2 fb1a36c0 2022-01-09 op * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
3 fb1a36c0 2022-01-09 op * Copyright (c) 2018 Florian Obser <florian@openbsd.org>
4 fb1a36c0 2022-01-09 op * Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org>
5 fb1a36c0 2022-01-09 op * Copyright (c) 2004 Ryan McBride <mcbride@openbsd.org>
6 fb1a36c0 2022-01-09 op * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
7 fb1a36c0 2022-01-09 op * Copyright (c) 2001 Markus Friedl. All rights reserved.
8 fb1a36c0 2022-01-09 op * Copyright (c) 2001 Daniel Hartmeier. All rights reserved.
9 fb1a36c0 2022-01-09 op * Copyright (c) 2001 Theo de Raadt. All rights reserved.
11 fb1a36c0 2022-01-09 op * Permission to use, copy, modify, and distribute this software for any
12 fb1a36c0 2022-01-09 op * purpose with or without fee is hereby granted, provided that the above
13 fb1a36c0 2022-01-09 op * copyright notice and this permission notice appear in all copies.
15 fb1a36c0 2022-01-09 op * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
16 fb1a36c0 2022-01-09 op * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
17 fb1a36c0 2022-01-09 op * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
18 fb1a36c0 2022-01-09 op * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
19 fb1a36c0 2022-01-09 op * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 fb1a36c0 2022-01-09 op * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 fb1a36c0 2022-01-09 op * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
26 fb1a36c0 2022-01-09 op #include <sys/types.h>
27 fb1a36c0 2022-01-09 op #include <sys/queue.h>
28 fb1a36c0 2022-01-09 op #include <sys/stat.h>
30 fb1a36c0 2022-01-09 op #include <ctype.h>
31 fb1a36c0 2022-01-09 op #include <err.h>
32 fb1a36c0 2022-01-09 op #include <errno.h>
33 fb1a36c0 2022-01-09 op #include <event.h>
34 fb1a36c0 2022-01-09 op #include <inttypes.h>
35 fb1a36c0 2022-01-09 op #include <limits.h>
36 fb1a36c0 2022-01-09 op #include <stdarg.h>
37 fb1a36c0 2022-01-09 op #include <stdio.h>
38 fb1a36c0 2022-01-09 op #include <stdlib.h>
39 fb1a36c0 2022-01-09 op #include <string.h>
40 fb1a36c0 2022-01-09 op #include <syslog.h>
41 fb1a36c0 2022-01-09 op #include <unistd.h>
42 fb1a36c0 2022-01-09 op #include <imsg.h>
44 fb1a36c0 2022-01-09 op #include "log.h"
45 fb1a36c0 2022-01-09 op #include "kamid.h"
46 fb1a36c0 2022-01-09 op #include "table.h"
47 fb1a36c0 2022-01-09 op #include "utils.h"
49 fb1a36c0 2022-01-09 op TAILQ_HEAD(files, file) files = TAILQ_HEAD_INITIALIZER(files);
50 fb1a36c0 2022-01-09 op static struct file {
51 fb1a36c0 2022-01-09 op TAILQ_ENTRY(file) entry;
54 fb1a36c0 2022-01-09 op size_t ungetpos;
55 fb1a36c0 2022-01-09 op size_t ungetsize;
56 fb1a36c0 2022-01-09 op u_char *ungetbuf;
57 fb1a36c0 2022-01-09 op int eof_reached;
60 fb1a36c0 2022-01-09 op } *file, *topfile;
61 fb1a36c0 2022-01-09 op struct file *pushfile(const char *, int);
62 fb1a36c0 2022-01-09 op int popfile(void);
63 fb1a36c0 2022-01-09 op int check_file_secrecy(int, const char *);
64 fb1a36c0 2022-01-09 op int yyparse(void);
65 fb1a36c0 2022-01-09 op int yylex(void);
66 fb1a36c0 2022-01-09 op int yyerror(const char *, ...)
67 fb1a36c0 2022-01-09 op __attribute__((__format__ (printf, 1, 2)))
68 fb1a36c0 2022-01-09 op __attribute__((__nonnull__ (1)));
69 fb1a36c0 2022-01-09 op int kw_cmp(const void *, const void *);
70 fb1a36c0 2022-01-09 op int lookup(char *);
71 fb1a36c0 2022-01-09 op int igetc(void);
72 fb1a36c0 2022-01-09 op int lgetc(int);
73 fb1a36c0 2022-01-09 op void lungetc(int);
74 fb1a36c0 2022-01-09 op int findeol(void);
76 fb1a36c0 2022-01-09 op TAILQ_HEAD(symhead, sym) symhead = TAILQ_HEAD_INITIALIZER(symhead);
78 fb1a36c0 2022-01-09 op TAILQ_ENTRY(sym) entry;
85 fb1a36c0 2022-01-09 op int symset(const char *, const char *, int);
86 fb1a36c0 2022-01-09 op char *symget(const char *);
88 fb1a36c0 2022-01-09 op void clear_config(struct kd_conf *xconf);
90 fb1a36c0 2022-01-09 op static void add_table(const char *, const char *, const char *);
91 fb1a36c0 2022-01-09 op static struct table *findtable(const char *name);
92 fb1a36c0 2022-01-09 op static void add_cert(const char *, const char *);
93 fb1a36c0 2022-01-09 op static void add_key(const char *, const char *);
94 fb1a36c0 2022-01-09 op static struct kd_listen_conf *listen_new(void);
96 fb1a36c0 2022-01-09 op static uint32_t counter;
97 fb1a36c0 2022-01-09 op static struct table *table;
98 fb1a36c0 2022-01-09 op static struct kd_listen_conf *listener;
99 fb1a36c0 2022-01-09 op static struct kd_conf *conf;
100 fb1a36c0 2022-01-09 op static int errors;
102 fb1a36c0 2022-01-09 op typedef struct {
104 fb1a36c0 2022-01-09 op int64_t number;
105 fb1a36c0 2022-01-09 op char *string;
106 fb1a36c0 2022-01-09 op struct table *table;
116 fb1a36c0 2022-01-09 op %token INCLUDE
118 fb1a36c0 2022-01-09 op %token LISTEN
121 fb1a36c0 2022-01-09 op %token PKI PORT
122 fb1a36c0 2022-01-09 op %token TABLE TLS
123 fb1a36c0 2022-01-09 op %token USERDATA
124 fb1a36c0 2022-01-09 op %token VIRTUAL
127 fb1a36c0 2022-01-09 op %token <v.string> STRING
128 fb1a36c0 2022-01-09 op %token <v.number> NUMBER
129 fb1a36c0 2022-01-09 op %type <v.number> yesno
130 fb1a36c0 2022-01-09 op %type <v.string> string
131 fb1a36c0 2022-01-09 op %type <v.table> tableref
135 fb1a36c0 2022-01-09 op grammar : /* empty */
136 fb1a36c0 2022-01-09 op | grammar include '\n'
137 fb1a36c0 2022-01-09 op | grammar '\n'
138 fb1a36c0 2022-01-09 op | grammar table '\n'
139 fb1a36c0 2022-01-09 op | grammar pki '\n'
140 fb1a36c0 2022-01-09 op | grammar listen '\n'
141 fb1a36c0 2022-01-09 op | grammar varset '\n'
142 fb1a36c0 2022-01-09 op | grammar error '\n' { file->errors++; }
145 fb1a36c0 2022-01-09 op include : INCLUDE STRING {
146 fb1a36c0 2022-01-09 op struct file *nfile;
148 fb1a36c0 2022-01-09 op if ((nfile = pushfile($2, 0)) == NULL) {
149 fb1a36c0 2022-01-09 op yyerror("failed to include file %s", $2);
155 fb1a36c0 2022-01-09 op file = nfile;
156 fb1a36c0 2022-01-09 op lungetc('\n');
160 fb1a36c0 2022-01-09 op string : string STRING {
161 fb1a36c0 2022-01-09 op if (asprintf(&$$, "%s %s", $1, $2) == -1) {
164 fb1a36c0 2022-01-09 op yyerror("string: asprintf");
173 fb1a36c0 2022-01-09 op yesno : YES { $$ = 1; }
174 fb1a36c0 2022-01-09 op | NO { $$ = 0; }
177 fb1a36c0 2022-01-09 op optnl : '\n' optnl /* zero or more newlines */
181 fb1a36c0 2022-01-09 op nl : '\n' optnl /* one or more newlines */
184 fb1a36c0 2022-01-09 op arrow : '=' '>' ;
186 fb1a36c0 2022-01-09 op comma : ',' optnl
189 fb1a36c0 2022-01-09 op varset : STRING '=' string {
190 fb1a36c0 2022-01-09 op char *s = $1;
192 fb1a36c0 2022-01-09 op printf("%s = \"%s\"\n", $1, $3);
193 fb1a36c0 2022-01-09 op while (*s++) {
194 fb1a36c0 2022-01-09 op if (isspace((unsigned char)*s)) {
195 fb1a36c0 2022-01-09 op yyerror("macro name cannot contain "
196 fb1a36c0 2022-01-09 op "whitespace");
202 fb1a36c0 2022-01-09 op if (symset($1, $3, 0) == -1)
203 fb1a36c0 2022-01-09 op fatal("cannot store variable");
209 fb1a36c0 2022-01-09 op pki : PKI STRING CERT STRING { add_cert($2, $4); }
210 fb1a36c0 2022-01-09 op | PKI STRING KEY STRING { add_key($2, $4); }
213 fb1a36c0 2022-01-09 op table_kp : string arrow string optnl {
214 fb1a36c0 2022-01-09 op if (table_add(table, $1, $3) == -1)
215 fb1a36c0 2022-01-09 op yyerror("can't add to table %s",
216 fb1a36c0 2022-01-09 op table->t_name);
222 fb1a36c0 2022-01-09 op table_kps : table_kp
223 fb1a36c0 2022-01-09 op | table_kp comma table_kps
226 fb1a36c0 2022-01-09 op stringel : STRING {
227 fb1a36c0 2022-01-09 op if (table_add(table, $1, NULL) == -1)
228 fb1a36c0 2022-01-09 op yyerror("can't add to table %s",
229 fb1a36c0 2022-01-09 op table->t_name);
234 fb1a36c0 2022-01-09 op string_list : stringel
235 fb1a36c0 2022-01-09 op | stringel comma string_list
238 fb1a36c0 2022-01-09 op table_vals : table_kps
239 fb1a36c0 2022-01-09 op | string_list
242 fb1a36c0 2022-01-09 op table : TABLE STRING STRING {
245 fb1a36c0 2022-01-09 op if ((p = strchr($3, ':')) == NULL) {
246 fb1a36c0 2022-01-09 op yyerror("invalid table %s", $2);
251 fb1a36c0 2022-01-09 op add_table($2, $3, p+1);
255 fb1a36c0 2022-01-09 op | TABLE STRING {
256 fb1a36c0 2022-01-09 op add_table($2, "static", NULL);
257 fb1a36c0 2022-01-09 op } '{' optnl table_vals '}' {
258 fb1a36c0 2022-01-09 op table = NULL;
262 fb1a36c0 2022-01-09 op tableref : '<' STRING '>' {
263 fb1a36c0 2022-01-09 op struct table *t;
265 fb1a36c0 2022-01-09 op t = findtable($2);
267 fb1a36c0 2022-01-09 op if (t == NULL)
273 fb1a36c0 2022-01-09 op listen : LISTEN { listener = listen_new(); }
274 fb1a36c0 2022-01-09 op listen_opts {
275 fb1a36c0 2022-01-09 op if (listener->auth_table == NULL)
276 fb1a36c0 2022-01-09 op yyerror("missing auth table");
277 fb1a36c0 2022-01-09 op if (!(listener->flags & L_TLS))
278 fb1a36c0 2022-01-09 op yyerror("can't define a non-tls listener");
279 fb1a36c0 2022-01-09 op listener = NULL;
283 fb1a36c0 2022-01-09 op listen_opts : listen_opt
284 fb1a36c0 2022-01-09 op | listen_opt listen_opts
287 fb1a36c0 2022-01-09 op listen_opt : ON STRING PORT NUMBER {
288 fb1a36c0 2022-01-09 op if (*listener->iface != '\0')
289 fb1a36c0 2022-01-09 op yyerror("listen address and port already"
291 fb1a36c0 2022-01-09 op strlcpy(listener->iface, $2, sizeof(listener->iface));
292 fb1a36c0 2022-01-09 op listener->port = $4;
294 fb1a36c0 2022-01-09 op | TLS PKI STRING {
295 fb1a36c0 2022-01-09 op if (*listener->pki != '\0')
296 fb1a36c0 2022-01-09 op yyerror("listen tls pki already defined");
297 fb1a36c0 2022-01-09 op listener->flags |= L_TLS;
298 fb1a36c0 2022-01-09 op strlcpy(listener->pki, $3, sizeof(listener->pki));
300 fb1a36c0 2022-01-09 op | AUTH tableref {
301 fb1a36c0 2022-01-09 op if (listener->auth_table != NULL)
302 fb1a36c0 2022-01-09 op yyerror("listen auth already defined");
303 fb1a36c0 2022-01-09 op listener->auth_table = $2;
305 fb1a36c0 2022-01-09 op | USERDATA tableref {
306 fb1a36c0 2022-01-09 op if (listener->userdata_table != NULL)
307 fb1a36c0 2022-01-09 op yyerror("userdata table already defined");
308 fb1a36c0 2022-01-09 op listener->userdata_table = $2;
310 fb1a36c0 2022-01-09 op | VIRTUAL tableref {
311 fb1a36c0 2022-01-09 op if (listener->virtual_table != NULL)
312 fb1a36c0 2022-01-09 op yyerror("virtual table already defined");
313 fb1a36c0 2022-01-09 op listener->virtual_table = $2;
319 fb1a36c0 2022-01-09 op struct keywords {
320 fb1a36c0 2022-01-09 op const char *k_name;
325 fb1a36c0 2022-01-09 op yyerror(const char *fmt, ...)
330 fb1a36c0 2022-01-09 op file->errors++;
331 fb1a36c0 2022-01-09 op va_start(ap, fmt);
332 fb1a36c0 2022-01-09 op if (vasprintf(&msg, fmt, ap) == -1)
333 fb1a36c0 2022-01-09 op fatalx("yyerror vasprintf");
335 fb1a36c0 2022-01-09 op logit(LOG_CRIT, "%s:%d: %s", file->name, yylval.lineno, msg);
341 fb1a36c0 2022-01-09 op kw_cmp(const void *k, const void *e)
343 fb1a36c0 2022-01-09 op return strcmp(k, ((const struct keywords *)e)->k_name);
347 fb1a36c0 2022-01-09 op lookup(char *s)
349 fb1a36c0 2022-01-09 op /* This has to be sorted always. */
350 fb1a36c0 2022-01-09 op static const struct keywords keywords[] = {
351 fb1a36c0 2022-01-09 op {"auth", AUTH},
352 fb1a36c0 2022-01-09 op {"cert", CERT},
353 fb1a36c0 2022-01-09 op {"include", INCLUDE},
354 fb1a36c0 2022-01-09 op {"key", KEY},
355 fb1a36c0 2022-01-09 op {"listen", LISTEN},
358 fb1a36c0 2022-01-09 op {"pki", PKI},
359 fb1a36c0 2022-01-09 op {"port", PORT},
360 fb1a36c0 2022-01-09 op {"table", TABLE},
361 fb1a36c0 2022-01-09 op {"tls", TLS},
362 fb1a36c0 2022-01-09 op {"userdata", USERDATA},
363 fb1a36c0 2022-01-09 op {"virtual", VIRTUAL},
364 fb1a36c0 2022-01-09 op {"yes", YES},
366 fb1a36c0 2022-01-09 op const struct keywords *p;
368 fb1a36c0 2022-01-09 op p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]),
369 fb1a36c0 2022-01-09 op sizeof(keywords[0]), kw_cmp);
372 fb1a36c0 2022-01-09 op return p->k_val;
374 fb1a36c0 2022-01-09 op return STRING;
377 fb1a36c0 2022-01-09 op #define START_EXPAND 1
378 fb1a36c0 2022-01-09 op #define DONE_EXPAND 2
380 fb1a36c0 2022-01-09 op static int expanding;
388 fb1a36c0 2022-01-09 op if (file->ungetpos > 0)
389 fb1a36c0 2022-01-09 op c = file->ungetbuf[--file->ungetpos];
391 fb1a36c0 2022-01-09 op c = getc(file->stream);
393 fb1a36c0 2022-01-09 op if (c == START_EXPAND)
394 fb1a36c0 2022-01-09 op expanding = 1;
395 fb1a36c0 2022-01-09 op else if (c == DONE_EXPAND)
396 fb1a36c0 2022-01-09 op expanding = 0;
404 fb1a36c0 2022-01-09 op lgetc(int quotec)
408 fb1a36c0 2022-01-09 op if (quotec) {
409 fb1a36c0 2022-01-09 op if ((c = igetc()) == EOF) {
410 fb1a36c0 2022-01-09 op yyerror("reached end of file while parsing "
411 fb1a36c0 2022-01-09 op "quoted string");
412 fb1a36c0 2022-01-09 op if (file == topfile || popfile() == EOF)
414 fb1a36c0 2022-01-09 op return quotec;
419 fb1a36c0 2022-01-09 op while ((c = igetc()) == '\\') {
420 fb1a36c0 2022-01-09 op next = igetc();
421 fb1a36c0 2022-01-09 op if (next != '\n') {
425 fb1a36c0 2022-01-09 op yylval.lineno = file->lineno;
426 fb1a36c0 2022-01-09 op file->lineno++;
429 fb1a36c0 2022-01-09 op if (c == EOF) {
431 fb1a36c0 2022-01-09 op * Fake EOL when hit EOF for the first time. This gets line
432 fb1a36c0 2022-01-09 op * count right if last line in included file is syntactically
433 fb1a36c0 2022-01-09 op * invalid and has no newline.
435 fb1a36c0 2022-01-09 op if (file->eof_reached == 0) {
436 fb1a36c0 2022-01-09 op file->eof_reached = 1;
439 fb1a36c0 2022-01-09 op while (c == EOF) {
440 fb1a36c0 2022-01-09 op if (file == topfile || popfile() == EOF)
449 fb1a36c0 2022-01-09 op lungetc(int c)
451 fb1a36c0 2022-01-09 op if (c == EOF)
454 fb1a36c0 2022-01-09 op if (file->ungetpos >= file->ungetsize) {
455 fb1a36c0 2022-01-09 op void *p = reallocarray(file->ungetbuf, file->ungetsize, 2);
456 fb1a36c0 2022-01-09 op if (p == NULL)
457 fb1a36c0 2022-01-09 op err(1, "lungetc");
458 fb1a36c0 2022-01-09 op file->ungetbuf = p;
459 fb1a36c0 2022-01-09 op file->ungetsize *= 2;
461 fb1a36c0 2022-01-09 op file->ungetbuf[file->ungetpos++] = c;
465 fb1a36c0 2022-01-09 op findeol(void)
469 fb1a36c0 2022-01-09 op /* Skip to either EOF or the first real EOL. */
471 fb1a36c0 2022-01-09 op c = lgetc(0);
472 fb1a36c0 2022-01-09 op if (c == '\n') {
473 fb1a36c0 2022-01-09 op file->lineno++;
476 fb1a36c0 2022-01-09 op if (c == EOF)
479 fb1a36c0 2022-01-09 op return ERROR;
483 fb1a36c0 2022-01-09 op int my_yylex(void);
490 fb1a36c0 2022-01-09 op switch (x = my_yylex()) {
492 fb1a36c0 2022-01-09 op puts("auth");
495 fb1a36c0 2022-01-09 op puts("cert");
498 fb1a36c0 2022-01-09 op puts("error");
500 fb1a36c0 2022-01-09 op case INCLUDE:
501 fb1a36c0 2022-01-09 op puts("include");
507 fb1a36c0 2022-01-09 op puts("listen");
519 fb1a36c0 2022-01-09 op puts("port");
522 fb1a36c0 2022-01-09 op puts("table");
531 fb1a36c0 2022-01-09 op printf("string \"%s\"\n", yylval.v.string);
534 fb1a36c0 2022-01-09 op printf("number %"PRIi64"\n", yylval.v.number);
536 fb1a36c0 2022-01-09 op printf("character ");
537 fb1a36c0 2022-01-09 op if (x == '\n')
538 fb1a36c0 2022-01-09 op printf("\\n");
540 fb1a36c0 2022-01-09 op printf("%c", x);
541 fb1a36c0 2022-01-09 op printf(" [0x%x]", x);
542 fb1a36c0 2022-01-09 op printf("\n");
550 fb1a36c0 2022-01-09 op my_yylex(void)
556 fb1a36c0 2022-01-09 op char buf[8096];
557 fb1a36c0 2022-01-09 op char *p, *val;
558 fb1a36c0 2022-01-09 op int quotec, next, c;
563 fb1a36c0 2022-01-09 op while ((c = lgetc(0)) == ' ' || c == '\t')
564 fb1a36c0 2022-01-09 op ; /* nothing */
566 fb1a36c0 2022-01-09 op yylval.lineno = file->lineno;
567 fb1a36c0 2022-01-09 op if (c == '#')
568 fb1a36c0 2022-01-09 op while ((c = lgetc(0)) != '\n' && c != EOF)
569 fb1a36c0 2022-01-09 op ; /* nothing */
570 fb1a36c0 2022-01-09 op if (c == '$' && !expanding) {
572 fb1a36c0 2022-01-09 op if ((c = lgetc(0)) == EOF)
575 fb1a36c0 2022-01-09 op if (p + 1 >= buf + sizeof(buf) - 1) {
576 fb1a36c0 2022-01-09 op yyerror("string too long");
577 fb1a36c0 2022-01-09 op return findeol();
579 fb1a36c0 2022-01-09 op if (isalnum(c) || c == '_') {
587 fb1a36c0 2022-01-09 op val = symget(buf);
588 fb1a36c0 2022-01-09 op if (val == NULL) {
589 fb1a36c0 2022-01-09 op yyerror("macro '%s' not defined", buf);
590 fb1a36c0 2022-01-09 op return findeol();
592 fb1a36c0 2022-01-09 op p = val + strlen(val) - 1;
593 fb1a36c0 2022-01-09 op lungetc(DONE_EXPAND);
594 fb1a36c0 2022-01-09 op while (p >= val) {
595 fb1a36c0 2022-01-09 op lungetc((unsigned char)*p);
598 fb1a36c0 2022-01-09 op lungetc(START_EXPAND);
607 fb1a36c0 2022-01-09 op if ((c = lgetc(quotec)) == EOF)
609 fb1a36c0 2022-01-09 op if (c == '\n') {
610 fb1a36c0 2022-01-09 op file->lineno++;
612 fb1a36c0 2022-01-09 op } else if (c == '\\') {
613 fb1a36c0 2022-01-09 op if ((next = lgetc(quotec)) == EOF)
615 fb1a36c0 2022-01-09 op if (next == quotec || next == ' ' ||
616 fb1a36c0 2022-01-09 op next == '\t')
618 fb1a36c0 2022-01-09 op else if (next == '\n') {
619 fb1a36c0 2022-01-09 op file->lineno++;
622 fb1a36c0 2022-01-09 op lungetc(next);
623 fb1a36c0 2022-01-09 op } else if (c == quotec) {
626 fb1a36c0 2022-01-09 op } else if (c == '\0') {
627 fb1a36c0 2022-01-09 op yyerror("syntax error");
628 fb1a36c0 2022-01-09 op return findeol();
630 fb1a36c0 2022-01-09 op if (p + 1 >= buf + sizeof(buf) - 1) {
631 fb1a36c0 2022-01-09 op yyerror("string too long");
632 fb1a36c0 2022-01-09 op return findeol();
636 fb1a36c0 2022-01-09 op yylval.v.string = strdup(buf);
637 fb1a36c0 2022-01-09 op if (yylval.v.string == NULL)
638 fb1a36c0 2022-01-09 op err(1, "yylex: strdup");
639 fb1a36c0 2022-01-09 op return STRING;
642 fb1a36c0 2022-01-09 op #define allowed_to_end_number(x) \
643 fb1a36c0 2022-01-09 op (isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' || x == '=')
645 fb1a36c0 2022-01-09 op if (c == '-' || isdigit(c)) {
648 fb1a36c0 2022-01-09 op if ((size_t)(p-buf) >= sizeof(buf)) {
649 fb1a36c0 2022-01-09 op yyerror("string too long");
650 fb1a36c0 2022-01-09 op return findeol();
652 fb1a36c0 2022-01-09 op } while ((c = lgetc(0)) != EOF && isdigit(c));
654 fb1a36c0 2022-01-09 op if (p == buf + 1 && buf[0] == '-')
655 fb1a36c0 2022-01-09 op goto nodigits;
656 fb1a36c0 2022-01-09 op if (c == EOF || allowed_to_end_number(c)) {
657 fb1a36c0 2022-01-09 op const char *errstr = NULL;
660 fb1a36c0 2022-01-09 op yylval.v.number = strtonum(buf, LLONG_MIN,
661 fb1a36c0 2022-01-09 op LLONG_MAX, &errstr);
662 fb1a36c0 2022-01-09 op if (errstr) {
663 fb1a36c0 2022-01-09 op yyerror("\"%s\" invalid number: %s",
664 fb1a36c0 2022-01-09 op buf, errstr);
665 fb1a36c0 2022-01-09 op return findeol();
667 fb1a36c0 2022-01-09 op return NUMBER;
670 fb1a36c0 2022-01-09 op while (p > buf + 1)
671 fb1a36c0 2022-01-09 op lungetc((unsigned char)*--p);
672 fb1a36c0 2022-01-09 op c = (unsigned char)*--p;
673 fb1a36c0 2022-01-09 op if (c == '-')
678 fb1a36c0 2022-01-09 op #define allowed_in_string(x) \
679 fb1a36c0 2022-01-09 op (isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \
680 fb1a36c0 2022-01-09 op x != '{' && x != '}' && \
681 fb1a36c0 2022-01-09 op x != '!' && x != '=' && x != '#' && \
682 fb1a36c0 2022-01-09 op x != ',' && x != '>'))
684 fb1a36c0 2022-01-09 op if (isalnum(c) || c == ':' || c == '_') {
687 fb1a36c0 2022-01-09 op if ((size_t)(p-buf) >= sizeof(buf)) {
688 fb1a36c0 2022-01-09 op yyerror("string too long");
689 fb1a36c0 2022-01-09 op return findeol();
691 fb1a36c0 2022-01-09 op } while ((c = lgetc(0)) != EOF && (allowed_in_string(c)));
694 fb1a36c0 2022-01-09 op if ((token = lookup(buf)) == STRING)
695 fb1a36c0 2022-01-09 op if ((yylval.v.string = strdup(buf)) == NULL)
696 fb1a36c0 2022-01-09 op err(1, "yylex: strdup");
697 fb1a36c0 2022-01-09 op return token;
699 fb1a36c0 2022-01-09 op if (c == '\n') {
700 fb1a36c0 2022-01-09 op yylval.lineno = file->lineno;
701 fb1a36c0 2022-01-09 op file->lineno++;
703 fb1a36c0 2022-01-09 op if (c == EOF)
709 fb1a36c0 2022-01-09 op check_file_secrecy(int fd, const char *fname)
711 fb1a36c0 2022-01-09 op struct stat st;
713 fb1a36c0 2022-01-09 op if (fstat(fd, &st)) {
714 fb1a36c0 2022-01-09 op log_warn("cannot stat %s", fname);
717 fb1a36c0 2022-01-09 op if (st.st_uid != 0 && st.st_uid != getuid()) {
718 fb1a36c0 2022-01-09 op log_warnx("%s: owner not root or current user", fname);
721 fb1a36c0 2022-01-09 op if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {
722 fb1a36c0 2022-01-09 op log_warnx("%s: group writable or world read/writable", fname);
728 fb1a36c0 2022-01-09 op struct file *
729 fb1a36c0 2022-01-09 op pushfile(const char *name, int secret)
731 fb1a36c0 2022-01-09 op struct file *nfile;
733 fb1a36c0 2022-01-09 op if ((nfile = calloc(1, sizeof(struct file))) == NULL) {
734 fb1a36c0 2022-01-09 op log_warn("calloc");
737 fb1a36c0 2022-01-09 op if ((nfile->name = strdup(name)) == NULL) {
738 fb1a36c0 2022-01-09 op log_warn("strdup");
742 fb1a36c0 2022-01-09 op if ((nfile->stream = fopen(nfile->name, "r")) == NULL) {
743 fb1a36c0 2022-01-09 op log_warn("%s", nfile->name);
744 fb1a36c0 2022-01-09 op free(nfile->name);
747 fb1a36c0 2022-01-09 op } else if (secret &&
748 fb1a36c0 2022-01-09 op check_file_secrecy(fileno(nfile->stream), nfile->name)) {
749 fb1a36c0 2022-01-09 op fclose(nfile->stream);
750 fb1a36c0 2022-01-09 op free(nfile->name);
754 fb1a36c0 2022-01-09 op nfile->lineno = TAILQ_EMPTY(&files) ? 1 : 0;
755 fb1a36c0 2022-01-09 op nfile->ungetsize = 16;
756 fb1a36c0 2022-01-09 op nfile->ungetbuf = malloc(nfile->ungetsize);
757 fb1a36c0 2022-01-09 op if (nfile->ungetbuf == NULL) {
758 fb1a36c0 2022-01-09 op log_warn("malloc");
759 fb1a36c0 2022-01-09 op fclose(nfile->stream);
760 fb1a36c0 2022-01-09 op free(nfile->name);
764 fb1a36c0 2022-01-09 op TAILQ_INSERT_TAIL(&files, nfile, entry);
765 fb1a36c0 2022-01-09 op return nfile;
769 fb1a36c0 2022-01-09 op popfile(void)
771 fb1a36c0 2022-01-09 op struct file *prev;
773 fb1a36c0 2022-01-09 op if ((prev = TAILQ_PREV(file, files, entry)) != NULL)
774 fb1a36c0 2022-01-09 op prev->errors += file->errors;
776 fb1a36c0 2022-01-09 op TAILQ_REMOVE(&files, file, entry);
777 fb1a36c0 2022-01-09 op fclose(file->stream);
778 fb1a36c0 2022-01-09 op free(file->name);
779 fb1a36c0 2022-01-09 op free(file->ungetbuf);
782 fb1a36c0 2022-01-09 op return file ? 0 : EOF;
785 fb1a36c0 2022-01-09 op struct kd_conf *
786 fb1a36c0 2022-01-09 op parse_config(const char *filename)
788 fb1a36c0 2022-01-09 op struct sym *sym, *next;
791 fb1a36c0 2022-01-09 op conf = config_new_empty();
793 fb1a36c0 2022-01-09 op file = pushfile(filename, 0);
794 fb1a36c0 2022-01-09 op if (file == NULL) {
798 fb1a36c0 2022-01-09 op topfile = file;
801 fb1a36c0 2022-01-09 op errors = file->errors;
804 fb1a36c0 2022-01-09 op /* Free macros and check which have not been used. */
805 fb1a36c0 2022-01-09 op TAILQ_FOREACH_SAFE(sym, &symhead, entry, next) {
806 fb1a36c0 2022-01-09 op if (verbose && !sym->used)
807 fb1a36c0 2022-01-09 op fprintf(stderr, "warning: macro '%s' not used\n",
809 fb1a36c0 2022-01-09 op if (!sym->persist) {
810 fb1a36c0 2022-01-09 op free(sym->nam);
811 fb1a36c0 2022-01-09 op free(sym->val);
812 fb1a36c0 2022-01-09 op TAILQ_REMOVE(&symhead, sym, entry);
817 fb1a36c0 2022-01-09 op if (errors) {
818 fb1a36c0 2022-01-09 op clear_config(conf);
826 fb1a36c0 2022-01-09 op symset(const char *nam, const char *val, int persist)
828 fb1a36c0 2022-01-09 op struct sym *sym;
830 fb1a36c0 2022-01-09 op TAILQ_FOREACH(sym, &symhead, entry) {
831 fb1a36c0 2022-01-09 op if (strcmp(nam, sym->nam) == 0)
835 fb1a36c0 2022-01-09 op if (sym != NULL) {
836 fb1a36c0 2022-01-09 op if (sym->persist == 1)
839 fb1a36c0 2022-01-09 op free(sym->nam);
840 fb1a36c0 2022-01-09 op free(sym->val);
841 fb1a36c0 2022-01-09 op TAILQ_REMOVE(&symhead, sym, entry);
845 fb1a36c0 2022-01-09 op if ((sym = calloc(1, sizeof(*sym))) == NULL)
848 fb1a36c0 2022-01-09 op sym->nam = strdup(nam);
849 fb1a36c0 2022-01-09 op if (sym->nam == NULL) {
853 fb1a36c0 2022-01-09 op sym->val = strdup(val);
854 fb1a36c0 2022-01-09 op if (sym->val == NULL) {
855 fb1a36c0 2022-01-09 op free(sym->nam);
859 fb1a36c0 2022-01-09 op sym->used = 0;
860 fb1a36c0 2022-01-09 op sym->persist = persist;
861 fb1a36c0 2022-01-09 op TAILQ_INSERT_TAIL(&symhead, sym, entry);
866 fb1a36c0 2022-01-09 op cmdline_symset(char *s)
868 fb1a36c0 2022-01-09 op char *sym, *val;
871 fb1a36c0 2022-01-09 op if ((val = strrchr(s, '=')) == NULL)
873 fb1a36c0 2022-01-09 op sym = strndup(s, val - s);
874 fb1a36c0 2022-01-09 op if (sym == NULL)
875 fb1a36c0 2022-01-09 op errx(1, "%s: strndup", __func__);
876 fb1a36c0 2022-01-09 op ret = symset(sym, val + 1, 1);
883 fb1a36c0 2022-01-09 op symget(const char *nam)
885 fb1a36c0 2022-01-09 op struct sym *sym;
887 fb1a36c0 2022-01-09 op TAILQ_FOREACH(sym, &symhead, entry) {
888 fb1a36c0 2022-01-09 op if (strcmp(nam, sym->nam) == 0) {
889 fb1a36c0 2022-01-09 op sym->used = 1;
890 fb1a36c0 2022-01-09 op return sym->val;
897 fb1a36c0 2022-01-09 op clear_config(struct kd_conf *xconf)
899 fb1a36c0 2022-01-09 op /* free stuff? */
905 fb1a36c0 2022-01-09 op add_table(const char *name, const char *type, const char *path)
907 fb1a36c0 2022-01-09 op if (table_open(conf, name, type, path) == -1)
908 fb1a36c0 2022-01-09 op yyerror("can't initialize table %s", name);
909 fb1a36c0 2022-01-09 op table = STAILQ_FIRST(&conf->table_head)->table;
912 fb1a36c0 2022-01-09 op static struct table *
913 fb1a36c0 2022-01-09 op findtable(const char *name)
915 fb1a36c0 2022-01-09 op struct kd_tables_conf *i;
917 fb1a36c0 2022-01-09 op STAILQ_FOREACH(i, &conf->table_head, entry) {
918 fb1a36c0 2022-01-09 op if (!strcmp(i->table->t_name, name))
919 fb1a36c0 2022-01-09 op return i->table;
922 fb1a36c0 2022-01-09 op yyerror("unknown table %s", name);
927 fb1a36c0 2022-01-09 op add_cert(const char *name, const char *path)
929 fb1a36c0 2022-01-09 op struct kd_pki_conf *pki;
931 fb1a36c0 2022-01-09 op STAILQ_FOREACH(pki, &conf->pki_head, entry) {
932 fb1a36c0 2022-01-09 op if (strcmp(name, pki->name) != 0)
935 fb1a36c0 2022-01-09 op if (pki->cert != NULL) {
936 fb1a36c0 2022-01-09 op yyerror("duplicate `pki %s cert'", name);
943 fb1a36c0 2022-01-09 op pki = xcalloc(1, sizeof(*pki));
944 fb1a36c0 2022-01-09 op strlcpy(pki->name, name, sizeof(pki->name));
945 fb1a36c0 2022-01-09 op STAILQ_INSERT_HEAD(&conf->pki_head, pki, entry);
948 fb1a36c0 2022-01-09 op if ((pki->cert = tls_load_file(path, &pki->certlen, NULL)) == NULL)
953 fb1a36c0 2022-01-09 op add_key(const char *name, const char *path)
955 fb1a36c0 2022-01-09 op struct kd_pki_conf *pki;
957 fb1a36c0 2022-01-09 op STAILQ_FOREACH(pki, &conf->pki_head, entry) {
958 fb1a36c0 2022-01-09 op if (strcmp(name, pki->name) != 0)
961 fb1a36c0 2022-01-09 op if (pki->key != NULL) {
962 fb1a36c0 2022-01-09 op yyerror("duplicate `pki %s key'", name);
969 fb1a36c0 2022-01-09 op pki = xcalloc(1, sizeof(*pki));
970 fb1a36c0 2022-01-09 op strlcpy(pki->name, name, sizeof(pki->name));
971 fb1a36c0 2022-01-09 op STAILQ_INSERT_HEAD(&conf->pki_head, pki, entry);
974 fb1a36c0 2022-01-09 op if ((pki->key = tls_load_file(path, &pki->keylen, NULL)) == NULL)
978 fb1a36c0 2022-01-09 op static struct kd_listen_conf *
979 fb1a36c0 2022-01-09 op listen_new(void)
981 fb1a36c0 2022-01-09 op struct kd_listen_conf *l;
983 fb1a36c0 2022-01-09 op l = xcalloc(1, sizeof(*l));
984 fb1a36c0 2022-01-09 op l->id = counter++;
987 fb1a36c0 2022-01-09 op STAILQ_INSERT_HEAD(&conf->listen_head, l, entry);
