Date: Thu, 26 Sep 2002 07:27:38 +0200 From: Andreas Klemm <andreas@klemm.gtn.com> To: "Vladimir A. Jakovenko" <vovik@lucky.net> Cc: ports@freebsd.org, andreas_and_joe@tao.org.uk Subject: Re: FreeBSD TACACS+ port Message-ID: <20020926052738.GB3500@titan.klemm.apsfilter.org> In-Reply-To: <20020925205621.GA49680@lucky.net> References: <20020925205621.GA49680@lucky.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks Vladimir,
I don't have the time to do it. And I don't have a Cisco at home
anymore. So if Joe doesn't mail you back the best would be to send
it as problem report to the FreeBSD ports team, so that somebody
else can make the change.
And yes you are right IOS 12 should be the default now.
Andreas ///
On Wed, Sep 25, 2002 at 11:56:21PM +0300, Vladimir A. Jakovenko wrote:
> Dear Sirs,
>
> Below is attached two patches to actual FreeBSD tac_plus port which extends
> it functionality to support wrapping tac_plus requests by TCP_Wrappers.
>
> It will be nice if you find time and update official port with such changes.
>
> I also would like to recommend you to change default TAC_IOS_VERSION to 12.
>
> --
> Regards,
> Vladimir.
>
> --- Makefile.old Wed Sep 25 18:21:43 2002
> +++ Makefile Wed Sep 25 23:54:26 2002
> @@ -37,8 +37,14 @@
> .else
> CFLAGS+= -DTAC_IOS_VERSION=11
> .endif
>
> +# TCP_Wrappers support
> +.if defined(USE_LIBWRAP) && ${USE_LIBWRAP} == YES
> +CFLAGS+= -DLIBWRAP -lwrap
> +EXTRA_PATCHES+= ${PATCHDIR}/extra-patch-bc
> +.endif
> +
> do-install:
> ${INSTALL_PROGRAM} ${WRKSRC}/tac_plus ${PREFIX}/sbin
> ${INSTALL_MAN} ${WRKSRC}/tac_plus.1 ${PREFIX}/man/man1/tac_plus.1
> ${INSTALL_DATA} ${FILESDIR}/tac_plus.conf.example ${PREFIX}/etc/
>
> --- tac_plus.c.orig Wed Sep 25 23:42:41 2002
> +++ tac_plus.c Wed Sep 25 23:44:32 2002
> @@ -27,8 +27,15 @@
> #include "tac_plus.h"
> #include "sys/wait.h"
> #include "signal.h"
>
> +#ifdef LIBWRAP
> +#include <tcpd.h>
> +#include <syslog.h>
> +int allow_severity = LOG_INFO;
> +int deny_severity = LOG_WARNING;
> +#endif /* LIBWRAP */
> +
> static int standalone = 1; /* running standalone (1) or under inetd (0) */
> static int initialised = 0; /* data structures have been allocated */
> int sendauth_only = 0; /* don't respond to sendpass requests */
> int debug = 0; /* debugging flags */
> @@ -494,8 +501,26 @@
> if (pid == 0) {
> /* child */
> if (!single)
> close(s);
> +#ifdef LIBWRAP
> + /* Check whether requests are denied from this host. */
> + {
> + struct request_info req;
> +
> + request_init(&req, RQ_DAEMON, basename(argv[0]), RQ_FILE, newso
> ckfd, 0);
> + fromhost(&req);
> +
> + if (!hosts_access(&req)) {
> + shutdown(session.sock, 2);
> + close(session.sock);
> + refuse(&req);
> + /* NOTREACHED */
> + report(LOG_ERR, "libwrap refuse returns");
> + }
> + }
> +#endif /* LIBWRAP */
> +
> session.sock = newsockfd;
> start_session();
> shutdown(session.sock, 2);
> close(session.sock);
>
--
Andreas Klemm /\/\/\/\/\/\/\/\/\/\/\
http://www.64bits.de < Powered by FreeBSD >
http://www.apsfilter.org/ \ www.FreeBSD.org /
http://people.FreeBSD.ORG/~andreas \/\/\/\/\/\/\/\/\/\/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020926052738.GB3500>