Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RADIUS Management User Authentication Feature #7284

Merged
merged 5 commits into from
Apr 24, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions files/build_templates/sonic_debian_extension.j2
Original file line number Diff line number Diff line change
Expand Up @@ -291,6 +291,16 @@ sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libnss-tacplus_*.deb || \
sudo LANG=C chroot $FILESYSTEM_ROOT pam-auth-update --remove tacplus
sudo sed -i -e '/^passwd/s/ tacplus//' $FILESYSTEM_ROOT/etc/nsswitch.conf

# Install pam-radius-auth and nss-radius
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libpam-radius-auth_*.deb || \
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libnss-radius_*.deb || \
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
# Disable radius by default
# radius does not have any profiles
#sudo LANG=C chroot $FILESYSTEM_ROOT pam-auth-update --remove radius tacplus
sudo sed -i -e '/^passwd/s/ radius//' $FILESYSTEM_ROOT/etc/nsswitch.conf

# Install a custom version of kdump-tools (and its dependencies via 'apt-get -y install -f')
if [[ $CONFIGURED_ARCH == amd64 ]]; then
sudo DEBIAN_FRONTEND=noninteractive dpkg --root=$FILESYSTEM_ROOT -i $debs_path/kdump-tools_*.deb || \
Expand Down
13 changes: 13 additions & 0 deletions rules/radius.dep
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@

SPATH := $($(LIBPAM_RADIUS)_SRC_PATH)
DEP_FILES := $(SONIC_COMMON_FILES_LIST) rules/radius.mk rules/radius.dep
DEP_FILES += $(SONIC_COMMON_BASE_FILES_LIST)
DEP_FILES += $(shell git ls-files $(SPATH))

$(LIBPAM_RADIUS)_CACHE_MODE := GIT_CONTENT_SHA
$(LIBPAM_RADIUS)_DEP_FLAGS := $(SONIC_COMMON_FLAGS_LIST)
$(LIBPAM_RADIUS)_DEP_FILES := $(DEP_FILES)

$(LIBNSS_RADIUS)_CACHE_MODE := GIT_CONTENT_SHA
$(LIBNSS_RADIUS)_DEP_FLAGS := $(SONIC_COMMON_FLAGS_LIST)
$(LIBNSS_RADIUS)_DEP_FILES := $(DEP_FILES)
24 changes: 24 additions & 0 deletions rules/radius.mk
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# libpam-radius-auth packages

PAM_RADIUS_VERSION = 1.4.1-1

export PAM_RADIUS_VERSION

LIBPAM_RADIUS = libpam-radius-auth_$(PAM_RADIUS_VERSION)_amd64.deb
$(LIBPAM_RADIUS)_SRC_PATH = $(SRC_PATH)/radius/pam
SONIC_MAKE_DEBS += $(LIBPAM_RADIUS)

SONIC_STRETCH_DEBS += $(LIBPAM_RADIUS)

# libnss-radius packages

NSS_RADIUS_VERSION = 1.0.1-1

export NSS_RADIUS_VERSION

LIBNSS_RADIUS = libnss-radius_$(NSS_RADIUS_VERSION)_amd64.deb
$(LIBNSS_RADIUS)_SRC_PATH = $(SRC_PATH)/radius/nss
SONIC_MAKE_DEBS += $(LIBNSS_RADIUS)

SONIC_STRETCH_DEBS += $(LIBNSS_RADIUS)

2 changes: 2 additions & 0 deletions slave.mk
Original file line number Diff line number Diff line change
Expand Up @@ -849,6 +849,8 @@ $(addprefix $(TARGET_PATH)/, $(SONIC_INSTALLERS)) : $(TARGET_PATH)/% : \
$(IFUPDOWN2) \
$(KDUMP_TOOLS) \
$(NTP) \
$(LIBPAM_RADIUS) \
$(LIBNSS_RADIUS) \
$(LIBPAM_TACPLUS) \
$(LIBNSS_TACPLUS) \
$(MONIT) \
Expand Down
23 changes: 23 additions & 0 deletions src/radius/nss/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
.ONESHELL:
SHELL = /bin/bash
.SHELLFLAGS += -e

MAIN_TARGET = libnss-radius_$(NSS_RADIUS_VERSION)_amd64.deb

$(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
pushd ./libnss-radius

make clean
-rm -rf debian
-rm -rf patches
cp -r ../debian .
cp -r ../patches .

# Apply patch (if any)

dpkg-buildpackage -rfakeroot -b -us -uc
popd

mv $(DERIVED_TARGETS) $* $(DEST)/

$(addprefix $(DEST)/, $(DERIVED_TARGETS)): $(DEST)/% : $(DEST)/$(MAIN_TARGET)
5 changes: 5 additions & 0 deletions src/radius/nss/debian/README.Debian
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
libnss-radius for Debian

The Debian version of the libnss-radius package.

-- Arun Barboza <29963827+a-barboza@users.noreply.github.com> Tue, 24 Sep 2019 00:20:55 +0000
6 changes: 6 additions & 0 deletions src/radius/nss/debian/changelog
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
libnss-radius (1.0.1-1) unstable; urgency=low

* Initial release. NSS lookups for RADIUS users with cached Management
Privilege Level (MPL) attribute.

-- Arun Barboza <29963827+a-barboza@users.noreply.github.com> Tue, 24 Sep 2019 00:20:55 +0000
1 change: 1 addition & 0 deletions src/radius/nss/debian/compat
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
9
17 changes: 17 additions & 0 deletions src/radius/nss/debian/control
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
Source: libnss-radius
Section: libs
Priority: optional
Maintainer: Arun Barboza <29963827+a-barboza@users.noreply.github.com>
Build-Depends: debhelper (>=9)
Standards-Version: 3.9.6
Homepage: http://www.broadcom.com

Package: libnss-radius
Section: libs
Architecture: any
Multi-Arch: same
Pre-Depends: ${misc:Pre-Depends}
Depends: ${misc:Depends}, ${shlibs:Depends}
Description: NSS module for RADIUS authentication absent local account.
NSS lookups for RADIUS authenticated users using the Management Privilege
Level (MPL) cached attribute.
21 changes: 21 additions & 0 deletions src/radius/nss/debian/copyright
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: libnss-radius
Source: http://www.broadcom.com

Files: *
Copyright: 2019 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
License: Apache
Copyright 2019 Broadcom. All rights reserved.
The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
http://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
15 changes: 15 additions & 0 deletions src/radius/nss/debian/rules
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
#!/usr/bin/make -f
# You must remove unused comment lines for the released package.
#export DH_VERBOSE = 1
#export DEB_BUILD_MAINT_OPTIONS = hardening=+all
#export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic
#export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed

%:
dh $@

#override_dh_auto_install:
# dh_auto_install -- prefix=/usr

#override_dh_install:
# dh_install --list-missing -X.pyc -X.pyo
2 changes: 2 additions & 0 deletions src/radius/nss/debian/watch
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# You must remove unused comment lines for the released package.
version=3
6 changes: 6 additions & 0 deletions src/radius/nss/libnss-radius/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
cache_radius
libnss_radius.so.2
test_cache_radius
test_nss_radius
debian
patches
14 changes: 14 additions & 0 deletions src/radius/nss/libnss-radius/LICENSE
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
Copyright 2019 Broadcom. All rights reserved.
The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
59 changes: 59 additions & 0 deletions src/radius/nss/libnss-radius/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
#######################################################################
#
# Copyright 2019 Broadcom. All rights reserved.
# The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
#
#######################################################################

#
# Makefile for libnss-radius
#

TARGETS = libnss_radius.so.2 cache_radius
COMMON_INCLUDE = nss_radius_common.h
COMMON_SOURCE = nss_radius_common.c
LIBNSS_SOURCE = nss_radius.c $(COMMON_SOURCE)
CACHE_SOURCE = cache_radius.c $(COMMON_SOURCE)

# For now place the multiarch flag here
# Eventually this needs to be move to the debian packaging
#moduledir = $(prefix)/lib/x86_64-linux-gnu
moduledir = $(prefix)/lib/$(DEB_HOST_MULTIARCH)


all: $(TARGETS)

libnss_radius.so.2: $(LIBNSS_SOURCE) $(COMMON_INCLUDE)
$(CC) $(CFLAGS) $(LDFLAGS) -fPIC -Wall -shared -o libnss_radius.so.2 \
-Wl,-soname,libnss_radius.so.2 -Wl,--version-script=libnss_radius_vs.txt $(LIBNSS_SOURCE)

cache_radius: $(CACHE_SOURCE) $(COMMON_INCLUDE)
$(CC) $(CFLAGS) $(LDFLAGS) -o cache_radius $(CACHE_SOURCE)

clean:
-rm -f $(TARGETS)
-rm -f test_nss_radius test_cache_radius

install: libnss_radius.so.2 cache_radius
install -m 0644 -D libnss_radius.so.2 \
$(DESTDIR)$(moduledir)/libnss_radius.so.2
install -m 0755 -D cache_radius \
$(DESTDIR)$(prefix)/usr/sbin/cache_radius
install -m 0755 -d $(DESTDIR)$(prefix)/etc/pam_radius_auth.d/

distclean: clean

uninstall:
-rm -f $(DESTDIR)$(moduledir)/libnss_radius.so.2
-rm -f $(DESTDIR)$(prefix)/usr/sbin/cache_radius

test: test_nss_radius.c $(LIBNSS_SOURCE) $(CACHE_SOURCE) \
$(COMMON_SOURCE) $(COMMON_INCLUDE)
$(CC) $(CFLAGS) $(LDFLAGS) -g -DTEST_RADIUS_NSS -o test_nss_radius \
$(LIBNSS_SOURCE) test_nss_radius.c
$(CC) $(CFLAGS) $(LDFLAGS) -g -DTEST_RADIUS_NSS -o test_cache_radius \
$(CACHE_SOURCE)


.PHONY: all install clean distclean uninstall test

Loading