matthew/sonic-buildimage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

[TACACS] Ignore TACACS accounting trace log when debug disabled. (#16482)

Browse Source 
Ignore TACACS accounting trace log when debug disabled.

#### Why I did it
TACACS accounting trace log is only for debug, improve code to not generate trace log when debug disabled.

##### Work item tracking
- Microsoft ADO: 25270078

#### How I did it
Ignore TACACS accounting trace log when debug disabled.

#### How to verify it
Pass all UT.
Manually verified the auditd-tacplus not generate trace log when debug disabled. 

### Description for the changelog
Ignore TACACS accounting trace log when debug disabled.
This commit is contained in:
Hua Liu 2024-01-23 12:13:48 +08:00 committed by GitHub
parent 27edaf7857
commit a2e57d849b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/tacacs/audisp/patches/0002-Remove-user-secret-from-accounting-log.patch
View File

@ -13,7 +13,7 @@ Subject: [PATCH] Remove user secret from accounting log.
regex_helper.h | 17 +++
sudoers_helper.c | 250 +++++++++++++++++++++++++++++++++++++++
sudoers_helper.h | 18 +++
trace.c | 21 ++++
trace.c | 31 +++++
trace.h | 10 ++
unittest/Makefile | 21 ++++
unittest/mock.h | 17 +++
@ -21,7 +21,7 @@ Subject: [PATCH] Remove user secret from accounting log.
unittest/mock_helper.h | 48 ++++++++
unittest/password_test.c | 199 +++++++++++++++++++++++++++++++
unittest/sudoers | 5 +
17 files changed, 931 insertions(+), 4 deletions(-)
17 files changed, 941 insertions(+), 4 deletions(-)
create mode 100644 password.c
create mode 100644 password.h
create mode 100644 regex_helper.c
@ -700,7 +700,7 @@ new file mode 100644
index 0000000..44bbbc7
--- /dev/null
+++ b/trace.c
@@ -0,0 +1,21 @@
@@ -0,0 +1,31 @@
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
@ -709,9 +709,19 @@ index 0000000..44bbbc7
+
+#include "trace.h"
+
+/* Tacacs+ support lib */
+#include <libtac/support.h>
+
+/* Tacacs control flag */
+extern int tacacs_ctrl;
+
+/* Output trace log. */
+void trace(const char *format, ...)
+{
+ if ((tacacs_ctrl & PAM_TAC_DEBUG) == 0) {
+ return;
+ }
+
+ // convert log to a string because va args resoursive issue:
+ // http://www.c-faq.com/varargs/handoff.html
+ char logBuffer[MAX_LINE_SIZE];