diff options
Diffstat (limited to 'debian')
-rw-r--r-- | debian/README.Debian | 18 | ||||
-rw-r--r-- | debian/README.source | 5 | ||||
-rw-r--r-- | debian/changelog | 114 | ||||
-rw-r--r-- | debian/compat | 1 | ||||
-rw-r--r-- | debian/control | 47 | ||||
-rw-r--r-- | debian/copyright | 30 | ||||
-rw-r--r-- | debian/docs | 2 | ||||
-rw-r--r-- | debian/libpam-tacplus-dev.install | 1 | ||||
-rw-r--r-- | debian/libpam-tacplus.install | 4 | ||||
-rw-r--r-- | debian/libpam-tacplus.postinst | 7 | ||||
-rw-r--r-- | debian/libpam-tacplus.prerm | 9 | ||||
-rw-r--r-- | debian/libtac-dev.install | 3 | ||||
-rw-r--r-- | debian/libtac2-bin.install | 2 | ||||
-rw-r--r-- | debian/libtac2.install | 1 | ||||
-rw-r--r-- | debian/libtac2.symbols | 33 | ||||
-rwxr-xr-x | debian/rules | 30 | ||||
-rw-r--r-- | debian/source/format | 2 | ||||
-rw-r--r-- | debian/tacplus | 15 | ||||
-rw-r--r-- | debian/watch | 3 |
19 files changed, 327 insertions, 0 deletions
diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 0000000..418c18f --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,18 @@ +libpam-tacplus for Debian +--------------------- + +The pam_tacplus.so module is placed in /lib/security/ +to include pam_tacplus.so edit /etc/pam.d/common-* + +Run script -c "dpkg-buildpackage" as root +in the source directory above this one. + +You will need at least the debhelper and libpam0g-dev +packages. + +Look at the content list of the deb file with "dpkg -c" + +Change the version number by running "debchange -i" and add in the NEWS +entries for the given version. + + -- J. Nijhof <jeroen@jeroennijhof.nl>, Sun, 14 Feb 2010 diff --git a/debian/README.source b/debian/README.source new file mode 100644 index 0000000..68089c6 --- /dev/null +++ b/debian/README.source @@ -0,0 +1,5 @@ +This package uses quilt to manage all modifications to the upstream source. +Changes are stored in the source package as diffs in debian/patches and +applied during the build. + +See /usr/share/doc/quilt/README.source for a detailed explanation. diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..2baea8f --- /dev/null +++ b/debian/changelog @@ -0,0 +1,114 @@ +libpam-tacplus (1.4.3-cl3u4) RELEASED; urgency=low + * Closes: CM-23004 - local account password was allowed even when + TACACS+ server could be reached and was authoritative for the accountname + + -- dev-support <dev-support@cumulusnetworks.com> Thu, 15 Nov 2018 16:44:44 -0800 + +libpam-tacplus (1.4.3-cl3u3) RELEASED; urgency=low + * minor bug fixes + + -- dev-support <dev-support@cumulusnetworks.com> Thu, 16 Aug 2018 13:27:39 -0700 + +libpam-tacplus (1.4.3-cl3u2) RELEASED; urgency=low + * Optimized attempts to connect to server that has previously not responded + + -- dev-support <dev-support@cumulusnetworks.com> Tue, 03 Jul 2018 17:06:21 -0700 + +libpam-tacplus (1.4.3-cl3u1) RELEASED; urgency=low + * New: Enabled - added the ability to set the source IP address via + the source_ip config variable. + + -- dev-support <dev-support@cumulusnetworks.com> Tue, 03 Jul 2018 17:04:58 -0700 + +libpam-tacplus (1.4.2-cl3u4) RELEASED; urgency=low + * Fixed error message when creating home directory + * Closes CM-19908 - Logging changed to use pam_syslog, log message format + now has pam_tacplus and program invoking, not PAM-tacplus + + -- dev-support <dev-support@cumulusnetworks.com> Tue, 27 Feb 2018 13:09:58 -0800 + +libpam-tacplus (1.4.2-cl3u3) RELEASED; urgency=low + * do not log message about acct_all unknown config variable + + -- dev-support <dev-support@cumulusnetworks.com> Thu, 28 Sep 2017 14:10:58 -0700 + +libpam-tacplus (1.4.2-cl3u2) RELEASED; urgency=low + * Closes: CM-16962: protocol and cmd attributes added multiple times + + -- dev-support <dev-support@cumulusnetworks.com> Thu, 29 Jun 2017 19:47:06 -0700 + +libpam-tacplus (1.4.2-cl3u1) RELEASED; urgency=low + * New Disabled: added user_homedir config variable to allow per-user + home directories (unless per-command authorization is enabled) + * New: Added tacplus_servers manual page + * Fixed problem with PAM configuration that allowed login when + authentication was successful, but authorization was denied. + + -- dev-support <dev-support@cumulusnetworks.com> Tue, 23 May 2017 18:07:54 -0700 + +libpam-tacplus (1.4.1-cl3u1) RELEASED; urgency=low + * New Enabled: vrf config option in tacplus_servers. + + -- dev-support <dev-support@cumulusnetworks.com> Tue, 07 Mar 2017 14:47:51 -0800 + +libpam-tacplus (1.4.0-cl3u2) RELEASED; urgency=low + * New Enabled: added config variable "timeout" to limit time attempting to + connect to non-responding TACACS server. + * Closes: CM-13548: Fixed PAM configuration to continue to other PAM modules + * Fixed issues with ordering of multiple servers and secrets in config files. + libraries can connect to a TACACS+ server without being tacacs aware. + * Fixed to try all TACACS servers until a successful status is returned, + in case servers have different databases. + * Minor bug fixes and syslog debugging improvements. + * Minor corrections to Copyright and licensing + + -- dev-support <dev-support@cumulusnetworks.com> Tue, 29 Nov 2016 17:23:18 -0800 + +libpam-tacplus (1.4.0-cl3eau1) RELEASED; urgency=medium + * Added the runtime config capability to include another file, so that + the tacacs servers are only listed in a single place. Ship using + /etc/tacplus_servers as an include file, and use it in the pam sample config + * Modified packaging to create separate libtac package. + + -- dev-support <dev-support@cumulusnetworks.com> Tue, 21 Jun 2016 11:03:21 -0700 + +libpam-tacplus (1.4.0-1) unstable; urgency=medium + * use OpenSSL for MD5 and random numbers + + -- Paweł Krawczyk <pawel.krawczyk@hush.com> Tue, 3 May 2016 12:51:09 +0100 + +libpam-tacplus (1.3.8-2) unstable; urgency=low + + * Added postinst and prerm scripts for pam-auth-update. Closes: #739274 + + -- Jeroen Nijhof <jeroen@jeroennijhof.nl> Mon, 17 Feb 2014 18:58:59 +0100 + +libpam-tacplus (1.3.8-1) unstable; urgency=low + + * New upstream release. + * Fixed pam-configs. Closes: #717716 + * Added dh-autoreconf. Closes: #734228 + + -- Jeroen Nijhof <jeroen@jeroennijhof.nl> Fri, 31 Jan 2014 12:32:00 +0100 + +libpam-tacplus (1.3.7-1) unstable; urgency=low + + * New upstream release. + * Changed compat level to 9 for hardening + * Fixed license link + + -- Jeroen Nijhof <jeroen@jeroennijhof.nl> Mon, 19 May 2012 19:25:00 +0100 + +libpam-tacplus (1.3.6-1) unstable; urgency=low + + * New upstream release. + * Added libpam-runtime support. + + -- Jeroen Nijhof <jeroen@jeroennijhof.nl> Mon, 7 May 2012 21:21:00 +0100 + +libpam-tacplus (1.3.5-1) unstable; urgency=low + + * First version of pam_tacplus debian package. Closes: #588172 + + -- Jeroen Nijhof <jeroen@jeroennijhof.nl> Mon, 5 Sep 2011 16:01:00 +0100 + diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +9 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..2e1d246 --- /dev/null +++ b/debian/control @@ -0,0 +1,47 @@ +Source: libpam-tacplus +Section: admin +Priority: extra +Build-Depends: debhelper (>= 9), libpam-dev, dh-autoreconf, autoconf-archive, libaudit-dev, + libtacplus-map-dev, git, libssl-dev +Maintainer: dev-support <dev-support@cumulusnetworks.com> +Standards-Version: 3.9.6 +#Homepage: https://github.com/jeroennijhof/pam_tacplus +Homepage: http://www.cumulusnetworks.com + +Package: libpam-tacplus +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime, libtac2, libtacplus-map1 +Description: PAM module for using TACACS+ as an authentication service + This PAM module support authentication, authorization (account management) and + accounting (session management) performed using TACACS+ protocol designed by + Cisco. + +Package: libpam-tacplus-dev +Section: libdevel +Architecture: any +Depends: ${misc:Depends}, libpam-tacplus (= ${binary:Version}), libc6-dev|libc-dev +Description: Development files for PAM module for using TACACS+ authentication + Provides header files for development with libpam-tacplus + +Package: libtac2 +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, libaudit1 +Description: TACACS+ protocol library + This library implemenents the fundamentls of the TACACS+ protocol and supports + authentication, authorization (account management) and accounting (session + management). + +Package: libtac2-bin +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: TACACS+ client program + Simple command-line client for TACACS+ testing and scripting + +Package: libtac-dev +Section: libdevel +Architecture: any +Depends: ${misc:Depends}, libtac2 (= ${binary:Version}), libc6-dev|libc-dev +Description: Development files for TACACS+ protocol library + Contains C header files and development files for libtac, a TACACS+ protocol + implementation. + diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..5c1c328 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,30 @@ + +libpam-tacplus + + Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> + and Jeroen Nijhof <jeroen@jeroennijhof.nl>. + + Copyright 2015, 2016, Cumulus Networks Inc. All rights reserved. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301, USA. + +All the other scripts and control files for building and installing +libpam-tacplus under Debian GNU/Linux are also under the GNU General Public +License (GPL) version 2 or later. + +On Debian GNU/Linux systems, the complete text of the GNU General +Public License can be found in '/usr/share/common-licenses/GPL-2'. + diff --git a/debian/docs b/debian/docs new file mode 100644 index 0000000..4d97eb1 --- /dev/null +++ b/debian/docs @@ -0,0 +1,2 @@ +README.md +sample.pam diff --git a/debian/libpam-tacplus-dev.install b/debian/libpam-tacplus-dev.install new file mode 100644 index 0000000..8f580bf --- /dev/null +++ b/debian/libpam-tacplus-dev.install @@ -0,0 +1 @@ +usr/include/tacplus/tacplus.h diff --git a/debian/libpam-tacplus.install b/debian/libpam-tacplus.install new file mode 100644 index 0000000..9b356e5 --- /dev/null +++ b/debian/libpam-tacplus.install @@ -0,0 +1,4 @@ +lib/*/security/*.so +usr/share/doc/libpam-tacplus/sample.pam +etc/tacplus_servers +usr/share/man/man5/* diff --git a/debian/libpam-tacplus.postinst b/debian/libpam-tacplus.postinst new file mode 100644 index 0000000..7e37590 --- /dev/null +++ b/debian/libpam-tacplus.postinst @@ -0,0 +1,7 @@ +#!/bin/sh + +set -e + +pam-auth-update --package + +#DEBHELPER# diff --git a/debian/libpam-tacplus.prerm b/debian/libpam-tacplus.prerm new file mode 100644 index 0000000..e143dcb --- /dev/null +++ b/debian/libpam-tacplus.prerm @@ -0,0 +1,9 @@ +#!/bin/sh + +set -e + +if [ "$1" = remove ]; then + pam-auth-update --package --remove tacplus +fi + +#DEBHELPER# diff --git a/debian/libtac-dev.install b/debian/libtac-dev.install new file mode 100644 index 0000000..67ab0da --- /dev/null +++ b/debian/libtac-dev.install @@ -0,0 +1,3 @@ +usr/lib/*/libtac.so +usr/lib/*/pkgconfig/libtac.pc +usr/include/tacplus/libtac.h diff --git a/debian/libtac2-bin.install b/debian/libtac2-bin.install new file mode 100644 index 0000000..68671de --- /dev/null +++ b/debian/libtac2-bin.install @@ -0,0 +1,2 @@ +usr/bin/* +usr/share/man/man1/* diff --git a/debian/libtac2.install b/debian/libtac2.install new file mode 100644 index 0000000..497d9dd --- /dev/null +++ b/debian/libtac2.install @@ -0,0 +1 @@ +usr/lib/*/libtac.so.* diff --git a/debian/libtac2.symbols b/debian/libtac2.symbols new file mode 100644 index 0000000..3f3423a --- /dev/null +++ b/debian/libtac2.symbols @@ -0,0 +1,33 @@ +libtac.so.2 libtac2 #MINVER# + tac_acct_flag2str@Base 1.3.9 + tac_acct_read@Base 1.3.9 + tac_acct_send@Base 1.3.9 + tac_add_attrib@Base 1.3.9 + tac_add_attrib_pair@Base 1.3.9 + tac_authen_method@Base 1.3.9 + tac_authen_read@Base 1.3.9 + tac_authen_send@Base 1.3.9 + tac_authen_service@Base 1.3.9 + tac_author_read@Base 1.3.9 + tac_author_send@Base 1.3.9 + tac_connect@Base 1.3.9 + tac_connect_single@Base 1.3.9 + tac_cont_send_seq@Base 1.3.9 + tac_debug_enable@Base 1.3.9 + tac_encryption@Base 1.3.9 + tac_free_attrib@Base 1.3.9 + tac_login@Base 1.3.9 + tac_magic@Base 1.4.0 + tac_ntop@Base 1.3.9 + tac_priv_lvl@Base 1.3.9 + tac_read_wait@Base 1.3.9 + tac_readtimeout_enable@Base 1.3.9 + tac_secret@Base 1.3.9 + tac_timeout@Base 1.3.9 + tac_ver_major@Base 1.3.9 + tac_ver_minor@Base 1.3.9 + tac_ver_patch@Base 1.3.9 + tac_xcalloc@Base 1.3.9 + tac_xrealloc@Base 1.3.9 + tac_xstrcpy@Base 1.3.9 + tac_xstrdup@Base 1.3.9 diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..04c9649 --- /dev/null +++ b/debian/rules @@ -0,0 +1,30 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# This file was originally written by Joey Hess and Craig Small. +# As a special exception, when this file is copied by dh-make into a +# dh-make output file, you may use that output file without restriction. +# This special exception was added by Craig Small in version 0.37 of dh-make. +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 +SHELL := sh -e + +%: + dh $@ --with autoreconf + +override_dh_clean: + rm -f config.status config.log + dh_clean + +override_dh_auto_configure: + dh_auto_configure -- --enable-pamdir=/lib/$(DEB_HOST_MULTIARCH)/security --docdir=/usr/share/doc/libpam-tacplus --disable-openssl + +override_dh_install: + mkdir -p debian/libpam-tacplus/usr/share/pam-configs + cp debian/tacplus debian/libpam-tacplus/usr/share/pam-configs/ + dh_install + +# tacplus_servers needs to be mode 600; the install sets it that way, +# so keep dh_fixperms from "fixing" it. +override_dh_fixperms: + dh_fixperms --exclude tacplus_servers diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..b9b0237 --- /dev/null +++ b/debian/source/format @@ -0,0 +1,2 @@ +1.0 + diff --git a/debian/tacplus b/debian/tacplus new file mode 100644 index 0000000..f81204f --- /dev/null +++ b/debian/tacplus @@ -0,0 +1,15 @@ +Name: Tacacs+ authentication +Default: yes +Priority: 257 +Auth-Type: Primary +Auth: + [default=1 success=ignore] pam_succeed_if.so uid > 1000 quiet + [authinfo_unavail=ignore success=end auth_err=bad default=ignore] pam_tacplus.so include=/etc/tacplus_servers login=login protocol=ssh service=shell +Account-Type: Primary +Account: + [default=1 success=ignore] pam_succeed_if.so uid > 1000 quiet + [authinfo_unavail=ignore success=end perm_denied=bad default=ignore] pam_tacplus.so include=/etc/tacplus_servers login=login protocol=ssh service=shell +Session-Type: Additional +Session: + [default=1 success=ignore] pam_succeed_if.so uid > 1000 quiet + [authinfo_unavail=ignore success=ok default=ignore] pam_tacplus.so include=/etc/tacplus_servers login=login protocol=ssh service=shell diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..d73b611 --- /dev/null +++ b/debian/watch @@ -0,0 +1,3 @@ +version=3 + +https://github.com/jeroennijhof/pam_tacplus/tags .*/v?(\d[\d\.]+)\.tar\.gz |