From 47f248d15512ab8d870576ef4e20d040aa08dbf0 Mon Sep 17 00:00:00 2001 From: Bruno Pena Date: Sat, 13 Apr 2019 10:57:59 +0200 Subject: [PATCH] tac_plus: New package (TACACS+ daemon) Signed-off-by: Bruno Pena tac_plus: Updated to the latest commit from upstream. Updated URL to reference Facebook's GitHub repository. Tweaked Makefile to include the date on the source package filename. Signed-off-by: Bruno Pena --- net/tac_plus/Makefile | 51 ++++++++++++++++ net/tac_plus/files/tac_plus.conf | 58 +++++++++++++++++++ net/tac_plus/files/tac_plus.init | 12 ++++ .../patches/010-configure-remove-libnsl.patch | 15 +++++ 4 files changed, 136 insertions(+) create mode 100644 net/tac_plus/Makefile create mode 100644 net/tac_plus/files/tac_plus.conf create mode 100755 net/tac_plus/files/tac_plus.init create mode 100644 net/tac_plus/patches/010-configure-remove-libnsl.patch diff --git a/net/tac_plus/Makefile b/net/tac_plus/Makefile new file mode 100644 index 000000000..ea3a9dca4 --- /dev/null +++ b/net/tac_plus/Makefile @@ -0,0 +1,51 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=tac_plus +PKG_VERSION:=4.0.4.28 +PKG_REV:=259251e6f1c2d5c98081a43c6f66d9eb2989cfd8 +PKG_RELEASE:=1 + +PKG_SOURCE_VERSION:=$(PKG_REV) +PKG_SOURCE_DATE:=2019.02.11 +PKG_SOURCE_URL:=https://codeload.github.com/facebook/tac_plus/tar.gz/$(PKG_SOURCE_VERSION)? +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_DATE)-$(PKG_SOURCE_VERSION).tar.gz +PKG_HASH:=3c37d6a8acf66cac4a95558bf3e29686ef3be505a1638e2ef788a7ece41d1b01 + +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) +PKG_BUILD_SUBDIR:=tacacs-F$(PKG_VERSION) + +include $(INCLUDE_DIR)/package.mk + +PKG_UNPACK:=$(HOST_TAR) -C $(PKG_BUILD_DIR) --strip-components=1 -xzf $(DL_DIR)/$(PKG_SOURCE) + +MAKE_PATH:=$(PKG_BUILD_SUBDIR) +CONFIGURE_PATH:=$(PKG_BUILD_SUBDIR) + +CONFIGURE_ARGS += \ + --disable-shared \ + --without-libwrap + +define Package/tac_plus + SECTION:=net + CATEGORY:=Network + TITLE:=TACACS+ daemon + URL:=https://github.com/facebook/tac_plus/ +endef + +define Package/tac_plus/description +TACACS+ is a protocol (not TACACS or XTACACS) for authentication, +authorization and accounting (AAA) services for routers and network devices. +endef + +define Package/tac_plus/conffiles +/etc/tac_plus.conf +endef + +define Package/tac_plus/install + $(INSTALL_DIR) $(1)/etc/init.d $(1)/usr/sbin + $(INSTALL_CONF) ./files/tac_plus.conf $(1)/etc/tac_plus.conf + $(INSTALL_BIN) ./files/tac_plus.init $(1)/etc/init.d/tac_plus + $(INSTALL_BIN) $(PKG_BUILD_DIR)/$(PKG_BUILD_SUBDIR)/tac_plus $(1)/usr/sbin/ +endef + +$(eval $(call BuildPackage,tac_plus)) diff --git a/net/tac_plus/files/tac_plus.conf b/net/tac_plus/files/tac_plus.conf new file mode 100644 index 000000000..5b9ce6cde --- /dev/null +++ b/net/tac_plus/files/tac_plus.conf @@ -0,0 +1,58 @@ +# +# An example tac_plus configuration. You should change this +# before using it. +# + +# Define where to log accounting data, this is the default. +accounting file = /var/log/tac_plus.acct + +# This is the key that clients have to use to access Tacacs+ +key = testing123 + +# Use /etc/passwd file to do authentication +#default authentication = file /etc/passwd + +# You can use feature like per host key with different enable passwords +#host = 127.0.0.1 { +# key = test +# type = cisco +# enable = enablepass +# prompt = "Welcome XXX ISP Access Router \n\nUsername:" +#} + +# We also can define local users and specify a file where data is stored. +# That file may be filled using tac_pwd +#user = test1 { +# name = "Test User" +# member = staff +# login = file /etc/tacacs/tacacs_passwords +#} + +# We can also specify rules valid per group of users. +#group = group1 { +# cmd = conf { +# deny +# } +#} + +# Another example : forbid configure command for some hosts +# for a define range of clients +#group = group1 { +# login = file /etc/passwd +# service = ppp +# protocol = ip { +# addr = 10.10.0.0/24 +# } +# cmd = conf { +# deny .* +# } +#} + +user = DEFAULT { + login = file /etc/passwd + service = ppp protocol = ip {} +} + +# Much more features are availables, like ACL, more service compatibilities, +# commands authorization, scripting authorization. +# See the man page for those features. diff --git a/net/tac_plus/files/tac_plus.init b/net/tac_plus/files/tac_plus.init new file mode 100755 index 000000000..42cae8c09 --- /dev/null +++ b/net/tac_plus/files/tac_plus.init @@ -0,0 +1,12 @@ +#!/bin/sh /etc/rc.common + +START=99 + +USE_PROCD=1 +PROG=/usr/sbin/tac_plus + +start_service() { + procd_open_instance + procd_set_param command "$PROG" -G -C /etc/tac_plus.conf + procd_close_instance +} diff --git a/net/tac_plus/patches/010-configure-remove-libnsl.patch b/net/tac_plus/patches/010-configure-remove-libnsl.patch new file mode 100644 index 000000000..01ac6aa55 --- /dev/null +++ b/net/tac_plus/patches/010-configure-remove-libnsl.patch @@ -0,0 +1,15 @@ +--- a/tacacs-F4.0.4.28/configure 2015-01-06 22:55:35.000000000 +0100 ++++ b/tacacs-F4.0.4.28/configure 2019-01-31 14:44:28.679272504 +0100 +@@ -3285,11 +3285,9 @@ + ;; + *linux* ) + # XXX: not sure if /usr/local is necessary. +- # XXX: linux libwrap needs -lnsl. configure should check for +- # existence of libnsl instead of hard-coding + CPPFLAGS="$CFLAGS -I/usr/local/include"; export CPPFLAGS + LDFLAGS="$LDFLAGS -L/usr/local/lib -L/lib"; export LDFLAGS +- LIBS="-lnsl -lcrypt $LIBS"; export LIBS ++ LIBS="-lcrypt $LIBS"; export LIBS + $as_echo "#define LINUX 1" >>confdefs.h + +