[TACACS] Fix when set TACACS to "tacacs+, local" user can run blocked command with local permission issue. (#17749)
Fix when set TACACS to "tacacs+, local" user can run blocked command with local permission issue. #### Why I did it When set TACACS to "tacacs+, local", user still can run a blocked command with local permission. ##### Work item tracking - Microsoft ADO: 26399545 #### How I did it Fix code to reject command when authorized failed from TACACS server side. #### How to verify it Pass all UT. ### Description for the changelog Fix when set TACACS to "tacacs+, local" user can run blocked command with local permission issue.
This commit is contained in:
parent
34a86bd8f9
commit
f35512ef0a
@ -471,8 +471,9 @@ int on_shell_execve (char *user, int shell_level, char *cmd, char **argv)
|
|||||||
fprintf(stdout, "%s not authorized by TACACS+ with given arguments, not executing\n", cmd);
|
fprintf(stdout, "%s not authorized by TACACS+ with given arguments, not executing\n", cmd);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
// when command reject by server, authorization will failed immediately
|
||||||
fprintf(stdout, "%s authorize failed by TACACS+ with given arguments, not executing\n", cmd);
|
fprintf(stdout, "%s authorize failed by TACACS+ with given arguments, not executing\n", cmd);
|
||||||
break;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((tacacs_ctrl & AUTHORIZATION_FLAG_LOCAL) == 0) {
|
if ((tacacs_ctrl & AUTHORIZATION_FLAG_LOCAL) == 0) {
|
||||||
|
Loading…
Reference in New Issue
Block a user