2 * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
3 * Copyright (c) 2018 Florian Obser <florian@openbsd.org>
4 * Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org>
5 * Copyright (c) 2004 Ryan McBride <mcbride@openbsd.org>
6 * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
7 * Copyright (c) 2001 Markus Friedl. All rights reserved.
8 * Copyright (c) 2001 Daniel Hartmeier. All rights reserved.
9 * Copyright (c) 2001 Theo de Raadt. All rights reserved.
11 * Permission to use, copy, modify, and distribute this software for any
12 * purpose with or without fee is hereby granted, provided that the above
13 * copyright notice and this permission notice appear in all copies.
15 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
16 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
17 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
18 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
19 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
26 #include <sys/types.h>
27 #include <sys/queue.h>
49 TAILQ_HEAD(files, file) files = TAILQ_HEAD_INITIALIZER(files);
51 TAILQ_ENTRY(file) entry;
61 struct file *pushfile(const char *, int);
63 int check_file_secrecy(int, const char *);
66 int yyerror(const char *, ...)
67 __attribute__((__format__ (printf, 1, 2)))
68 __attribute__((__nonnull__ (1)));
69 int kw_cmp(const void *, const void *);
76 TAILQ_HEAD(symhead, sym) symhead = TAILQ_HEAD_INITIALIZER(symhead);
78 TAILQ_ENTRY(sym) entry;
85 int symset(const char *, const char *, int);
86 char *symget(const char *);
88 void clear_config(struct kd_conf *xconf);
90 static void add_table(const char *, const char *, const char *);
91 static struct table *findtable(const char *name);
92 static void add_cert(const char *, const char *);
93 static void add_key(const char *, const char *);
94 static struct kd_listen_conf *listen_new(void);
96 static uint32_t counter;
97 static struct table *table;
98 static struct kd_listen_conf *listener;
99 static struct kd_conf *conf;
127 %token <v.string> STRING
128 %token <v.number> NUMBER
129 %type <v.number> yesno
130 %type <v.string> string
131 %type <v.table> tableref
135 grammar : /* empty */
136 | grammar include '\n'
140 | grammar listen '\n'
141 | grammar varset '\n'
142 | grammar error '\n' { file->errors++; }
145 include : INCLUDE STRING {
148 if ((nfile = pushfile($2, 0)) == NULL) {
149 yyerror("failed to include file %s", $2);
160 string : string STRING {
161 if (asprintf(&$$, "%s %s", $1, $2) == -1) {
164 yyerror("string: asprintf");
173 yesno : YES { $$ = 1; }
177 optnl : '\n' optnl /* zero or more newlines */
181 nl : '\n' optnl /* one or more newlines */
189 varset : STRING '=' string {
192 printf("%s = \"%s\"\n", $1, $3);
194 if (isspace((unsigned char)*s)) {
195 yyerror("macro name cannot contain "
202 if (symset($1, $3, 0) == -1)
203 fatal("cannot store variable");
209 pki : PKI STRING CERT STRING { add_cert($2, $4); }
210 | PKI STRING KEY STRING { add_key($2, $4); }
213 table_kp : string arrow string optnl {
214 if (table_add(table, $1, $3) == -1)
215 yyerror("can't add to table %s",
223 | table_kp comma table_kps
227 if (table_add(table, $1, NULL) == -1)
228 yyerror("can't add to table %s",
234 string_list : stringel
235 | stringel comma string_list
238 table_vals : table_kps
242 table : TABLE STRING STRING {
245 if ((p = strchr($3, ':')) == NULL) {
246 yyerror("invalid table %s", $2);
251 add_table($2, $3, p+1);
256 add_table($2, "static", NULL);
257 } '{' optnl table_vals '}' {
262 tableref : '<' STRING '>' {
273 listen : LISTEN { listener = listen_new(); }
275 if (listener->auth_table == NULL)
276 yyerror("missing auth table");
277 if (!(listener->flags & L_TLS))
278 yyerror("can't define a non-tls listener");
283 listen_opts : listen_opt
284 | listen_opt listen_opts
287 listen_opt : ON STRING PORT NUMBER {
288 if (*listener->iface != '\0')
289 yyerror("listen address and port already"
291 strlcpy(listener->iface, $2, sizeof(listener->iface));
295 if (*listener->pki != '\0')
296 yyerror("listen tls pki already defined");
297 listener->flags |= L_TLS;
298 strlcpy(listener->pki, $3, sizeof(listener->pki));
301 if (listener->auth_table != NULL)
302 yyerror("listen auth already defined");
303 listener->auth_table = $2;
305 | USERDATA tableref {
306 if (listener->userdata_table != NULL)
307 yyerror("userdata table already defined");
308 listener->userdata_table = $2;
311 if (listener->virtual_table != NULL)
312 yyerror("virtual table already defined");
313 listener->virtual_table = $2;
325 yyerror(const char *fmt, ...)
332 if (vasprintf(&msg, fmt, ap) == -1)
333 fatalx("yyerror vasprintf");
335 logit(LOG_CRIT, "%s:%d: %s", file->name, yylval.lineno, msg);
341 kw_cmp(const void *k, const void *e)
343 return strcmp(k, ((const struct keywords *)e)->k_name);
349 /* This has to be sorted always. */
350 static const struct keywords keywords[] = {
353 {"include", INCLUDE},
362 {"userdata", USERDATA},
363 {"virtual", VIRTUAL},
366 const struct keywords *p;
368 p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]),
369 sizeof(keywords[0]), kw_cmp);
377 #define START_EXPAND 1
378 #define DONE_EXPAND 2
380 static int expanding;
388 if (file->ungetpos > 0)
389 c = file->ungetbuf[--file->ungetpos];
391 c = getc(file->stream);
393 if (c == START_EXPAND)
395 else if (c == DONE_EXPAND)
409 if ((c = igetc()) == EOF) {
410 yyerror("reached end of file while parsing "
412 if (file == topfile || popfile() == EOF)
419 while ((c = igetc()) == '\\') {
425 yylval.lineno = file->lineno;
431 * Fake EOL when hit EOF for the first time. This gets line
432 * count right if last line in included file is syntactically
433 * invalid and has no newline.
435 if (file->eof_reached == 0) {
436 file->eof_reached = 1;
440 if (file == topfile || popfile() == EOF)
454 if (file->ungetpos >= file->ungetsize) {
455 void *p = reallocarray(file->ungetbuf, file->ungetsize, 2);
459 file->ungetsize *= 2;
461 file->ungetbuf[file->ungetpos++] = c;
469 /* Skip to either EOF or the first real EOL. */
490 switch (x = my_yylex()) {
531 printf("string \"%s\"\n", yylval.v.string);
534 printf("number %"PRIi64"\n", yylval.v.number);
536 printf("character ");
541 printf(" [0x%x]", x);
563 while ((c = lgetc(0)) == ' ' || c == '\t')
566 yylval.lineno = file->lineno;
568 while ((c = lgetc(0)) != '\n' && c != EOF)
570 if (c == '$' && !expanding) {
572 if ((c = lgetc(0)) == EOF)
575 if (p + 1 >= buf + sizeof(buf) - 1) {
576 yyerror("string too long");
579 if (isalnum(c) || c == '_') {
589 yyerror("macro '%s' not defined", buf);
592 p = val + strlen(val) - 1;
593 lungetc(DONE_EXPAND);
595 lungetc((unsigned char)*p);
598 lungetc(START_EXPAND);
607 if ((c = lgetc(quotec)) == EOF)
612 } else if (c == '\\') {
613 if ((next = lgetc(quotec)) == EOF)
615 if (next == quotec || next == ' ' ||
618 else if (next == '\n') {
623 } else if (c == quotec) {
626 } else if (c == '\0') {
627 yyerror("syntax error");
630 if (p + 1 >= buf + sizeof(buf) - 1) {
631 yyerror("string too long");
636 yylval.v.string = strdup(buf);
637 if (yylval.v.string == NULL)
638 err(1, "yylex: strdup");
642 #define allowed_to_end_number(x) \
643 (isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' || x == '=')
645 if (c == '-' || isdigit(c)) {
648 if ((size_t)(p-buf) >= sizeof(buf)) {
649 yyerror("string too long");
652 } while ((c = lgetc(0)) != EOF && isdigit(c));
654 if (p == buf + 1 && buf[0] == '-')
656 if (c == EOF || allowed_to_end_number(c)) {
657 const char *errstr = NULL;
660 yylval.v.number = strtonum(buf, LLONG_MIN,
663 yyerror("\"%s\" invalid number: %s",
671 lungetc((unsigned char)*--p);
672 c = (unsigned char)*--p;
678 #define allowed_in_string(x) \
679 (isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \
680 x != '{' && x != '}' && \
681 x != '!' && x != '=' && x != '#' && \
682 x != ',' && x != '>'))
684 if (isalnum(c) || c == ':' || c == '_') {
687 if ((size_t)(p-buf) >= sizeof(buf)) {
688 yyerror("string too long");
691 } while ((c = lgetc(0)) != EOF && (allowed_in_string(c)));
694 if ((token = lookup(buf)) == STRING)
695 if ((yylval.v.string = strdup(buf)) == NULL)
696 err(1, "yylex: strdup");
700 yylval.lineno = file->lineno;
709 check_file_secrecy(int fd, const char *fname)
713 if (fstat(fd, &st)) {
714 log_warn("cannot stat %s", fname);
717 if (st.st_uid != 0 && st.st_uid != getuid()) {
718 log_warnx("%s: owner not root or current user", fname);
721 if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {
722 log_warnx("%s: group writable or world read/writable", fname);
729 pushfile(const char *name, int secret)
733 if ((nfile = calloc(1, sizeof(struct file))) == NULL) {
737 if ((nfile->name = strdup(name)) == NULL) {
742 if ((nfile->stream = fopen(nfile->name, "r")) == NULL) {
743 log_warn("%s", nfile->name);
748 check_file_secrecy(fileno(nfile->stream), nfile->name)) {
749 fclose(nfile->stream);
754 nfile->lineno = TAILQ_EMPTY(&files) ? 1 : 0;
755 nfile->ungetsize = 16;
756 nfile->ungetbuf = malloc(nfile->ungetsize);
757 if (nfile->ungetbuf == NULL) {
759 fclose(nfile->stream);
764 TAILQ_INSERT_TAIL(&files, nfile, entry);
773 if ((prev = TAILQ_PREV(file, files, entry)) != NULL)
774 prev->errors += file->errors;
776 TAILQ_REMOVE(&files, file, entry);
777 fclose(file->stream);
779 free(file->ungetbuf);
782 return file ? 0 : EOF;
786 parse_config(const char *filename)
788 struct sym *sym, *next;
791 conf = config_new_empty();
793 file = pushfile(filename, 0);
801 errors = file->errors;
804 /* Free macros and check which have not been used. */
805 TAILQ_FOREACH_SAFE(sym, &symhead, entry, next) {
806 if (verbose && !sym->used)
807 fprintf(stderr, "warning: macro '%s' not used\n",
812 TAILQ_REMOVE(&symhead, sym, entry);
826 symset(const char *nam, const char *val, int persist)
830 TAILQ_FOREACH(sym, &symhead, entry) {
831 if (strcmp(nam, sym->nam) == 0)
836 if (sym->persist == 1)
841 TAILQ_REMOVE(&symhead, sym, entry);
845 if ((sym = calloc(1, sizeof(*sym))) == NULL)
848 sym->nam = strdup(nam);
849 if (sym->nam == NULL) {
853 sym->val = strdup(val);
854 if (sym->val == NULL) {
860 sym->persist = persist;
861 TAILQ_INSERT_TAIL(&symhead, sym, entry);
866 cmdline_symset(char *s)
871 if ((val = strrchr(s, '=')) == NULL)
873 sym = strndup(s, val - s);
875 errx(1, "%s: strndup", __func__);
876 ret = symset(sym, val + 1, 1);
883 symget(const char *nam)
887 TAILQ_FOREACH(sym, &symhead, entry) {
888 if (strcmp(nam, sym->nam) == 0) {
897 clear_config(struct kd_conf *xconf)
905 add_table(const char *name, const char *type, const char *path)
907 if (table_open(conf, name, type, path) == -1)
908 yyerror("can't initialize table %s", name);
909 table = STAILQ_FIRST(&conf->table_head)->table;
912 static struct table *
913 findtable(const char *name)
915 struct kd_tables_conf *i;
917 STAILQ_FOREACH(i, &conf->table_head, entry) {
918 if (!strcmp(i->table->t_name, name))
922 yyerror("unknown table %s", name);
927 add_cert(const char *name, const char *path)
929 struct kd_pki_conf *pki;
931 STAILQ_FOREACH(pki, &conf->pki_head, entry) {
932 if (strcmp(name, pki->name) != 0)
935 if (pki->cert != NULL) {
936 yyerror("duplicate `pki %s cert'", name);
943 pki = xcalloc(1, sizeof(*pki));
944 strlcpy(pki->name, name, sizeof(pki->name));
945 STAILQ_INSERT_HEAD(&conf->pki_head, pki, entry);
948 if ((pki->cert = tls_load_file(path, &pki->certlen, NULL)) == NULL)
953 add_key(const char *name, const char *path)
955 struct kd_pki_conf *pki;
957 STAILQ_FOREACH(pki, &conf->pki_head, entry) {
958 if (strcmp(name, pki->name) != 0)
961 if (pki->key != NULL) {
962 yyerror("duplicate `pki %s key'", name);
969 pki = xcalloc(1, sizeof(*pki));
970 strlcpy(pki->name, name, sizeof(pki->name));
971 STAILQ_INSERT_HEAD(&conf->pki_head, pki, entry);
974 if ((pki->key = tls_load_file(path, &pki->keylen, NULL)) == NULL)
978 static struct kd_listen_conf *
981 struct kd_listen_conf *l;
983 l = xcalloc(1, sizeof(*l));
987 STAILQ_INSERT_HEAD(&conf->listen_head, l, entry);