--- tacacs+-4.0.4.19.orig/debian/control
+++ tacacs+-4.0.4.19/debian/control
@@ -0,0 +1,31 @@
+Source: tacacs+
+Section: net
+Priority: extra
+Maintainer: Henry-Nicolas Tourneur <henry.nicolas@tourneur.be>
+Build-Depends: debhelper (>= 7), autotools-dev, flex, m4, bison, libwrap0-dev, libpam0g-dev, dpatch
+Standards-Version: 3.8.4
+Homepage: http://www.shrubbery.net/tac_plus/
+
+Package: tacacs+
+Architecture: any
+Depends: ${misc:Depends}, ${shlibs:Depends}, libwrap0, libpam0g, adduser, libtacacs+1, python
+Description: TACACS+ authentication daemon
+ TACACS+ is a protocol (not TACACS or XTACACS) for authentication,
+ authorization and accounting (AAA) services for routers and network devices.
+
+Package: libtacacs+1
+Architecture: any
+Depends: ${misc:Depends}, ${shlibs:Depends}, libwrap0, libpam0g, adduser
+Description: TACACS+ authentication daemon
+ TACACS+ is a protocol (not TACACS or XTACACS) for authentication,
+ authorization and accounting (AAA) services for routers and network devices.
+ This package include the library used by the Daemon.
+
+Package: libtacacs+1-dev
+Architecture: all
+Section: libdevel
+Depends: ${misc:Depends}, libtacacs+1 (>= ${source:Upstream-Version}), libtacacs+1 (<< ${source:Upstream-Version}+1~)
+Description: TACACS+ authentication daemon
+ TACACS+ is a protocol (not TACACS or XTACACS) for authentication,
+ authorization and accounting (AAA) services for routers and network devices.
+ This package include the header file used for development purpose.
--- tacacs+-4.0.4.19.orig/debian/libtacacs+1.lintian-overrides
+++ tacacs+-4.0.4.19/debian/libtacacs+1.lintian-overrides
@@ -0,0 +1,2 @@
+package-name-doesnt-match-sonames
+
--- tacacs+-4.0.4.19.orig/debian/rules
+++ tacacs+-4.0.4.19/debian/rules
@@ -0,0 +1,90 @@
+#!/usr/bin/make -f
+# -*- makefile -*-
+
+include /usr/share/dpatch/dpatch.make
+# These are used for cross-compiling and for saving the configure script
+# from having to guess our platform (since we know it already)
+DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
+DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
+ifneq ($(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE))
+CROSS= --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE)
+else
+CROSS= --build $(DEB_BUILD_GNU_TYPE)
+endif
+
+
+
+config.status: patch-stamp configure
+ dh_testdir
+ifneq "$(wildcard /usr/share/misc/config.sub)" ""
+ cp -f /usr/share/misc/config.sub config.sub
+endif
+ifneq "$(wildcard /usr/share/misc/config.guess)" ""
+ cp -f /usr/share/misc/config.guess config.guess
+endif
+ ./configure $(CROSS) --prefix=/usr --bindir=\$${prefix}/sbin --mandir=\$${prefix}/share/man\
+ --infodir=\$${prefix}/share/info CFLAGS="$(CFLAGS)"\
+ --enable-acls --enable-uenable --enable-maxsess --enable-finger
+
+build: build-stamp
+
+build-stamp: config.status
+ dh_testdir
+ $(MAKE)
+
+ touch $@
+
+clean: unpatch
+ dh_testdir
+ dh_testroot
+ rm -f build-stamp
+
+ [ ! -f Makefile ] || $(MAKE) distclean
+ rm -f config.sub config.guess users_guide debian/*.log debian/files
+
+ dh_prep
+
+install: build
+ dh_testdir
+ dh_testroot
+ dh_installdirs
+
+ $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install
+
+
+# Build architecture-independent files here.
+binary-indep: build install
+
+# Build architecture-dependent files here.
+binary-arch: build install
+ dh_testdir
+ dh_testroot
+ dh_installchangelogs CHANGES
+ dh_installdocs
+ dh_installlogrotate
+ dh_installinit --name=tacacs_plus
+ dh_installman
+ dh_install
+ dh_makeshlibs
+ dh_shlibdeps
+ dh_link
+ dh_strip
+ dh_fixperms
+ install -m 644 debian/tacacs+.default $(CURDIR)/debian/tacacs+/etc/default/tacacs+
+ install -m 600 debian/tac_plus.conf $(CURDIR)/debian/tacacs+/etc/tacacs+
+ install -m 755 do_auth.py $(CURDIR)/debian/tacacs+/usr/sbin/do_auth
+ install -d $(CURDIR)/debian/tacacs+/usr/share/lintian/overrides
+ install -d $(CURDIR)/debian/libtacacs+1/usr/share/lintian/overrides
+ install -m 644 debian/tacacs+.lintian-overrides $(CURDIR)/debian/tacacs+/usr/share/lintian/overrides/tacacs+
+ install -m 644 debian/do_auth.8 $(CURDIR)/debian/tacacs+/usr/share/man/man8
+ install -m 644 debian/libtacacs+1.lintian-overrides $(CURDIR)/debian/libtacacs+1/usr/share/lintian/overrides/libtacacs+1
+ dh_compress
+ dh_installdeb
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install
+
+
--- tacacs+-4.0.4.19.orig/debian/compat
+++ tacacs+-4.0.4.19/debian/compat
@@ -0,0 +1 @@
+7
--- tacacs+-4.0.4.19.orig/debian/tacacs+.debhelper.log
+++ tacacs+-4.0.4.19/debian/tacacs+.debhelper.log
@@ -0,0 +1 @@
+dh_prep
--- tacacs+-4.0.4.19.orig/debian/tacacs+.install
+++ tacacs+-4.0.4.19/debian/tacacs+.install
@@ -0,0 +1,3 @@
+usr/sbin
+usr/share/man/man5
+usr/share/man/man8
--- tacacs+-4.0.4.19.orig/debian/tacacs+.default
+++ tacacs+-4.0.4.19/debian/tacacs+.default
@@ -0,0 +1,6 @@
+# This is the configuration file for /etc/init.d/tacacs+
+# You can overwrite default arguments passed to the daemon here.
+# See man(8) tac_plus
+
+
+DAEMON_OPTS="-C /etc/tacacs+/tac_plus.conf"
--- tacacs+-4.0.4.19.orig/debian/do_auth.8
+++ tacacs+-4.0.4.19/debian/do_auth.8
@@ -0,0 +1,64 @@
+.TH do_auth 8 "February 27, 2010" "version 1.2"
+.SH NAME
+do_auth \- Program allowing more granular control than tac_plus.
+.SH SYNOPSIS
+.B do_auth
+\-u user [\-i Ip Address] [\-d Device address] [\-f Config filename] [\-l Log file] [-D Debug mode]
+.SH DESCRIPTION
+do_auth is a python program written to work as an authorization script for
+tacacs to allow greater flexability in tacacs authentication. It allows
+a user to be part of many predefined groups that can allow different
+access to different devices based on ip, user, and source address.
+.PP
+Groups are assigned to users in the [users] section. A user must
+be assigned to one or more groups, one per line. Groups are defined
+in brackets, but can be any name. Each group can have up to 6 options
+as defined below.
+
+ host_deny Deny any user coming from this host. Optional.
+ host_allow Allow users from this range. Mandatory with -i.
+ device_deny Deny any device with this IP. Optional.
+ device_permit Allow this range. Mandatory if -d is specified.
+ command_deny Deny these commands. Optional.
+ command_permit Allow these commands. Mandatory.
+.PP
+The options are parsed in order till a match is found. Obviously,
+for login, the commands section is not parsed. If a match is not
+found, or a deny is found, we move on to the next group. At the
+end, we have an implicit deny if no groups match. All tacacs keys
+passed on login to do_auth are returned. (except cmd*) It is
+possible to modify them, but I haven't implemented this yet as
+I don't need it. Future versions may have an av_pair &
+append_av_pair option.
+.PP
+.SH OPTIONS
+.TP
+\-u
+Username. Mandatory. $user
+.TP
+\-i
+Ip address of user. Optional. If not specified, all host_ entries
+are ignored and can be omitted. $address
+.TP
+\-d
+Device address. Optional. If not specified, all device_ entries
+are ignored and can be omitted. $name
+.TP
+\-f
+Config Filename. Default is do_auth.ini.
+.TP
+\-l
+Logfile. Default is log.txt.
+.TP
+\-D
+Activate debug mode.
+.SH EXAMPLES
+.B do_auth
+-i $address -u $user -d $name -l /var/log/do_auth.log -f /etc/tacacs+/do_auth.ini
+.PP
+.SH EXIT STATUS
+do_auth returns 0 to allow, 1 to deny authorization.
+.SH AUTHOR
+Henry-Nicolas Tourneur from the do_auth file written by Dan Schmidt.
+.SH SEE ALSO
+tac_plus(8), tac_plus.conf(5)
--- tacacs+-4.0.4.19.orig/debian/libtacacs+1.debhelper.log
+++ tacacs+-4.0.4.19/debian/libtacacs+1.debhelper.log
@@ -0,0 +1 @@
+dh_prep
--- tacacs+-4.0.4.19.orig/debian/tacacs+.tacacs_plus.init
+++ tacacs+-4.0.4.19/debian/tacacs+.tacacs_plus.init
@@ -0,0 +1,225 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: tacacs+
+# Required-Start: $network $local_fs $syslog $remote_fs
+# Required-Stop: $network $local_fs $remote_fs
+# Should-Start: $named
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: TACACS+ authentication daemon
+### END INIT INFO
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+DAEMON=/usr/sbin/tac_plus
+NAME="tacacs+"
+DESC="TACACS+ authentication daemon"
+LOGDIR=/var/log/
+STARTTIME=1
+
+PIDFILE=/var/run/tac_plus.pid
+
+test -x $DAEMON || exit 0
+
+. /lib/lsb/init-functions
+
+# Default options, these can be overriden by the information
+# at /etc/default/$NAME
+DAEMON_OPTS="-C /etc/tacacs+/tac_plus.conf" # Additional options given to the server
+
+
+LOGFILE=$LOGDIR/tac_plus.log # Server logfile
+
+# Include defaults if available
+if [ -f /etc/default/$NAME ] ; then
+ . /etc/default/$NAME
+fi
+
+# Check that the user exists (if we set a user)
+# Does the user exist?
+if [ -n "$DAEMONUSER" ] ; then
+ if getent passwd | grep -q "^$DAEMONUSER:"; then
+ # Obtain the uid and gid
+ DAEMONUID=`getent passwd |grep "^$DAEMONUSER:" | awk -F : '{print $3}'`
+ DAEMONGID=`getent passwd |grep "^$DAEMONUSER:" | awk -F : '{print $4}'`
+ else
+ log_failure_msg "The user $DAEMONUSER, required to run $NAME does not exist."
+ exit 1
+ fi
+fi
+
+
+set -e
+
+running_pid() {
+# Check if a given process pid's cmdline matches a given name
+ pid=$1
+ name=$2
+ [ -z "$pid" ] && return 1
+ [ ! -d /proc/$pid ] && return 1
+ cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1`
+ # Is this the expected server
+ [ "$cmd" != "$name" ] && return 1
+ return 0
+}
+
+running() {
+# Check if the process is running looking at /proc
+# (works for all users)
+
+ # No pidfile, probably no daemon present
+ [ ! -f "$PIDFILE" ] && return 1
+ pid=`cat $PIDFILE`
+ running_pid $pid $DAEMON || return 1
+ return 0
+}
+
+start_server() {
+# Start the process using the wrapper
+ start-stop-daemon --start --quiet --pidfile $PIDFILE \
+ --exec $DAEMON -- $DAEMON_OPTS
+ errcode=$?
+ return $errcode
+}
+
+stop_server() {
+# Stop the process using the wrapper
+ if [ -z "$DAEMONUSER" ] ; then
+ killproc -p $PIDFILE $DAEMON
+ errcode=$?
+ else
+# if we are using a daemonuser then look for process that match
+ start-stop-daemon --stop --quiet --pidfile $PIDFILE \
+ --user $DAEMONUSER \
+ --exec $DAEMON
+ errcode=$?
+ fi
+
+ return $errcode
+}
+
+reload_server() {
+ [ ! -f "$PIDFILE" ] && return 1
+ pid=`cat $PIDFILE` # This is the daemon's pid
+ # Send a SIGHUP
+ kill -1 $pid
+ return $?
+}
+
+force_stop() {
+# Force the process to die killing it manually
+ [ ! -e "$PIDFILE" ] && return
+ if running ; then
+ kill -15 $pid
+ # Is it really dead?
+ sleep "$DIETIME"s
+ if running ; then
+ kill -9 $pid
+ sleep "$DIETIME"s
+ if running ; then
+ echo "Cannot kill $NAME (pid=$pid)!"
+ exit 1
+ fi
+ fi
+ fi
+ rm -f $PIDFILE
+}
+
+
+case "$1" in
+ start)
+ log_daemon_msg "Starting $DESC " "$NAME"
+ # Check if it's running first
+ if running ; then
+ log_progress_msg "apparently already running"
+ log_end_msg 0
+ exit 0
+ fi
+ if start_server ; then
+ # NOTE: Some servers might die some time after they start,
+ # this code will detect this issue if STARTTIME is set
+ # to a reasonable value
+ [ -n "$STARTTIME" ] && sleep $STARTTIME # Wait some time
+ if running ; then
+ # It's ok, the server started and is running
+ log_end_msg 0
+ else
+ # It is not running after we did start
+ log_end_msg 1
+ fi
+ else
+ # Either we could not start it
+ log_end_msg 1
+ fi
+ ;;
+ stop)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ if running ; then
+ # Only stop the server if we see it running
+ errcode=0
+ stop_server || errcode=$?
+ log_end_msg $errcode
+ else
+ # If it's not running don't do anything
+ log_progress_msg "apparently not running"
+ log_end_msg 0
+ exit 0
+ fi
+ ;;
+ force-stop)
+ # First try to stop gracefully the program
+ $0 stop
+ if running; then
+ # If it's still running try to kill it more forcefully
+ log_daemon_msg "Stopping (force) $DESC" "$NAME"
+ errcode=0
+ force_stop || errcode=$?
+ log_end_msg $errcode
+ fi
+ ;;
+ restart|force-reload)
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ errcode=0
+ stop_server || errcode=$?
+ # Wait some sensible amount, some server need this
+ [ -n "$DIETIME" ] && sleep $DIETIME
+ start_server || errcode=$?
+ [ -n "$STARTTIME" ] && sleep $STARTTIME
+ running || errcode=$?
+ log_end_msg $errcode
+ ;;
+ status)
+
+ log_daemon_msg "Checking status of $DESC" "$NAME"
+ if running ; then
+ log_progress_msg "running"
+ log_end_msg 0
+ else
+ log_progress_msg "apparently not running"
+ log_end_msg 1
+ exit 1
+ fi
+ ;;
+ # Use this if the daemon cannot reload
+ reload)
+ log_daemon_msg "Reloading $DESC configuration files" "$NAME"
+ if reload_server ; then
+ if running ; then
+ log_end_msg 0
+ else
+ log_progress_msg "$NAME not running"
+ log_end_msg 1
+ fi
+ else
+ log_progress_msg "Reload failled"
+ log_end_msg 1
+ fi
+ ;;
+ *)
+ N=/etc/init.d/$NAME
+ echo "Usage: $N {start|stop|force-stop|restart|force-reload|status}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
--- tacacs+-4.0.4.19.orig/debian/libtacacs+1-dev.install
+++ tacacs+-4.0.4.19/debian/libtacacs+1-dev.install
@@ -0,0 +1,3 @@
+usr/include/*
+usr/lib/libtacacs*.so
+usr/share/man/man3
--- tacacs+-4.0.4.19.orig/debian/tac_plus.conf
+++ tacacs+-4.0.4.19/debian/tac_plus.conf
@@ -0,0 +1,60 @@
+# Created by Henry-Nicolas Tourneur(henry.nicolas@tourneur.be)
+# See man(5) tac_plus.conf for more details
+
+# Define where to log accounting data, this is the default.
+
+accounting file = /var/log/tac_plus.acct
+
+# This is the key that clients have to use to access Tacacs+
+
+key = testing123
+
+# Use /etc/passwd file to do authentication
+
+#default authentication = file /etc/passwd
+
+
+# You can use feature like per host key with different enable passwords
+#host = 127.0.0.1 {
+# key = test
+# type = cisco
+# enable = <des|cleartext> enablepass
+# prompt = "Welcome XXX ISP Access Router \n\nUsername:"
+#}
+
+# We also can define local users and specify a file where data is stored.
+# That file may be filled using tac_pwd
+#user = test1 {
+# name = "Test User"
+# member = staff
+# login = file /etc/tacacs/tacacs_passwords
+#}
+
+# We can also specify rules valid per group of users.
+#group = group1 {
+# cmd = conf {
+# deny
+# }
+#}
+
+# Another example : forbid configure command for some hosts
+# for a define range of clients
+#group = group1 {
+# login = PAM
+# service = ppp
+# protocol = ip {
+# addr = 10.10.0.0/24
+# }
+# cmd = conf {
+# deny .*
+# }
+#}
+
+user = DEFAULT {
+ login = PAM
+ service = ppp protocol = ip {}
+}
+
+# Much more features are availables, like ACL, more service compatibilities,
+# commands authorization, scripting authorization.
+# See the man page for those features.
--- tacacs+-4.0.4.19.orig/debian/dirs
+++ tacacs+-4.0.4.19/debian/dirs
@@ -0,0 +1,6 @@
+usr/sbin
+etc/tacacs+
+etc/logrotate.d
+etc/default
+etc/init.d
+
--- tacacs+-4.0.4.19.orig/debian/libtacacs+1-dev.debhelper.log
+++ tacacs+-4.0.4.19/debian/libtacacs+1-dev.debhelper.log
@@ -0,0 +1 @@
+dh_prep
--- tacacs+-4.0.4.19.orig/debian/tacacs+.lintian-overrides
+++ tacacs+-4.0.4.19/debian/tacacs+.lintian-overrides
@@ -0,0 +1 @@
+tacacs+: non-standard-file-perm etc/tacacs+/tac_plus.conf 0600 != 0644
--- tacacs+-4.0.4.19.orig/debian/tacacs+.logrotate
+++ tacacs+-4.0.4.19/debian/tacacs+.logrotate
@@ -0,0 +1,12 @@
+/var/log/tac_plus.log
+/var/log/tac_plus.acct {
+ rotate 4
+ weekly
+ compress
+ missingok
+ notifempty
+ postrotate
+ /etc/init.d/tacacs_plus reload > /dev/null
+ endscript
+}
+
--- tacacs+-4.0.4.19.orig/debian/changelog
+++ tacacs+-4.0.4.19/debian/changelog
@@ -0,0 +1,49 @@
+tacacs+ (4.0.4.19-8) unstable; urgency=low
+ * Closes: #582334 (replace gethostbyname() with getaddrinfo())
+
+ -- Henry-Nicolas Tourneur <henry.nicolas@tourneur.be> Thu, 23 May 2010 11:46:24 +0100
+
+tacacs+ (4.0.4.19-7) unstable; urgency=low
+ * Closes: #580845 (fix logrotate init script reload issue)
+
+ -- Henry-Nicolas Tourneur <henry.nicolas@tourneur.be> Thu, 09 May 2010 13:23:15 +0100
+
+tacacs+ (4.0.4.19-6) unstable; urgency=low
+ * Closes: #573766 (fix FTBFS)
+
+ -- Henry-Nicolas Tourneur <henry.nicolas@tourneur.be> Thu, 14 Mar 2010 11:21:08 +0100
+
+tacacs+ (4.0.4.19-5) unstable; urgency=low
+ * Correct a typo in copyright file
+ * Add the path to the GPL3 license in copyright file
+
+ -- Henry-Nicolas Tourneur <henry.nicolas@tourneur.be> Thu, 13 Mar 2010 12:03:33 +0100
+
+tacacs+ (4.0.4.19-4) unstable; urgency=low
+ * Include do_auth.py in binary and correct copyright issue
+ * Add a man page for do_auth
+
+ -- Henry-Nicolas Tourneur <henry.nicolas@tourneur.be> Thu, 22 Feb 2010 22:55:42 +0100
+
+tacacs+ (4.0.4.19-3) unstable; urgency=low
+ * Remove bad group/owner from the logrotate file
+
+ -- Henry-Nicolas Tourneur <henry.nicolas@tourneur.be> Thu, 14 Feb 2010 20:19:14 +0100
+
+tacacs+ (4.0.4.19-2) unstable; urgency=low
+ * Correct an error in the logrotate file
+
+ -- Henry-Nicolas Tourneur <henry.nicolas@tourneur.be> Thu, 11 Feb 2010 19:06:14 +0100
+
+tacacs+ (4.0.4.19-1) unstable; urgency=low
+
+ * Patches:
+ - fix_man : Correct a man page error about a date
+ * 2 lintian overwrites:
+ - package-name-doesnt-match-sonames : because the so file
+ is named libtacacs.so but the software name is tacacs+ and not tacacs.
+ - non-standard-file-perm : because the main configuration
+ file holds the tacacs+ key, it shouldn't be world readable.
+ * Initial release (Closes: #568161)
+
+ -- Henry-Nicolas Tourneur <henry.nicolas@tourneur.be> Thu, 04 Feb 2010 15:04:46 +0100
--- tacacs+-4.0.4.19.orig/debian/README.source
+++ tacacs+-4.0.4.19/debian/README.source
@@ -0,0 +1,38 @@
+This package uses dpatch to manage all modifications to the upstream
+source. Changes are stored in the source package as diffs in
+debian/patches and applied during the build.
+
+To get the fully patched source after unpacking the source package, cd
+to the root level of the source package and run:
+
+ debian/rules patch
+
+Removing a patch is as simple as removing its entry from the
+debian/patches/00list file, and please also remove the patch file
+itself.
+
+Creating a new patch is done with "dpatch-edit-patch patch XX_patchname"
+where you should replace XX with a new number and patchname with a
+descriptive shortname of the patch. You can then simply edit all the
+files your patch wants to edit, and then simply "exit 0" from the shell
+to actually create the patch file.
+
+To tweak an already existing patch, call "dpatch-edit-patch XX_patchname"
+and replace XX_patchname with the actual filename from debian/patches
+you want to use.
+
+To clean up afterwards again, "debian/rules unpatch" will do the
+work for you - or you can of course choose to call
+"fakeroot debian/rules clean" all together.
+
+
+---
+
+this documentation is part of dpatch package, and may be used by
+packages using dpatch to comply with policy on README.source. This
+documentation is meant to be useful to users who are not proficient in
+dpatch in doing work with dpatch-based packages. Please send any
+improvements to the BTS of dpatch package.
+
+original text by Gerfried Fuchs, edited by Junichi Uekawa <dancer@debian.org>
+10 Aug 2008.
--- tacacs+-4.0.4.19.orig/debian/postrm
+++ tacacs+-4.0.4.19/debian/postrm
@@ -0,0 +1,6 @@
+#!/bin/sh
+set -e
+#DEBHELPER#
+if [ "$1" = "purge" ] ; then
+ rm -f /var/log/tac_plus*
+fi
--- tacacs+-4.0.4.19.orig/debian/copyright
+++ tacacs+-4.0.4.19/debian/copyright
@@ -0,0 +1,37 @@
+This package was debianized by Henry-Nicolas Tourneur <henry.nicolas@tourneur.be> on
+Wed, 23 Dec 2009 15:04:46 +0100.
+
+It was downloaded from http://www.shrubbery.net/tac_plus/
+
+Lol Grant (Cisco System) : up to 4.0.3a not included
+Contributors are in CHANGES file
+
+Copyright:
+
+The original cisco code carries the following license/disclaimer/whatever:
+
+/*
+ Copyright (c) 1995-1998 by Cisco systems, Inc.
+
+ Permission to use, copy, modify, and distribute this software for
+ any purpose and without fee is hereby granted, provided that this
+ copyright and permission notice appear on all copies of the
+ software and supporting documentation, the name of Cisco Systems,
+ Inc. not be used in advertising or publicity pertaining to
+ distribution of the program without specific prior permission, and
+ notice be given in supporting documentation that modification,
+ copying and distribution is by permission of Cisco Systems, Inc.
+
+ Cisco Systems, Inc. makes no representations about the suitability
+ of this software for any purpose. THIS SOFTWARE IS PROVIDED ``AS
+ IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
+ WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+ FITNESS FOR A PARTICULAR PURPOSE.
+*/
+
+As for the bits I have added or contributions I have received from other
+folks, they are noted in the CHANGES file post version 4.0.3a. please
+give credit where due. thanks.
+
+The file do_auth located under /usr/sbin is under GPL3+.
+The GPL3 license can be found under /usr/share/common-licenses/GPL-3.
--- tacacs+-4.0.4.19.orig/debian/libtacacs+1.install
+++ tacacs+-4.0.4.19/debian/libtacacs+1.install
@@ -0,0 +1 @@
+usr/lib/libtacacs*.so.*
--- tacacs+-4.0.4.19.orig/debian/patches/fix_gethostbyname.dpatch
+++ tacacs+-4.0.4.19/debian/patches/fix_gethostbyname.dpatch
@@ -0,0 +1,139 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## fix_gethostbyname.dpatch by <root@>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' tacacs+-4.0.4.19~/maxsess.c tacacs+-4.0.4.19/maxsess.c
+--- tacacs+-4.0.4.19~/maxsess.c 2009-07-28 02:15:10.000000000 +0000
++++ tacacs+-4.0.4.19/maxsess.c 2010-05-23 09:43:06.000000000 +0000
+@@ -31,6 +31,8 @@
+
+ char *wholog = TACPLUS_WHOLOGFILE;
+
++static int timed_read(int, unsigned char *, int, int);
++
+ /*
+ * initialize wholog file for tracking of user logins/logouts from
+ * accounting records.
+@@ -262,8 +264,8 @@
+ *
+ * Return -1 on error, eof or timeout. Otherwise return number of bytes read.
+ */
+-int
+-timed_read(int fd, u_char *ptr, int nbytes, int timeout)
++static int
++timed_read(int fd, unsigned char *ptr, int nbytes, int timeout)
+ {
+ int nread;
+ struct pollfd pfds;
+@@ -346,64 +348,65 @@
+ * Column zero contains a space or an asterisk character. The line number
+ * starts at column 1 and is 3 digits wide. User names start at column 13,
+ * with a maximum possible width of 10.
++ *
++ * Returns the number of sessions/connections, or zero on error.
+ */
+
+ static int
+ ckfinger(char *user, char *nas, struct identity *idp)
+ {
+- struct sockaddr_in sin;
+- struct servent *serv;
+- int count, s, bufsize;
++ struct addrinfo hints, *res, *resp;
++ int count, s, bufsize, ecode;
+ char *buf, *p, *pn;
+ int incr = 4096, slop = 32;
+- u_long inaddr;
+ char *curport = portname(idp->NAS_port);
+ char *name;
+
+- /* The finger service, aka port 79 */
+- serv = getservbyname("finger", "tcp");
+- if (serv) {
+- sin.sin_port = serv->s_port;
+- } else {
+- sin.sin_port = 79;
+- }
++ memset(&hints, 0, sizeof(struct addrinfo));
++ hints.ai_family = PF_UNSPEC;
++ hints.ai_socktype = SOCK_STREAM;
+
+- /* Get IP addr for the NAS */
+- inaddr = inet_addr(nas);
+- if (inaddr != -1) {
+- /* A dotted decimal address */
+- memcpy(&sin.sin_addr, &inaddr, sizeof(inaddr));
+- sin.sin_family = AF_INET;
+- } else {
+- struct hostent *host = gethostbyname(nas);
++ if ((ecode = getaddrinfo(nas, "finger", &hints, &res)) != 0) {
++ report(LOG_ERR, "ckfinger: getaddrinfo %s failure: %s", nas,
++ gai_strerror(ecode));
++ return(0);
++ }
+
+- if (host == NULL) {
+- report(LOG_ERR, "ckfinger: gethostbyname %s failure: %s",
+- nas, strerror(errno));
++ ecode = 0;
++ for (resp = res; resp != NULL; resp = resp->ai_next) {
++ s = socket(resp->ai_family, resp->ai_socktype, resp->ai_protocol);
++ if (s < 0) {
++ if (errno == EAFNOSUPPORT || errno == EPROTONOSUPPORT)
++ continue;
++ report(LOG_ERR, "ckfinger: socket: %s", strerror(errno));
++ freeaddrinfo(res);
+ return(0);
+ }
+- memcpy(&sin.sin_addr, host->h_addr, host->h_length);
+- sin.sin_family = host->h_addrtype;
++ if ((ecode = connect(s, resp->ai_addr, res->ai_addrlen)) < 0) {
++ close(s);
++ continue;
++ } else
++ break;
+ }
+
+- s = socket(AF_INET, SOCK_STREAM, 0);
+- if (s < 0) {
++ freeaddrinfo(res);
++ /* socket failure / no supported address families */
++ if (resp == NULL && ecode == 0) {
+ report(LOG_ERR, "ckfinger: socket: %s", strerror(errno));
+ return(0);
+ }
+- if (connect(s, (struct sockaddr *) & sin, sizeof(sin)) < 0) {
+- report(LOG_ERR, "ckfinger: connect failure %s", strerror(errno));
+- close(s);
++ if (ecode != 0) {
++ report(LOG_ERR, "ckfinger: connect %s: %s", nas, strerror(errno));
+ return(0);
+ }
+- /* Read in the finger output into a single flat buffer */
++ /* Read the finger output into a single flat buffer */
+ buf = NULL;
+ bufsize = 0;
+ for (;;) {
+ int x;
+
+ buf = tac_realloc(buf, bufsize + incr + slop);
+- x = timed_read(s, buf + bufsize, incr, 10);
++ x = timed_read(s, (unsigned char *)(buf + bufsize), incr, 10);
+ if (x <= 0) {
+ break;
+ }
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' tacacs+-4.0.4.19~/tac_plus.h tacacs+-4.0.4.19/tac_plus.h
+--- tacacs+-4.0.4.19~/tac_plus.h 2009-07-28 00:11:53.000000000 +0000
++++ tacacs+-4.0.4.19/tac_plus.h 2010-05-23 09:43:45.000000000 +0000
+@@ -669,7 +669,7 @@
+ char username[64]; /* User name */
+ char NAS_name[32]; /* NAS user logged into */
+ char NAS_port[32]; /* ...port on that NAS */
+- char NAC_address[32]; /* ...IP address of NAS */
++ char NAC_address[64]; /* ...IP address of NAS */
+ };
+ #endif /* MAXSESS */
+
--- tacacs+-4.0.4.19.orig/debian/patches/00list
+++ tacacs+-4.0.4.19/debian/patches/00list
@@ -0,0 +1,2 @@
+fix_man
+fix_gethostbyname
--- tacacs+-4.0.4.19.orig/debian/patches/fix_man.dpatch
+++ tacacs+-4.0.4.19/debian/patches/fix_man.dpatch
@@ -0,0 +1,17 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## fix_man.dpatch by Henry-Nicolas Tourneur <henry.nicolas@tourneur.be>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad tacacs+-4.0.4.19~/regexp.3 tacacs+-4.0.4.19/regexp.3
+--- tacacs+-4.0.4.19~/regexp.3 2009-07-17 17:34:30.000000000 +0000
++++ tacacs+-4.0.4.19/regexp.3 2010-01-31 16:36:14.000000000 +0000
+@@ -1,5 +1,4 @@
+-.TH REGEXP 3 local
+-.DA 2 April 1986
++.TH REGEXP 3 "2 April 1986"
+ .SH NAME
+ regcomp, regexec, regsub, regerror \- regular expression handler
+ .SH SYNOPSIS
![[patchlogo]](http://patch-tracker.debian.org/static/img/swirlpatch.png)