tac_plus: New package (TACACS+ daemon)

Signed-off-by: Bruno Pena <brunompena@gmail.com>

tac_plus: Updated to the latest commit from upstream. Updated URL to reference Facebook's GitHub repository. Tweaked Makefile to include the date on the source package filename.

Signed-off-by: Bruno Pena <brunompena@gmail.com>

4 files changed, 136 insertions, 0 deletions

diff --git a/net/tac_plus/Makefile b/net/tac_plus/Makefile
new file mode 100644
index 000000000..ea3a9dca4
--- /dev/null
+++ b/net/tac_plus/Makefile
@@ -0,0 +1,51 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=tac_plus
+PKG_VERSION:=4.0.4.28
+PKG_REV:=259251e6f1c2d5c98081a43c6f66d9eb2989cfd8
+PKG_RELEASE:=1
+
+PKG_SOURCE_VERSION:=$(PKG_REV)
+PKG_SOURCE_DATE:=2019.02.11
+PKG_SOURCE_URL:=https://codeload.github.com/facebook/tac_plus/tar.gz/$(PKG_SOURCE_VERSION)?
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_DATE)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_HASH:=3c37d6a8acf66cac4a95558bf3e29686ef3be505a1638e2ef788a7ece41d1b01
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_BUILD_SUBDIR:=tacacs-F$(PKG_VERSION)
+
+include $(INCLUDE_DIR)/package.mk
+
+PKG_UNPACK:=$(HOST_TAR) -C $(PKG_BUILD_DIR) --strip-components=1 -xzf $(DL_DIR)/$(PKG_SOURCE)
+
+MAKE_PATH:=$(PKG_BUILD_SUBDIR)
+CONFIGURE_PATH:=$(PKG_BUILD_SUBDIR)
+
+CONFIGURE_ARGS += \
+	--disable-shared \
+	--without-libwrap
+
+define Package/tac_plus
+	SECTION:=net
+	CATEGORY:=Network
+	TITLE:=TACACS+ daemon
+	URL:=https://github.com/facebook/tac_plus/
+endef
+
+define Package/tac_plus/description
+TACACS+ is a protocol (not TACACS or XTACACS) for authentication,
+authorization and accounting (AAA) services for routers and network devices.
+endef
+
+define Package/tac_plus/conffiles
+/etc/tac_plus.conf
+endef
+
+define Package/tac_plus/install
+	$(INSTALL_DIR) $(1)/etc/init.d $(1)/usr/sbin
+	$(INSTALL_CONF) ./files/tac_plus.conf $(1)/etc/tac_plus.conf
+	$(INSTALL_BIN) ./files/tac_plus.init $(1)/etc/init.d/tac_plus
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/$(PKG_BUILD_SUBDIR)/tac_plus $(1)/usr/sbin/
+endef
+
+$(eval $(call BuildPackage,tac_plus))
diff --git a/net/tac_plus/files/tac_plus.conf b/net/tac_plus/files/tac_plus.conf
new file mode 100644
index 000000000..5b9ce6cde
--- /dev/null
+++ b/net/tac_plus/files/tac_plus.conf
@@ -0,0 +1,58 @@
+#
+# An example tac_plus configuration. You should change this
+# before using it.
+#
+
+# Define where to log accounting data, this is the default.
+accounting file = /var/log/tac_plus.acct
+
+# This is the key that clients have to use to access Tacacs+
+key = testing123
+
+# Use /etc/passwd file to do authentication
+#default authentication = file /etc/passwd
+
+# You can use feature like per host key with different enable passwords
+#host = 127.0.0.1 {
+#        key = test 
+#        type = cisco
+#        enable = <des|cleartext> enablepass
+#        prompt = "Welcome XXX ISP Access Router \n\nUsername:"
+#}
+
+# We also can define local users and specify a file where data is stored.
+# That file may be filled using tac_pwd
+#user = test1 {
+#    name = "Test User"
+#    member = staff
+#    login = file /etc/tacacs/tacacs_passwords
+#}
+
+# We can also specify rules valid per group of users.
+#group = group1 {
+#	cmd = conf {
+#		deny
+#	}
+#}
+
+# Another example : forbid configure command for some hosts
+# for a define range of clients
+#group = group1 {
+#	login = file /etc/passwd
+#	service = ppp
+#	protocol = ip {
+#		addr = 10.10.0.0/24
+#	}
+#	cmd = conf {
+#		deny .*
+#	}
+#}
+
+user = DEFAULT {
+	login = file /etc/passwd
+	service = ppp protocol = ip {}
+}
+
+# Much more features are availables, like ACL, more service compatibilities,
+# commands authorization, scripting authorization.
+# See the man page for those features.
diff --git a/net/tac_plus/files/tac_plus.init b/net/tac_plus/files/tac_plus.init
new file mode 100755
index 000000000..42cae8c09
--- /dev/null
+++ b/net/tac_plus/files/tac_plus.init
@@ -0,0 +1,12 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+
+USE_PROCD=1
+PROG=/usr/sbin/tac_plus
+
+start_service() {
+	procd_open_instance
+	procd_set_param command "$PROG" -G -C /etc/tac_plus.conf
+	procd_close_instance
+}
diff --git a/net/tac_plus/patches/010-configure-remove-libnsl.patch b/net/tac_plus/patches/010-configure-remove-libnsl.patch
new file mode 100644
index 000000000..01ac6aa55
--- /dev/null
+++ b/net/tac_plus/patches/010-configure-remove-libnsl.patch
@@ -0,0 +1,15 @@
+--- a/tacacs-F4.0.4.28/configure	2015-01-06 22:55:35.000000000 +0100
++++ b/tacacs-F4.0.4.28/configure	2019-01-31 14:44:28.679272504 +0100
+@@ -3285,11 +3285,9 @@
+     ;;
+     *linux* )
+ 	# XXX: not sure if /usr/local is necessary.
+-	# XXX: linux libwrap needs -lnsl. configure should check for
+-	#      existence of libnsl instead of hard-coding
+ 	CPPFLAGS="$CFLAGS -I/usr/local/include"; export CPPFLAGS
+ 	LDFLAGS="$LDFLAGS -L/usr/local/lib -L/lib"; export LDFLAGS
+-	LIBS="-lnsl -lcrypt $LIBS"; export LIBS
++	LIBS="-lcrypt $LIBS"; export LIBS
+ 	$as_echo "#define LINUX 1" >>confdefs.h
+ 
+