From f28e441644cf62aa3e0d692a47a3e88e4a9f33f9 Mon Sep 17 00:00:00 2001
From: Eric Pulvino <ericpulvino@gmail.com>
Date: Fri, 8 Dec 2017 02:34:41 -0500
Subject: [PATCH] Fixed issue where av_pairs specified in do_auth.ini were
 being ignored when servicing a Cumulus Linux client running TACACS+.

---
 do_auth.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/do_auth.py b/do_auth.py
index 921a9d3..78bddc6 100755
--- a/do_auth.py
+++ b/do_auth.py
@@ -553,7 +553,7 @@ def main():
     # Not very good, but will do for now
     # I don't use any other service other than shell to test!
     the_command = ""
-    return_pairs = ""
+    return_pairs = []
 
     if not len(av_pairs) > 0:
         log.info('No av pairs!!')
@@ -716,6 +716,11 @@ def main():
         want_tac_pairs = False
         if config.has_option(this_group, "av_pairs"):
             temp_av_pairs = get_attribute(config, this_group, "av_pairs", filename)
+            for av_pair_item in temp_av_pairs: 
+                if "priv-lvl" in av_pair_item: 
+                    for tacacs_conf_av_item in av_pairs:
+                        if "priv-lvl" in tacacs_conf_av_item: return_pairs.append(av_pair_item.replace(' ',''))
+
             log.debug('temp_av_pairs = %r', temp_av_pairs)
             log.debug('return_pairs = %r', return_pairs)