Sure, even better, but we also need to change ldpd.conf(5) which shows
exactly the same bad behaviour. Maybe something like this, which I've
borrowed lightly from bgpd?
Index: etc/examples/ldpd.conf
===================================================================
RCS file: /cvs/src/etc/examples/ldpd.conf,v
retrieving revision 1.2
diff -u -p -u -r1.2 ldpd.conf
--- etc/examples/ldpd.conf 5 Jun 2016 03:29:33 -0000 1.2
+++ etc/examples/ldpd.conf 6 Aug 2018 10:41:14 -0000
@@ -1,7 +1,7 @@
# $OpenBSD: ldpd.conf,v 1.2 2016/06/05 03:29:33 renato Exp $
# macros
-password="secret"
+peer1="192.168.1.10"
# global configuration
# router-id 10.0.0.1
@@ -22,8 +22,8 @@ address-family ipv4 {
targeted-neighbor 172.16.1.10
}
-neighbor 192.168.1.10 {
- password $password
+neighbor $peer1 {
+ password "secret"
}
l2vpn CUST_A type vpls {
Index: usr.sbin/ldpd/ldpd.conf.5
===================================================================
RCS file: /cvs/src/usr.sbin/ldpd/ldpd.conf.5,v
retrieving revision 1.35
diff -u -p -u -r1.35 ldpd.conf.5
--- usr.sbin/ldpd/ldpd.conf.5 18 Jun 2018 06:04:25 -0000 1.35
+++ usr.sbin/ldpd/ldpd.conf.5 6 Aug 2018 10:41:28 -0000
@@ -70,14 +70,14 @@ macros can be defined that will later be
Macro names must start with a letter, digit, or underscore,
and may contain any of those characters.
Macro names may not be reserved words (for example,
-.Ic password ) .
+.Ic neighbor ) .
Macros are not expanded inside quotes.
.Pp
For example:
.Bd -literal -offset indent
-secret="openbsd"
-neighbor 10.0.1.5 {
- password $secret
+peer1="10.0.1.5"
+neighbor $peer1 {
+ password "openbsd"
}
.Ed
.Sh GLOBAL CONFIGURATION
On 11:59 Mon 06 Aug , Claudio Jeker wrote:
> Can we remove this bad macro use instead? Putting sensitive data into a
> macro is a bad example since it is logged when running in verbose mode.
> I feel like the basic use of macros etc should be known to users of ldpd
> since they encountered them in probably a lot of other daemons and in the
> man page.
>
> --
> :wq Claudio
>
