settings: Don't allow dots in section/key names anymore

This requires config changes if filelog is used with a path that
contains dots. This path must now be defined in the `path` setting of an
arbitrarily named subsection of `filelog`.  Without that change the
whole strongswan.conf file will fail to load, which some users might
not notice immediately.
This commit is contained in:
Tobias Brunner 2018-05-31 11:46:29 +02:00
parent 85afe81e1f
commit 71dca60c31
5 changed files with 40 additions and 57 deletions

View File

@ -40,12 +40,6 @@ Section names and keys may contain any printable character except:
. , : { } = " # \\n \\t space . , : { } = " # \\n \\t space
.EE .EE
.PP .PP
In rare circumstances \fB.\fP characters may be used in section names (e.g. for
log file names in a filelog section), but should generally be avoided.
To use \fB:\fP characters in section names (e.g. for Windows log file paths)
they may be written as \fB::\fP, which the parser replaces with a single
\fB:\fP.
An example file in this format might look like this: An example file in this format might look like this:
.PP .PP
.EX .EX

View File

@ -81,7 +81,6 @@ static void print_section(section_t *section, int level)
/** /**
* Recursively print a given section and all subsections/settings * Recursively print a given section and all subsections/settings
* FIXME: Doesn't work properly if any of the keys contain dots
*/ */
static void print_settings_section(settings_t *settings, char *section, static void print_settings_section(settings_t *settings, char *section,
int level) int level)

View File

@ -49,8 +49,8 @@ static void include_files(parser_helper_t *ctx);
/* type of our extra data */ /* type of our extra data */
%option extra-type="parser_helper_t*" %option extra-type="parser_helper_t*"
/* state used to scan names */ /* state used to scan references */
%x nam %x ref
/* state used to scan values */ /* state used to scan values */
%x val %x val
/* state used to scan include file patterns */ /* state used to scan include file patterns */
@ -59,7 +59,7 @@ static void include_files(parser_helper_t *ctx);
%x str %x str
/* pattern for section/key names */ /* pattern for section/key names */
NAME [^#{}:,="\r\n\t ] NAME [^#{}:.,="\r\n\t ]
%% %%
@ -68,10 +68,15 @@ NAME [^#{}:,="\r\n\t ]
\n|#.*\n /* eat newlines and comments at the end of a line */ \n|#.*\n /* eat newlines and comments at the end of a line */
"{" | "{" |
"}" | "}" return yytext[0];
"," return yytext[0];
":" return REFS; "." return DOT;
"," return COMMA;
":" {
yy_push_state(ref, yyscanner);
return COLON;
}
"=" { "=" {
yy_push_state(val, yyscanner); yy_push_state(val, yyscanner);
@ -88,42 +93,27 @@ NAME [^#{}:,="\r\n\t ]
return STRING_ERROR; return STRING_ERROR;
} }
{NAME} { {NAME}+ {
yyextra->string_init(yyextra); yylval->s = strdup(yytext);
yyextra->string_add(yyextra, yytext); return NAME;
yy_push_state(nam, yyscanner);
} }
<nam>{ <ref>{
"::" { [\t ]*#[^\r\n]* /* eat comments */
yyextra->string_add(yyextra, yytext+1); [\t\r ]+ /* eat whitespace */
} \n|#.*\n /* eat newlines and comments at the end of a line */
{NAME}+ { "," return COMMA;
yyextra->string_add(yyextra, yytext);
}
<<EOF>> | {NAME}+(\.{NAME}+)* {
.|[\r\n] { yylval->s = strdup(yytext);
if (*yytext)
{
switch (yytext[0])
{
case '\n':
/* put the newline back to fix the line numbers */
unput('\n');
yy_set_bol(0);
break;
default:
/* these are parsed outside of this start condition */
unput(yytext[0]);
break;
}
}
yy_pop_state(yyscanner);
yylval->s = yyextra->string_get(yyextra);
return NAME; return NAME;
} }
. {
unput(yytext[0]);
yy_pop_state(yyscanner);
}
} }
<val>{ <val>{

View File

@ -82,7 +82,9 @@ static int yylex(YYSTYPE *lvalp, parser_helper_t *ctx)
array_t *refs; array_t *refs;
} }
%token <s> NAME STRING %token <s> NAME STRING
%token REFS ":" %token DOT "."
%token COMMA ","
%token COLON ":"
%token NEWLINE STRING_ERROR %token NEWLINE STRING_ERROR
/* ...and other symbols */ /* ...and other symbols */
@ -152,7 +154,7 @@ references:
$$ = array_create(0, 0); $$ = array_create(0, 0);
array_insert($$, ARRAY_TAIL, $1); array_insert($$, ARRAY_TAIL, $1);
} }
| references ',' NAME | references "," NAME
{ {
array_insert($1, ARRAY_TAIL, $3); array_insert($1, ARRAY_TAIL, $3);
$$ = $1; $$ = $1;

View File

@ -1480,18 +1480,6 @@ START_TEST(test_valid)
ck_assert(settings->load_files(settings, path, FALSE)); ck_assert(settings->load_files(settings, path, FALSE));
verify_string("value", "valid.key"); verify_string("value", "valid.key");
verify_string("value1", "valid.key1"); verify_string("value1", "valid.key1");
contents = chunk_from_str(
"c::\\Logfiles\\charon.log { dmn = 1 }");
ck_assert(chunk_write(contents, path, 0022, TRUE));
ck_assert(settings->load_files(settings, path, FALSE));
verify_string("1", "%s.dmn", "c:\\Logfiles\\charon.log");
contents = chunk_from_str(
"section { c::\\Logfiles\\charon.log = 1 }");
ck_assert(chunk_write(contents, path, 0022, TRUE));
ck_assert(settings->load_files(settings, path, FALSE));
verify_string("1", "section.%s", "c:\\Logfiles\\charon.log");
} }
END_TEST END_TEST
@ -1539,6 +1527,16 @@ START_TEST(test_invalid)
"incorrect :: ref {}"); "incorrect :: ref {}");
ck_assert(chunk_write(contents, path, 0022, TRUE)); ck_assert(chunk_write(contents, path, 0022, TRUE));
ck_assert(!settings->load_files(settings, path, FALSE)); ck_assert(!settings->load_files(settings, path, FALSE));
contents = chunk_from_str(
"/var/log/daemon.log { dmn = 1 }");
ck_assert(chunk_write(contents, path, 0022, TRUE));
ck_assert(!settings->load_files(settings, path, FALSE));
contents = chunk_from_str(
"filelog { /var/log/daemon.log = 1 }");
ck_assert(chunk_write(contents, path, 0022, TRUE));
ck_assert(!settings->load_files(settings, path, FALSE));
} }
END_TEST END_TEST