matthew/sonic-buildimage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
9a72d04728
sonic-buildimage/rules/tacacs.mk
liuh-80 ff09b8b8ed
[TACACS+] Add Bash TACACS+ plugin for per-command authorization. (#8715) 
This pull request add a bash plugin for TACACS+ per-command authorization

#### Why I did it
1. To support TACACS per command authorization, we check user command before execute it.
2. Fix libtacsupport.so can't parse tacplus_nss.conf correctly issue:
            Support debug=on setting.
            Support put server address and secret in same row.
3. Fix the parse_config_file method not reset server list before parse config file issue.

#### How I did it
The bash plugin will be called before every user command, and check user command with remote TACACS+ server for per-command authorization.

#### How to verify it
UT with CUnit cover all code in this plugin.
Also pass all current UT.

#### Which release branch to backport (provide reason below if selected)
N/A

#### Description for the changelog
Add Bash TACACS+ plugin.


#### A picture of a cute animal (not mandatory but encouraged)
2021-11-13 09:57:30 +08:00

49 lines
1.4 KiB
Makefile
Raw Blame History

# libpam-tacplus packages
PAM_TACPLUS_VERSION = 1.4.1-1
export PAM_TACPLUS_VERSION
LIBTAC2 = libtac2_$(PAM_TACPLUS_VERSION)_$(CONFIGURED_ARCH).deb
$(LIBTAC2)_SRC_PATH = $(SRC_PATH)/tacacs/pam
SONIC_MAKE_DEBS += $(LIBTAC2)
LIBPAM_TACPLUS = libpam-tacplus_$(PAM_TACPLUS_VERSION)_$(CONFIGURED_ARCH).deb
$(LIBPAM_TACPLUS)_RDEPENDS += $(LIBTAC2)
$(eval $(call add_extra_package,$(LIBTAC2),$(LIBPAM_TACPLUS)))
LIBTAC_DEV = libtac-dev_$(PAM_TACPLUS_VERSION)_$(CONFIGURED_ARCH).deb
$(LIBTAC_DEV)_DEPENDS += $(LIBTAC2)
$(eval $(call add_derived_package,$(LIBTAC2),$(LIBTAC_DEV)))
# libnss-tacplus packages
NSS_TACPLUS_VERSION = 1.0.4-1
export NSS_TACPLUS_VERSION
LIBNSS_TACPLUS = libnss-tacplus_$(NSS_TACPLUS_VERSION)_$(CONFIGURED_ARCH).deb
$(LIBNSS_TACPLUS)_DEPENDS += $(LIBTAC_DEV)
$(LIBNSS_TACPLUS)_RDEPENDS += $(LIBTAC2)
$(LIBNSS_TACPLUS)_SRC_PATH = $(SRC_PATH)/tacacs/nss
SONIC_MAKE_DEBS += $(LIBNSS_TACPLUS)
# bash-tacplus packages
BASH_TACPLUS_VERSION = 1.0.0
export BASH_TACPLUS_VERSION
BASH_TACPLUS = bash-tacplus_$(BASH_TACPLUS_VERSION)_$(CONFIGURED_ARCH).deb
$(BASH_TACPLUS)_DEPENDS += $(LIBTAC_DEV)
$(BASH_TACPLUS)_RDEPENDS += $(LIBTAC2)
$(BASH_TACPLUS)_SRC_PATH = $(SRC_PATH)/tacacs/bash_tacplus
SONIC_DPKG_DEBS += $(BASH_TACPLUS)
# The .c, .cpp, .h & .hpp files under src/{$DBG_SRC_ARCHIVE list}
# are archived into debug one image to facilitate debugging.
#
DBG_SRC_ARCHIVE += tacacs
Reference in New Issue View Git Blame Copy Permalink