[TACACS+] Add plugin support to bash.

files/build_templates/sonic_debian_extension.j2

@@ -265,6 +265,10 @@ sudo rm -rf $FILESYSTEM_ROOT/$SONIC_UTILITIES_PY3_WHEEL_NAME
 sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/sonic-utilities-data_*.deb || \
     sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
 
+# Install customized bash version to patch bash plugin support.
+sudo dpkg --root=$FILESYSTEM_ROOT -i target/debs/bash_*.deb || \
+    sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
+
 # sonic-utilities-data installs bash-completion as a dependency. However, it is disabled by default
 # in bash.bashrc, so we copy a version of the file with it enabled here.
 sudo cp -f $IMAGE_CONFIGS/bash/bash.bashrc $FILESYSTEM_ROOT/etc/

rules/bash.mk

@@ -1,14 +1,12 @@
 # bash package
 #
-# Created to patch memory-leak issue in the bash-package included in Debian-8 (Jessie)
-# release. This rule file, and the associated building-infra created to solve this
-# bug (src/bash/), should be eliminated once the migration to Debian-9 (Stretch) is
-# completed.
+# Created to patch plugin support in the bash-package included in Debian-10 (Buster)
+# release.
 
-# Bash major release-number corresponding to Debian-8 (Jessie)
-BASH_VERSION_MAJOR = 4.3
-# Bash complete release-number. This image contains all 4.3 fixes  up to patch '42'.
-BASH_VERSION_FULL = $(BASH_VERSION_MAJOR)-14
+# Bash major release-number corresponding to Debian-10 (Buster)
+BASH_VERSION_MAJOR = 5.0
+# Bash complete release-number. This image contains all 5.0 fixes  up to patch '4'.
+BASH_VERSION_FULL = $(BASH_VERSION_MAJOR)-4
 
 export BASH_VERSION_MAJOR BASH_VERSION_FULL
 

slave.mk

@@ -910,7 +910,8 @@ $(addprefix $(TARGET_PATH)/, $(SONIC_INSTALLERS)) : $(TARGET_PATH)/% : \
                 $(PYTHON_SWSSCOMMON) \
                 $(PYTHON3_SWSSCOMMON) \
                 $(SONIC_UTILITIES_DATA) \
-                $(SONIC_HOST_SERVICES_DATA)) \
+                $(SONIC_HOST_SERVICES_DATA) \
+                $(BASH)) \
         $$(addprefix $(TARGET_PATH)/,$$($$*_DOCKERS)) \
         $$(addprefix $(TARGET_PATH)/,$$(SONIC_PACKAGES_LOCAL)) \
         $$(addprefix $(FILES_PATH)/,$$($$*_FILES)) \

sonic-slave-bullseye/Dockerfile.j2

@@ -250,6 +250,12 @@ RUN apt-get update && apt-get install -y \
         iproute2 \
 # For bash
         texi2html \
+        sharutils \
+        locales \
+        time \
+        man2html-base \
+        libcunit1 \
+        libcunit1-dev \
 # For initramfs
         shellcheck \
         bash-completion \

sonic-slave-buster/Dockerfile.j2

@@ -258,6 +258,12 @@ RUN apt-get update && apt-get install -y \
         iproute2 \
 # For bash
         texi2html \
+        sharutils \
+        locales \
+        time \
+        man2html-base \
+        libcunit1 \
+        libcunit1-dev \
 # For initramfs
         shellcheck \
         bash-completion \

sonic-slave-jessie/Dockerfile.j2

@@ -231,6 +231,12 @@ RUN apt-get update && apt-get install -y \
         texlive-latex-recommended \
 # For bash
         texi2html \
+        sharutils \
+        locales \
+        time \
+        man2html-base \
+        libcunit1 \
+        libcunit1-dev \
 # For initramfs
         bash-completion \
 {% if CONFIGURED_ARCH == "amd64" -%}

sonic-slave-stretch/Dockerfile.j2

@@ -254,6 +254,12 @@ RUN apt-get update && apt-get install -y \
         iproute2 \
 # For bash
         texi2html \
+        sharutils \
+        locales \
+        time \
+        man2html-base \
+        libcunit1 \
+        libcunit1-dev \
 # For initramfs
         bash-completion \
 {%- if CONFIGURED_ARCH == "amd64" %}

src/bash/.gitignore

@@ -1,3 +1,7 @@
 *
 !.gitignore
 !Makefile
+!Files/
+!Files/*
+!patches/
+!patches/*

src/bash/Files/unittest/Makefile

@@ -0,0 +1,18 @@
+#disable some warning because UT need test functions not in header file.
+CFLAGS = -Wno-parentheses -Wno-format-security -Wno-implicit-function-declaration -c
+IFLAGS = -I.. -I../include -I../lib
+MFLAG = -DDEBUG -DBASH_PLUGIN_UT
+
+all:
+	gcc plugin_test.c $(IFLAGS) $(CFLAGS) -o plugin_test.o
+	gcc mock_helper.c $(IFLAGS) $(CFLAGS) -o mock_helper.o
+	gcc ../plugin.c   $(IFLAGS) $(CFLAGS) $(MFLAG) -o plugin.o
+	gcc  plugin_test.o  mock_helper.o plugin.o -o plugin_test  -lc -lcunit 
+
+test:
+	# run unit test, if UT failed, build will break
+	./plugin_test
+
+clean:
+	rm *.o
+	rm plugin_test

src/bash/Files/unittest/bash_plugins.conf

@@ -0,0 +1,6 @@
+# tacacs authorization plugin
+plugin=/home/liuh/tacacs-bash-plugin/tacacs-authorization.so
+plugin=/usr/lib/bash-plugins/another_test_plugin.so # test comments
+
+
+# test line

src/bash/Files/unittest/mock_helper.c

@@ -0,0 +1,218 @@
+/* mock_helper.c -- mock helper for bash plugin UT. */
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <CUnit/CUnit.h>
+#include <CUnit/Basic.h>
+#include "mock_helper.h"
+
+// define BASH_PLUGIN_UT_DEBUG to output UT debug message.
+//#define BASH_PLUGIN_UT_DEBUG
+#if defined (BASH_PLUGIN_UT_DEBUG)
+#       define debug_printf printf
+#else
+#       define debug_printf
+#endif
+
+/* itrace buffer */
+char mock_itrace_message_buffer[1024];
+
+/* bash run command buffer */
+char mock_onshell_execve_command_buffer[1024];
+
+/* plugin handles. */
+void* mock_plugin_handle = (void*)TEST_MOCK_PLUGIN_HANDLE;
+void* mock_plugin_default_function_handle = (void*)0x2234;
+void* mock_plugin_on_shell_execve_handle = (void*)0x3234;
+char* mock_dlerror_failed = "MOCK error";
+char* mock_dlerror = NULL;
+
+/* define test scenarios for mock functions return different value by scenario. */
+int test_scenario;
+
+/* define test scenarios for different return value. */
+int plugin_init_status;
+
+/* define memory allocate counter. */
+int memory_allocate_count;
+
+/* Set test scenario for test*/
+void set_test_scenario(int scenario)
+{
+  test_scenario = scenario;
+}
+
+/* Get test scenario for test*/
+int get_test_scenario()
+{
+  return test_scenario;
+}
+
+/* Set plugin init status for test*/
+void set_plugin_init_status(int status)
+{
+  plugin_init_status = status;
+}
+
+/* Get plugin init status for test*/
+int get_plugin_init_status()
+{
+  return plugin_init_status;
+}
+
+/* Set memory allocate count for test*/
+void set_memory_allocate_count(int count)
+{
+  memory_allocate_count = count;
+}
+
+/* Get memory allocate count for test*/
+int get_memory_allocate_count()
+{
+  return memory_allocate_count;
+}
+
+/* MOCK plugin_init method*/
+int mock_plugin_init()
+{
+  set_plugin_init_status(PLUGIN_INITIALIZED);
+}
+
+/* MOCK plugin_init method*/
+int mock_plugin_uninit()
+{
+  set_plugin_init_status(PLUGIN_NOT_INITIALIZE);
+}
+
+/* MOCK on_shell_execve method*/
+int mock_on_shell_execve (char *user, int shell_level, char *cmd, char **argv)
+{
+  // set mock command data to buffer for UT.
+  memset(mock_onshell_execve_command_buffer, 0, sizeof(mock_onshell_execve_command_buffer));
+
+  snprintf(mock_onshell_execve_command_buffer, sizeof(mock_onshell_execve_command_buffer), "on_shell_execve: user: %s, level: %d, command: %s, argv: %p\n", user, shell_level, cmd, argv);
+
+  debug_printf("MOCK: mock_on_shell_execve: %s\n", mock_onshell_execve_command_buffer);
+}
+
+/* MOCK dlopen*/
+void *dlopen(const char *filename, int flags)
+{
+	debug_printf("MOCK: dlopen: %s\n", filename);
+  if (TEST_SCEANRIO_PLUGIN_NOT_EXIT == test_scenario)
+  {
+	  // return null when plugin not exist
+	  mock_dlerror = mock_dlerror_failed;
+	  return NULL;
+  }
+
+  // all other case return mock handle
+  mock_dlerror = NULL;
+  return mock_plugin_handle;
+}
+
+/* MOCK dlclose*/
+int dlclose(void *handle)
+{
+	debug_printf("MOCK: dlclose: %p\n", handle);
+	// check if the close handle match the opened handle
+	CU_ASSERT_EQUAL(handle, mock_plugin_handle);
+}
+
+/* MOCK dlsym*/
+void *dlsym(void *restrict handle, const char *restrict symbol)
+{
+	debug_printf("MOCK: dlsym: %p, %s\n", handle, symbol);
+	mock_dlerror = NULL;
+	switch (test_scenario)
+	{
+		case TEST_SCEANRIO_PLUGIN_EXECVE_NOT_EXIT:
+			if (strcmp(symbol, "on_shell_execve") == 0)
+			{
+				mock_dlerror = mock_dlerror_failed;
+				return NULL;
+			}
+
+		case TEST_SCEANRIO_PLUGIN_UNINIT_NOT_EXIT:
+			if (strcmp(symbol, "plugin_uninit") == 0)
+			{
+				mock_dlerror = mock_dlerror_failed;
+				return NULL;
+			}
+
+		case TEST_SCEANRIO_PLUGIN_INIT_NOT_EXIT:
+			if (strcmp(symbol, "plugin_init") == 0)
+			{
+				mock_dlerror = mock_dlerror_failed;
+				return NULL;
+			}
+
+		case TEST_SCEANRIO_PLUGIN_INIT_SUCCESS:
+			if (strcmp(symbol, "plugin_init") == 0)
+			{
+				// return mock method handle so plugin framework will call it to initialize
+				return mock_plugin_init;
+			}
+			else if (strcmp(symbol, "plugin_uninit") == 0)
+			{
+				// return mock method handle so plugin framework will call it to initialize
+				return mock_plugin_uninit;
+			}
+			else if (strcmp(symbol, "on_shell_execve") == 0)
+			{
+				// return mock method handle so plugin framework will call it to initialize
+				return mock_on_shell_execve;
+			}
+	}
+
+	return mock_plugin_default_function_handle;
+}
+
+/* MOCK dlerror*/
+char *dlerror(void)
+{
+	return mock_dlerror;
+}
+
+/* MOCK get_string_value*/
+char *get_string_value(const char * str)
+{
+	return "1";
+}
+
+/* MOCK absolute_program*/
+int absolute_program (const char * str)
+{
+	return 0;
+}
+
+/* MOCK itrace*/
+void itrace (const char * format, ...)
+{
+  // set mock message data to buffer for UT.
+  memset(mock_itrace_message_buffer, 0, sizeof(mock_itrace_message_buffer));
+
+  va_list args;
+  va_start(args, format);
+  // save message to buffer to UT check later
+  vsnprintf(mock_itrace_message_buffer, sizeof(mock_itrace_message_buffer), format, args);
+  va_end(args);
+  debug_printf("MOCK: itrace: %s\n", mock_itrace_message_buffer);
+}
+
+/* MOCK malloc method*/
+void* mock_malloc (size_t size)
+{
+	memory_allocate_count++;
+	debug_printf("MOCK: malloc memory count: %d\n", memory_allocate_count);
+	return malloc(size);
+}
+
+/* MOCK free method*/
+void mock_free (void* ptr)
+{
+	memory_allocate_count--;
+	debug_printf("MOCK: free memory count: %d\n", memory_allocate_count);
+	free(ptr);
+}