Re: correction on /etc/examples/ldpd.conf

Mon, 06 Aug 2018 03:57:01 -0700 

On Mon, Aug 06, 2018 at 11:45:37AM +0100, Ricardo Mestre wrote:
> Sure, even better, but we also need to change ldpd.conf(5) which shows
> exactly the same bad behaviour. Maybe something like this, which I've
> borrowed lightly from bgpd?

Sure OK claudio@
 
> Index: etc/examples/ldpd.conf
> ===================================================================
> RCS file: /cvs/src/etc/examples/ldpd.conf,v
> retrieving revision 1.2
> diff -u -p -u -r1.2 ldpd.conf
> --- etc/examples/ldpd.conf    5 Jun 2016 03:29:33 -0000       1.2
> +++ etc/examples/ldpd.conf    6 Aug 2018 10:41:14 -0000
> @@ -1,7 +1,7 @@
>  #    $OpenBSD: ldpd.conf,v 1.2 2016/06/05 03:29:33 renato Exp $
>  
>  # macros
> -password="secret"
> +peer1="192.168.1.10"
>  
>  # global configuration
>  # router-id 10.0.0.1
> @@ -22,8 +22,8 @@ address-family ipv4 {
>       targeted-neighbor 172.16.1.10
>  }
>  
> -neighbor 192.168.1.10 {
> -     password $password
> +neighbor $peer1 {
> +     password "secret"
>  }
>  
>  l2vpn CUST_A type vpls {
> Index: usr.sbin/ldpd/ldpd.conf.5
> ===================================================================
> RCS file: /cvs/src/usr.sbin/ldpd/ldpd.conf.5,v
> retrieving revision 1.35
> diff -u -p -u -r1.35 ldpd.conf.5
> --- usr.sbin/ldpd/ldpd.conf.5 18 Jun 2018 06:04:25 -0000      1.35
> +++ usr.sbin/ldpd/ldpd.conf.5 6 Aug 2018 10:41:28 -0000
> @@ -70,14 +70,14 @@ macros can be defined that will later be
>  Macro names must start with a letter, digit, or underscore,
>  and may contain any of those characters.
>  Macro names may not be reserved words (for example,
> -.Ic password ) .
> +.Ic neighbor ) .
>  Macros are not expanded inside quotes.
>  .Pp
>  For example:
>  .Bd -literal -offset indent
> -secret="openbsd"
> -neighbor 10.0.1.5 {
> -     password $secret
> +peer1="10.0.1.5"
> +neighbor $peer1 {
> +     password "openbsd"
>  }
>  .Ed
>  .Sh GLOBAL CONFIGURATION
> 
> On 11:59 Mon 06 Aug     , Claudio Jeker wrote:
> > Can we remove this bad macro use instead? Putting sensitive data into a
> > macro is a bad example since it is logged when running in verbose mode.
> > I feel like the basic use of macros etc should be known to users of ldpd
> > since they encountered them in probably a lot of other daemons and in the
> > man page.
> >  
> > -- 
> > :wq Claudio
> > 

-- 
:wq Claudio

Reply via email to