tac_plus-ng stuck when checking group membership
jakunow opened this issue · 5 comments
jakunow commented
My version:
872afa5
Server gets stuck when configuration file contains group membership check for user:
if (group == admins)
My config file:
id = spawnd {
listen { port = 49 }
}
id = tac_plus-ng {
log authclog {
destination = /var/log/tac_plus/authc/%Y/%m/%d.log
}
log authzlog {
destination = /var/log/tac_plus/authz/%Y/%m/%d.log
}
log acctlog {
destination = /var/log/tac_plus/acct/%Y/%m/%d.log
}
authentication log = authclog
authorization log = authzlog
accounting log = acctlog
group testgroup
user testuser {
password {
login = clear asdfzxcv1234
}
member = testgroup
}
device test {
address = 0.0.0.0/0
key = labKey
}
profile readwrite {
script {
if (service == shell) {
if (cmd == "") {
set priv-lvl = 15
permit
}
}
}
}
ruleset {
rule from-test {
script {
if (group == testgroup) {
profile = readwrite
permit
}
deny
}
}
}
}
debug = ALL USERINPUT
Starting this server provides output:
<OMMITED FOR BREVITY>
3637: file=tacdebug.conf line=36 sym=[=] buf='='
3637: file=tacdebug.conf line=36 sym=[<string>] buf=''
3637: file=tacdebug.conf line=36 sym=[)] buf=')'
3637: file=tacdebug.conf line=36 sym=[)] buf=')'
3637: file=tacdebug.conf line=36 sym=[)] buf=')'
3637: file=tacdebug.conf line=36 sym=[)] buf=')'
3637: file=tacdebug.conf line=36 sym=[)] buf=')'
3637: file=tacdebug.conf line=36 sym=[<end-of-file>] buf=''
3637: 11:21:42.681 0/00000000: - normalized condition: ((((( cmd = = "")))))
3637: file=tacdebug.conf line=37 sym=[set] buf='set'
3637: file=tacdebug.conf line=37 sym=[priv-lvl] buf='priv-lvl'
3637: file=tacdebug.conf line=37 sym=[=] buf='='
3637: file=tacdebug.conf line=37 sym=[<string>] buf='priv-lvl='
3637: file=tacdebug.conf line=37 sym=[<end-of-file>] buf=''
3637: file=tacdebug.conf line=37 sym=[<string>] buf='15'
3637: file=tacdebug.conf line=38 sym=[permit] buf='permit'
3637: file=tacdebug.conf line=39 sym=[}] buf='}'
3637: file=tacdebug.conf line=40 sym=[}] buf='}'
3637: file=tacdebug.conf line=41 sym=[}] buf='}'
3637: file=tacdebug.conf line=42 sym=[}] buf='}'
3637: file=tacdebug.conf line=44 sym=[ruleset] buf='ruleset'
3637: file=tacdebug.conf line=44 sym=[{] buf='{'
3637: file=tacdebug.conf line=45 sym=[rule] buf='rule'
3637: file=tacdebug.conf line=45 sym=[<string>] buf='from-test'
3637: file=tacdebug.conf line=45 sym=[{] buf='{'
3637: file=tacdebug.conf line=46 sym=[script] buf='script'
3637: file=tacdebug.conf line=46 sym=[{] buf='{'
3637: file=tacdebug.conf line=47 sym=[if] buf='if'
3637: file=tacdebug.conf line=47 sym=[(] buf='('
3637: file=tacdebug.conf line=47 sym=[group] buf='group'
3637: file=tacdebug.conf line=47 sym=[=] buf='='
3637: file=tacdebug.conf line=47 sym=[=] buf='='
3637: file=tacdebug.conf line=47 sym=[<string>] buf='testgroup'
3637: file=tacdebug.conf line=47 sym=[)] buf=')'
3637: file=tacdebug.conf line=47 sym=[{] buf='{'
3637: file=tacdebug.conf line=47 sym=[(] buf='('
3637: file=tacdebug.conf line=47 sym=[(] buf='('
3637: file=tacdebug.conf line=47 sym=[(] buf='('
3637: file=tacdebug.conf line=47 sym=[(] buf='('
3637: file=tacdebug.conf line=47 sym=[(] buf='('
3637: file=tacdebug.conf line=47 sym=[group] buf='group'
Changing keyword from group to member fixes issue:
ruleset {
rule from-test {
script {
if (member == testgroup) {
this gives output and server works:
3662: file=tacdebug.conf line=37 sym=[<end-of-file>] buf=''
3662: file=tacdebug.conf line=37 sym=[<string>] buf='15'
3662: file=tacdebug.conf line=38 sym=[permit] buf='permit'
3662: file=tacdebug.conf line=39 sym=[}] buf='}'
3662: file=tacdebug.conf line=40 sym=[}] buf='}'
3662: file=tacdebug.conf line=41 sym=[}] buf='}'
3662: file=tacdebug.conf line=42 sym=[}] buf='}'
3662: file=tacdebug.conf line=44 sym=[ruleset] buf='ruleset'
3662: file=tacdebug.conf line=44 sym=[{] buf='{'
3662: file=tacdebug.conf line=45 sym=[rule] buf='rule'
3662: file=tacdebug.conf line=45 sym=[<string>] buf='from-test'
3662: file=tacdebug.conf line=45 sym=[{] buf='{'
3662: file=tacdebug.conf line=46 sym=[script] buf='script'
3662: file=tacdebug.conf line=46 sym=[{] buf='{'
3662: file=tacdebug.conf line=47 sym=[if] buf='if'
3662: file=tacdebug.conf line=47 sym=[(] buf='('
3662: file=tacdebug.conf line=47 sym=[member] buf='member'
3662: file=tacdebug.conf line=47 sym=[=] buf='='
3662: file=tacdebug.conf line=47 sym=[=] buf='='
3662: file=tacdebug.conf line=47 sym=[<string>] buf='testgroup'
3662: file=tacdebug.conf line=47 sym=[)] buf=')'
3662: file=tacdebug.conf line=47 sym=[{] buf='{'
3662: file=tacdebug.conf line=47 sym=[(] buf='('
3662: file=tacdebug.conf line=47 sym=[(] buf='('
3662: file=tacdebug.conf line=47 sym=[(] buf='('
3662: file=tacdebug.conf line=47 sym=[(] buf='('
3662: file=tacdebug.conf line=47 sym=[(] buf='('
3662: file=tacdebug.conf line=47 sym=[member] buf='member'
3662: file=tacdebug.conf line=47 sym=[=] buf='='
3662: file=tacdebug.conf line=47 sym=[=] buf='='
3662: file=tacdebug.conf line=47 sym=[<string>] buf='testgroup'
3662: file=tacdebug.conf line=47 sym=[)] buf=')'
3662: file=tacdebug.conf line=47 sym=[)] buf=')'
3662: file=tacdebug.conf line=47 sym=[)] buf=')'
3662: file=tacdebug.conf line=47 sym=[)] buf=')'
3662: file=tacdebug.conf line=47 sym=[)] buf=')'
3662: file=tacdebug.conf line=47 sym=[<end-of-file>] buf=''
3662: 11:23:25.572 0/00000000: - normalized condition: ((((( member = = testgroup)))))
3662: file=tacdebug.conf line=48 sym=[profile] buf='profile'
3662: file=tacdebug.conf line=48 sym=[=] buf='='
3662: file=tacdebug.conf line=48 sym=[<string>] buf='readwrite'
3662: file=tacdebug.conf line=49 sym=[permit] buf='permit'
3662: file=tacdebug.conf line=50 sym=[}] buf='}'
3662: file=tacdebug.conf line=51 sym=[deny] buf='deny'
3662: file=tacdebug.conf line=52 sym=[}] buf='}'
3662: file=tacdebug.conf line=53 sym=[}] buf='}'
3662: file=tacdebug.conf line=54 sym=[}] buf='}'
3662: file=tacdebug.conf line=55 sym=[}] buf='}'
3662: file=tacdebug.conf line=57 sym=[debug] buf='debug'
3662: file=tacdebug.conf line=57 sym=[=] buf='='
3662: file=tacdebug.conf line=57 sym=[ALL] buf='ALL'
3662: file=tacdebug.conf line=57 sym=[USERINPUT] buf='USERINPUT'
3662: file=tacdebug.conf line=58 sym=[<end-of-file>] buf=''
3662: 11:23:25.572 0/00000000: - Version 872afa5bc38267bd153b80f6bc0bbe4de467bed4 initialized
Issues here are:
- documentation is misleading
- config parser doesn't flag this config as invalid
- server binary doesn't provide any feedback that it's not working
MarcJHuber commented
Hi,
thanks for reporting that issue. I'll adjust the code to match the documentation (that's easier than the other way around).
Are you sure about your other two points? For me, tac_plus-ng shows an error just below the
3637: file=tacdebug.conf line=47 sym=[group] buf='group'
if I use "group" instead of "member".
Cheers,
Marc
jakunow commented
When I start a server with debug it gets stuck at the point where it gets stuck at the point where I've shown in the output above
3637: file=tacdebug.conf line=47 sym=[group] buf='group' which is last message
I've sent some TACACS packet from network device to server but it's unresponsive to them.
When I run tac_plus-ng -P my.conf without DEBUG enabled then there is no output if DEBUG is enabled then it shows similar output as when trying to start server, so
....
3637: file=tacdebug.conf line=47 sym=[(] buf='('
3637: file=tacdebug.conf line=47 sym=[(] buf='('
3637: file=tacdebug.conf line=47 sym=[group] buf='group'
Regarding changing code - might be easier to change code then docs, but keep in mind that this will cause issue for users as this will be breaking change for newer versions (need to adjust configuration files)
MarcJHuber commented
Hi,
well, the "group" keyword will now be accepted in conditions just like "member" is, so this won't break anything, but thanks for seeing that this could be an issue.
If debug output just stops unexpectedly there's likely some segmentation fault, but I can't reproduce that in my environment. Could you strip you config to a minimum one which still just crashes? That could help tracking down this issue.
Thanks,
Marc
jakunow commented
Minimal config that gets stuck:
id = spawnd {
listen { port = 49 }
}
id = tac_plus-ng {
group testgroup
ruleset {
rule from-test {
script {
if (group == testgroup) {
permit
}
deny
}
}
}
}
debug = ALL USERINPUT
Output from running tac_plus-ng tac-testing.conf:
2508: file=tac-testing.conf line=18 sym=[USERINPUT] buf='USERINPUT'
2508: file=tac-testing.conf line=19 sym=[<end-of-file>] buf=''
2509: file=tac-testing.conf line=0 sym=[id] buf='id'
2510: file=tac-testing.conf line=0 sym=[id] buf='id'
2510: file=tac-testing.conf line=0 sym=[=] buf='='
2510: file=tac-testing.conf line=0 sym=[<string>] buf='spawnd'
2510: file=tac-testing.conf line=0 sym=[{] buf='{'
2510: file=tac-testing.conf line=1 sym=[listen] buf='listen'
2510: file=tac-testing.conf line=1 sym=[{] buf='{'
2510: file=tac-testing.conf line=1 sym=[port] buf='port'
2510: file=tac-testing.conf line=1 sym=[=] buf='='
2510: file=tac-testing.conf line=1 sym=[<string>] buf='49'
2510: file=tac-testing.conf line=1 sym=[}] buf='}'
2510: file=tac-testing.conf line=2 sym=[}] buf='}'
2510: file=tac-testing.conf line=4 sym=[id] buf='id'
2510: file=tac-testing.conf line=4 sym=[=] buf='='
2509: file=tac-testing.conf line=0 sym=[=] buf='='
2510: file=tac-testing.conf line=4 sym=[<string>] buf='tac_plus-ng'
2509: file=tac-testing.conf line=0 sym=[<string>] buf='spawnd'
2510: file=tac-testing.conf line=4 sym=[{] buf='{'
2509: file=tac-testing.conf line=0 sym=[{] buf='{'
2509: file=tac-testing.conf line=1 sym=[listen] buf='listen'
2510: file=tac-testing.conf line=5 sym=[group] buf='group'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[acl] buf='acl'
2509: file=tac-testing.conf line=1 sym=[{] buf='{'
2509: file=tac-testing.conf line=1 sym=[port] buf='port'
2509: file=tac-testing.conf line=1 sym=[=] buf='='
2509: file=tac-testing.conf line=1 sym=[<string>] buf='49'
2509: file=tac-testing.conf line=1 sym=[}] buf='}'
2509: file=tac-testing.conf line=2 sym=[}] buf='}'
2509: file=tac-testing.conf line=4 sym=[id] buf='id'
2509: file=tac-testing.conf line=4 sym=[=] buf='='
2509: file=tac-testing.conf line=4 sym=[<string>] buf='tac_plus-ng'
2509: file=tac-testing.conf line=4 sym=[{] buf='{'
2509: file=tac-testing.conf line=5 sym=[group] buf='group'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[acl] buf='acl'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[<string>] buf='__internal__username_acl__'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[{] buf='{'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[<string>] buf='__internal__username_acl__'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[{] buf='{'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[if] buf='if'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[(] buf='('
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[user] buf='user'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[=] buf='='
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[~] buf='~'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[<string>] buf='[]<>/()|=[*"':$]+'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[)] buf=')'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[deny] buf='deny'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[(] buf='('
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[(] buf='('
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[(] buf='('
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[(] buf='('
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[(] buf='('
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[if] buf='if'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[(] buf='('
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[user] buf='user'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[=] buf='='
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[~] buf='~'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[<string>] buf='[]<>/()|=[*"':$]+'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[user] buf='user'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[=] buf='='
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[~] buf='~'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[<string>] buf='[]<>/()|=[*"':$]+'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[)] buf=')'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[deny] buf='deny'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[)] buf=')'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[)] buf=')'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[(] buf='('
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[(] buf='('
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[)] buf=')'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[(] buf='('
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[(] buf='('
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[)] buf=')'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[)] buf=')'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[(] buf='('
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[user] buf='user'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[<end-of-file>] buf=''
2510: 15:00:35.170 0/00000000: - normalized condition: ((((( user = ~ "[]<>/()|=[*\"':$]+")))))
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[=] buf='='
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[~] buf='~'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[<string>] buf='[]<>/()|=[*"':$]+'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[)] buf=')'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[permit] buf='permit'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[}] buf='}'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[)] buf=')'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=444 sym=[<end-of-file>] buf=''
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[acl] buf='acl'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[<string>] buf='__internal__enable_user__'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[{] buf='{'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[if] buf='if'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[)] buf=')'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[)] buf=')'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[)] buf=')'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[<end-of-file>] buf=''
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[(] buf='('
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[user] buf='user'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[=] buf='='
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[~] buf='~'
2509: 15:00:35.168 0/00000000: - normalized condition: ((((( user = ~ "[]<>/()|=[*\"':$]+")))))
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[<string>] buf='^\$enab..?\$$'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[)] buf=')'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[permit] buf='permit'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[(] buf='('
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[(] buf='('
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[(] buf='('
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[(] buf='('
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[(] buf='('
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[user] buf='user'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[=] buf='='
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[permit] buf='permit'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[~] buf='~'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=443 sym=[}] buf='}'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[<string>] buf='^\$enab..?\$$'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[)] buf=')'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=444 sym=[<end-of-file>] buf=''
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[acl] buf='acl'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[)] buf=')'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[)] buf=')'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[<string>] buf='__internal__enable_user__'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[)] buf=')'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[)] buf=')'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[{] buf='{'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[<end-of-file>] buf=''
2510: 15:00:35.170 0/00000000: - normalized condition: ((((( user = ~ "^\\$enab..?\\$$")))))
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[if] buf='if'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[(] buf='('
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[user] buf='user'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[=] buf='='
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[~] buf='~'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[<string>] buf='^\$enab..?\$$'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[)] buf=')'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[permit] buf='permit'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[deny] buf='deny'
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[}] buf='}'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[(] buf='('
2510: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[<end-of-file>] buf=''
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[(] buf='('
2510: file=tac-testing.conf line=5 sym=[<string>] buf='testgroup'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[(] buf='('
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[(] buf='('
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[(] buf='('
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[user] buf='user'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[=] buf='='
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[~] buf='~'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[<string>] buf='^\$enab..?\$$'
2510: file=tac-testing.conf line=6 sym=[ruleset] buf='ruleset'
2510: file=tac-testing.conf line=6 sym=[{] buf='{'
2510: file=tac-testing.conf line=7 sym=[rule] buf='rule'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[)] buf=')'
2510: file=tac-testing.conf line=7 sym=[<string>] buf='from-test'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[)] buf=')'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[)] buf=')'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[)] buf=')'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[)] buf=')'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[<end-of-file>] buf=''
2510: file=tac-testing.conf line=7 sym=[{] buf='{'
2510: file=tac-testing.conf line=8 sym=[script] buf='script'
2509: 15:00:35.168 0/00000000: - normalized condition: ((((( user = ~ "^\\$enab..?\\$$")))))
2510: file=tac-testing.conf line=8 sym=[{] buf='{'
2510: file=tac-testing.conf line=9 sym=[if] buf='if'
2510: file=tac-testing.conf line=9 sym=[(] buf='('
2510: file=tac-testing.conf line=9 sym=[group] buf='group'
2510: file=tac-testing.conf line=9 sym=[=] buf='='
2510: file=tac-testing.conf line=9 sym=[=] buf='='
2510: file=tac-testing.conf line=9 sym=[<string>] buf='testgroup'
2510: file=tac-testing.conf line=9 sym=[)] buf=')'
2510: file=tac-testing.conf line=9 sym=[{] buf='{'
2510: file=tac-testing.conf line=9 sym=[(] buf='('
2510: file=tac-testing.conf line=9 sym=[(] buf='('
2510: file=tac-testing.conf line=9 sym=[(] buf='('
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[deny] buf='deny'
2510: file=tac-testing.conf line=9 sym=[(] buf='('
2510: file=tac-testing.conf line=9 sym=[(] buf='('
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[}] buf='}'
2510: file=tac-testing.conf line=9 sym=[group] buf='group'
2509: file=/home/kuba/event-driven-servers/tac_plus-ng/config.c line=446 sym=[<end-of-file>] buf=''
2509: file=tac-testing.conf line=5 sym=[<string>] buf='testgroup'
2509: file=tac-testing.conf line=6 sym=[ruleset] buf='ruleset'
2509: file=tac-testing.conf line=6 sym=[{] buf='{'
2509: file=tac-testing.conf line=7 sym=[rule] buf='rule'
2509: file=tac-testing.conf line=7 sym=[<string>] buf='from-test'
2509: file=tac-testing.conf line=7 sym=[{] buf='{'
2509: file=tac-testing.conf line=8 sym=[script] buf='script'
2509: file=tac-testing.conf line=8 sym=[{] buf='{'
2509: file=tac-testing.conf line=9 sym=[if] buf='if'
2509: file=tac-testing.conf line=9 sym=[(] buf='('
2509: file=tac-testing.conf line=9 sym=[group] buf='group'
2509: file=tac-testing.conf line=9 sym=[=] buf='='
2509: file=tac-testing.conf line=9 sym=[=] buf='='
2509: file=tac-testing.conf line=9 sym=[<string>] buf='testgroup'
2509: file=tac-testing.conf line=9 sym=[)] buf=')'
2509: file=tac-testing.conf line=9 sym=[{] buf='{'
2509: file=tac-testing.conf line=9 sym=[(] buf='('
2509: file=tac-testing.conf line=9 sym=[(] buf='('
2509: file=tac-testing.conf line=9 sym=[(] buf='('
2509: file=tac-testing.conf line=9 sym=[(] buf='('
2509: file=tac-testing.conf line=9 sym=[(] buf='('
2509: file=tac-testing.conf line=9 sym=[group] buf='group'
I don't think I can remove anything else from that config to replicate issue.
MarcJHuber commented
Hi Jakub,
thanks ... alas, I still can't reproduce this issue. Is this the current GIT? If not, please git pull and rebuild ...
Cheers,
Marc