hi!
On Mon, Sep 08, 2008 at 12:33:20PM +0200, Frans Haarman wrote:
> If you use an unqouted string as psk (pre-shared key) it can't start with a
> number so:
>
> fails: ike from any to any psk 123
> works: ike from any to any psk "123"
>
it can start with a number, but it cannot be a number. so 123foo
would be ok but not just 123.
> Same goes for the tag-strings. For most this is probably obvious, because
> it has to
> be a string right ? But not for me :P
>
is there any problem with quoting the string? i think the normal
approach is that quoting should be the default unless you have a
string that also works without quotes.
i mean we could fix this in ipsecctl (see diff below) but is it really
required? and there is a problem with the attached diff that it
"normalizes" the number, so a key 0123 would become 123. any other
"fix" would require changes in the parser that is shared with many
other tools and daemons in openbsd - it is probably just easier to use
the quotes and to add a note in the manpage suggesting it.
reyk
Index: parse.y
===================================================================
RCS file: /cvs/src/sbin/ipsecctl/parse.y,v
retrieving revision 1.138
diff -u -p -r1.138 parse.y
--- parse.y 1 Jul 2008 14:31:37 -0000 1.138
+++ parse.y 8 Sep 2008 10:51:00 -0000
@@ -275,7 +275,7 @@ typedef struct {
%type <v.type> type
%type <v.life> life
%type <v.mode> phase1mode phase2mode
-%type <v.string> tag
+%type <v.string> tag numstr
%%
grammar : /* empty */
@@ -806,7 +806,7 @@ ikeauth : /* empty */ {
$$.type = IKE_AUTH_RSA;
$$.string = NULL;
}
- | PSK STRING {
+ | PSK numstr {
$$.type = IKE_AUTH_PSK;
if (($$.string = strdup($2)) == NULL)
err(1, "ikeauth: strdup");
@@ -817,9 +817,20 @@ tag : /* empty */
{
$$ = NULL;
}
- | TAG STRING
+ | TAG numstr
{
$$ = $2;
+ }
+ ;
+
+numstr : STRING
+ {
+ $$ = $1;
+ }
+ | NUMBER
+ {
+ if (asprintf(&$$, "%lld", $1) == -1)
+ err(1, "string: asprintf");
}
;
