tacacs+ (4.0.4.19-8) debian-dir only changes

Summary

 debian/README.source                    |   38 +++++
 debian/changelog                        |   49 ++++++
 debian/compat                           |    1 
 debian/control                          |   31 ++++
 debian/copyright                        |   37 +++++
 debian/dirs                             |    6 
 debian/do_auth.8                        |   64 +++++++++
 debian/libtacacs+1-dev.debhelper.log    |    1 
 debian/libtacacs+1-dev.install          |    3 
 debian/libtacacs+1.debhelper.log        |    1 
 debian/libtacacs+1.install              |    1 
 debian/libtacacs+1.lintian-overrides    |    2 
 debian/patches/00list                   |    2 
 debian/patches/fix_gethostbyname.dpatch |  139 +++++++++++++++++++
 debian/patches/fix_man.dpatch           |   17 ++
 debian/postrm                           |    6 
 debian/rules                            |   90 ++++++++++++
 debian/tac_plus.conf                    |   60 ++++++++
 debian/tacacs+.debhelper.log            |    1 
 debian/tacacs+.default                  |    6 
 debian/tacacs+.install                  |    3 
 debian/tacacs+.lintian-overrides        |    1 
 debian/tacacs+.logrotate                |   12 +
 debian/tacacs+.tacacs_plus.init         |  225 ++++++++++++++++++++++++++++++++
 24 files changed, 796 insertions(+)

    
download this patch

Patch contents

--- tacacs+-4.0.4.19.orig/debian/control
+++ tacacs+-4.0.4.19/debian/control
@@ -0,0 +1,31 @@
+Source: tacacs+
+Section: net
+Priority: extra
+Maintainer: Henry-Nicolas Tourneur <henry.nicolas@tourneur.be>
+Build-Depends: debhelper (>= 7), autotools-dev, flex, m4, bison, libwrap0-dev, libpam0g-dev, dpatch
+Standards-Version: 3.8.4
+Homepage: http://www.shrubbery.net/tac_plus/
+
+Package: tacacs+
+Architecture: any
+Depends: ${misc:Depends}, ${shlibs:Depends}, libwrap0, libpam0g, adduser, libtacacs+1, python
+Description: TACACS+ authentication daemon
+ TACACS+ is a protocol (not TACACS or XTACACS) for authentication, 
+ authorization and accounting (AAA) services for routers and network devices.
+
+Package: libtacacs+1
+Architecture: any
+Depends: ${misc:Depends}, ${shlibs:Depends}, libwrap0, libpam0g, adduser
+Description: TACACS+ authentication daemon
+ TACACS+ is a protocol (not TACACS or XTACACS) for authentication, 
+ authorization and accounting (AAA) services for routers and network devices.
+ This package include the library used by the Daemon.
+
+Package: libtacacs+1-dev
+Architecture: all
+Section: libdevel
+Depends: ${misc:Depends}, libtacacs+1 (>= ${source:Upstream-Version}), libtacacs+1 (<< ${source:Upstream-Version}+1~)
+Description: TACACS+ authentication daemon
+ TACACS+ is a protocol (not TACACS or XTACACS) for authentication, 
+ authorization and accounting (AAA) services for routers and network devices.
+ This package include the header file used for development purpose.
--- tacacs+-4.0.4.19.orig/debian/libtacacs+1.lintian-overrides
+++ tacacs+-4.0.4.19/debian/libtacacs+1.lintian-overrides
@@ -0,0 +1,2 @@
+package-name-doesnt-match-sonames
+
--- tacacs+-4.0.4.19.orig/debian/rules
+++ tacacs+-4.0.4.19/debian/rules
@@ -0,0 +1,90 @@
+#!/usr/bin/make -f
+# -*- makefile -*-
+
+include /usr/share/dpatch/dpatch.make
+# These are used for cross-compiling and for saving the configure script
+# from having to guess our platform (since we know it already)
+DEB_HOST_GNU_TYPE   ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
+DEB_BUILD_GNU_TYPE  ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
+ifneq ($(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE))
+CROSS= --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE)
+else
+CROSS= --build $(DEB_BUILD_GNU_TYPE)
+endif
+
+
+
+config.status: patch-stamp configure
+	dh_testdir
+ifneq "$(wildcard /usr/share/misc/config.sub)" ""
+	cp -f /usr/share/misc/config.sub config.sub
+endif
+ifneq "$(wildcard /usr/share/misc/config.guess)" ""
+	cp -f /usr/share/misc/config.guess config.guess
+endif
+	./configure $(CROSS) --prefix=/usr --bindir=\$${prefix}/sbin --mandir=\$${prefix}/share/man\
+		--infodir=\$${prefix}/share/info CFLAGS="$(CFLAGS)"\
+		--enable-acls --enable-uenable --enable-maxsess --enable-finger
+
+build: build-stamp
+
+build-stamp:  config.status 
+	dh_testdir
+	$(MAKE)
+
+	touch $@
+
+clean: unpatch
+	dh_testdir
+	dh_testroot
+	rm -f build-stamp 
+
+	[ ! -f Makefile ] || $(MAKE) distclean
+	rm -f config.sub config.guess users_guide debian/*.log debian/files
+
+	dh_prep
+
+install: build
+	dh_testdir
+	dh_testroot
+	dh_installdirs
+
+	$(MAKE) DESTDIR=$(CURDIR)/debian/tmp install
+
+
+# Build architecture-independent files here.
+binary-indep: build install
+
+# Build architecture-dependent files here.
+binary-arch: build install
+	dh_testdir
+	dh_testroot
+	dh_installchangelogs CHANGES
+	dh_installdocs	
+	dh_installlogrotate
+	dh_installinit --name=tacacs_plus
+	dh_installman
+	dh_install
+	dh_makeshlibs
+	dh_shlibdeps
+	dh_link
+	dh_strip
+	dh_fixperms
+	install -m 644 debian/tacacs+.default $(CURDIR)/debian/tacacs+/etc/default/tacacs+
+	install -m 600 debian/tac_plus.conf $(CURDIR)/debian/tacacs+/etc/tacacs+
+	install -m 755 do_auth.py $(CURDIR)/debian/tacacs+/usr/sbin/do_auth
+	install -d $(CURDIR)/debian/tacacs+/usr/share/lintian/overrides
+	install -d $(CURDIR)/debian/libtacacs+1/usr/share/lintian/overrides
+	install -m 644 debian/tacacs+.lintian-overrides $(CURDIR)/debian/tacacs+/usr/share/lintian/overrides/tacacs+
+	install -m 644 debian/do_auth.8 $(CURDIR)/debian/tacacs+/usr/share/man/man8
+	install -m 644 debian/libtacacs+1.lintian-overrides $(CURDIR)/debian/libtacacs+1/usr/share/lintian/overrides/libtacacs+1
+	dh_compress
+	dh_installdeb
+	dh_gencontrol
+	dh_md5sums
+	dh_builddeb
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install 
+
+
--- tacacs+-4.0.4.19.orig/debian/compat
+++ tacacs+-4.0.4.19/debian/compat
@@ -0,0 +1 @@
+7
--- tacacs+-4.0.4.19.orig/debian/tacacs+.debhelper.log
+++ tacacs+-4.0.4.19/debian/tacacs+.debhelper.log
@@ -0,0 +1 @@
+dh_prep
--- tacacs+-4.0.4.19.orig/debian/tacacs+.install
+++ tacacs+-4.0.4.19/debian/tacacs+.install
@@ -0,0 +1,3 @@
+usr/sbin
+usr/share/man/man5
+usr/share/man/man8
--- tacacs+-4.0.4.19.orig/debian/tacacs+.default
+++ tacacs+-4.0.4.19/debian/tacacs+.default
@@ -0,0 +1,6 @@
+# This is the configuration file for /etc/init.d/tacacs+
+# You can overwrite default arguments passed to the daemon here.
+# See man(8) tac_plus
+
+
+DAEMON_OPTS="-C /etc/tacacs+/tac_plus.conf" 
--- tacacs+-4.0.4.19.orig/debian/do_auth.8
+++ tacacs+-4.0.4.19/debian/do_auth.8
@@ -0,0 +1,64 @@
+.TH do_auth 8  "February 27, 2010" "version 1.2"
+.SH NAME
+do_auth \- Program allowing more granular control than tac_plus.
+.SH SYNOPSIS
+.B do_auth
+\-u user [\-i Ip Address] [\-d Device address] [\-f Config filename] [\-l Log file] [-D Debug mode]
+.SH DESCRIPTION
+do_auth is a python program written to work as an authorization script for 
+tacacs to allow greater flexability in tacacs authentication.  It allows
+a user to be part of many predefined groups that can allow different
+access to different devices based on ip, user, and source address. 
+.PP
+Groups are assigned to users in the [users] section.  A user must
+be assigned to one or more groups, one per line.  Groups are defined 
+in brackets, but can be any name.  Each group can have up to 6 options 
+as defined below.
+
+ host_deny  	 	Deny any user coming from this host.  Optional.
+ host_allow		Allow users from this range. Mandatory with -i.
+ device_deny	 	Deny any device with this IP.  Optional.
+ device_permit	 	Allow this range. Mandatory if -d is specified.
+ command_deny	 	Deny these commands.  Optional.
+ command_permit	Allow these commands.  Mandatory.
+.PP
+The options are parsed in order till a match is found.  Obviously, 
+for login, the commands section is not parsed.  If a match is not
+found, or a deny is found, we move on to the next group.  At the
+end, we have an implicit deny if no groups match.  All tacacs keys
+passed on login to do_auth are returned.  (except cmd*)  It is 
+possible to modify them, but I haven't implemented this yet as
+I don't need it.  Future versions may have an av_pair & 
+append_av_pair option.
+.PP
+.SH OPTIONS
+.TP
+\-u
+Username.  Mandatory.  $user
+.TP
+\-i
+Ip address of user.  Optional.  If not specified, all host_ entries
+are ignored and can be omitted. $address
+.TP
+\-d
+Device address.  Optional.  If not specified, all device_ entries
+are ignored and can be omitted.  $name
+.TP
+\-f
+Config Filename.  Default is do_auth.ini.
+.TP
+\-l
+Logfile. Default is log.txt.
+.TP
+\-D
+Activate debug mode.
+.SH EXAMPLES
+.B do_auth
+-i $address -u $user -d $name -l /var/log/do_auth.log -f /etc/tacacs+/do_auth.ini
+.PP
+.SH EXIT STATUS
+do_auth returns 0 to allow, 1 to deny authorization.
+.SH AUTHOR
+Henry-Nicolas Tourneur from the do_auth file written by Dan Schmidt.
+.SH SEE ALSO
+tac_plus(8), tac_plus.conf(5) 
--- tacacs+-4.0.4.19.orig/debian/libtacacs+1.debhelper.log
+++ tacacs+-4.0.4.19/debian/libtacacs+1.debhelper.log
@@ -0,0 +1 @@
+dh_prep
--- tacacs+-4.0.4.19.orig/debian/tacacs+.tacacs_plus.init
+++ tacacs+-4.0.4.19/debian/tacacs+.tacacs_plus.init
@@ -0,0 +1,225 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          tacacs+
+# Required-Start:    $network $local_fs $syslog $remote_fs
+# Required-Stop:     $network $local_fs $remote_fs
+# Should-Start:      $named
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: TACACS+ authentication daemon
+### END INIT INFO
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+DAEMON=/usr/sbin/tac_plus
+NAME="tacacs+"              
+DESC="TACACS+ authentication daemon"              
+LOGDIR=/var/log/
+STARTTIME=1
+
+PIDFILE=/var/run/tac_plus.pid
+
+test -x $DAEMON || exit 0
+
+. /lib/lsb/init-functions
+
+# Default options, these can be overriden by the information
+# at /etc/default/$NAME
+DAEMON_OPTS="-C /etc/tacacs+/tac_plus.conf"          # Additional options given to the server
+
+                        
+LOGFILE=$LOGDIR/tac_plus.log  # Server logfile
+
+# Include defaults if available
+if [ -f /etc/default/$NAME ] ; then
+	. /etc/default/$NAME
+fi
+
+# Check that the user exists (if we set a user)
+# Does the user exist?
+if [ -n "$DAEMONUSER" ] ; then
+    if getent passwd | grep -q "^$DAEMONUSER:"; then
+        # Obtain the uid and gid
+        DAEMONUID=`getent passwd |grep "^$DAEMONUSER:" | awk -F : '{print $3}'`
+        DAEMONGID=`getent passwd |grep "^$DAEMONUSER:" | awk -F : '{print $4}'`
+    else
+        log_failure_msg "The user $DAEMONUSER, required to run $NAME does not exist."
+        exit 1
+    fi
+fi
+
+
+set -e
+
+running_pid() {
+# Check if a given process pid's cmdline matches a given name
+    pid=$1
+    name=$2
+    [ -z "$pid" ] && return 1
+    [ ! -d /proc/$pid ] &&  return 1
+    cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1`
+    # Is this the expected server
+    [ "$cmd" != "$name" ] &&  return 1
+    return 0
+}
+
+running() {
+# Check if the process is running looking at /proc
+# (works for all users)
+
+    # No pidfile, probably no daemon present
+    [ ! -f "$PIDFILE" ] && return 1
+    pid=`cat $PIDFILE`
+    running_pid $pid $DAEMON || return 1
+    return 0
+}
+
+start_server() {
+# Start the process using the wrapper
+        start-stop-daemon --start --quiet --pidfile $PIDFILE \
+               --exec $DAEMON -- $DAEMON_OPTS
+        errcode=$?
+	return $errcode
+}
+
+stop_server() {
+# Stop the process using the wrapper
+        if [ -z "$DAEMONUSER" ] ; then
+            killproc -p $PIDFILE $DAEMON
+            errcode=$?
+        else
+# if we are using a daemonuser then look for process that match
+            start-stop-daemon --stop --quiet --pidfile $PIDFILE \
+                        --user $DAEMONUSER \
+                        --exec $DAEMON
+            errcode=$?
+        fi
+
+	return $errcode
+}
+
+reload_server() {
+    [ ! -f "$PIDFILE" ] && return 1
+    pid=`cat $PIDFILE` # This is the daemon's pid
+    # Send a SIGHUP
+    kill -1 $pid
+    return $?
+}
+
+force_stop() {
+# Force the process to die killing it manually
+	[ ! -e "$PIDFILE" ] && return
+	if running ; then
+		kill -15 $pid
+	# Is it really dead?
+		sleep "$DIETIME"s
+		if running ; then
+			kill -9 $pid
+			sleep "$DIETIME"s
+			if running ; then
+				echo "Cannot kill $NAME (pid=$pid)!"
+				exit 1
+			fi
+		fi
+	fi
+	rm -f $PIDFILE
+}
+
+
+case "$1" in
+  start)
+	log_daemon_msg "Starting $DESC " "$NAME"
+        # Check if it's running first
+        if running ;  then
+            log_progress_msg "apparently already running"
+            log_end_msg 0
+            exit 0
+        fi
+        if start_server ; then
+            # NOTE: Some servers might die some time after they start,
+            # this code will detect this issue if STARTTIME is set
+            # to a reasonable value
+            [ -n "$STARTTIME" ] && sleep $STARTTIME # Wait some time 
+            if  running ;  then
+                # It's ok, the server started and is running
+                log_end_msg 0
+            else
+                # It is not running after we did start
+                log_end_msg 1
+            fi
+        else
+            # Either we could not start it
+            log_end_msg 1
+        fi
+	;;
+  stop)
+        log_daemon_msg "Stopping $DESC" "$NAME"
+        if running ; then
+            # Only stop the server if we see it running
+			errcode=0
+            stop_server || errcode=$?
+            log_end_msg $errcode
+        else
+            # If it's not running don't do anything
+            log_progress_msg "apparently not running"
+            log_end_msg 0
+            exit 0
+        fi
+        ;;
+  force-stop)
+        # First try to stop gracefully the program
+        $0 stop
+        if running; then
+            # If it's still running try to kill it more forcefully
+            log_daemon_msg "Stopping (force) $DESC" "$NAME"
+			errcode=0
+            force_stop || errcode=$?
+            log_end_msg $errcode
+        fi
+	;;
+  restart|force-reload)
+        log_daemon_msg "Restarting $DESC" "$NAME"
+		errcode=0
+        stop_server || errcode=$?
+        # Wait some sensible amount, some server need this
+        [ -n "$DIETIME" ] && sleep $DIETIME
+        start_server || errcode=$?
+        [ -n "$STARTTIME" ] && sleep $STARTTIME
+        running || errcode=$?
+        log_end_msg $errcode
+	;;
+  status)
+
+        log_daemon_msg "Checking status of $DESC" "$NAME"
+        if running ;  then
+            log_progress_msg "running"
+            log_end_msg 0
+        else
+            log_progress_msg "apparently not running"
+            log_end_msg 1
+            exit 1
+        fi
+        ;;
+  # Use this if the daemon cannot reload
+  reload)
+	log_daemon_msg "Reloading $DESC configuration files" "$NAME"
+	if reload_server ; then
+		if running ; then
+			log_end_msg 0
+		else 
+			log_progress_msg "$NAME not running"
+			log_end_msg 1
+		fi
+	else
+		log_progress_msg "Reload failled"
+		log_end_msg 1
+	fi
+        ;;
+  *)
+	N=/etc/init.d/$NAME
+	echo "Usage: $N {start|stop|force-stop|restart|force-reload|status}" >&2
+	exit 1
+	;;
+esac
+
+exit 0
--- tacacs+-4.0.4.19.orig/debian/libtacacs+1-dev.install
+++ tacacs+-4.0.4.19/debian/libtacacs+1-dev.install
@@ -0,0 +1,3 @@
+usr/include/*
+usr/lib/libtacacs*.so
+usr/share/man/man3
--- tacacs+-4.0.4.19.orig/debian/tac_plus.conf
+++ tacacs+-4.0.4.19/debian/tac_plus.conf
@@ -0,0 +1,60 @@
+# Created by Henry-Nicolas Tourneur(henry.nicolas@tourneur.be)
+# See man(5) tac_plus.conf for more details
+
+# Define where to log accounting data, this is the default.
+
+accounting file = /var/log/tac_plus.acct
+
+# This is the key that clients have to use to access Tacacs+
+
+key = testing123
+
+# Use /etc/passwd file to do authentication
+    
+#default authentication = file /etc/passwd
+ 
+
+# You can use feature like per host key with different enable passwords
+#host = 127.0.0.1 {
+#        key = test 
+#        type = cisco
+#        enable = <des|cleartext> enablepass
+#        prompt = "Welcome XXX ISP Access Router \n\nUsername:"
+#}
+
+# We also can define local users and specify a file where data is stored.
+# That file may be filled using tac_pwd
+#user = test1 {
+#    name = "Test User"
+#    member = staff
+#    login = file /etc/tacacs/tacacs_passwords
+#}
+
+# We can also specify rules valid per group of users.
+#group = group1 {
+#	cmd = conf {
+#		deny
+#	}
+#}
+
+# Another example : forbid configure command for some hosts
+# for a define range of clients
+#group = group1 {
+#	login = PAM
+#	service = ppp
+#	protocol = ip {
+#		addr = 10.10.0.0/24
+#	}
+#	cmd = conf {
+#		deny .*
+#	}
+#}
+
+user = DEFAULT {
+	login = PAM
+	service = ppp protocol = ip {}
+}
+
+# Much more features are availables, like ACL, more service compatibilities,
+# commands authorization, scripting authorization.
+# See the man page for those features.
--- tacacs+-4.0.4.19.orig/debian/dirs
+++ tacacs+-4.0.4.19/debian/dirs
@@ -0,0 +1,6 @@
+usr/sbin
+etc/tacacs+
+etc/logrotate.d
+etc/default
+etc/init.d
+
--- tacacs+-4.0.4.19.orig/debian/libtacacs+1-dev.debhelper.log
+++ tacacs+-4.0.4.19/debian/libtacacs+1-dev.debhelper.log
@@ -0,0 +1 @@
+dh_prep
--- tacacs+-4.0.4.19.orig/debian/tacacs+.lintian-overrides
+++ tacacs+-4.0.4.19/debian/tacacs+.lintian-overrides
@@ -0,0 +1 @@
+tacacs+: non-standard-file-perm etc/tacacs+/tac_plus.conf 0600 != 0644
--- tacacs+-4.0.4.19.orig/debian/tacacs+.logrotate
+++ tacacs+-4.0.4.19/debian/tacacs+.logrotate
@@ -0,0 +1,12 @@
+/var/log/tac_plus.log
+/var/log/tac_plus.acct {
+  rotate 4
+  weekly
+  compress
+  missingok
+  notifempty
+  postrotate
+ 	/etc/init.d/tacacs_plus reload > /dev/null
+  endscript
+}
+
--- tacacs+-4.0.4.19.orig/debian/changelog
+++ tacacs+-4.0.4.19/debian/changelog
@@ -0,0 +1,49 @@
+tacacs+ (4.0.4.19-8) unstable; urgency=low
+  * Closes: #582334 (replace gethostbyname() with getaddrinfo())
+
+ -- Henry-Nicolas Tourneur <henry.nicolas@tourneur.be>  Thu, 23 May 2010 11:46:24 +0100
+
+tacacs+ (4.0.4.19-7) unstable; urgency=low
+  * Closes: #580845 (fix logrotate init script reload issue)
+
+ -- Henry-Nicolas Tourneur <henry.nicolas@tourneur.be>  Thu, 09 May 2010 13:23:15 +0100
+
+tacacs+ (4.0.4.19-6) unstable; urgency=low
+  * Closes: #573766 (fix FTBFS)
+
+ -- Henry-Nicolas Tourneur <henry.nicolas@tourneur.be>  Thu, 14 Mar 2010 11:21:08 +0100
+
+tacacs+ (4.0.4.19-5) unstable; urgency=low
+  * Correct a typo in copyright file
+  * Add the path to the GPL3 license in copyright file
+
+ -- Henry-Nicolas Tourneur <henry.nicolas@tourneur.be>  Thu, 13 Mar 2010 12:03:33 +0100
+
+tacacs+ (4.0.4.19-4) unstable; urgency=low
+  * Include do_auth.py in binary and correct copyright issue
+  * Add a man page for do_auth
+
+ -- Henry-Nicolas Tourneur <henry.nicolas@tourneur.be>  Thu, 22 Feb 2010 22:55:42 +0100
+
+tacacs+ (4.0.4.19-3) unstable; urgency=low
+  * Remove bad group/owner from the logrotate file
+
+ -- Henry-Nicolas Tourneur <henry.nicolas@tourneur.be>  Thu, 14 Feb 2010 20:19:14 +0100
+
+tacacs+ (4.0.4.19-2) unstable; urgency=low
+  * Correct an error in the logrotate file
+
+ -- Henry-Nicolas Tourneur <henry.nicolas@tourneur.be>  Thu, 11 Feb 2010 19:06:14 +0100
+
+tacacs+ (4.0.4.19-1) unstable; urgency=low
+
+  * Patches:
+    - fix_man : Correct a man page error about a date
+  * 2 lintian overwrites:
+    - package-name-doesnt-match-sonames : because the so file 
+      is named libtacacs.so but the software name is tacacs+ and not tacacs.
+    - non-standard-file-perm : because the main configuration 
+      file holds the tacacs+ key, it shouldn't be world readable.
+  * Initial release (Closes: #568161)
+
+ -- Henry-Nicolas Tourneur <henry.nicolas@tourneur.be>  Thu, 04 Feb 2010 15:04:46 +0100
--- tacacs+-4.0.4.19.orig/debian/README.source
+++ tacacs+-4.0.4.19/debian/README.source
@@ -0,0 +1,38 @@
+This package uses dpatch to manage all modifications to the upstream
+source. Changes are stored in the source package as diffs in
+debian/patches and applied during the build.
+
+To get the fully patched source after unpacking the source package, cd
+to the root level of the source package and run:
+
+    debian/rules patch
+
+Removing a patch is as simple as removing its entry from the
+debian/patches/00list file, and please also remove the patch file
+itself.
+
+Creating a new patch is done with "dpatch-edit-patch patch XX_patchname"
+where you should replace XX with a new number and patchname with a
+descriptive shortname of the patch. You can then simply edit all the
+files your patch wants to edit, and then simply "exit 0" from the shell
+to actually create the patch file.
+
+To tweak an already existing patch, call "dpatch-edit-patch XX_patchname"
+and replace XX_patchname with the actual filename from debian/patches
+you want to use.
+
+To clean up afterwards again, "debian/rules unpatch" will do the
+work for you - or you can of course choose to call
+"fakeroot debian/rules clean" all together.
+
+
+--- 
+
+this documentation is part of dpatch package, and may be used by
+packages using dpatch to comply with policy on README.source. This
+documentation is meant to be useful to users who are not proficient in
+dpatch in doing work with dpatch-based packages. Please send any
+improvements to the BTS of dpatch package.
+
+original text by Gerfried Fuchs, edited by Junichi Uekawa <dancer@debian.org>
+10 Aug 2008.
--- tacacs+-4.0.4.19.orig/debian/postrm
+++ tacacs+-4.0.4.19/debian/postrm
@@ -0,0 +1,6 @@
+#!/bin/sh
+set -e
+#DEBHELPER#
+if [ "$1" = "purge" ] ; then
+	rm -f /var/log/tac_plus*
+fi
--- tacacs+-4.0.4.19.orig/debian/copyright
+++ tacacs+-4.0.4.19/debian/copyright
@@ -0,0 +1,37 @@
+This package was debianized by Henry-Nicolas Tourneur <henry.nicolas@tourneur.be> on
+Wed, 23 Dec 2009 15:04:46 +0100.
+
+It was downloaded from http://www.shrubbery.net/tac_plus/
+
+Lol Grant (Cisco System) : up to 4.0.3a not included
+Contributors are in CHANGES file
+
+Copyright:
+
+The original cisco code carries the following license/disclaimer/whatever:
+
+/*
+   Copyright (c) 1995-1998 by Cisco systems, Inc.
+
+   Permission to use, copy, modify, and distribute this software for
+   any purpose and without fee is hereby granted, provided that this
+   copyright and permission notice appear on all copies of the
+   software and supporting documentation, the name of Cisco Systems,
+   Inc. not be used in advertising or publicity pertaining to
+   distribution of the program without specific prior permission, and
+   notice be given in supporting documentation that modification,
+   copying and distribution is by permission of Cisco Systems, Inc.
+
+   Cisco Systems, Inc. makes no representations about the suitability
+   of this software for any purpose.  THIS SOFTWARE IS PROVIDED ``AS
+   IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
+   WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+   FITNESS FOR A PARTICULAR PURPOSE.
+*/
+
+As for the bits I have added or contributions I have received from other
+folks, they are noted in the CHANGES file post version 4.0.3a.  please
+give credit where due.  thanks.
+
+The file do_auth located under /usr/sbin is under GPL3+.
+The GPL3 license can be found under /usr/share/common-licenses/GPL-3.
--- tacacs+-4.0.4.19.orig/debian/libtacacs+1.install
+++ tacacs+-4.0.4.19/debian/libtacacs+1.install
@@ -0,0 +1 @@
+usr/lib/libtacacs*.so.*
--- tacacs+-4.0.4.19.orig/debian/patches/fix_gethostbyname.dpatch
+++ tacacs+-4.0.4.19/debian/patches/fix_gethostbyname.dpatch
@@ -0,0 +1,139 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## fix_gethostbyname.dpatch by  <root@>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' tacacs+-4.0.4.19~/maxsess.c tacacs+-4.0.4.19/maxsess.c
+--- tacacs+-4.0.4.19~/maxsess.c	2009-07-28 02:15:10.000000000 +0000
++++ tacacs+-4.0.4.19/maxsess.c	2010-05-23 09:43:06.000000000 +0000
+@@ -31,6 +31,8 @@
+ 
+ char *wholog = TACPLUS_WHOLOGFILE;
+ 
++static int timed_read(int, unsigned char *, int, int);
++
+ /*
+  * initialize wholog file for tracking of user logins/logouts from
+  * accounting records.
+@@ -262,8 +264,8 @@
+  *
+  * Return -1 on error, eof or timeout. Otherwise return number of bytes read.
+  */
+-int
+-timed_read(int fd, u_char *ptr, int nbytes, int timeout)
++static int
++timed_read(int fd, unsigned char *ptr, int nbytes, int timeout)
+ {
+     int nread;
+     struct pollfd pfds;
+@@ -346,64 +348,65 @@
+  * Column zero contains a space or an asterisk character.  The line number
+  * starts at column 1 and is 3 digits wide.  User names start at column 13,
+  * with a maximum possible width of 10.
++ *
++ * Returns the number of sessions/connections, or zero on error.
+  */
+ 
+ static int
+ ckfinger(char *user, char *nas, struct identity *idp)
+ {
+-    struct sockaddr_in sin;
+-    struct servent *serv;
+-    int count, s, bufsize;
++    struct addrinfo hints, *res, *resp;
++    int count, s, bufsize, ecode;
+     char *buf, *p, *pn;
+     int incr = 4096, slop = 32;
+-    u_long inaddr;
+     char *curport = portname(idp->NAS_port);
+     char *name;
+ 
+-    /* The finger service, aka port 79 */
+-    serv = getservbyname("finger", "tcp");
+-    if (serv) {
+-	sin.sin_port = serv->s_port;
+-    } else {
+-	sin.sin_port = 79;
+-    }
++    memset(&hints, 0, sizeof(struct addrinfo));
++    hints.ai_family = PF_UNSPEC;
++    hints.ai_socktype = SOCK_STREAM;
+ 
+-    /* Get IP addr for the NAS */
+-    inaddr = inet_addr(nas);
+-    if (inaddr != -1) {
+-	/* A dotted decimal address */
+-	memcpy(&sin.sin_addr, &inaddr, sizeof(inaddr));
+-	sin.sin_family = AF_INET;
+-    } else {
+-	struct hostent *host = gethostbyname(nas);
++    if ((ecode = getaddrinfo(nas, "finger", &hints, &res)) != 0) {
++	report(LOG_ERR, "ckfinger: getaddrinfo %s failure: %s", nas,
++        gai_strerror(ecode));
++        return(0);
++    }
+ 
+-	if (host == NULL) {
+-	    report(LOG_ERR, "ckfinger: gethostbyname %s failure: %s",
+-		   nas, strerror(errno));
++    ecode = 0;
++    for (resp = res; resp != NULL; resp = resp->ai_next) {
++        s = socket(resp->ai_family, resp->ai_socktype, resp->ai_protocol);
++        if (s < 0) {
++            if (errno == EAFNOSUPPORT || errno == EPROTONOSUPPORT)
++                continue;
++            report(LOG_ERR, "ckfinger: socket: %s", strerror(errno));
++            freeaddrinfo(res);
+ 	    return(0);
+ 	}
+-	memcpy(&sin.sin_addr, host->h_addr, host->h_length);
+-	sin.sin_family = host->h_addrtype;
++	if ((ecode = connect(s, resp->ai_addr, res->ai_addrlen)) < 0) {
++            close(s);
++            continue;
++        } else
++            break;
+     }
+ 
+-    s = socket(AF_INET, SOCK_STREAM, 0);
+-    if (s < 0) {
++    freeaddrinfo(res);
++    /* socket failure / no supported address families */
++    if (resp == NULL && ecode == 0) {
+ 	report(LOG_ERR, "ckfinger: socket: %s", strerror(errno));
+ 	return(0);
+     }
+-    if (connect(s, (struct sockaddr *) & sin, sizeof(sin)) < 0) {
+-	report(LOG_ERR, "ckfinger: connect failure %s", strerror(errno));
+-	close(s);
++    if (ecode != 0) {
++        report(LOG_ERR, "ckfinger: connect %s: %s", nas, strerror(errno));
+ 	return(0);
+     }
+-    /* Read in the finger output into a single flat buffer */
++    /* Read the finger output into a single flat buffer */
+     buf = NULL;
+     bufsize = 0;
+     for (;;) {
+ 	int x;
+ 
+ 	buf = tac_realloc(buf, bufsize + incr + slop);
+-	x = timed_read(s, buf + bufsize, incr, 10);
++	x = timed_read(s, (unsigned char *)(buf + bufsize), incr, 10);
+ 	if (x <= 0) {
+ 	    break;
+ 	}
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' tacacs+-4.0.4.19~/tac_plus.h tacacs+-4.0.4.19/tac_plus.h
+--- tacacs+-4.0.4.19~/tac_plus.h	2009-07-28 00:11:53.000000000 +0000
++++ tacacs+-4.0.4.19/tac_plus.h	2010-05-23 09:43:45.000000000 +0000
+@@ -669,7 +669,7 @@
+     char username[64];		/* User name */
+     char NAS_name[32];		/* NAS user logged into */
+     char NAS_port[32];		/*  ...port on that NAS */
+-    char NAC_address[32];	/*  ...IP address of NAS */
++    char NAC_address[64];	/*  ...IP address of NAS */
+ };
+ #endif /* MAXSESS */
+ 
--- tacacs+-4.0.4.19.orig/debian/patches/00list
+++ tacacs+-4.0.4.19/debian/patches/00list
@@ -0,0 +1,2 @@
+fix_man
+fix_gethostbyname
--- tacacs+-4.0.4.19.orig/debian/patches/fix_man.dpatch
+++ tacacs+-4.0.4.19/debian/patches/fix_man.dpatch
@@ -0,0 +1,17 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## fix_man.dpatch by Henry-Nicolas Tourneur <henry.nicolas@tourneur.be>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad tacacs+-4.0.4.19~/regexp.3 tacacs+-4.0.4.19/regexp.3
+--- tacacs+-4.0.4.19~/regexp.3	2009-07-17 17:34:30.000000000 +0000
++++ tacacs+-4.0.4.19/regexp.3	2010-01-31 16:36:14.000000000 +0000
+@@ -1,5 +1,4 @@
+-.TH REGEXP 3 local
+-.DA 2 April 1986
++.TH REGEXP 3 "2 April 1986"
+ .SH NAME
+ regcomp, regexec, regsub, regerror \- regular expression handler
+ .SH SYNOPSIS