2 fb1a36c0 2022-01-09 op * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
3 fb1a36c0 2022-01-09 op * Copyright (c) 2018 Florian Obser <florian@openbsd.org>
4 fb1a36c0 2022-01-09 op * Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org>
5 fb1a36c0 2022-01-09 op * Copyright (c) 2004 Ryan McBride <mcbride@openbsd.org>
6 fb1a36c0 2022-01-09 op * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
7 fb1a36c0 2022-01-09 op * Copyright (c) 2001 Markus Friedl. All rights reserved.
8 fb1a36c0 2022-01-09 op * Copyright (c) 2001 Daniel Hartmeier. All rights reserved.
9 fb1a36c0 2022-01-09 op * Copyright (c) 2001 Theo de Raadt. All rights reserved.
11 fb1a36c0 2022-01-09 op * Permission to use, copy, modify, and distribute this software for any
12 fb1a36c0 2022-01-09 op * purpose with or without fee is hereby granted, provided that the above
13 fb1a36c0 2022-01-09 op * copyright notice and this permission notice appear in all copies.
15 fb1a36c0 2022-01-09 op * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
16 fb1a36c0 2022-01-09 op * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
17 fb1a36c0 2022-01-09 op * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
18 fb1a36c0 2022-01-09 op * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
19 fb1a36c0 2022-01-09 op * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 fb1a36c0 2022-01-09 op * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 fb1a36c0 2022-01-09 op * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
26 bbcba3ed 2022-01-10 op #include "compat.h"
28 fb1a36c0 2022-01-09 op #include <sys/stat.h>
30 fb1a36c0 2022-01-09 op #include <ctype.h>
31 fb1a36c0 2022-01-09 op #include <errno.h>
32 fb1a36c0 2022-01-09 op #include <inttypes.h>
33 fb1a36c0 2022-01-09 op #include <limits.h>
34 fb1a36c0 2022-01-09 op #include <stdarg.h>
35 fb1a36c0 2022-01-09 op #include <stdio.h>
36 fb1a36c0 2022-01-09 op #include <stdlib.h>
37 fb1a36c0 2022-01-09 op #include <string.h>
38 fb1a36c0 2022-01-09 op #include <syslog.h>
39 fb1a36c0 2022-01-09 op #include <unistd.h>
41 fb1a36c0 2022-01-09 op #include "log.h"
42 fb1a36c0 2022-01-09 op #include "kamid.h"
43 fb1a36c0 2022-01-09 op #include "table.h"
44 fb1a36c0 2022-01-09 op #include "utils.h"
46 fb1a36c0 2022-01-09 op TAILQ_HEAD(files, file) files = TAILQ_HEAD_INITIALIZER(files);
47 fb1a36c0 2022-01-09 op static struct file {
48 fb1a36c0 2022-01-09 op TAILQ_ENTRY(file) entry;
51 fb1a36c0 2022-01-09 op size_t ungetpos;
52 fb1a36c0 2022-01-09 op size_t ungetsize;
53 fb1a36c0 2022-01-09 op u_char *ungetbuf;
54 fb1a36c0 2022-01-09 op int eof_reached;
57 fb1a36c0 2022-01-09 op } *file, *topfile;
58 fb1a36c0 2022-01-09 op struct file *pushfile(const char *, int);
59 fb1a36c0 2022-01-09 op int popfile(void);
60 fb1a36c0 2022-01-09 op int check_file_secrecy(int, const char *);
61 fb1a36c0 2022-01-09 op int yyparse(void);
62 fb1a36c0 2022-01-09 op int yylex(void);
63 fb1a36c0 2022-01-09 op int yyerror(const char *, ...)
64 fb1a36c0 2022-01-09 op __attribute__((__format__ (printf, 1, 2)))
65 fb1a36c0 2022-01-09 op __attribute__((__nonnull__ (1)));
66 fb1a36c0 2022-01-09 op int kw_cmp(const void *, const void *);
67 fb1a36c0 2022-01-09 op int lookup(char *);
68 fb1a36c0 2022-01-09 op int igetc(void);
69 fb1a36c0 2022-01-09 op int lgetc(int);
70 fb1a36c0 2022-01-09 op void lungetc(int);
71 fb1a36c0 2022-01-09 op int findeol(void);
73 fb1a36c0 2022-01-09 op TAILQ_HEAD(symhead, sym) symhead = TAILQ_HEAD_INITIALIZER(symhead);
75 fb1a36c0 2022-01-09 op TAILQ_ENTRY(sym) entry;
82 fb1a36c0 2022-01-09 op int symset(const char *, const char *, int);
83 fb1a36c0 2022-01-09 op char *symget(const char *);
85 fb1a36c0 2022-01-09 op void clear_config(struct kd_conf *xconf);
87 fb1a36c0 2022-01-09 op static void add_table(const char *, const char *, const char *);
88 fb1a36c0 2022-01-09 op static struct table *findtable(const char *name);
89 fb1a36c0 2022-01-09 op static void add_cert(const char *, const char *);
90 fb1a36c0 2022-01-09 op static void add_key(const char *, const char *);
91 fb1a36c0 2022-01-09 op static struct kd_listen_conf *listen_new(void);
93 fb1a36c0 2022-01-09 op static uint32_t counter;
94 fb1a36c0 2022-01-09 op static struct table *table;
95 fb1a36c0 2022-01-09 op static struct kd_listen_conf *listener;
96 fb1a36c0 2022-01-09 op static struct kd_conf *conf;
97 fb1a36c0 2022-01-09 op static int errors;
99 fb1a36c0 2022-01-09 op typedef struct {
101 fb1a36c0 2022-01-09 op int64_t number;
102 fb1a36c0 2022-01-09 op char *string;
103 fb1a36c0 2022-01-09 op struct table *table;
113 fb1a36c0 2022-01-09 op %token INCLUDE
115 fb1a36c0 2022-01-09 op %token LISTEN
118 fb1a36c0 2022-01-09 op %token PKI PORT
119 fb1a36c0 2022-01-09 op %token TABLE TLS
120 fb1a36c0 2022-01-09 op %token USERDATA
121 fb1a36c0 2022-01-09 op %token VIRTUAL
124 fb1a36c0 2022-01-09 op %token <v.string> STRING
125 fb1a36c0 2022-01-09 op %token <v.number> NUMBER
126 fb1a36c0 2022-01-09 op %type <v.number> yesno
127 fb1a36c0 2022-01-09 op %type <v.string> string
128 fb1a36c0 2022-01-09 op %type <v.table> tableref
132 fb1a36c0 2022-01-09 op grammar : /* empty */
133 fb1a36c0 2022-01-09 op | grammar include '\n'
134 fb1a36c0 2022-01-09 op | grammar '\n'
135 fb1a36c0 2022-01-09 op | grammar table '\n'
136 fb1a36c0 2022-01-09 op | grammar pki '\n'
137 fb1a36c0 2022-01-09 op | grammar listen '\n'
138 fb1a36c0 2022-01-09 op | grammar varset '\n'
139 fb1a36c0 2022-01-09 op | grammar error '\n' { file->errors++; }
142 fb1a36c0 2022-01-09 op include : INCLUDE STRING {
143 fb1a36c0 2022-01-09 op struct file *nfile;
145 fb1a36c0 2022-01-09 op if ((nfile = pushfile($2, 0)) == NULL) {
146 fb1a36c0 2022-01-09 op yyerror("failed to include file %s", $2);
152 fb1a36c0 2022-01-09 op file = nfile;
153 fb1a36c0 2022-01-09 op lungetc('\n');
157 fb1a36c0 2022-01-09 op string : string STRING {
158 fb1a36c0 2022-01-09 op if (asprintf(&$$, "%s %s", $1, $2) == -1) {
161 fb1a36c0 2022-01-09 op yyerror("string: asprintf");
170 fb1a36c0 2022-01-09 op yesno : YES { $$ = 1; }
171 fb1a36c0 2022-01-09 op | NO { $$ = 0; }
174 fb1a36c0 2022-01-09 op optnl : '\n' optnl /* zero or more newlines */
178 fb1a36c0 2022-01-09 op nl : '\n' optnl /* one or more newlines */
181 fb1a36c0 2022-01-09 op arrow : '=' '>' ;
183 fb1a36c0 2022-01-09 op comma : ',' optnl
186 fb1a36c0 2022-01-09 op varset : STRING '=' string {
187 fb1a36c0 2022-01-09 op char *s = $1;
189 fb1a36c0 2022-01-09 op printf("%s = \"%s\"\n", $1, $3);
190 fb1a36c0 2022-01-09 op while (*s++) {
191 fb1a36c0 2022-01-09 op if (isspace((unsigned char)*s)) {
192 fb1a36c0 2022-01-09 op yyerror("macro name cannot contain "
193 fb1a36c0 2022-01-09 op "whitespace");
199 fb1a36c0 2022-01-09 op if (symset($1, $3, 0) == -1)
200 fb1a36c0 2022-01-09 op fatal("cannot store variable");
206 fb1a36c0 2022-01-09 op pki : PKI STRING CERT STRING { add_cert($2, $4); }
207 fb1a36c0 2022-01-09 op | PKI STRING KEY STRING { add_key($2, $4); }
210 fb1a36c0 2022-01-09 op table_kp : string arrow string optnl {
211 fb1a36c0 2022-01-09 op if (table_add(table, $1, $3) == -1)
212 fb1a36c0 2022-01-09 op yyerror("can't add to table %s",
213 fb1a36c0 2022-01-09 op table->t_name);
219 fb1a36c0 2022-01-09 op table_kps : table_kp
220 fb1a36c0 2022-01-09 op | table_kp comma table_kps
223 fb1a36c0 2022-01-09 op stringel : STRING {
224 fb1a36c0 2022-01-09 op if (table_add(table, $1, NULL) == -1)
225 fb1a36c0 2022-01-09 op yyerror("can't add to table %s",
226 fb1a36c0 2022-01-09 op table->t_name);
231 fb1a36c0 2022-01-09 op string_list : stringel
232 fb1a36c0 2022-01-09 op | stringel comma string_list
235 fb1a36c0 2022-01-09 op table_vals : table_kps
236 fb1a36c0 2022-01-09 op | string_list
239 fb1a36c0 2022-01-09 op table : TABLE STRING STRING {
242 fb1a36c0 2022-01-09 op if ((p = strchr($3, ':')) == NULL) {
243 fb1a36c0 2022-01-09 op yyerror("invalid table %s", $2);
248 fb1a36c0 2022-01-09 op add_table($2, $3, p+1);
252 fb1a36c0 2022-01-09 op | TABLE STRING {
253 fb1a36c0 2022-01-09 op add_table($2, "static", NULL);
254 fb1a36c0 2022-01-09 op } '{' optnl table_vals '}' {
255 fb1a36c0 2022-01-09 op table = NULL;
259 fb1a36c0 2022-01-09 op tableref : '<' STRING '>' {
260 fb1a36c0 2022-01-09 op struct table *t;
262 fb1a36c0 2022-01-09 op t = findtable($2);
264 fb1a36c0 2022-01-09 op if (t == NULL)
270 fb1a36c0 2022-01-09 op listen : LISTEN { listener = listen_new(); }
271 fb1a36c0 2022-01-09 op listen_opts {
272 fb1a36c0 2022-01-09 op if (listener->auth_table == NULL)
273 fb1a36c0 2022-01-09 op yyerror("missing auth table");
274 fb1a36c0 2022-01-09 op if (!(listener->flags & L_TLS))
275 fb1a36c0 2022-01-09 op yyerror("can't define a non-tls listener");
276 fb1a36c0 2022-01-09 op listener = NULL;
280 fb1a36c0 2022-01-09 op listen_opts : listen_opt
281 fb1a36c0 2022-01-09 op | listen_opt listen_opts
284 fb1a36c0 2022-01-09 op listen_opt : ON STRING PORT NUMBER {
285 fb1a36c0 2022-01-09 op if (*listener->iface != '\0')
286 fb1a36c0 2022-01-09 op yyerror("listen address and port already"
288 fb1a36c0 2022-01-09 op strlcpy(listener->iface, $2, sizeof(listener->iface));
289 fb1a36c0 2022-01-09 op listener->port = $4;
291 fb1a36c0 2022-01-09 op | TLS PKI STRING {
292 fb1a36c0 2022-01-09 op if (*listener->pki != '\0')
293 fb1a36c0 2022-01-09 op yyerror("listen tls pki already defined");
294 fb1a36c0 2022-01-09 op listener->flags |= L_TLS;
295 fb1a36c0 2022-01-09 op strlcpy(listener->pki, $3, sizeof(listener->pki));
297 fb1a36c0 2022-01-09 op | AUTH tableref {
298 fb1a36c0 2022-01-09 op if (listener->auth_table != NULL)
299 fb1a36c0 2022-01-09 op yyerror("listen auth already defined");
300 fb1a36c0 2022-01-09 op listener->auth_table = $2;
302 fb1a36c0 2022-01-09 op | USERDATA tableref {
303 fb1a36c0 2022-01-09 op if (listener->userdata_table != NULL)
304 fb1a36c0 2022-01-09 op yyerror("userdata table already defined");
305 fb1a36c0 2022-01-09 op listener->userdata_table = $2;
307 fb1a36c0 2022-01-09 op | VIRTUAL tableref {
308 fb1a36c0 2022-01-09 op if (listener->virtual_table != NULL)
309 fb1a36c0 2022-01-09 op yyerror("virtual table already defined");
310 fb1a36c0 2022-01-09 op listener->virtual_table = $2;
316 fb1a36c0 2022-01-09 op struct keywords {
317 fb1a36c0 2022-01-09 op const char *k_name;
322 fb1a36c0 2022-01-09 op yyerror(const char *fmt, ...)
327 fb1a36c0 2022-01-09 op file->errors++;
328 fb1a36c0 2022-01-09 op va_start(ap, fmt);
329 fb1a36c0 2022-01-09 op if (vasprintf(&msg, fmt, ap) == -1)
330 fb1a36c0 2022-01-09 op fatalx("yyerror vasprintf");
332 fb1a36c0 2022-01-09 op logit(LOG_CRIT, "%s:%d: %s", file->name, yylval.lineno, msg);
338 fb1a36c0 2022-01-09 op kw_cmp(const void *k, const void *e)
340 fb1a36c0 2022-01-09 op return strcmp(k, ((const struct keywords *)e)->k_name);
344 fb1a36c0 2022-01-09 op lookup(char *s)
346 fb1a36c0 2022-01-09 op /* This has to be sorted always. */
347 fb1a36c0 2022-01-09 op static const struct keywords keywords[] = {
348 fb1a36c0 2022-01-09 op {"auth", AUTH},
349 fb1a36c0 2022-01-09 op {"cert", CERT},
350 fb1a36c0 2022-01-09 op {"include", INCLUDE},
351 fb1a36c0 2022-01-09 op {"key", KEY},
352 fb1a36c0 2022-01-09 op {"listen", LISTEN},
355 fb1a36c0 2022-01-09 op {"pki", PKI},
356 fb1a36c0 2022-01-09 op {"port", PORT},
357 fb1a36c0 2022-01-09 op {"table", TABLE},
358 fb1a36c0 2022-01-09 op {"tls", TLS},
359 fb1a36c0 2022-01-09 op {"userdata", USERDATA},
360 fb1a36c0 2022-01-09 op {"virtual", VIRTUAL},
361 fb1a36c0 2022-01-09 op {"yes", YES},
363 fb1a36c0 2022-01-09 op const struct keywords *p;
365 fb1a36c0 2022-01-09 op p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]),
366 fb1a36c0 2022-01-09 op sizeof(keywords[0]), kw_cmp);
369 fb1a36c0 2022-01-09 op return p->k_val;
371 fb1a36c0 2022-01-09 op return STRING;
374 fb1a36c0 2022-01-09 op #define START_EXPAND 1
375 fb1a36c0 2022-01-09 op #define DONE_EXPAND 2
377 fb1a36c0 2022-01-09 op static int expanding;
385 fb1a36c0 2022-01-09 op if (file->ungetpos > 0)
386 fb1a36c0 2022-01-09 op c = file->ungetbuf[--file->ungetpos];
388 fb1a36c0 2022-01-09 op c = getc(file->stream);
390 fb1a36c0 2022-01-09 op if (c == START_EXPAND)
391 fb1a36c0 2022-01-09 op expanding = 1;
392 fb1a36c0 2022-01-09 op else if (c == DONE_EXPAND)
393 fb1a36c0 2022-01-09 op expanding = 0;
401 fb1a36c0 2022-01-09 op lgetc(int quotec)
405 fb1a36c0 2022-01-09 op if (quotec) {
406 fb1a36c0 2022-01-09 op if ((c = igetc()) == EOF) {
407 fb1a36c0 2022-01-09 op yyerror("reached end of file while parsing "
408 fb1a36c0 2022-01-09 op "quoted string");
409 fb1a36c0 2022-01-09 op if (file == topfile || popfile() == EOF)
411 fb1a36c0 2022-01-09 op return quotec;
416 fb1a36c0 2022-01-09 op while ((c = igetc()) == '\\') {
417 fb1a36c0 2022-01-09 op next = igetc();
418 fb1a36c0 2022-01-09 op if (next != '\n') {
422 fb1a36c0 2022-01-09 op yylval.lineno = file->lineno;
423 fb1a36c0 2022-01-09 op file->lineno++;
426 fb1a36c0 2022-01-09 op if (c == EOF) {
428 fb1a36c0 2022-01-09 op * Fake EOL when hit EOF for the first time. This gets line
429 fb1a36c0 2022-01-09 op * count right if last line in included file is syntactically
430 fb1a36c0 2022-01-09 op * invalid and has no newline.
432 fb1a36c0 2022-01-09 op if (file->eof_reached == 0) {
433 fb1a36c0 2022-01-09 op file->eof_reached = 1;
436 fb1a36c0 2022-01-09 op while (c == EOF) {
437 fb1a36c0 2022-01-09 op if (file == topfile || popfile() == EOF)
446 fb1a36c0 2022-01-09 op lungetc(int c)
448 fb1a36c0 2022-01-09 op if (c == EOF)
451 fb1a36c0 2022-01-09 op if (file->ungetpos >= file->ungetsize) {
452 fb1a36c0 2022-01-09 op void *p = reallocarray(file->ungetbuf, file->ungetsize, 2);
453 fb1a36c0 2022-01-09 op if (p == NULL)
454 fb1a36c0 2022-01-09 op err(1, "lungetc");
455 fb1a36c0 2022-01-09 op file->ungetbuf = p;
456 fb1a36c0 2022-01-09 op file->ungetsize *= 2;
458 fb1a36c0 2022-01-09 op file->ungetbuf[file->ungetpos++] = c;
462 fb1a36c0 2022-01-09 op findeol(void)
466 fb1a36c0 2022-01-09 op /* Skip to either EOF or the first real EOL. */
468 fb1a36c0 2022-01-09 op c = lgetc(0);
469 fb1a36c0 2022-01-09 op if (c == '\n') {
470 fb1a36c0 2022-01-09 op file->lineno++;
473 fb1a36c0 2022-01-09 op if (c == EOF)
476 fb1a36c0 2022-01-09 op return ERROR;
480 fb1a36c0 2022-01-09 op int my_yylex(void);
487 fb1a36c0 2022-01-09 op switch (x = my_yylex()) {
489 fb1a36c0 2022-01-09 op puts("auth");
492 fb1a36c0 2022-01-09 op puts("cert");
495 fb1a36c0 2022-01-09 op puts("error");
497 fb1a36c0 2022-01-09 op case INCLUDE:
498 fb1a36c0 2022-01-09 op puts("include");
504 fb1a36c0 2022-01-09 op puts("listen");
516 fb1a36c0 2022-01-09 op puts("port");
519 fb1a36c0 2022-01-09 op puts("table");
528 fb1a36c0 2022-01-09 op printf("string \"%s\"\n", yylval.v.string);
531 fb1a36c0 2022-01-09 op printf("number %"PRIi64"\n", yylval.v.number);
533 fb1a36c0 2022-01-09 op printf("character ");
534 fb1a36c0 2022-01-09 op if (x == '\n')
535 fb1a36c0 2022-01-09 op printf("\\n");
537 fb1a36c0 2022-01-09 op printf("%c", x);
538 fb1a36c0 2022-01-09 op printf(" [0x%x]", x);
539 fb1a36c0 2022-01-09 op printf("\n");
547 fb1a36c0 2022-01-09 op my_yylex(void)
553 fb1a36c0 2022-01-09 op char buf[8096];
554 fb1a36c0 2022-01-09 op char *p, *val;
555 fb1a36c0 2022-01-09 op int quotec, next, c;
560 fb1a36c0 2022-01-09 op while ((c = lgetc(0)) == ' ' || c == '\t')
561 fb1a36c0 2022-01-09 op ; /* nothing */
563 fb1a36c0 2022-01-09 op yylval.lineno = file->lineno;
564 fb1a36c0 2022-01-09 op if (c == '#')
565 fb1a36c0 2022-01-09 op while ((c = lgetc(0)) != '\n' && c != EOF)
566 fb1a36c0 2022-01-09 op ; /* nothing */
567 fb1a36c0 2022-01-09 op if (c == '$' && !expanding) {
569 fb1a36c0 2022-01-09 op if ((c = lgetc(0)) == EOF)
572 fb1a36c0 2022-01-09 op if (p + 1 >= buf + sizeof(buf) - 1) {
573 fb1a36c0 2022-01-09 op yyerror("string too long");
574 fb1a36c0 2022-01-09 op return findeol();
576 fb1a36c0 2022-01-09 op if (isalnum(c) || c == '_') {
584 fb1a36c0 2022-01-09 op val = symget(buf);
585 fb1a36c0 2022-01-09 op if (val == NULL) {
586 fb1a36c0 2022-01-09 op yyerror("macro '%s' not defined", buf);
587 fb1a36c0 2022-01-09 op return findeol();
589 fb1a36c0 2022-01-09 op p = val + strlen(val) - 1;
590 fb1a36c0 2022-01-09 op lungetc(DONE_EXPAND);
591 fb1a36c0 2022-01-09 op while (p >= val) {
592 fb1a36c0 2022-01-09 op lungetc((unsigned char)*p);
595 fb1a36c0 2022-01-09 op lungetc(START_EXPAND);
604 fb1a36c0 2022-01-09 op if ((c = lgetc(quotec)) == EOF)
606 fb1a36c0 2022-01-09 op if (c == '\n') {
607 fb1a36c0 2022-01-09 op file->lineno++;
609 fb1a36c0 2022-01-09 op } else if (c == '\\') {
610 fb1a36c0 2022-01-09 op if ((next = lgetc(quotec)) == EOF)
612 fb1a36c0 2022-01-09 op if (next == quotec || next == ' ' ||
613 fb1a36c0 2022-01-09 op next == '\t')
615 fb1a36c0 2022-01-09 op else if (next == '\n') {
616 fb1a36c0 2022-01-09 op file->lineno++;
619 fb1a36c0 2022-01-09 op lungetc(next);
620 fb1a36c0 2022-01-09 op } else if (c == quotec) {
623 fb1a36c0 2022-01-09 op } else if (c == '\0') {
624 fb1a36c0 2022-01-09 op yyerror("syntax error");
625 fb1a36c0 2022-01-09 op return findeol();
627 fb1a36c0 2022-01-09 op if (p + 1 >= buf + sizeof(buf) - 1) {
628 fb1a36c0 2022-01-09 op yyerror("string too long");
629 fb1a36c0 2022-01-09 op return findeol();
633 fb1a36c0 2022-01-09 op yylval.v.string = strdup(buf);
634 fb1a36c0 2022-01-09 op if (yylval.v.string == NULL)
635 fb1a36c0 2022-01-09 op err(1, "yylex: strdup");
636 fb1a36c0 2022-01-09 op return STRING;
639 fb1a36c0 2022-01-09 op #define allowed_to_end_number(x) \
640 fb1a36c0 2022-01-09 op (isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' || x == '=')
642 fb1a36c0 2022-01-09 op if (c == '-' || isdigit(c)) {
645 fb1a36c0 2022-01-09 op if ((size_t)(p-buf) >= sizeof(buf)) {
646 fb1a36c0 2022-01-09 op yyerror("string too long");
647 fb1a36c0 2022-01-09 op return findeol();
649 fb1a36c0 2022-01-09 op } while ((c = lgetc(0)) != EOF && isdigit(c));
651 fb1a36c0 2022-01-09 op if (p == buf + 1 && buf[0] == '-')
652 fb1a36c0 2022-01-09 op goto nodigits;
653 fb1a36c0 2022-01-09 op if (c == EOF || allowed_to_end_number(c)) {
654 fb1a36c0 2022-01-09 op const char *errstr = NULL;
657 fb1a36c0 2022-01-09 op yylval.v.number = strtonum(buf, LLONG_MIN,
658 fb1a36c0 2022-01-09 op LLONG_MAX, &errstr);
659 fb1a36c0 2022-01-09 op if (errstr) {
660 fb1a36c0 2022-01-09 op yyerror("\"%s\" invalid number: %s",
661 fb1a36c0 2022-01-09 op buf, errstr);
662 fb1a36c0 2022-01-09 op return findeol();
664 fb1a36c0 2022-01-09 op return NUMBER;
667 fb1a36c0 2022-01-09 op while (p > buf + 1)
668 fb1a36c0 2022-01-09 op lungetc((unsigned char)*--p);
669 fb1a36c0 2022-01-09 op c = (unsigned char)*--p;
670 fb1a36c0 2022-01-09 op if (c == '-')
675 fb1a36c0 2022-01-09 op #define allowed_in_string(x) \
676 fb1a36c0 2022-01-09 op (isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \
677 fb1a36c0 2022-01-09 op x != '{' && x != '}' && \
678 fb1a36c0 2022-01-09 op x != '!' && x != '=' && x != '#' && \
679 fb1a36c0 2022-01-09 op x != ',' && x != '>'))
681 fb1a36c0 2022-01-09 op if (isalnum(c) || c == ':' || c == '_') {
684 fb1a36c0 2022-01-09 op if ((size_t)(p-buf) >= sizeof(buf)) {
685 fb1a36c0 2022-01-09 op yyerror("string too long");
686 fb1a36c0 2022-01-09 op return findeol();
688 fb1a36c0 2022-01-09 op } while ((c = lgetc(0)) != EOF && (allowed_in_string(c)));
691 fb1a36c0 2022-01-09 op if ((token = lookup(buf)) == STRING)
692 fb1a36c0 2022-01-09 op if ((yylval.v.string = strdup(buf)) == NULL)
693 fb1a36c0 2022-01-09 op err(1, "yylex: strdup");
694 fb1a36c0 2022-01-09 op return token;
696 fb1a36c0 2022-01-09 op if (c == '\n') {
697 fb1a36c0 2022-01-09 op yylval.lineno = file->lineno;
698 fb1a36c0 2022-01-09 op file->lineno++;
700 fb1a36c0 2022-01-09 op if (c == EOF)
706 fb1a36c0 2022-01-09 op check_file_secrecy(int fd, const char *fname)
708 fb1a36c0 2022-01-09 op struct stat st;
710 fb1a36c0 2022-01-09 op if (fstat(fd, &st)) {
711 fb1a36c0 2022-01-09 op log_warn("cannot stat %s", fname);
714 fb1a36c0 2022-01-09 op if (st.st_uid != 0 && st.st_uid != getuid()) {
715 fb1a36c0 2022-01-09 op log_warnx("%s: owner not root or current user", fname);
718 fb1a36c0 2022-01-09 op if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {
719 fb1a36c0 2022-01-09 op log_warnx("%s: group writable or world read/writable", fname);
725 fb1a36c0 2022-01-09 op struct file *
726 fb1a36c0 2022-01-09 op pushfile(const char *name, int secret)
728 fb1a36c0 2022-01-09 op struct file *nfile;
730 fb1a36c0 2022-01-09 op if ((nfile = calloc(1, sizeof(struct file))) == NULL) {
731 fb1a36c0 2022-01-09 op log_warn("calloc");
734 fb1a36c0 2022-01-09 op if ((nfile->name = strdup(name)) == NULL) {
735 fb1a36c0 2022-01-09 op log_warn("strdup");
739 fb1a36c0 2022-01-09 op if ((nfile->stream = fopen(nfile->name, "r")) == NULL) {
740 fb1a36c0 2022-01-09 op log_warn("%s", nfile->name);
741 fb1a36c0 2022-01-09 op free(nfile->name);
744 fb1a36c0 2022-01-09 op } else if (secret &&
745 fb1a36c0 2022-01-09 op check_file_secrecy(fileno(nfile->stream), nfile->name)) {
746 fb1a36c0 2022-01-09 op fclose(nfile->stream);
747 fb1a36c0 2022-01-09 op free(nfile->name);
751 fb1a36c0 2022-01-09 op nfile->lineno = TAILQ_EMPTY(&files) ? 1 : 0;
752 fb1a36c0 2022-01-09 op nfile->ungetsize = 16;
753 fb1a36c0 2022-01-09 op nfile->ungetbuf = malloc(nfile->ungetsize);
754 fb1a36c0 2022-01-09 op if (nfile->ungetbuf == NULL) {
755 fb1a36c0 2022-01-09 op log_warn("malloc");
756 fb1a36c0 2022-01-09 op fclose(nfile->stream);
757 fb1a36c0 2022-01-09 op free(nfile->name);
761 fb1a36c0 2022-01-09 op TAILQ_INSERT_TAIL(&files, nfile, entry);
762 fb1a36c0 2022-01-09 op return nfile;
766 fb1a36c0 2022-01-09 op popfile(void)
768 fb1a36c0 2022-01-09 op struct file *prev;
770 fb1a36c0 2022-01-09 op if ((prev = TAILQ_PREV(file, files, entry)) != NULL)
771 fb1a36c0 2022-01-09 op prev->errors += file->errors;
773 fb1a36c0 2022-01-09 op TAILQ_REMOVE(&files, file, entry);
774 fb1a36c0 2022-01-09 op fclose(file->stream);
775 fb1a36c0 2022-01-09 op free(file->name);
776 fb1a36c0 2022-01-09 op free(file->ungetbuf);
779 fb1a36c0 2022-01-09 op return file ? 0 : EOF;
782 fb1a36c0 2022-01-09 op struct kd_conf *
783 fb1a36c0 2022-01-09 op parse_config(const char *filename)
785 fb1a36c0 2022-01-09 op struct sym *sym, *next;
788 fb1a36c0 2022-01-09 op conf = config_new_empty();
790 fb1a36c0 2022-01-09 op file = pushfile(filename, 0);
791 fb1a36c0 2022-01-09 op if (file == NULL) {
795 fb1a36c0 2022-01-09 op topfile = file;
798 fb1a36c0 2022-01-09 op errors = file->errors;
801 fb1a36c0 2022-01-09 op /* Free macros and check which have not been used. */
802 fb1a36c0 2022-01-09 op TAILQ_FOREACH_SAFE(sym, &symhead, entry, next) {
803 fb1a36c0 2022-01-09 op if (verbose && !sym->used)
804 fb1a36c0 2022-01-09 op fprintf(stderr, "warning: macro '%s' not used\n",
806 fb1a36c0 2022-01-09 op if (!sym->persist) {
807 fb1a36c0 2022-01-09 op free(sym->nam);
808 fb1a36c0 2022-01-09 op free(sym->val);
809 fb1a36c0 2022-01-09 op TAILQ_REMOVE(&symhead, sym, entry);
814 fb1a36c0 2022-01-09 op if (errors) {
815 fb1a36c0 2022-01-09 op clear_config(conf);
823 fb1a36c0 2022-01-09 op symset(const char *nam, const char *val, int persist)
825 fb1a36c0 2022-01-09 op struct sym *sym;
827 fb1a36c0 2022-01-09 op TAILQ_FOREACH(sym, &symhead, entry) {
828 fb1a36c0 2022-01-09 op if (strcmp(nam, sym->nam) == 0)
832 fb1a36c0 2022-01-09 op if (sym != NULL) {
833 fb1a36c0 2022-01-09 op if (sym->persist == 1)
836 fb1a36c0 2022-01-09 op free(sym->nam);
837 fb1a36c0 2022-01-09 op free(sym->val);
838 fb1a36c0 2022-01-09 op TAILQ_REMOVE(&symhead, sym, entry);
842 fb1a36c0 2022-01-09 op if ((sym = calloc(1, sizeof(*sym))) == NULL)
845 fb1a36c0 2022-01-09 op sym->nam = strdup(nam);
846 fb1a36c0 2022-01-09 op if (sym->nam == NULL) {
850 fb1a36c0 2022-01-09 op sym->val = strdup(val);
851 fb1a36c0 2022-01-09 op if (sym->val == NULL) {
852 fb1a36c0 2022-01-09 op free(sym->nam);
856 fb1a36c0 2022-01-09 op sym->used = 0;
857 fb1a36c0 2022-01-09 op sym->persist = persist;
858 fb1a36c0 2022-01-09 op TAILQ_INSERT_TAIL(&symhead, sym, entry);
863 fb1a36c0 2022-01-09 op cmdline_symset(char *s)
865 fb1a36c0 2022-01-09 op char *sym, *val;
868 fb1a36c0 2022-01-09 op if ((val = strrchr(s, '=')) == NULL)
870 fb1a36c0 2022-01-09 op sym = strndup(s, val - s);
871 fb1a36c0 2022-01-09 op if (sym == NULL)
872 fb1a36c0 2022-01-09 op errx(1, "%s: strndup", __func__);
873 fb1a36c0 2022-01-09 op ret = symset(sym, val + 1, 1);
880 fb1a36c0 2022-01-09 op symget(const char *nam)
882 fb1a36c0 2022-01-09 op struct sym *sym;
884 fb1a36c0 2022-01-09 op TAILQ_FOREACH(sym, &symhead, entry) {
885 fb1a36c0 2022-01-09 op if (strcmp(nam, sym->nam) == 0) {
886 fb1a36c0 2022-01-09 op sym->used = 1;
887 fb1a36c0 2022-01-09 op return sym->val;
894 fb1a36c0 2022-01-09 op clear_config(struct kd_conf *xconf)
896 c1e62371 2022-01-28 op struct kd_pki_conf *p;
897 c1e62371 2022-01-28 op struct kd_tables_conf *t;
898 c1e62371 2022-01-28 op struct kd_listen_conf *l;
900 c1e62371 2022-01-28 op if (xconf == NULL)
903 c1e62371 2022-01-28 op while (!STAILQ_EMPTY(&xconf->pki_head)) {
904 c1e62371 2022-01-28 op p = STAILQ_FIRST(&xconf->pki_head);
905 c1e62371 2022-01-28 op STAILQ_REMOVE_HEAD(&xconf->pki_head, entry);
907 c1e62371 2022-01-28 op if (p->cert != NULL)
908 c1e62371 2022-01-28 op tls_unload_file(p->cert, p->certlen);
909 c1e62371 2022-01-28 op if (p->key != NULL)
910 c1e62371 2022-01-28 op tls_unload_file(p->key, p->keylen);
911 c1e62371 2022-01-28 op if (p->tlsconf != NULL)
912 c1e62371 2022-01-28 op tls_config_free(p->tlsconf);
916 c1e62371 2022-01-28 op while (!STAILQ_EMPTY(&xconf->table_head)) {
917 c1e62371 2022-01-28 op t = STAILQ_FIRST(&xconf->table_head);
918 c1e62371 2022-01-28 op STAILQ_REMOVE_HEAD(&xconf->table_head, entry);
920 c1e62371 2022-01-28 op table_close(t->table);
921 c1e62371 2022-01-28 op free(t->table);
925 c1e62371 2022-01-28 op while (!STAILQ_EMPTY(&xconf->listen_head)) {
926 c1e62371 2022-01-28 op l = STAILQ_FIRST(&xconf->listen_head);
927 c1e62371 2022-01-28 op STAILQ_REMOVE_HEAD(&xconf->listen_head, entry);
929 c1e62371 2022-01-28 op if (l->ctx != NULL)
930 c1e62371 2022-01-28 op tls_free(l->ctx);
931 c1e62371 2022-01-28 op if (l->fd != -1) {
932 c1e62371 2022-01-28 op event_del(&l->ev);
933 c1e62371 2022-01-28 op close(l->fd);
943 fb1a36c0 2022-01-09 op add_table(const char *name, const char *type, const char *path)
945 fb1a36c0 2022-01-09 op if (table_open(conf, name, type, path) == -1)
946 fb1a36c0 2022-01-09 op yyerror("can't initialize table %s", name);
947 fb1a36c0 2022-01-09 op table = STAILQ_FIRST(&conf->table_head)->table;
950 fb1a36c0 2022-01-09 op static struct table *
951 fb1a36c0 2022-01-09 op findtable(const char *name)
953 fb1a36c0 2022-01-09 op struct kd_tables_conf *i;
955 fb1a36c0 2022-01-09 op STAILQ_FOREACH(i, &conf->table_head, entry) {
956 fb1a36c0 2022-01-09 op if (!strcmp(i->table->t_name, name))
957 fb1a36c0 2022-01-09 op return i->table;
960 fb1a36c0 2022-01-09 op yyerror("unknown table %s", name);
965 fb1a36c0 2022-01-09 op add_cert(const char *name, const char *path)
967 fb1a36c0 2022-01-09 op struct kd_pki_conf *pki;
969 fb1a36c0 2022-01-09 op STAILQ_FOREACH(pki, &conf->pki_head, entry) {
970 fb1a36c0 2022-01-09 op if (strcmp(name, pki->name) != 0)
973 fb1a36c0 2022-01-09 op if (pki->cert != NULL) {
974 fb1a36c0 2022-01-09 op yyerror("duplicate `pki %s cert'", name);
981 fb1a36c0 2022-01-09 op pki = xcalloc(1, sizeof(*pki));
982 fb1a36c0 2022-01-09 op strlcpy(pki->name, name, sizeof(pki->name));
983 fb1a36c0 2022-01-09 op STAILQ_INSERT_HEAD(&conf->pki_head, pki, entry);
986 fb1a36c0 2022-01-09 op if ((pki->cert = tls_load_file(path, &pki->certlen, NULL)) == NULL)
987 2ead9f28 2022-02-12 op fatal("can't open %s", path);
991 fb1a36c0 2022-01-09 op add_key(const char *name, const char *path)
993 fb1a36c0 2022-01-09 op struct kd_pki_conf *pki;
995 fb1a36c0 2022-01-09 op STAILQ_FOREACH(pki, &conf->pki_head, entry) {
996 fb1a36c0 2022-01-09 op if (strcmp(name, pki->name) != 0)
999 fb1a36c0 2022-01-09 op if (pki->key != NULL) {
1000 fb1a36c0 2022-01-09 op yyerror("duplicate `pki %s key'", name);
1007 fb1a36c0 2022-01-09 op pki = xcalloc(1, sizeof(*pki));
1008 fb1a36c0 2022-01-09 op strlcpy(pki->name, name, sizeof(pki->name));
1009 fb1a36c0 2022-01-09 op STAILQ_INSERT_HEAD(&conf->pki_head, pki, entry);
1012 fb1a36c0 2022-01-09 op if ((pki->key = tls_load_file(path, &pki->keylen, NULL)) == NULL)
1013 2ead9f28 2022-02-12 op fatal("can't open %s", path);
1016 fb1a36c0 2022-01-09 op static struct kd_listen_conf *
1017 fb1a36c0 2022-01-09 op listen_new(void)
1019 fb1a36c0 2022-01-09 op struct kd_listen_conf *l;
1021 fb1a36c0 2022-01-09 op l = xcalloc(1, sizeof(*l));
1022 fb1a36c0 2022-01-09 op l->id = counter++;
1025 fb1a36c0 2022-01-09 op STAILQ_INSERT_HEAD(&conf->listen_head, l, entry);