Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

T5110: Fix op-mode FRR vtysh_pam account validation #1918

Merged
merged 1 commit into from
Mar 29, 2023
Merged

T5110: Fix op-mode FRR vtysh_pam account validation #1918

merged 1 commit into from
Mar 29, 2023

Conversation

sever-sever
Copy link
Member

Change Summary

With FRR 8.5, there exists the file /etc/pam.d/frr
With this file, by default, we have cosmetic error for any op-mode command

$ show ip bgp
vtysh_pam: Failed in account validation: Success(0)No BGP prefixes displayed, 0 exist

Fix it

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe):

Related Task(s)

Component(s) name

pam.d

Proposed changes

How to test

Before fix:

vyos@vyos:~$ cat /etc/pam.d/frr
# Any user may call vtysh but only those belonging to the group frrvty can
# actually connect to the socket and use the program.
auth	sufficient	pam_permit.so
account	sufficient	pam_rootok.so

FRR any op-mode command:

vyos@r14:~$ show ip bgp 
vtysh_pam: Failed in account validation: Success(0)No BGP prefixes displayed, 0 exist
vyos@r14:~$

After the fix:

vyos@r14:~$ sudo cat /etc/pam.d/frr 
# Any user may call vtysh but only those belonging to the group frrvty can
# actually connect to the socket and use the program.
auth	sufficient	pam_permit.so
account	sufficient	pam_permit.so
vyos@r14:~$ 
vyos@r14:~$ 
vyos@r14:~$ show ip bgp
No BGP prefixes displayed, 0 exist
vyos@r14:~$

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • I have run the components SMOKETESTS if applicable
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

@sever-sever
T5110: Fix op-mode FRR vtysh_pam account validation
116b939 
With FRR 8.5 there is exists file /etc/pam.d/frr
With this file by default we have cosmtetic error for any op-mode
command

$ show ip bgp
vtysh_pam: Failed in account validation: Success(0)No BGP prefixes displayed, 0 exist

Fix it
@vyosbot vyosbot requested review from a team, dmbaturin, sarthurdev, zdc, jestabro and c-po and removed request for a team March 29, 2023 08:43
@c-po c-po merged commit d07ca83 into vyos:current Mar 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@c-po c-po c-po approved these changes

@dmbaturin dmbaturin Awaiting requested review from dmbaturin dmbaturin is a code owner automatically assigned from vyos/reviewers

@sarthurdev sarthurdev Awaiting requested review from sarthurdev sarthurdev is a code owner automatically assigned from vyos/reviewers

@zdc zdc Awaiting requested review from zdc zdc is a code owner automatically assigned from vyos/reviewers

@jestabro jestabro Awaiting requested review from jestabro jestabro is a code owner automatically assigned from vyos/reviewers

Assignees

@sever-sever sever-sever

Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sever-sever @c-po