Initial import of libtacplus-map (1.0.1-cl3u3)

11 files changed, 172 insertions, 0 deletions

diff --git a/debian/README.source b/debian/README.source
new file mode 100644
index 0000000..68089c6
--- /dev/null
+++ b/debian/README.source
@@ -0,0 +1,5 @@
+This package uses quilt to manage all modifications to the upstream source.
+Changes are stored in the source package as diffs in debian/patches and
+applied during the build.
+
+See /usr/share/doc/quilt/README.source for a detailed explanation.
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..2423348
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,37 @@
+libtacplus-map (1.0.1-cl3u3) RELEASED; urgency=low
+
+  * Fixed problem with local fallback authentication when all TACACS
+    servers are down.
+
+ -- dev-support <dev-support@cumulusnetworks.com>  Tue, 21 Aug 2018 16:23:13 -0700
+
+libtacplus-map (1.0.1-cl3u2) RELEASED; urgency=low
+
+  * tacacs users are now in group netshow (netedit for priv=15), so they
+    can run nclu commands without edits to netd.conf
+
+ -- dev-support <dev-support@cumulusnetworks.com>  Wed, 14 Feb 2018 13:42:56 -0800
+
+libtacplus-map (1.0.1-cl3u1) RELEASED; urgency=low
+
+  * API and map file change to support new user_homedir config variable.
+
+ -- dev-support <dev-support@cumulusnetworks.com>  Tue, 02 May 2017 12:28:44 -0700
+
+libtacplus-map (1.0.0-cl3u2) RELEASED; urgency=low
+
+  * Minor corrections to Copyright and licensing files.
+  * Provide commented-out example allowing priv 15 TACACS users to sudo
+    without password in /etc/sudoers.d/tacplus
+
+ -- dev-support <dev-support@cumulusnetworks.com>  Tue, 29 Nov 2016 16:13:50 -0800
+
+libtacplus-map (1.0.0-cl3eau1) RELEASED; urgency=low
+
+  * Initial release of tacacs user mapping library
+  * libtacplus_map APIs to support local mapping, so that TACACS users do not
+    need to add TACACS+ accounts to /etc/passwd to supply home directory, uid,
+    and gid. TACACS+ users are mapped by privilege level to local tacacs0..15
+
+ -- dev-support <dev-support@cumulusnetworks.com>  Wed, 22 Jun 2016 14:39:32 -0700
+
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 0000000..ec63514
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+9
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..55c3b56
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,22 @@
+Source: libtacplus-map
+Section: admin
+Priority: extra
+Maintainer: dev-support <dev-support@cumulusnetworks.com>
+Build-Depends: debhelper (>= 9), dh-autoreconf, autoconf-archive, libaudit-dev, git
+Standards-Version: 3.9.6
+Homepage: http://www.cumulusnetworks.com
+
+Package: libtacplus-map1
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, adduser, libaudit1
+Description: Library for mapping TACACS+ users without local /etc/passwd entries
+ APIs to support local mapping, so that TACACS users do not need tacacs user
+ accounts to /etc/passwd to supply home directory, uid, and gid.
+
+Package: libtacplus-map-dev
+Section: libdevel
+Architecture: any
+Depends: ${misc:Depends}, libtacplus-map1 (= ${binary:Version}), libc-dev
+Description: Development files for TACACS+ user-mapping library
+ Header files and .so shared library link for APIs to support local TACACS
+ mapping of accounts
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..814080f
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,27 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: libsimple-tacacct
+Source: http://www.cumulusnetworks.com
+
+Files: *
+Copyright: 2015, 2016 Cumulus Networks, Inc.  All rights reserved.,
+           2010 Pawel Krawczyk <pawel.krawczyk@hush.com> and Jeroen Nijhof <jeroen@jeroennijhof.nl>
+License: GPL-2+
+
+License: GPL-2+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ .
+ On Debian systems, the full copy of the GPL-2 license can be found in
+ /usr/share/common-licenses/GPL-2
+
diff --git a/debian/libtacplus-map-dev.install b/debian/libtacplus-map-dev.install
new file mode 100644
index 0000000..4f16771
--- /dev/null
+++ b/debian/libtacplus-map-dev.install
@@ -0,0 +1,2 @@
+usr/lib/*/libtacplus_map.so
+usr/include/tacplus/map_tacplus_user.h
diff --git a/debian/libtacplus-map1.install b/debian/libtacplus-map1.install
new file mode 100644
index 0000000..f923860
--- /dev/null
+++ b/debian/libtacplus-map1.install
@@ -0,0 +1,2 @@
+usr/lib/*/libtacplus_map.so.*
+etc/sudoers.d/*
diff --git a/debian/libtacplus-map1.postinst b/debian/libtacplus-map1.postinst
new file mode 100644
index 0000000..1a45376
--- /dev/null
+++ b/debian/libtacplus-map1.postinst
@@ -0,0 +1,51 @@
+#!/bin/sh
+# postinst script for libtacplus_map
+
+set -e
+
+case "$1" in
+    configure)
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# Add the tacacs group and all 16 possible tacacs privilege-level
+# users to the password file, home directories, etc.
+# The accounts are not enabled for local login, since they are
+# only used to provide uid/gid/homedir for the mapped TACACS+
+# logins (and lookups against them).
+
+# --firstuid is used because the installed pam_tacplus configs and audit files are
+# for uid >1000.  Ideally, there should be a way to specify a minimum, but not
+# override adduser.conf if it has a larger value.
+# suppress messages about already existing users, and ignore "errors" if
+# they do
+
+(set +e
+addgroup --quiet tacacs 2>&1 | grep -v 'already exists'
+level=0
+nclu_grp=netshow
+while [ $level -lt 16 ]; do
+    adduser --quiet --firstuid 1000 --disabled-login --ingroup tacacs \
+       --gecos "TACACS+ mapped user at privilege level ${level}" tacacs${level} 
+    # regular tacacs users are allowed to run NCLU 'net show' commands
+    # tacacs15 (tacacs privilege level 15) user is allowed to run NCLU
+    # net configuration commands, also
+    adduser --quiet tacacs${level} $nclu_grp
+    level=$(( level+1 ))
+    [ $level -eq 15 ] && nclu_grp=netedit
+done 2>&1 | grep -v 'already exists'
+exit 0
+)
+
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/libtacplus-map1.symbols b/debian/libtacplus-map1.symbols
new file mode 100644
index 0000000..b8e23d5
--- /dev/null
+++ b/debian/libtacplus-map1.symbols
@@ -0,0 +1,10 @@
+libtacplus_map.so.1 libtacplus-map1 #MINVER#
+ __update_loguid@Base 1.0.0
+ get_user_to_auth@Base 1.0.0
+ lookup_logname@Base 1.0.0
+ lookup_mapname@Base 1.0.0
+ lookup_mapuid@Base 1.0.0
+ map_get_sessionid@Base 1.0.0
+ set_auid_immutable@Base 1.0.0
+ update_mapuser@Base 1.0.0
+
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..5951990
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,13 @@
+#!/usr/bin/make -f
+# -*- makefile -*-
+# Sample debian/rules that uses debhelper.
+# This file was originally written by Joey Hess and Craig Small.
+# As a special exception, when this file is copied by dh-make into a
+# dh-make output file, you may use that output file without restriction.
+# This special exception was added by Craig Small in version 0.37 of dh-make.
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+SHELL := sh -e
+
+%:
+	dh  $@ --with autoreconf
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..b9b0237
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1,2 @@
+1.0
+