[TACACS+] Add plugin support to bash.

rules/bash.mk

@@ -6,9 +6,9 @@
 # completed.
 
 # Bash major release-number corresponding to Debian-8 (Jessie)
-BASH_VERSION_MAJOR = 4.3
+BASH_VERSION_MAJOR = 5.0
 # Bash complete release-number. This image contains all 4.3 fixes  up to patch '42'.
-BASH_VERSION_FULL = $(BASH_VERSION_MAJOR)-14
+BASH_VERSION_FULL = $(BASH_VERSION_MAJOR)-4
 
 export BASH_VERSION_MAJOR BASH_VERSION_FULL
 

slave.mk

@@ -910,7 +910,8 @@ $(addprefix $(TARGET_PATH)/, $(SONIC_INSTALLERS)) : $(TARGET_PATH)/% : \
                 $(PYTHON_SWSSCOMMON) \
                 $(PYTHON3_SWSSCOMMON) \
                 $(SONIC_UTILITIES_DATA) \
-                $(SONIC_HOST_SERVICES_DATA)) \
+                $(SONIC_HOST_SERVICES_DATA) \
+                $(BASH)) \
         $$(addprefix $(TARGET_PATH)/,$$($$*_DOCKERS)) \
         $$(addprefix $(TARGET_PATH)/,$$(SONIC_PACKAGES_LOCAL)) \
         $$(addprefix $(FILES_PATH)/,$$($$*_FILES)) \

sonic-slave-bullseye/Dockerfile.j2

@@ -250,6 +250,10 @@ RUN apt-get update && apt-get install -y \
         iproute2 \
 # For bash
         texi2html \
+        sharutils \
+        locales \
+        time \
+        man2html-base \
 # For initramfs
         shellcheck \
         bash-completion \

sonic-slave-buster/Dockerfile.j2

@@ -258,6 +258,10 @@ RUN apt-get update && apt-get install -y \
         iproute2 \
 # For bash
         texi2html \
+        sharutils \
+        locales \
+        time \
+        man2html-base \
 # For initramfs
         shellcheck \
         bash-completion \

sonic-slave-jessie/Dockerfile.j2

@@ -231,6 +231,10 @@ RUN apt-get update && apt-get install -y \
         texlive-latex-recommended \
 # For bash
         texi2html \
+        sharutils \
+        locales \
+        time \
+        man2html-base \
 # For initramfs
         bash-completion \
 {% if CONFIGURED_ARCH == "amd64" -%}

sonic-slave-stretch/Dockerfile.j2

@@ -254,6 +254,10 @@ RUN apt-get update && apt-get install -y \
         iproute2 \
 # For bash
         texi2html \
+        sharutils \
+        locales \
+        time \
+        man2html-base \
 # For initramfs
         bash-completion \
 {%- if CONFIGURED_ARCH == "amd64" %}

src/bash/.gitignore

@@ -1,3 +1,7 @@
 *
 !.gitignore
 !Makefile
+!*.patch
+!*.c
+!*.h
+!unittest/

src/bash/0001-Add-plugin-support-to-bash.patch

@@ -0,0 +1,222 @@
+From b4962d09ab2d41a5e993bf3d8e4ebe32114999dc Mon Sep 17 00:00:00 2001
+From: liuh-80 <[email protected]>
+Date: Fri, 3 Sep 2021 14:05:36 +0800
+Subject: [PATCH] Add plugin support to bash.
+
+---
+ Makefile.in   |  9 +++++----
+ config.h.in   |  3 +++
+ configure     |  9 +++++++++
+ configure.ac  |  7 +++++++
+ execute_cmd.c |  8 ++++++++
+ shell.c       | 12 ++++++++++++
+ 6 files changed, 44 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index 5fcb44b..2a11f69 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -440,7 +440,7 @@ CSOURCES = shell.c eval.c parse.y general.c make_cmd.c print_cmd.c y.tab.c \
+ 	   input.c bashhist.c array.c arrayfunc.c assoc.c sig.c pathexp.c \
+ 	   unwind_prot.c siglist.c bashline.c bracecomp.c error.c \
+ 	   list.c stringlib.c locale.c findcmd.c redir.c \
+-	   pcomplete.c pcomplib.c syntax.c xmalloc.c
++	   pcomplete.c pcomplib.c syntax.c xmalloc.c plugin.c
+
+ HSOURCES = shell.h flags.h trap.h hashcmd.h hashlib.h jobs.h builtins.h \
+ 	   general.h variables.h config.h $(ALLOC_HEADERS) alias.h \
+@@ -448,7 +448,7 @@ HSOURCES = shell.h flags.h trap.h hashcmd.h hashlib.h jobs.h builtins.h \
+ 	   command.h input.h error.h bashansi.h dispose_cmd.h make_cmd.h \
+ 	   subst.h externs.h siglist.h bashhist.h bashline.h bashtypes.h \
+ 	   array.h arrayfunc.h sig.h mailcheck.h bashintl.h bashjmp.h \
+-	   execute_cmd.h parser.h pathexp.h pathnames.h pcomplete.h assoc.h \
++	   execute_cmd.h parser.h pathexp.h pathnames.h pcomplete.h assoc.h plugin.h \
+ 	   $(BASHINCFILES)
+
+ SOURCES	 = $(CSOURCES) $(HSOURCES) $(BUILTIN_DEFS)
+@@ -481,7 +481,7 @@ OBJECTS	 = shell.o eval.o y.tab.o general.o make_cmd.o print_cmd.o $(GLOBO) \
+ 	   trap.o input.o unwind_prot.o pathexp.o sig.o test.o version.o \
+ 	   alias.o array.o arrayfunc.o assoc.o braces.o bracecomp.o bashhist.o \
+ 	   bashline.o $(SIGLIST_O) list.o stringlib.o locale.o findcmd.o redir.o \
+-	   pcomplete.o pcomplib.o syntax.o xmalloc.o $(SIGNAMES_O)
++	   pcomplete.o pcomplib.o syntax.o xmalloc.o plugin.o $(SIGNAMES_O)
+
+ # Where the source code of the shell builtins resides.
+ BUILTIN_SRCDIR=$(srcdir)/builtins
+@@ -1015,7 +1015,7 @@ eval.o: quit.h ${BASHINCDIR}/maxpath.h unwind_prot.h dispose_cmd.h
+ eval.o: make_cmd.h subst.h sig.h pathnames.h externs.h parser.h
+ eval.o: input.h execute_cmd.h 
+ execute_cmd.o: config.h bashtypes.h ${BASHINCDIR}/filecntl.h ${BASHINCDIR}/posixstat.h bashansi.h ${BASHINCDIR}/ansi_stdlib.h
+-execute_cmd.o: shell.h syntax.h config.h bashjmp.h ${BASHINCDIR}/posixjmp.h command.h ${BASHINCDIR}/stdc.h error.h
++execute_cmd.o: shell.h syntax.h config.h bashjmp.h ${BASHINCDIR}/posixjmp.h command.h ${BASHINCDIR}/stdc.h error.h plugin.h
+ execute_cmd.o: general.h xmalloc.h bashtypes.h variables.h arrayfunc.h conftypes.h array.h hashlib.h
+ execute_cmd.o: quit.h ${BASHINCDIR}/maxpath.h unwind_prot.h dispose_cmd.h
+ execute_cmd.o: make_cmd.h subst.h sig.h pathnames.h externs.h parser.h
+@@ -1024,6 +1024,7 @@ execute_cmd.o: execute_cmd.h findcmd.h redir.h trap.h test.h pathexp.h
+ execute_cmd.o: $(DEFSRC)/common.h ${DEFDIR}/builtext.h ${GLOB_LIBSRC}/strmatch.h
+ execute_cmd.o: ${BASHINCDIR}/posixtime.h ${BASHINCDIR}/chartypes.h
+ execute_cmd.o: $(DEFSRC)/getopt.h
++plugin.o: plugin.h
+ expr.o: config.h bashansi.h ${BASHINCDIR}/ansi_stdlib.h 
+ expr.o: shell.h syntax.h config.h bashjmp.h ${BASHINCDIR}/posixjmp.h command.h ${BASHINCDIR}/stdc.h error.h
+ expr.o: general.h xmalloc.h bashtypes.h variables.h arrayfunc.h conftypes.h array.h hashlib.h
+diff --git a/config.h.in b/config.h.in
+index 8554aec..b2b57de 100644
+--- a/config.h.in
++++ b/config.h.in
+@@ -38,6 +38,9 @@
+    BSD-like job control. */
+ #undef JOB_CONTROL
+
++/* Define BASH_PLUGIN if need plugin support. */
++#undef BASH_PLUGIN
++
+ /* Define ALIAS if you want the alias features. */
+ #undef ALIAS
+
+diff --git a/configure b/configure
+index 2f62662..fb033d5 100644
+--- a/configure
++++ b/configure
+@@ -827,6 +827,7 @@ enable_single_help_strings
+ enable_strict_posix_default
+ enable_usg_echo_default
+ enable_xpg_echo_default
++enable_bash_plugin
+ enable_mem_scramble
+ enable_profiling
+ enable_static_link
+@@ -1535,6 +1536,7 @@ Optional Features:
+   --enable-xpg-echo-default
+                           make the echo builtin expand escape sequences by
+                           default
++  --enable-bash-plugin    enable bash plugin features
+   --enable-mem-scramble   scramble memory on calls to malloc and free
+   --enable-profiling      allow profiling with gprof
+   --enable-static-link    link bash statically, for use as a root shell
+@@ -2989,6 +2991,7 @@ opt_dircomplete_expand_default=no
+ opt_globascii_default=yes
+ opt_function_import=yes
+ opt_dev_fd_stat_broken=no
++opt_bash_plugin=yes
+
+ opt_static_link=no
+ opt_profiling=no
+@@ -3010,6 +3013,7 @@ if test $opt_minimal_config = yes; then
+ 	opt_multibyte=yes opt_cond_regexp=no opt_coproc=no
+ 	opt_casemod_attrs=no opt_casemod_expansions=no opt_extglob_default=no
+ 	opt_globascii_default=yes
++	opt_bash_plugin=no
+ fi
+
+ # Check whether --enable-alias was given.
+@@ -3197,6 +3201,11 @@ if test "${enable_xpg_echo_default+set}" = set; then :
+   enableval=$enable_xpg_echo_default; opt_xpg_echo=$enableval
+ fi
+
++# Check whether --enable-bash-plugin was given.
++if test "${enable_bash_plugin+set}" = set; then :
++  enableval=$enable_bash_plugin; opt_bash_plugin=$enableval
++fi
++
+
+ # Check whether --enable-mem-scramble was given.
+ if test "${enable_mem_scramble+set}" = set; then :
+diff --git a/configure.ac b/configure.ac
+index 52b4cdb..2d73d90 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -185,6 +185,7 @@ opt_dircomplete_expand_default=no
+ opt_globascii_default=yes
+ opt_function_import=yes
+ opt_dev_fd_stat_broken=no
++opt_bash_plugin=yes
+
+ dnl options that affect how bash is compiled and linked
+ opt_static_link=no
+@@ -206,6 +207,7 @@ if test $opt_minimal_config = yes; then
+ 	opt_multibyte=yes opt_cond_regexp=no opt_coproc=no
+ 	opt_casemod_attrs=no opt_casemod_expansions=no opt_extglob_default=no
+ 	opt_globascii_default=yes
++	opt_bash_plugin=no
+ fi
+
+ AC_ARG_ENABLE(alias, AC_HELP_STRING([--enable-alias], [enable shell aliases]), opt_alias=$enableval)
+@@ -245,6 +247,7 @@ AC_ARG_ENABLE(single-help-strings, AC_HELP_STRING([--enable-single-help-strings]
+ AC_ARG_ENABLE(strict-posix-default, AC_HELP_STRING([--enable-strict-posix-default], [configure bash to be posix-conformant by default]), opt_strict_posix=$enableval)
+ AC_ARG_ENABLE(usg-echo-default, AC_HELP_STRING([--enable-usg-echo-default], [a synonym for --enable-xpg-echo-default]), opt_xpg_echo=$enableval)
+ AC_ARG_ENABLE(xpg-echo-default, AC_HELP_STRING([--enable-xpg-echo-default], [make the echo builtin expand escape sequences by default]), opt_xpg_echo=$enableval)
++AC_ARG_ENABLE(bash-plugin, AC_HELP_STRING([--enable-bash-plugin], [enable bash plugin features]), opt_bash_plugin=$enableval)
+
+ dnl options that alter how bash is compiled and linked
+ AC_ARG_ENABLE(mem-scramble, AC_HELP_STRING([--enable-mem-scramble], [scramble memory on calls to malloc and free]), opt_memscramble=$enableval)
+@@ -263,6 +266,10 @@ dnl opt_readline and opt_history are handled later, because AC_PROG_CC needs
+ dnl to be run before we can check the version of an already-installed readline
+ dnl library
+
++
++if test $opt_bash_plugin = yes; then
++AC_DEFINE(BASH_PLUGIN)
++fi
+ if test $opt_alias = yes; then
+ AC_DEFINE(ALIAS)
+ fi
+diff --git a/execute_cmd.c b/execute_cmd.c
+index 8b3c83a..c83efea 100644
+--- a/execute_cmd.c
++++ b/execute_cmd.c
+@@ -5458,6 +5458,14 @@ execute_disk_command (words, redirects, command_line, pipe_in, pipe_out,
+ 	 leave it there, in the same format that the user used to
+ 	 type it in. */
+       args = strvec_from_word_list (words, 0, 0, (int *)NULL);
++
++#if defined (BASH_PLUGIN)
++      result = invoke_plugin_on_shell_execve (current_user.user_name, command, args);
++      if (result) {
++        exit (EXECUTION_FAILURE);
++      }
++#endif /* BASH_PLUGIN */
++
+       exit (shell_execve (command, args, export_env));
+     }
+   else
+diff --git a/shell.c b/shell.c
+index a2b2a55..fb94b22 100644
+--- a/shell.c
++++ b/shell.c
+@@ -46,6 +46,10 @@
+ #  include <unistd.h>
+ #endif
+
++#if defined (BASH_PLUGIN)
++#include "plugin.h"
++#endif /* BASH_PLUGIN */
++
+ #include "bashintl.h"
+
+ #define NEED_SH_SETLINEBUF_DECL		/* used in externs.h */
+@@ -561,6 +565,10 @@ main (argc, argv, env)
+   if (shopt_alist)
+     run_shopt_alist ();
+
++#if defined (BASH_PLUGIN)
++	load_plugins ();
++#endif /* BASH_PLUGIN */
++
+   /* From here on in, the shell must be a normal functioning shell.
+      Variables from the environment are expected to be set, etc. */
+   shell_initialize ();
+@@ -804,6 +812,10 @@ main (argc, argv, env)
+   /* Read commands until exit condition. */
+   reader_loop ();
+   exit_shell (last_command_exit_value);
++
++#if defined (BASH_PLUGIN)
++	free_plugins ();
++#endif /* BASH_PLUGIN */
+ }
+
+ static int
+-- 
+2.17.1.windows.2
+

src/bash/Makefile

@@ -9,8 +9,17 @@ $(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
 
 	dget -u https://launchpad.net/debian/+archive/primary/+sourcefiles/bash/$(BASH_VERSION_FULL)/bash_$(BASH_VERSION_FULL).dsc
 
+
 	pushd bash-$(BASH_VERSION_MAJOR)
+
+	# Apply plugin suport patch
+	patch -p1 < ../0001-Add-plugin-support-to-bash.patch
+    cp ../plugin.h ./plugin.h
+    cp ../plugin.c ./plugin.c
+    cp ../unittest ./unittest
 	DEB_BUILD_OPTIONS=nocheck dpkg-buildpackage -us -uc -b -j$(SONIC_CONFIG_MAKE_JOBS) --admindir $(SONIC_DPKG_ADMINDIR)
+
+
 	popd
 
 	mv $* $(DEST)/