[tac_plus] regex for pipe in command syntax
John Heasley
heas at shrubbery.net
Fri Feb 20 17:27:01 UTC 2015
Fri, Feb 20, 2015 at 11:03:01AM -0500, Asif Iqbal:
> On Fri, Feb 20, 2015 at 10:23 AM, John Heasley <heas at shrubbery.net> wrote:
>
> > Am 20.02.2015 um 04:54 schrieb Alan McKinnon <alan.mckinnon at gmail.com>:
> > >
> > > The deny/permit statements are regexes, so it treats the pipe character
> > as
> > > an "OR". Try this for 3409:
> > >
> > > permit "^logging\|include foo$"
> >
> > | should only be a regex atom inside ()s. So it should not need to be
> > escaped, though it should have no effect.
> >
> >
> John, Yep. | has not effect.
>
> Alan, permit "^logging|include foo$" is the correct syntax. permit
> "^logging\|include foo$" gets complain like below
again, I think that you will find that the router *does not* send
"logging|include foo" to tacacs, it is probably "logging | include foo".
check it will debugging on the router or daemon.
> Fri Feb 20 10:54:34 2015 [4614]: Error expecting '}' but found 'include'
> on line 3409
>
> With permit "^logging|include foo$" I see T+ only sees ``show logging''
>
> Fri Feb 20 10:59:41 2015 [4658]: line 3409 compare show permit '^logging |
> include ERRINTR' & 'logging <cr>' no match
> Fri Feb 20 10:59:41 2015 [4658]: show logging <cr> permitted by line 3409
>
> So it looks like T+ only sees whatever before the pipe(|) and makes
> decision on permit/deny based on that.
again, I think that you may have a syntax error elsewhere. you can send
your config file to me privately and I'll check it. But, I added the
line you provided to a sample config and no errors resulted.
More information about the tac_plus
mailing list