[TACACS] Ignore TACACS accounting trace log when debug disabled. (son…

…ic-net#16482) Ignore TACACS accounting trace log when debug disabled. #### Why I did it TACACS accounting trace log is only for debug, improve code to not generate trace log when debug disabled. ##### Work item tracking - Microsoft ADO: 25270078 #### How I did it Ignore TACACS accounting trace log when debug disabled. #### How to verify it Pass all UT. Manually verified the auditd-tacplus not generate trace log when debug disabled. ### Description for the changelog Ignore TACACS accounting trace log when debug disabled.
adyeung · Jan 23, 2024 · a2e57d8 · a2e57d8
1 parent 27edaf7
commit a2e57d8
Showing 1 changed file with 13 additions and 3 deletions.
diff --git a/src/tacacs/audisp/patches/0002-Remove-user-secret-from-accounting-log.patch b/src/tacacs/audisp/patches/0002-Remove-user-secret-from-accounting-log.patch
@@ -13,15 +13,15 @@ Subject: [PATCH] Remove user secret from accounting log.
  regex_helper.h           |  17 +++
  sudoers_helper.c         | 250 +++++++++++++++++++++++++++++++++++++++
  sudoers_helper.h         |  18 +++
- trace.c                  |  21 ++++
+ trace.c                  |  31 +++++
  trace.h                  |  10 ++
  unittest/Makefile        |  21 ++++
  unittest/mock.h          |  17 +++
  unittest/mock_helper.c   |  65 ++++++++++
  unittest/mock_helper.h   |  48 ++++++++
  unittest/password_test.c | 199 +++++++++++++++++++++++++++++++
  unittest/sudoers         |   5 +
- 17 files changed, 931 insertions(+), 4 deletions(-)
+ 17 files changed, 941 insertions(+), 4 deletions(-)
  create mode 100644 password.c
  create mode 100644 password.h
  create mode 100644 regex_helper.c
@@ -700,7 +700,7 @@ new file mode 100644
 index 0000000..44bbbc7
 --- /dev/null
 +++ b/trace.c
-@@ -0,0 +1,21 @@
+@@ -0,0 +1,31 @@
 +#include <stdarg.h>
 +#include <stdio.h>
 +#include <string.h>
@@ -709,9 +709,19 @@ index 0000000..44bbbc7
 +
 +#include "trace.h"
 +
++/* Tacacs+ support lib */
++#include <libtac/support.h>
++
++/* Tacacs control flag */
++extern int tacacs_ctrl;
++
 +/* Output trace log. */
 +void trace(const char *format, ...)
 +{
++    if ((tacacs_ctrl & PAM_TAC_DEBUG) == 0) {
++        return;
++    }
++
 +    // convert log to a string because va args resoursive issue:
 +    // http://www.c-faq.com/varargs/handoff.html
 +    char logBuffer[MAX_LINE_SIZE];