HAVE_UTMPX_H >-+ memset(&entry.ut_tv, 0, sizeof(entry.ut_tv)); >-+ tv.tv_sec = utime; >-+ memcpy(&entry.ut_tv, &tv, sizeof(entry.ut_tv)); >-+#else >- entry.ut_time = utime; >-+#endif >- >- #ifdef FREEBSD >-+#ifdef HAVE_UTMPX_H >-+ pututxline(&entry); >-+#else >- wtmpfd = open(wtmpfile, O_CREAT | O_WRONLY | O_APPEND, 0644); >-+#endif >- #else >- wtmpfd = open(wtmpfile, O_CREAT | O_WRONLY | O_APPEND | O_SYNC, 0644); >- #endif >-+#ifndef HAVE_UTMPX_H >- if (wtmpfd < 0) { >- report(LOG_ERR, "Can't open wtmp file %s -- %s", >- wtmpfile, strerror(errno)); >-@@ -251,6 +281,7 @@ wtmp_entry(char *line, char *name, char >- } >- >- close(wtmpfd); >-+#endif >- >- if (debug & DEBUG_ACCT_FLAG) { >- report(LOG_DEBUG, "wtmp: %s, %s %s %d", line, name, host, utime); >diff -ruN tac_plus4.orig/files/patch-parse.h tac_plus4/files/patch-parse.h >--- tac_plus4.orig/files/patch-parse.h 2012-07-14 18:29:18.000000000 +0400 >+++ tac_plus4/files/patch-parse.h 2013-04-13 14:06:52.000000000 +0400 >@@ -1,7 +1,10 @@ >---- parse.h.orig Sun Dec 8 15:22:51 2002 >-+++ parse.h Sun Dec 8 15:23:26 2002 >-@@ -76,3 +76,4 @@ >+--- parse.h.orig 2012-04-10 22:34:40.000000000 +0400 >++++ parse.h 2013-04-13 14:02:27.000000000 +0400 >+@@ -74,6 +74,7 @@ > #ifdef MSCHAP > #define S_mschap 42 > #endif /* MSCHAP */ > +#define S_opie 43 >+ #define S_enable 43 >+ #ifdef ACLS >+ # define S_acl 44 >diff -ruN tac_plus4.orig/files/patch-skey_fn.c tac_plus4/files/patch-skey_fn.c >--- tac_plus4.orig/files/patch-skey_fn.c 2012-07-14 18:29:18.000000000 +0400 >+++ tac_plus4/files/patch-skey_fn.c 2013-04-13 14:09:28.000000000 +0400 >@@ -1,11 +1,11 @@ >---- skey_fn.c.orig Sun Apr 3 01:41:00 2005 >-+++ skey_fn.c Sun Apr 3 01:41:08 2005 >-@@ -168,7 +168,7 @@ >+--- skey_fn.c.orig 2012-06-06 22:34:55.000000000 +0400 >++++ skey_fn.c 2013-04-13 14:08:31.000000000 +0400 >+@@ -164,7 +164,7 @@ > return(1); > } > > - if (skeychallenge(&p->skey, name, skeyprompt, 80) == 0) { > + if (skeychallenge(&p->skey, name, skeyprompt) == 0) { > char buf[256]; >- sprintf(buf, "%s\nPassword: ", skeyprompt); >+ snprintf(buf, sizeof(buf), "%s\nS/Key challenge: ", skeyprompt); > data->server_msg = tac_strdup(buf); >diff -ruN tac_plus4.orig/files/patch-tac_plus.h tac_plus4/files/patch-tac_plus.h >--- tac_plus4.orig/files/patch-tac_plus.h 1970-01-01 03:00:00.000000000 +0300 >+++ tac_plus4/files/patch-tac_plus.h 2013-04-13 13:50:44.000000000 +0400 >@@ -0,0 +1,10 @@ >+--- tac_plus.h.orig 2013-04-13 13:45:20.000000000 +0400 >++++ tac_plus.h 2013-04-13 13:50:14.000000000 +0400 >+@@ -452,6 +452,7 @@ >+ int sendauth_fn(struct authen_data *data); >+ int sendpass_fn(struct authen_data *data); >+ int skey_fn(struct authen_data *data); >++int opie_fn(struct authen_data *data); >+ >+ /* tac_plus.c */ >+ void open_logfile(void); >diff -ruN tac_plus4.orig/files/patch-tacacs.h tac_plus4/files/patch-tacacs.h >--- tac_plus4.orig/files/patch-tacacs.h 2012-07-14 18:29:18.000000000 +0400 >+++ tac_plus4/files/patch-tacacs.h 1970-01-01 03:00:00.000000000 +0300 >@@ -1,25 +0,0 @@ >---- tacacs.h.orig 2010-02-12 18:13:56.000000000 -0500 >-+++ tacacs.h 2010-02-12 18:14:51.000000000 -0500 >-@@ -83,6 +83,10 @@ XXX unknown >- #define MSCHAP_DIGEST_LEN 49 >- #endif /* MSCHAP */ >- >-+#ifdef FREEBSD >-+#include <sys/param.h> >-+#endif >-+ >- #if HAVE_STRING_H >- # include <string.h> >- #endif >-@@ -124,7 +128,11 @@ XXX unknown >- # include <sys/syslog.h> >- #endif >- >-+#if defined(FREEBSD) && __FreeBSD_version >= 900007 >-+#include <utmpx.h> >-+#else >- #include <utmp.h> >-+#endif >- >- #include <unistd.h> >- >diff -ruN tac_plus4.orig/files/patch-users_guide.in tac_plus4/files/patch-users_guide.in >--- tac_plus4.orig/files/patch-users_guide.in 2012-07-14 18:29:18.000000000 +0400 >+++ tac_plus4/files/patch-users_guide.in 2013-04-13 14:17:05.000000000 +0400 >@@ -1,6 +1,6 @@ >---- users_guide.in.orig 2008-08-20 00:34:57.000000000 -0400 >-+++ users_guide.in 2009-07-08 22:32:17.000000000 -0400 >-@@ -164,7 +164,10 @@ for S/KEY in the Makefile. I got my S/K >+--- users_guide.in.orig 2011-05-28 02:11:57.000000000 +0400 >++++ users_guide.in 2013-04-13 14:16:37.000000000 +0400 >+@@ -164,7 +164,10 @@ > crimelab.com but now it appears the only source is ftp.bellcore.com. I > suggest you try a web search for s/key source code. > >@@ -12,11 +12,12 @@ > > Should you need them, there are routines for accessing password files > (getpwnam,setpwent,endpwent,setpwfile) in pw.c. >-@@ -454,6 +457,15 @@ be that for each authentiction that is a >- to be wrong whether it was typed correctly or not. >+@@ -414,7 +417,16 @@ >+ login = skey >+ } > >- >-+4. Authentication using opie. >+-4). Authentication using PAM (Pluggable Authentication Modules) >++4). Authentication using opie. > + > +If you have successfully built tac_plus with opie support, you can specify > +a user be authenticated via opie, as follows: >@@ -25,6 +26,7 @@ > + login = opie > + } > + >- RECURSIVE PASSWORD LOOKUPS >- --------------------------- >++5). Authentication using PAM (Pluggable Authentication Modules) > >+ Assuming that your OS supports it, tac_plus can be configured to use PAM >+ for authentication, which may make it possible to use LDAP, SecureID, etc >diff -ruN tac_plus4.orig/files/tac_plus.in tac_plus4/files/tac_plus.in >--- tac_plus4.orig/files/tac_plus.in 2012-07-14 18:29:18.000000000 +0400 >+++ tac_plus4/files/tac_plus.in 2012-01-14 12:56:29.000000000 +0400 >@@ -1,6 +1,6 @@ > #!/bin/sh > # >-# $FreeBSD: net/tac_plus4/files/tac_plus.in 300897 2012-07-14 14:29:18Z beat $ >+# $FreeBSD: ports/net/tac_plus4/files/tac_plus.in,v 1.4 2012/01/14 08:56:29 dougb Exp $ > # > # PROVIDE: tac_plus > # REQUIRE: DAEMON >diff -ruN tac_plus4.orig/pkg-descr tac_plus4/pkg-descr >--- tac_plus4.orig/pkg-descr 2012-07-14 18:29:18.000000000 +0400 >+++ tac_plus4/pkg-descr 2013-04-13 14:19:12.000000000 +0400 >@@ -9,4 +9,4 @@ > To enable MSCHAP you need to optain a key from Microsoft, see the FAQ > section in the users guide. Therefore this isn't enabled by default. > >-WWW: http://www.cisco.com/warp/public/480/tacplus.shtml >+WWW: http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800946a3.shtml
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=133370">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 177833
: 133370