2 * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
3 * Copyright (c) 2018 Florian Obser <florian@openbsd.org>
4 * Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org>
5 * Copyright (c) 2004 Ryan McBride <mcbride@openbsd.org>
6 * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
7 * Copyright (c) 2001 Markus Friedl. All rights reserved.
8 * Copyright (c) 2001 Daniel Hartmeier. All rights reserved.
9 * Copyright (c) 2001 Theo de Raadt. All rights reserved.
11 * Permission to use, copy, modify, and distribute this software for any
12 * purpose with or without fee is hereby granted, provided that the above
13 * copyright notice and this permission notice appear in all copies.
15 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
16 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
17 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
18 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
19 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
47 TAILQ_HEAD(files, file) files = TAILQ_HEAD_INITIALIZER(files);
49 TAILQ_ENTRY(file) entry;
59 struct file *pushfile(const char *, int);
61 int check_file_secrecy(int, const char *);
64 int yyerror(const char *, ...)
65 __attribute__((__format__ (printf, 1, 2)))
66 __attribute__((__nonnull__ (1)));
67 int kw_cmp(const void *, const void *);
74 TAILQ_HEAD(symhead, sym) symhead = TAILQ_HEAD_INITIALIZER(symhead);
76 TAILQ_ENTRY(sym) entry;
83 int symset(const char *, const char *, int);
84 char *symget(const char *);
86 void clear_config(struct kd_conf *xconf);
88 static void add_table(const char *, const char *, const char *);
89 static struct table *findtable(const char *name);
90 static void add_cert(const char *, const char *);
91 static void add_key(const char *, const char *);
92 static void add_listen(const char *, uint32_t, const char *, struct table *);
94 static uint32_t counter;
95 static struct table *table;
96 static struct kd_conf *conf;
122 %token <v.string> STRING
123 %token <v.number> NUMBER
124 %type <v.number> yesno
125 %type <v.string> string
126 %type <v.table> tableref
130 grammar : /* empty */
131 | grammar include '\n'
135 | grammar listen '\n'
136 | grammar varset '\n'
137 | grammar error '\n' { file->errors++; }
140 include : INCLUDE STRING {
143 if ((nfile = pushfile($2, 0)) == NULL) {
144 yyerror("failed to include file %s", $2);
155 string : string STRING {
156 if (asprintf(&$$, "%s %s", $1, $2) == -1) {
159 yyerror("string: asprintf");
168 yesno : YES { $$ = 1; }
172 optnl : '\n' optnl /* zero or more newlines */
176 nl : '\n' optnl /* one or more newlines */
185 varset : STRING '=' string {
188 printf("%s = \"%s\"\n", $1, $3);
190 if (isspace((unsigned char)*s)) {
191 yyerror("macro name cannot contain "
198 if (symset($1, $3, 0) == -1)
199 fatal("cannot store variable");
205 pki : PKI STRING CERT STRING { add_cert($2, $4); }
206 | PKI STRING KEY STRING { add_key($2, $4); }
209 table_kp : string arrow string {
210 if (table_add(table, $1, $3) == -1)
211 yyerror("can't add to table %s",
219 | table_kp comma table_kps
223 if (table_add(table, $1, NULL) == -1)
224 yyerror("can't add to table %s",
230 string_list : stringel
231 | stringel comma string_list
234 table_vals : table_kps
238 table : TABLE STRING STRING {
241 if ((p = strchr($3, ':')) == NULL) {
242 yyerror("invalid table %s", $2);
247 add_table($2, $3, p+1);
252 add_table($2, "static", NULL);
253 } '{' table_vals '}' {
258 tableref : '<' STRING '>' {
266 listen : LISTEN ON STRING PORT NUMBER TLS PKI STRING /* AUTH tableref */ {
270 struct table *auth = NULL; /* $10 */
272 add_listen(iface, port, pki, auth);
286 yyerror(const char *fmt, ...)
293 if (vasprintf(&msg, fmt, ap) == -1)
294 fatalx("yyerror vasprintf");
296 logit(LOG_CRIT, "%s:%d: %s", file->name, yylval.lineno, msg);
302 kw_cmp(const void *k, const void *e)
304 return strcmp(k, ((const struct keywords *)e)->k_name);
310 /* This has to be sorted always. */
311 static const struct keywords keywords[] = {
314 {"include", INCLUDE},
325 const struct keywords *p;
327 p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]),
328 sizeof(keywords[0]), kw_cmp);
336 #define START_EXPAND 1
337 #define DONE_EXPAND 2
339 static int expanding;
347 if (file->ungetpos > 0)
348 c = file->ungetbuf[--file->ungetpos];
350 c = getc(file->stream);
352 if (c == START_EXPAND)
354 else if (c == DONE_EXPAND)
368 if ((c = igetc()) == EOF) {
369 yyerror("reached end of file while parsing "
371 if (file == topfile || popfile() == EOF)
378 while ((c = igetc()) == '\\') {
384 yylval.lineno = file->lineno;
390 * Fake EOL when hit EOF for the first time. This gets line
391 * count right if last line in included file is syntactically
392 * invalid and has no newline.
394 if (file->eof_reached == 0) {
395 file->eof_reached = 1;
399 if (file == topfile || popfile() == EOF)
413 if (file->ungetpos >= file->ungetsize) {
414 void *p = reallocarray(file->ungetbuf, file->ungetsize, 2);
418 file->ungetsize *= 2;
420 file->ungetbuf[file->ungetpos++] = c;
428 /* Skip to either EOF or the first real EOL. */
444 unsigned char buf[8096];
445 unsigned char *p, *val;
451 while ((c = lgetc(0)) == ' ' || c == '\t')
454 yylval.lineno = file->lineno;
456 while ((c = lgetc(0)) != '\n' && c != EOF)
458 if (c == '$' && !expanding) {
460 if ((c = lgetc(0)) == EOF)
463 if (p + 1 >= buf + sizeof(buf) - 1) {
464 yyerror("string too long");
467 if (isalnum(c) || c == '_') {
477 yyerror("macro '%s' not defined", buf);
480 p = val + strlen(val) - 1;
481 lungetc(DONE_EXPAND);
486 lungetc(START_EXPAND);
495 if ((c = lgetc(quotec)) == EOF)
500 } else if (c == '\\') {
501 if ((next = lgetc(quotec)) == EOF)
503 if (next == quotec || next == ' ' ||
506 else if (next == '\n') {
511 } else if (c == quotec) {
514 } else if (c == '\0') {
515 yyerror("syntax error");
518 if (p + 1 >= buf + sizeof(buf) - 1) {
519 yyerror("string too long");
524 yylval.v.string = strdup(buf);
525 if (yylval.v.string == NULL)
526 err(1, "yylex: strdup");
530 #define allowed_to_end_number(x) \
531 (isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' || x == '=')
533 if (c == '-' || isdigit(c)) {
536 if ((size_t)(p-buf) >= sizeof(buf)) {
537 yyerror("string too long");
540 } while ((c = lgetc(0)) != EOF && isdigit(c));
542 if (p == buf + 1 && buf[0] == '-')
544 if (c == EOF || allowed_to_end_number(c)) {
545 const char *errstr = NULL;
548 yylval.v.number = strtonum(buf, LLONG_MIN,
551 yyerror("\"%s\" invalid number: %s",
566 #define allowed_in_string(x) \
567 (isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \
568 x != '{' && x != '}' && \
569 x != '!' && x != '=' && x != '#' && \
572 if (isalnum(c) || c == ':' || c == '_') {
575 if ((size_t)(p-buf) >= sizeof(buf)) {
576 yyerror("string too long");
579 } while ((c = lgetc(0)) != EOF && (allowed_in_string(c)));
582 if ((token = lookup(buf)) == STRING)
583 if ((yylval.v.string = strdup(buf)) == NULL)
584 err(1, "yylex: strdup");
588 yylval.lineno = file->lineno;
597 check_file_secrecy(int fd, const char *fname)
601 if (fstat(fd, &st)) {
602 log_warn("cannot stat %s", fname);
605 if (st.st_uid != 0 && st.st_uid != getuid()) {
606 log_warnx("%s: owner not root or current user", fname);
609 if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {
610 log_warnx("%s: group writable or world read/writable", fname);
617 pushfile(const char *name, int secret)
621 if ((nfile = calloc(1, sizeof(struct file))) == NULL) {
625 if ((nfile->name = strdup(name)) == NULL) {
630 if ((nfile->stream = fopen(nfile->name, "r")) == NULL) {
631 log_warn("%s", nfile->name);
636 check_file_secrecy(fileno(nfile->stream), nfile->name)) {
637 fclose(nfile->stream);
642 nfile->lineno = TAILQ_EMPTY(&files) ? 1 : 0;
643 nfile->ungetsize = 16;
644 nfile->ungetbuf = malloc(nfile->ungetsize);
645 if (nfile->ungetbuf == NULL) {
647 fclose(nfile->stream);
652 TAILQ_INSERT_TAIL(&files, nfile, entry);
661 if ((prev = TAILQ_PREV(file, files, entry)) != NULL)
662 prev->errors += file->errors;
664 TAILQ_REMOVE(&files, file, entry);
665 fclose(file->stream);
667 free(file->ungetbuf);
670 return file ? 0 : EOF;
674 parse_config(const char *filename)
676 struct sym *sym, *next;
679 conf = config_new_empty();
681 file = pushfile(filename, 0);
689 errors = file->errors;
692 /* Free macros and check which have not been used. */
693 TAILQ_FOREACH_SAFE(sym, &symhead, entry, next) {
694 if (verbose && !sym->used)
695 fprintf(stderr, "warning: macro '%s' not used\n",
700 TAILQ_REMOVE(&symhead, sym, entry);
714 symset(const char *nam, const char *val, int persist)
718 TAILQ_FOREACH(sym, &symhead, entry) {
719 if (strcmp(nam, sym->nam) == 0)
724 if (sym->persist == 1)
729 TAILQ_REMOVE(&symhead, sym, entry);
733 if ((sym = calloc(1, sizeof(*sym))) == NULL)
736 sym->nam = strdup(nam);
737 if (sym->nam == NULL) {
741 sym->val = strdup(val);
742 if (sym->val == NULL) {
748 sym->persist = persist;
749 TAILQ_INSERT_TAIL(&symhead, sym, entry);
754 cmdline_symset(char *s)
759 if ((val = strrchr(s, '=')) == NULL)
761 sym = strndup(s, val - s);
763 errx(1, "%s: strndup", __func__);
764 ret = symset(sym, val + 1, 1);
771 symget(const char *nam)
775 TAILQ_FOREACH(sym, &symhead, entry) {
776 if (strcmp(nam, sym->nam) == 0) {
785 clear_config(struct kd_conf *xconf)
793 add_table(const char *name, const char *type, const char *path)
795 if (table_open(conf, name, type, path) == -1)
796 yyerror("can't initialize table %s", name);
797 table = SIMPLEQ_FIRST(&conf->table_head)->table;
800 static struct table *
801 findtable(const char *name)
803 struct kd_tables_conf *i;
805 SIMPLEQ_FOREACH(i, &conf->table_head, entry) {
806 if (!strcmp(i->table->t_name, name))
810 yyerror("unknown table %s", name);
815 add_cert(const char *name, const char *path)
817 struct kd_pki_conf *pki;
819 SIMPLEQ_FOREACH(pki, &conf->pki_head, entry) {
820 if (strcmp(name, pki->name) != 0)
823 if (pki->cert != NULL) {
824 yyerror("duplicate `pki %s cert'", name);
831 pki = xcalloc(1, sizeof(*pki));
832 strlcpy(pki->name, name, sizeof(pki->name));
833 SIMPLEQ_INSERT_HEAD(&conf->pki_head, pki, entry);
836 if ((pki->cert = tls_load_file(path, &pki->certlen, NULL)) == NULL)
841 add_key(const char *name, const char *path)
843 struct kd_pki_conf *pki;
845 SIMPLEQ_FOREACH(pki, &conf->pki_head, entry) {
846 if (strcmp(name, pki->name) != 0)
849 if (pki->key != NULL) {
850 yyerror("duplicate `pki %s key'", name);
857 pki = xcalloc(1, sizeof(*pki));
858 strlcpy(pki->name, name, sizeof(pki->name));
859 SIMPLEQ_INSERT_HEAD(&conf->pki_head, pki, entry);
862 if ((pki->key = tls_load_file(path, &pki->keylen, NULL)) == NULL)
867 add_listen(const char *iface, uint32_t portno, const char *pki, struct table *auth)
869 struct kd_listen_conf *l;
871 if (portno >= UINT16_MAX)
872 fatalx("invalid port number: %"PRIu32, portno);
874 l = xcalloc(1, sizeof(*l));
878 strlcpy(l->iface, iface, sizeof(l->iface));
880 l->auth_table = auth;
881 strlcpy(l->pki, pki, sizeof(l->pki));
883 SIMPLEQ_INSERT_HEAD(&conf->listen_head, l, entry);