Re: ipsecctl psk usage

Mon, 08 Sep 2008 04:12:53 -0700 

On Mon, Sep 08, 2008 at 12:57:09PM +0200, Reyk Floeter wrote:

> hi!
> 
> On Mon, Sep 08, 2008 at 12:33:20PM +0200, Frans Haarman wrote:
> > If you use an unqouted string as psk (pre-shared key)  it can't start with a
> > number so:
> > 
> > fails: ike from any to any psk 123
> > works: ike from any to any psk  "123"
> > 
> 
> it can start with a number, but it cannot be a number.  so 123foo
> would be ok but not just 123.
> 
> > Same goes for the tag-strings.  For most this is probably obvious, because
> > it has to
> > be a string right ?  But not for me :P
> > 
> 
> is there any problem with quoting the string?  i think the normal
> approach is that quoting should be the default unless you have a
> string that also works without quotes.
> 
> i mean we could fix this in ipsecctl (see diff below) but is it really
> required?  and there is a problem with the attached diff that it
> "normalizes" the number, so a key 0123 would become 123.  any other
> "fix" would require changes in the parser that is shared with many
> other tools and daemons in openbsd - it is probably just easier to use
> the quotes and to add a note in the manpage suggesting it.

yes, i think it's just a manpage thing. Ambiguous stuff in the grammer
oftemn leads to confusion and/or disaster.


        -Otto

> 
> reyk
> 
> Index: parse.y
> ===================================================================
> RCS file: /cvs/src/sbin/ipsecctl/parse.y,v
> retrieving revision 1.138
> diff -u -p -r1.138 parse.y
> --- parse.y   1 Jul 2008 14:31:37 -0000       1.138
> +++ parse.y   8 Sep 2008 10:51:00 -0000
> @@ -275,7 +275,7 @@ typedef struct {
>  %type        <v.type>                type
>  %type        <v.life>                life
>  %type        <v.mode>                phase1mode phase2mode
> -%type        <v.string>              tag
> +%type        <v.string>              tag numstr
>  %%
>  
>  grammar              : /* empty */
> @@ -806,7 +806,7 @@ ikeauth           : /* empty */                   {
>                       $$.type = IKE_AUTH_RSA;
>                       $$.string = NULL;
>               }
> -             | PSK STRING                    {
> +             | PSK numstr                    {
>                       $$.type = IKE_AUTH_PSK;
>                       if (($$.string = strdup($2)) == NULL)
>                               err(1, "ikeauth: strdup");
> @@ -817,9 +817,20 @@ tag              : /* empty */
>               {
>                       $$ = NULL;
>               }
> -             | TAG STRING
> +             | TAG numstr
>               {
>                       $$ = $2;
> +             }
> +             ;
> +
> +numstr               : STRING
> +             {
> +                     $$ = $1;
> +             }
> +             | NUMBER
> +             {
> +                     if (asprintf(&$$, "%lld", $1) == -1)
> +                             err(1, "string: asprintf");
>               }
>               ;

Reply via email to