Skip to content

Commit

Permalink
[TACACS] Fix when set TACACS to "tacacs+, local" user can run blocked…
Browse files Browse the repository at this point in the history
… command with local permission issue. (#17749)

Fix when set TACACS to "tacacs+, local" user can run blocked command with local permission issue.

#### Why I did it
When set TACACS to "tacacs+, local", user still can run a blocked command with local permission.

##### Work item tracking
- Microsoft ADO: 26399545

#### How I did it
Fix code to reject command when authorized failed from TACACS server side.

#### How to verify it
Pass all UT.

### Description for the changelog
Fix when set TACACS to "tacacs+, local" user can run blocked command with local permission issue.
  • Loading branch information
liuh-80 authored and mssonicbld committed Feb 2, 2024
1 parent 34a86bd commit f35512e
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion src/tacacs/bash_tacplus/bash_tacplus.c
Original file line number Diff line number Diff line change
Expand Up @@ -471,8 +471,9 @@ int on_shell_execve (char *user, int shell_level, char *cmd, char **argv)
fprintf(stdout, "%s not authorized by TACACS+ with given arguments, not executing\n", cmd);
break;
default:
// when command reject by server, authorization will failed immediately
fprintf(stdout, "%s authorize failed by TACACS+ with given arguments, not executing\n", cmd);
break;
return ret;
}

if ((tacacs_ctrl & AUTHORIZATION_FLAG_LOCAL) == 0) {
Expand Down

0 comments on commit f35512e

Please sign in to comment.