zhenfuxu / tacacsserver Goto Github PK

Tacacs服务端 2020-1-15启动

现状：
---现有tacacs+后端加入了freeraidus等组件，每一个环节都会影响着tacacs+的性能
---现有的tacacs+采用的是多进程的方案（传统的apache方案），虽然在linux上创建一个进程的代价是很小的，但是仍旧不可忽略，对于成千上万的tcp连接请求，另外进程之间数据交付较为麻烦。增加了程序的复杂度
---java nio 基于Linux epoll ，epoll支持一个进程打开的socket描述符（fd）不受到进程的限制（仅仅受到系统本身的限制）





预留问题....
分网段多共享密钥?
日志外发？
授权的权限匹配度？



====db===
 select v.*,e.permission_id,e.ace_order,p.id,p.name,p.type from  (SELECT v1.acl_id,
    v1.usertype,
    v1.usergroupid,
    v1.usergroupname,
    v1.userid,
    v1.username,
    v2.restype,
    v2.resgroupid,
    v2.resgroupname,
    v2.clientid,
    v2.clientname
   FROM ( SELECT t0.acl_id,
            'user'::text AS usertype,
            ''::character varying AS usergroupid,
            ''::character varying AS usergroupname,
            m.id AS userid,
            m.name AS username
           FROM (t_aaa_acl_object_identity t0
            JOIN t_acc_master m ON (((t0.object_id_identity)::text = (m.id)::text)and  m.status='normal'))
          WHERE (t0.object_id_class = 1)
        UNION
         SELECT t0.acl_id,
            'usergroup'::text AS usertype,
            g1.id AS usergroupid,
            g1.name AS usergroupname,
            m.id AS userid,
            m.name AS username
           FROM (((t_aaa_acl_object_identity t0
             JOIN t_acc_master_group g1 ON (((t0.object_id_identity)::text = (g1.id)::text)))
             JOIN t_auth_r_mastergroup_master ma1 ON (((ma1.mastergroupid)::text = (g1.id)::text)))
             JOIN t_acc_master m ON (((ma1.masterid)::text = (m.id)::text)and  m.status='normal'))
          WHERE (t0.object_id_class = 2)) v1,
    ( SELECT t0.acl_id,
            'res'::text AS restype,
            ''::character varying AS resgroupid,
            ''::character varying AS resgroupname,
            r.id AS clientid,
            r.name AS clientname
           FROM (t_aaa_acl_object_identity t0
            JOIN t_auth_res r ON (((t0.object_id_identity)::text = (r.id)::text)and r.status='normal'))
          WHERE (t0.object_id_class = 3)
        UNION
         SELECT t0.acl_id,
            'resgroup'::text AS restype,
            g2.id AS resgroupid,
            g2.name AS resgroupname,
            r.id AS clientid,
            r.name AS clientname
           FROM (((t_aaa_acl_object_identity t0
             JOIN t_auth_res_group g2 ON (((t0.object_id_identity)::text = (g2.id)::text)))
             JOIN t_auth_r_resgroup_res ma2 ON (((g2.id)::text = (ma2.resgroupid)::text)))
             JOIN t_auth_res r ON (((ma2.resid)::text = (r.id)::text)and r.status='normal'))
          WHERE (t0.object_id_class = 4)) v2
  WHERE ((v1.acl_id)::text = (v2.acl_id)::text)
  ORDER BY v1.acl_id) v,t_aaa_acl_entry e,t_aaa_permission_group p where e.id =v.acl_id  and p.id=e.permission_id and p.type='1' and p.status='on' order by ace_order desc