[TACACS] Fix when set TACACS to "tacacs+, local" user can run blocked command with local permission issue. (#17749)

liuh-80 · web-flow · commit d712861634df · 2024-01-26T00:00:00.000-08:00
Fix when set TACACS to "tacacs+, local" user can run blocked command with local permission issue.

#### Why I did it
When set TACACS to "tacacs+, local", user still can run a blocked command with local permission.

##### Work item tracking
- Microsoft ADO: 26399545

#### How I did it
Fix code to reject command when authorized failed from TACACS server side.

#### How to verify it
Pass all UT.

### Description for the changelog
Fix when set TACACS to "tacacs+, local" user can run blocked command with local permission issue.
diff --git a/src/tacacs/bash_tacplus/bash_tacplus.c b/src/tacacs/bash_tacplus/bash_tacplus.c
@@ -471,8 +471,9 @@ int on_shell_execve (char *user, int shell_level, char *cmd, char **argv)
                 fprintf(stdout, "%s not authorized by TACACS+ with given arguments, not executing\n", cmd);
             break;
             default:
+                // when command reject by server, authorization will failed immediately
                 fprintf(stdout, "%s authorize failed by TACACS+ with given arguments, not executing\n", cmd);
-            break;
+                return ret;
         }
 
         if ((tacacs_ctrl & AUTHORIZATION_FLAG_LOCAL) == 0) {
