From heas at shrubbery.net  Wed Nov  6 02:12:00 2019
From: heas at shrubbery.net (john heasley)
Date: Wed, 6 Nov 2019 02:12:00 +0000
Subject: [tac_plus] Escaping special characters within double quotes
In-Reply-To: <8EAB358A-2C79-4420-9729-08C7C9B4466B@hpe.com>
References: <8EAB358A-2C79-4420-9729-08C7C9B4466B@hpe.com>
Message-ID: <20191106021200.GA85864@shrubbery.net>

Fri, Sep 13, 2019 at 12:06:06AM +0000, Viswanathan, Vasanth:
> Hi,
> 
> I am using tac_plus version F4.0.4.28. tac_plus man page suggests to use double-quotes when a string has white spaces. Here is an example of command authorization in tac_plus.conf file ?
> 
> cmd = ping {
>     permit ?10\.10\.10\.[2-9]+ -c 10? # allow 10 pings
>     deny ?10\.10\.10\.[2-9]+ -c 100? # don?t allow 100 pings
> }
> 
> I have to enclose the regex in double-quotes because it has multiple arguments. But this causes tac_plus to not start due to parsing error.
> However this works (without double-quotes) ?
> 
> cmd = ping {
>     permit 10\.10\.10\.[2-9]+
>     deny 10\.10\.10\.[20-30]+
> }
> 
> I looked the source code and it seems like tac_plus only allows backslash/quote/newline character after a backslash within a double-quoted string. I am trying to understand why we have this restriction.
> 
> Thanks!
> Vasanth
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20190913/dbc324c2/attachment.html>
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus

there was an error in the error reporting.  fixed in the attached diff.

and, the whitespace in a quoted string was not handled, nor was backslash-
quoting the whitespace or any of the regex atoms.  In the diff I've also
changed this to only treat \" specially; anything else is just copied.  I
struggled with this decision, but I think it is acceptable.

Please report if there are problems.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tacparse.diff
Type: text/x-diff
Size: 1463 bytes
Desc: not available
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20191106/0c6fbcb5/attachment.diff>

From vasanth.viswanathan at hpe.com  Fri Nov  8 19:29:49 2019
From: vasanth.viswanathan at hpe.com (Viswanathan, Vasanth)
Date: Fri, 8 Nov 2019 19:29:49 +0000
Subject: [tac_plus] Escaping special characters within double quotes
In-Reply-To: <20191106021200.GA85864@shrubbery.net>
References: <8EAB358A-2C79-4420-9729-08C7C9B4466B@hpe.com>
 <20191106021200.GA85864@shrubbery.net>
Message-ID: <33665A28-C175-48D8-9BCB-5ACC105A5830@hpe.com>


?On 11/5/19, 6:12 PM, "john heasley" <heas at shrubbery.net> wrote:

>     Fri, Sep 13, 2019 at 12:06:06AM +0000, Viswanathan, Vasanth:
>    > Hi,
>    > 
>    > I am using tac_plus version F4.0.4.28. tac_plus man page suggests to use double-quotes when a string has white spaces. Here is an example of command authorization in tac_plus.conf file ?
>    > 
 >   > cmd = ping {
 >   >     permit ?10\.10\.10\.[2-9]+ -c 10? # allow 10 pings
 >   >     deny ?10\.10\.10\.[2-9]+ -c 100? # don?t allow 100 pings
 >   > }
 >   > 
 >   > I have to enclose the regex in double-quotes because it has multiple arguments. But this causes tac_plus to not start due to parsing error.
 >   > However this works (without double-quotes) ?
 >   > 
 >   > cmd = ping {
 >   >     permit 10\.10\.10\.[2-9]+
 >   >     deny 10\.10\.10\.[20-30]+
 >   > }
 >   > 
 >   > I looked the source code and it seems like tac_plus only allows backslash/quote/newline character after a backslash within a double-quoted string. I am trying to understand why we have this restriction.
 >   > 
 >   > Thanks!
 >   > Vasanth    
 >   there was an error in the error reporting.  fixed in the attached diff.
 >   
 >   and, the whitespace in a quoted string was not handled, nor was backslash-
 >   quoting the whitespace or any of the regex atoms.  In the diff I've also
>    changed this to only treat \" specially; anything else is just copied.  I
>    struggled with this decision, but I think it is acceptable.
>    
>    Please report if there are problems.

Thanks John ! It works now. I had done a similar change to get around the problem. But I was not sure if there was a special reason to only allowing certain characters after a backslash inside double quotes which is why I started the email. Will you merge the diff to tac_plus code base? And will it be available in a follow-up tac_plus version?



From heas at shrubbery.net  Fri Nov  8 19:33:15 2019
From: heas at shrubbery.net (john heasley)
Date: Fri, 8 Nov 2019 19:33:15 +0000
Subject: [tac_plus] Escaping special characters within double quotes
In-Reply-To: <33665A28-C175-48D8-9BCB-5ACC105A5830@hpe.com>
References: <8EAB358A-2C79-4420-9729-08C7C9B4466B@hpe.com>
 <20191106021200.GA85864@shrubbery.net>
 <33665A28-C175-48D8-9BCB-5ACC105A5830@hpe.com>
Message-ID: <20191108193315.GN56171@shrubbery.net>

Fri, Nov 08, 2019 at 07:29:49PM +0000, Viswanathan, Vasanth:
> Thanks John ! It works now. I had done a similar change to get around the problem. But I was not sure if there was a special reason to only allowing certain characters after a backslash inside double quotes which is why I started the email. Will you merge the diff to tac_plus code base? And will it be available in a follow-up tac_plus version?

super, thanks for reporting & confirming the fix.

it has been committed.  I made a few other changes that i'm still testing
and have one other that I would like to commit & test.  After that, I
will roll a new version and announce it on the tac_plus-announce ML.