[TACACS] Fix when set TACACS to "tacacs+, local" user can run blocked command with local permission issue. (#17749)

Fix when set TACACS to "tacacs+, local" user can run blocked command with local permission issue.

#### Why I did it
When set TACACS to "tacacs+, local", user still can run a blocked command with local permission.

##### Work item tracking
- Microsoft ADO: 26399545

#### How I did it
Fix code to reject command when authorized failed from TACACS server side.

#### How to verify it
Pass all UT.

### Description for the changelog
Fix when set TACACS to "tacacs+, local" user can run blocked command with local permission issue.
This commit is contained in:
Hua Liu 2024-01-26 16:00:00 +08:00 committed by GitHub
parent b557488608
commit d712861634
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -471,8 +471,9 @@ int on_shell_execve (char *user, int shell_level, char *cmd, char **argv)
fprintf(stdout, "%s not authorized by TACACS+ with given arguments, not executing\n", cmd); fprintf(stdout, "%s not authorized by TACACS+ with given arguments, not executing\n", cmd);
break; break;
default: default:
// when command reject by server, authorization will failed immediately
fprintf(stdout, "%s authorize failed by TACACS+ with given arguments, not executing\n", cmd); fprintf(stdout, "%s authorize failed by TACACS+ with given arguments, not executing\n", cmd);
break; return ret;
} }
if ((tacacs_ctrl & AUTHORIZATION_FLAG_LOCAL) == 0) { if ((tacacs_ctrl & AUTHORIZATION_FLAG_LOCAL) == 0) {