4 * Copyright (c) 2021, 2022, 2023 Omar Polo <op@omarpolo.com>
5 * Copyright (c) 2018 Florian Obser <florian@openbsd.org>
6 * Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org>
7 * Copyright (c) 2004 Ryan McBride <mcbride@openbsd.org>
8 * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
9 * Copyright (c) 2001 Markus Friedl. All rights reserved.
10 * Copyright (c) 2001 Daniel Hartmeier. All rights reserved.
11 * Copyright (c) 2001 Theo de Raadt. All rights reserved.
13 * Permission to use, copy, modify, and distribute this software for any
14 * purpose with or without fee is hereby granted, provided that the above
15 * copyright notice and this permission notice appear in all copies.
17 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
18 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
20 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
21 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
22 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
23 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
40 static const char *default_host = "*";
41 static uint16_t default_port = 1965;
43 TAILQ_HEAD(files, file) files = TAILQ_HEAD_INITIALIZER(files);
45 TAILQ_ENTRY(file) entry;
56 struct file *pushfile(const char *, int);
60 void yyerror(const char *, ...)
61 __attribute__((__format__ (printf, 1, 2)))
62 __attribute__((__nonnull__ (1)));
63 void yywarn(const char *, ...)
64 __attribute__((__format__ (printf, 1, 2)))
65 __attribute__((__nonnull__ (1)));
66 int kw_cmp(const void *, const void *);
78 TAILQ_HEAD(symhead, sym) symhead = TAILQ_HEAD_INITIALIZER(symhead);
80 TAILQ_ENTRY(sym) entry;
87 int symset(const char *, const char *, int);
88 char *symget(const char *);
90 char *ensure_absolute_path(char*);
91 int check_block_code(int);
92 char *check_block_fmt(char*);
93 int check_strip_no(int);
94 int check_port_num(int);
95 int check_prefork_num(int);
96 void advance_loc(void);
97 void advance_proxy(void);
98 void parsehp(char *, char **, const char **, const char *);
99 int fastcgi_conf(const char *, const char *);
100 void add_param(char *, char *);
101 int getservice(const char *);
102 void listen_on(const char *, const char *);
104 static struct vhost *host;
105 static struct location *loc;
106 static struct proxy *proxy;
107 static char *current_media;
118 #define YYSTYPE YYSTYPE
123 /* %define parse.error verbose */
125 %token ACCESS ALIAS AUTO
127 %token CA CERT CHROOT CLIENT COMBINED COMMON CONDENSED
129 %token FASTCGI FOR_HOST
130 %token INCLUDE INDEX IPV6
132 %token LANG LEGACY LISTEN LOCATION LOG
134 %token PARAM PORT PREFORK PROTO PROTOCOLS PROXY
135 %token RELAY_TO REQUIRE RETURN ROOT
136 %token SERVER SNI SOCKET STRIP STYLE SYSLOG
137 %token TCP TOEXT TYPE TYPES
143 %token <v.string> STRING
144 %token <v.number> NUM
146 %type <v.number> bool proxy_port
147 %type <v.string> string numberstring listen_addr
158 | conf error '\n' { file->errors++; }
161 include : INCLUDE STRING {
164 if ((nfile = pushfile($2, 0)) == NULL) {
165 yyerror("failed to include file %s", $2);
176 bool : ON { $$ = 1; }
180 string : string STRING {
181 if (asprintf(&$$, "%s%s", $1, $2) == -1) {
184 yyerror("string: asprintf: %s", strerror(errno));
195 if (asprintf(&s, "%d", $1) == -1) {
196 yyerror("asprintf: number");
204 varset : STRING '=' string {
207 if (isspace((unsigned char)*s)) {
208 yyerror("macro name cannot contain "
221 option : CHROOT string {
222 if (strlcpy(conf->chroot, $2, sizeof(conf->chroot)) >=
223 sizeof(conf->chroot))
224 yyerror("chroot path too long");
228 yywarn("option `ipv6' is deprecated,"
229 " please use `listen on'");
233 default_host = "0.0.0.0";
237 yywarn("option `port' is deprecated,"
238 " please use `listen on'");
241 | PREFORK NUM { conf->prefork = check_prefork_num($2); }
243 if (tls_config_parse_protocols(&conf->protos, $2) == -1)
244 yyerror("invalid protocols string \"%s\"", $2);
248 if (strlcpy(conf->user, $2, sizeof(conf->user)) >=
250 yyerror("user name too long");
255 log : LOG '{' optnl logopts '}'
259 logopts : /* empty */
260 | logopts logopt optnl
264 free(conf->log_access);
265 conf->log_access = NULL;
268 free(conf->log_access);
269 conf->log_access = $2;
272 conf->log_format = LOG_FORMAT_COMMON;
275 conf->log_format = LOG_FORMAT_COMBINED;
278 conf->log_format = LOG_FORMAT_CONDENSED;
281 conf->log_format = LOG_FORMAT_LEGACY;
285 vhost : SERVER string {
287 TAILQ_INSERT_HEAD(&conf->hosts, host, vhosts);
289 loc = new_location();
290 TAILQ_INSERT_HEAD(&host->locations, loc, locations);
292 TAILQ_INIT(&host->proxies);
294 (void) strlcpy(loc->match, "*", sizeof(loc->match));
295 (void) strlcpy(host->domain, $2, sizeof(host->domain));
297 if (strstr($2, "xn--") != NULL) {
298 yywarn("\"%s\" looks like punycode: you "
299 "should use the decoded hostname", $2);
303 } '{' optnl servbody '}' {
304 if (host->cert_path == NULL ||
305 host->key_path == NULL)
306 yyerror("invalid vhost definition: %s",
308 if (TAILQ_EMPTY(&host->addrs)) {
312 r = snprintf(portno, sizeof(portno), "%d",
314 if (r < 0 || (size_t)r >= sizeof(portno))
317 yywarn("missing `listen on' in server %s,"
318 " assuming %s port %d", $2, default_host,
320 listen_on(default_host, portno);
323 | error '}' { yyerror("bad server directive"); }
326 servbody : /* empty */
327 | servbody servopt optnl
328 | servbody location optnl
329 | servbody proxy optnl
332 listen_addr : '*' { $$ = NULL; }
336 servopt : ALIAS string {
339 a = xcalloc(1, sizeof(*a));
340 (void) strlcpy(a->alias, $2, sizeof(a->alias));
342 TAILQ_INSERT_TAIL(&host->aliases, a, aliases);
345 ensure_absolute_path($2);
346 free(host->cert_path);
347 host->cert_path = $2;
350 ensure_absolute_path($2);
351 free(host->key_path);
355 ensure_absolute_path($2);
356 free(host->ocsp_path);
357 host->ocsp_path = $2;
359 | PARAM string '=' string {
360 yywarn("the top-level `param' directive is deprecated."
361 " Please use `fastcgi { param ... }`");
364 | LISTEN ON listen_addr {
365 listen_on($3, "1965");
367 | LISTEN ON listen_addr PORT STRING {
372 | LISTEN ON listen_addr PORT NUM {
376 r = snprintf(portno, sizeof(portno), "%d", $5);
377 if (r < 0 || (size_t)r >= sizeof(portno))
380 listen_on($3, portno);
386 proxy : PROXY { advance_proxy(); }
387 proxy_matches '{' optnl proxy_opts '}' {
388 if (*proxy->host == '\0')
389 yyerror("invalid proxy block: missing `relay-to' option");
391 if ((proxy->cert_path == NULL && proxy->key_path != NULL) ||
392 (proxy->cert_path != NULL && proxy->key_path == NULL))
393 yyerror("invalid proxy block: missing cert or key");
397 proxy_matches : /* empty */
398 | proxy_matches proxy_match
401 proxy_port : /* empty */ { $$ = 1965; }
403 if (($$ = getservice($2)) == -1)
404 yyerror("invalid port number %s", $2);
407 | PORT NUM { $$ = $2; }
410 proxy_match : PROTO string {
411 (void) strlcpy(proxy->match_proto, $2, sizeof(proxy->match_proto));
414 | FOR_HOST string proxy_port {
415 (void) strlcpy(proxy->match_host, $2, sizeof(proxy->match_host));
416 (void) snprintf(proxy->match_port, sizeof(proxy->match_port),
422 proxy_opts : /* empty */
423 | proxy_opts proxy_opt optnl
426 proxy_opt : CERT string {
428 ensure_absolute_path($2);
429 proxy->cert_path = $2;
433 ensure_absolute_path($2);
434 proxy->key_path = $2;
437 if (tls_config_parse_protocols(&proxy->protocols, $2) == -1)
438 yyerror("invalid protocols string \"%s\"", $2);
441 | RELAY_TO string proxy_port {
442 (void) strlcpy(proxy->host, $2, sizeof(proxy->host));
443 (void) snprintf(proxy->port, sizeof(proxy->port),
447 | REQUIRE CLIENT CA string {
448 ensure_absolute_path($4);
449 proxy->reqca_path = $4;
452 (void) strlcpy(proxy->sni, $2, sizeof(proxy->sni));
459 proxy->noverifyname = !$2;
463 location : LOCATION { advance_loc(); } string '{' optnl locopts '}' {
464 /* drop the starting '/' if any */
466 memmove($3, $3+1, strlen($3));
467 (void) strlcpy(loc->match, $3, sizeof(loc->match));
473 locopts : /* empty */
474 | locopts locopt optnl
477 locopt : AUTO INDEX bool { loc->auto_index = $3 ? 1 : -1; }
478 | BLOCK RETURN NUM string {
480 (void) strlcpy(loc->block_fmt, $4, sizeof(loc->block_fmt));
481 loc->block_code = check_block_code($3);
485 (void) strlcpy(loc->block_fmt, "temporary failure",
486 sizeof(loc->block_fmt));
487 loc->block_code = check_block_code($3);
488 if ($3 >= 30 && $3 < 40)
489 yyerror("missing `meta' for block return %d", $3);
492 (void) strlcpy(loc->block_fmt, "temporary failure",
493 sizeof(loc->block_fmt));
494 loc->block_code = 40;
496 | DEFAULT TYPE string {
497 (void) strlcpy(loc->default_mime, $3,
498 sizeof(loc->default_mime));
503 (void) strlcpy(loc->index, $2, sizeof(loc->index));
507 (void) strlcpy(loc->lang, $2,
511 | LOG bool { loc->disable_log = !$2; }
512 | REQUIRE CLIENT CA string {
513 ensure_absolute_path($4);
514 loc->reqca_path = $4;
517 (void) strlcpy(loc->dir, $2, sizeof(loc->dir));
520 | STRIP NUM { loc->strip = check_strip_no($2); }
523 fastcgi : FASTCGI '{' optnl fastcgiopts '}'
530 yywarn("`fastcgi path' is deprecated. "
531 "Please use `fastcgi socket path' instead.");
532 loc->fcgi = fastcgi_conf($2, NULL);
537 fastcgiopts : /* empty */
538 | fastcgiopts fastcgiopt optnl
541 fastcgiopt : PARAM string '=' string {
545 loc->fcgi = fastcgi_conf($2, NULL);
548 | SOCKET TCP string PORT NUM {
551 if (asprintf(&c, "%d", $5) == -1)
553 loc->fcgi = fastcgi_conf($3, c);
557 | SOCKET TCP string {
558 loc->fcgi = fastcgi_conf($3, "9000");
560 | SOCKET TCP string PORT string {
561 loc->fcgi = fastcgi_conf($3, $5);
567 types : TYPES '{' optnl mediaopts_l '}' ;
569 mediaopts_l : mediaopts_l mediaoptsl nl
573 mediaoptsl : STRING {
576 } medianames_l optsemicolon
580 medianames_l : medianames_l medianamesl
584 medianamesl : numberstring {
585 if (add_mime(&conf->mime, current_media, $1) == -1)
594 optnl : '\n' optnl /* zero or more newlines */
595 | ';' optnl /* semicolons too */
605 static const struct keyword {
609 /* these MUST be sorted */
618 {"combined", COMBINED},
620 {"condensed", CONDENSED},
621 {"default", DEFAULT},
622 {"fastcgi", FASTCGI},
623 {"for-host", FOR_HOST},
624 {"include", INCLUDE},
631 {"location", LOCATION},
638 {"prefork", PREFORK},
640 {"protocols", PROTOCOLS},
642 {"relay-to", RELAY_TO},
643 {"require", REQUIRE},
656 {"use-tls", USE_TLS},
658 {"verifyname", VERIFYNAME},
662 yyerror(const char *msg, ...)
669 fprintf(stderr, "%s:%d error: ", config_path, yylval.lineno);
670 vfprintf(stderr, msg, ap);
671 fprintf(stderr, "\n");
676 yywarn(const char *msg, ...)
681 fprintf(stderr, "%s:%d warning: ", config_path, yylval.lineno);
682 vfprintf(stderr, msg, ap);
683 fprintf(stderr, "\n");
688 kw_cmp(const void *k, const void *e)
690 return strcmp(k, ((struct keyword *)e)->word);
696 const struct keyword *p;
698 p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]),
699 sizeof(keywords[0]), kw_cmp);
707 #define START_EXPAND 1
708 #define DONE_EXPAND 2
710 static int expanding;
718 if (file->ungetpos > 0)
719 c = file->ungetbuf[--file->ungetpos];
721 c = getc(file->stream);
723 if (c == START_EXPAND)
725 else if (c == DONE_EXPAND)
739 if ((c = igetc()) == EOF) {
740 yyerror("reached end of file while parsing "
742 if (file == topfile || popfile() == EOF)
749 while ((c = igetc()) == '\\') {
755 yylval.lineno = file->lineno;
761 * Fake EOL when hit EOF for the first time. This gets line
762 * count right if last line in included file is syntactically
763 * invalid and has no newline.
765 if (file->eof_reached == 0) {
766 file->eof_reached = 1;
770 if (file == topfile || popfile() == EOF)
784 if (file->ungetpos >= file->ungetsize) {
785 void *p = reallocarray(file->ungetbuf, file->ungetsize, 2);
789 file->ungetsize *= 2;
791 file->ungetbuf[file->ungetpos++] = c;
799 /* Skip to either EOF or the first real EOL. */
822 while ((c = lgetc(0)) == ' ' || c == '\t')
825 yylval.lineno = file->lineno;
827 while ((c = lgetc(0)) != '\n' && c != EOF)
829 if (c == '$' && !expanding) {
831 if ((c = lgetc(0)) == EOF)
833 if (p + 1 >= buf + sizeof(buf) -1) {
834 yyerror("string too long");
837 if (isalnum(c) || c == '_') {
847 yyerror("macro `%s' not defined", buf);
850 yylval.v.string = xstrdup(val);
853 if (c == '@' && !expanding) {
855 if ((c = lgetc(0)) == EOF)
858 if (p + 1 >= buf + sizeof(buf) - 1) {
859 yyerror("string too long");
862 if (isalnum(c) || c == '_') {
872 yyerror("macro '%s' not defined", buf);
875 p = val + strlen(val) - 1;
876 lungetc(DONE_EXPAND);
881 lungetc(START_EXPAND);
890 if ((c = lgetc(quotec)) == EOF)
895 } else if (c == '\\') {
896 if ((next = lgetc(quotec)) == EOF)
898 if (next == quotec || next == ' ' ||
901 else if (next == '\n') {
906 } else if (c == quotec) {
909 } else if (c == '\0') {
910 yyerror("invalid syntax");
913 if (p + 1 >= buf + sizeof(buf) - 1) {
914 yyerror("string too long");
919 yylval.v.string = strdup(buf);
920 if (yylval.v.string == NULL)
921 fatal("yylex: strdup");
925 #define allowed_to_end_number(x) \
926 (isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' || x == '=')
928 if (c == '-' || isdigit(c)) {
931 if ((size_t)(p-buf) >= sizeof(buf)) {
932 yyerror("string too long");
935 } while ((c = lgetc(0)) != EOF && isdigit(c));
937 if (p == buf + 1 && buf[0] == '-')
939 if (c == EOF || allowed_to_end_number(c)) {
940 const char *errstr = NULL;
943 yylval.v.number = strtonum(buf, LLONG_MIN,
946 yyerror("\"%s\" invalid number: %s",
961 #define allowed_in_string(x) \
962 (isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \
963 x != '{' && x != '}' && \
964 x != '!' && x != '=' && x != '#' && \
965 x != ',' && x != ';'))
967 if (isalnum(c) || c == ':' || c == '_') {
970 if ((size_t)(p-buf) >= sizeof(buf)) {
971 yyerror("string too long");
974 } while ((c = lgetc(0)) != EOF && (allowed_in_string(c)));
977 if ((token = lookup(buf)) == STRING)
978 yylval.v.string = xstrdup(buf);
982 yylval.lineno = file->lineno;
991 pushfile(const char *name, int secret)
995 nfile = xcalloc(1, sizeof(*nfile));
996 nfile->name = xstrdup(name);
997 if ((nfile->stream = fopen(nfile->name, "r")) == NULL) {
998 log_warn("can't open %s", nfile->name);
1003 nfile->lineno = TAILQ_EMPTY(&files) ? 1 : 0;
1004 nfile->ungetsize = 16;
1005 nfile->ungetbuf = xcalloc(1, nfile->ungetsize);
1006 TAILQ_INSERT_TAIL(&files, nfile, entry);
1015 if ((prev = TAILQ_PREV(file, files, entry)) != NULL)
1016 prev->errors += file->errors;
1018 TAILQ_REMOVE(&files, file, entry);
1019 fclose(file->stream);
1021 free(file->ungetbuf);
1024 return file ? 0 : EOF;
1028 parse_conf(struct conf *c, const char *filename)
1030 struct sym *sym, *next;
1033 default_port = 1965;
1037 file = pushfile(filename, 0);
1043 errors = file->errors;
1046 /* Free macros and check which have not been used. */
1047 TAILQ_FOREACH_SAFE(sym, &symhead, entry, next) {
1048 /* TODO: warn if !sym->used */
1049 if (!sym->persist) {
1052 TAILQ_REMOVE(&symhead, sym, entry);
1063 symset(const char *name, const char *val, int persist)
1067 TAILQ_FOREACH(sym, &symhead, entry) {
1068 if (!strcmp(name, sym->name))
1078 TAILQ_REMOVE(&symhead, sym, entry);
1083 sym = xcalloc(1, sizeof(*sym));
1084 sym->name = xstrdup(name);
1085 sym->val = xstrdup(val);
1087 sym->persist = persist;
1089 TAILQ_INSERT_TAIL(&symhead, sym, entry);
1094 cmdline_symset(char *s)
1099 if ((val = strrchr(s, '=')) == NULL)
1101 sym = xcalloc(1, val - s + 1);
1102 memcpy(sym, s, val - s);
1103 ret = symset(sym, val + 1, 1);
1109 symget(const char *nam)
1113 TAILQ_FOREACH(sym, &symhead, entry) {
1114 if (strcmp(nam, sym->name) == 0) {
1123 ensure_absolute_path(char *path)
1125 if (path == NULL || *path != '/')
1126 yyerror("not an absolute path: %s", path);
1131 check_block_code(int n)
1133 if (n < 10 || n >= 70 || (n >= 20 && n <= 29))
1134 yyerror("invalid block code %d", n);
1139 check_block_fmt(char *fmt)
1143 for (s = fmt; *s; ++s) {
1154 yyerror("invalid format specifier %%%c", *s);
1162 check_strip_no(int n)
1165 yyerror("invalid strip number %d", n);
1170 check_port_num(int n)
1172 if (n <= 0 || n >= UINT16_MAX)
1173 yyerror("port number is %s: %d",
1174 n <= 0 ? "too small" : "too large",
1180 check_prefork_num(int n)
1182 if (n <= 0 || n >= PROC_MAX_INSTANCES)
1183 yyerror("invalid prefork number %d", n);
1190 loc = new_location();
1191 TAILQ_INSERT_TAIL(&host->locations, loc, locations);
1197 proxy = new_proxy();
1198 TAILQ_INSERT_TAIL(&host->proxies, proxy, proxies);
1202 parsehp(char *str, char **host, const char **port, const char *def)
1209 if ((at = strchr(str, ':')) != NULL) {
1215 strtonum(*port, 1, UINT16_MAX, &errstr);
1217 yyerror("port is %s: %s", errstr, *port);
1221 fastcgi_conf(const char *path, const char *port)
1226 TAILQ_FOREACH(f, &conf->fcgi, fcgi) {
1227 if (!strcmp(f->path, path) &&
1228 ((port == NULL && *f->port == '\0') ||
1229 !strcmp(f->port, port)))
1234 f = xcalloc(1, sizeof(*f));
1236 (void)strlcpy(f->path, path, sizeof(f->path));
1238 (void)strlcpy(f->port, port, sizeof(f->port));
1239 TAILQ_INSERT_TAIL(&conf->fcgi, f, fcgi);
1245 add_param(char *name, char *val)
1248 struct envhead *h = &loc->params;
1250 e = xcalloc(1, sizeof(*e));
1251 (void) strlcpy(e->name, name, sizeof(e->name));
1252 (void) strlcpy(e->value, val, sizeof(e->value));
1253 TAILQ_INSERT_TAIL(h, e, envs);
1257 getservice(const char *n)
1263 llval = strtonum(n, 0, UINT16_MAX, &errstr);
1265 s = getservbyname(n, "tcp");
1267 s = getservbyname(n, "udp");
1270 return (ntohs(s->s_port));
1273 return ((unsigned short)llval);
1277 add_to_addr_queue(struct addrhead *a, struct addrinfo *ai)
1279 struct address *addr;
1280 struct sockaddr_in *sin;
1281 struct sockaddr_in6 *sin6;
1283 if (ai->ai_addrlen > sizeof(addr->ss))
1284 fatalx("ai_addrlen larger than a sockaddr_storage");
1286 TAILQ_FOREACH(addr, a, addrs) {
1287 if (addr->ai_flags == ai->ai_flags &&
1288 addr->ai_family == ai->ai_family &&
1289 addr->ai_socktype == ai->ai_socktype &&
1290 addr->ai_protocol == ai->ai_protocol &&
1291 addr->slen == ai->ai_addrlen &&
1292 !memcmp(&addr->ss, ai->ai_addr, addr->slen))
1296 addr = xcalloc(1, sizeof(*addr));
1297 addr->ai_flags = ai->ai_flags;
1298 addr->ai_family = ai->ai_family;
1299 addr->ai_socktype = ai->ai_socktype;
1300 addr->ai_protocol = ai->ai_protocol;
1301 addr->slen = ai->ai_addrlen;
1302 memcpy(&addr->ss, ai->ai_addr, ai->ai_addrlen);
1305 switch (addr->ai_family) {
1307 sin = (struct sockaddr_in *)&addr->ss;
1308 addr->port = ntohs(sin->sin_port);
1311 sin6 = (struct sockaddr_in6 *)&addr->ss;
1312 addr->port = ntohs(sin6->sin6_port);
1315 fatalx("unknown socket family %d", addr->ai_family);
1320 TAILQ_INSERT_HEAD(a, addr, addrs);
1324 listen_on(const char *hostname, const char *servname)
1326 struct addrinfo hints, *res, *res0;
1329 memset(&hints, 0, sizeof(hints));
1330 hints.ai_family = AF_UNSPEC;
1331 hints.ai_socktype = SOCK_STREAM;
1332 hints.ai_flags = AI_PASSIVE;
1333 error = getaddrinfo(hostname, servname, &hints, &res0);
1335 yyerror("listen on \"%s\" port %s: %s", hostname, servname,
1336 gai_strerror(errno));
1340 for (res = res0; res; res = res->ai_next) {
1341 add_to_addr_queue(&host->addrs, res);
1342 add_to_addr_queue(&conf->addrs, res);