Special character \ is rejected in confd

kramarat · April 25, 2024, 7:51am

Hi Team,

In the below example “pre-share key” of type string, the user enters the password which can have any characters including special character , but in the below case if the input contains \ then the CLI is rejected in CONFD.

Is there any tailf which can be added to allow special character like \ to be allowed in input.

CLI :

crypto ikev2 profile UNDERLAY
 authentication remote pre-share key 6 <str>

CONFD O/P :

Router(config-ikev2-profile)# authentication remote pre-share key 6 
GNf_IFDYSON\\\ObALONBeVLLDCR\cWb_LCOHKEMghcNQ^Y^`cGC[gZA`DAMMAFRAJ\ZJXH[\AF][^[eb`f\e^gVSaO`G]aZOEI_VFPhCeDMW]TZBWP]F
--------------------------------------------------------------------^
syntax error: "GNf_IFDYSON\ObALONBeVLLDCRcWb_LCOHKEMghcNQ^Y^`cGC[gZA`DAMMAFRAJZJXH[AF][^[eb`fVSaO`G]aZOEI_VFPhCeDMW]TZBWP]F" is an invalid value.
Router(config-ikev2-profile)#

kramarat · April 30, 2024, 11:50am

Hi Team,

Appreciate some quick response on the same as it requires immediate attention.

Thanks,
Karthik. R

josephm · May 1, 2024, 7:59am

Hello Karthik,

i think you just need to escape special characters in the password string similar to bash or other shells.

Try using double quotes before/after password and \ slash-escape all the internal special chars…

e.g. for password: abc\22a try "abc\\22a"

kramarat · May 3, 2024, 11:31am

Hi Joseph,

Thanks for your response.

But we need a tailf function which allows characters like \e, \f … instead of modifying the input with " " or \ to suit the condition. We cannot ask the user to update the string for all the configs as the same is being accepted on the router. Hence just to support this on CONFD we cant ask the customer configs to be updated.

Appreciate your help
Logs :
Router(config)# crypto ikev2 profile UNDERLAY
Router(config-ikev2-profile)# authentication remote pre-share key 6 “abc\e”
--------------------------------------------------------------------^
syntax error: "abcs an invalid value.

josephm · May 3, 2024, 3:01pm

hmm, i understand the use-case, but i don’t know whether there’s a guarantee that running config output is/can be used as input/executable config commands. CLI has own core rules and I don’t know whether this one can be adjusted/changed - maybe someone else can chime in?