2 * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
3 * Copyright (c) 2018 Florian Obser <florian@openbsd.org>
4 * Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org>
5 * Copyright (c) 2004 Ryan McBride <mcbride@openbsd.org>
6 * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
7 * Copyright (c) 2001 Markus Friedl. All rights reserved.
8 * Copyright (c) 2001 Daniel Hartmeier. All rights reserved.
9 * Copyright (c) 2001 Theo de Raadt. All rights reserved.
11 * Permission to use, copy, modify, and distribute this software for any
12 * purpose with or without fee is hereby granted, provided that the above
13 * copyright notice and this permission notice appear in all copies.
15 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
16 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
17 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
18 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
19 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
47 TAILQ_HEAD(files, file) files = TAILQ_HEAD_INITIALIZER(files);
49 TAILQ_ENTRY(file) entry;
59 struct file *pushfile(const char *, int);
61 int check_file_secrecy(int, const char *);
64 int yyerror(const char *, ...)
65 __attribute__((__format__ (printf, 1, 2)))
66 __attribute__((__nonnull__ (1)));
67 int kw_cmp(const void *, const void *);
74 TAILQ_HEAD(symhead, sym) symhead = TAILQ_HEAD_INITIALIZER(symhead);
76 TAILQ_ENTRY(sym) entry;
83 int symset(const char *, const char *, int);
84 char *symget(const char *);
86 void clear_config(struct kd_conf *xconf);
88 static void add_table(const char *, const char *, const char *);
89 static struct table *findtable(const char *name);
90 static void add_cert(const char *, const char *);
91 static void add_key(const char *, const char *);
92 static struct kd_listen_conf *listen_new(void);
94 static uint32_t counter;
95 static struct table *table;
96 static struct kd_listen_conf *listener;
97 static struct kd_conf *conf;
123 %token <v.string> STRING
124 %token <v.number> NUMBER
125 %type <v.number> yesno
126 %type <v.string> string
127 %type <v.table> tableref
131 grammar : /* empty */
132 | grammar include '\n'
136 | grammar listen '\n'
137 | grammar varset '\n'
138 | grammar error '\n' { file->errors++; }
141 include : INCLUDE STRING {
144 if ((nfile = pushfile($2, 0)) == NULL) {
145 yyerror("failed to include file %s", $2);
156 string : string STRING {
157 if (asprintf(&$$, "%s %s", $1, $2) == -1) {
160 yyerror("string: asprintf");
169 yesno : YES { $$ = 1; }
173 optnl : '\n' optnl /* zero or more newlines */
177 nl : '\n' optnl /* one or more newlines */
185 varset : STRING '=' string {
188 printf("%s = \"%s\"\n", $1, $3);
190 if (isspace((unsigned char)*s)) {
191 yyerror("macro name cannot contain "
198 if (symset($1, $3, 0) == -1)
199 fatal("cannot store variable");
205 pki : PKI STRING CERT STRING { add_cert($2, $4); }
206 | PKI STRING KEY STRING { add_key($2, $4); }
209 table_kp : string arrow string optnl {
210 if (table_add(table, $1, $3) == -1)
211 yyerror("can't add to table %s",
219 | table_kp comma table_kps
223 if (table_add(table, $1, NULL) == -1)
224 yyerror("can't add to table %s",
230 string_list : stringel
231 | stringel comma string_list
234 table_vals : table_kps
238 table : TABLE STRING STRING {
241 if ((p = strchr($3, ':')) == NULL) {
242 yyerror("invalid table %s", $2);
247 add_table($2, $3, p+1);
252 add_table($2, "static", NULL);
253 } '{' optnl table_vals '}' {
258 tableref : '<' STRING '>' {
269 listen : LISTEN { listener = listen_new(); }
271 if (listener->auth_table == NULL)
272 yyerror("missing auth table");
273 if (!(listener->flags & L_TLS))
274 yyerror("can't define a non-tls listener");
279 listen_opts : listen_opt
280 | listen_opt listen_opts
283 listen_opt : ON STRING PORT NUMBER {
284 if (*listener->iface != '\0')
285 yyerror("listen address and port already"
287 strlcpy(listener->iface, $2, sizeof(listener->iface));
291 if (*listener->pki != '\0')
292 yyerror("listen tls pki already defined");
293 listener->flags |= L_TLS;
294 strlcpy(listener->pki, $3, sizeof(listener->pki));
297 if (listener->auth_table != NULL)
298 yyerror("listen auth already defined");
299 listener->auth_table = $2;
311 yyerror(const char *fmt, ...)
318 if (vasprintf(&msg, fmt, ap) == -1)
319 fatalx("yyerror vasprintf");
321 logit(LOG_CRIT, "%s:%d: %s", file->name, yylval.lineno, msg);
327 kw_cmp(const void *k, const void *e)
329 return strcmp(k, ((const struct keywords *)e)->k_name);
335 /* This has to be sorted always. */
336 static const struct keywords keywords[] = {
339 {"include", INCLUDE},
350 const struct keywords *p;
352 p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]),
353 sizeof(keywords[0]), kw_cmp);
361 #define START_EXPAND 1
362 #define DONE_EXPAND 2
364 static int expanding;
372 if (file->ungetpos > 0)
373 c = file->ungetbuf[--file->ungetpos];
375 c = getc(file->stream);
377 if (c == START_EXPAND)
379 else if (c == DONE_EXPAND)
393 if ((c = igetc()) == EOF) {
394 yyerror("reached end of file while parsing "
396 if (file == topfile || popfile() == EOF)
403 while ((c = igetc()) == '\\') {
409 yylval.lineno = file->lineno;
415 * Fake EOL when hit EOF for the first time. This gets line
416 * count right if last line in included file is syntactically
417 * invalid and has no newline.
419 if (file->eof_reached == 0) {
420 file->eof_reached = 1;
424 if (file == topfile || popfile() == EOF)
438 if (file->ungetpos >= file->ungetsize) {
439 void *p = reallocarray(file->ungetbuf, file->ungetsize, 2);
443 file->ungetsize *= 2;
445 file->ungetbuf[file->ungetpos++] = c;
453 /* Skip to either EOF or the first real EOL. */
474 switch (x = my_yylex()) {
515 printf("string \"%s\"\n", yylval.v.string);
518 printf("number %"PRIi64"\n", yylval.v.number);
520 printf("character ");
525 printf(" [0x%x]", x);
547 while ((c = lgetc(0)) == ' ' || c == '\t')
550 yylval.lineno = file->lineno;
552 while ((c = lgetc(0)) != '\n' && c != EOF)
554 if (c == '$' && !expanding) {
556 if ((c = lgetc(0)) == EOF)
559 if (p + 1 >= buf + sizeof(buf) - 1) {
560 yyerror("string too long");
563 if (isalnum(c) || c == '_') {
573 yyerror("macro '%s' not defined", buf);
576 p = val + strlen(val) - 1;
577 lungetc(DONE_EXPAND);
579 lungetc((unsigned char)*p);
582 lungetc(START_EXPAND);
591 if ((c = lgetc(quotec)) == EOF)
596 } else if (c == '\\') {
597 if ((next = lgetc(quotec)) == EOF)
599 if (next == quotec || next == ' ' ||
602 else if (next == '\n') {
607 } else if (c == quotec) {
610 } else if (c == '\0') {
611 yyerror("syntax error");
614 if (p + 1 >= buf + sizeof(buf) - 1) {
615 yyerror("string too long");
620 yylval.v.string = strdup(buf);
621 if (yylval.v.string == NULL)
622 err(1, "yylex: strdup");
626 #define allowed_to_end_number(x) \
627 (isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' || x == '=')
629 if (c == '-' || isdigit(c)) {
632 if ((size_t)(p-buf) >= sizeof(buf)) {
633 yyerror("string too long");
636 } while ((c = lgetc(0)) != EOF && isdigit(c));
638 if (p == buf + 1 && buf[0] == '-')
640 if (c == EOF || allowed_to_end_number(c)) {
641 const char *errstr = NULL;
644 yylval.v.number = strtonum(buf, LLONG_MIN,
647 yyerror("\"%s\" invalid number: %s",
655 lungetc((unsigned char)*--p);
656 c = (unsigned char)*--p;
662 #define allowed_in_string(x) \
663 (isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \
664 x != '{' && x != '}' && \
665 x != '!' && x != '=' && x != '#' && \
666 x != ',' && x != '>'))
668 if (isalnum(c) || c == ':' || c == '_') {
671 if ((size_t)(p-buf) >= sizeof(buf)) {
672 yyerror("string too long");
675 } while ((c = lgetc(0)) != EOF && (allowed_in_string(c)));
678 if ((token = lookup(buf)) == STRING)
679 if ((yylval.v.string = strdup(buf)) == NULL)
680 err(1, "yylex: strdup");
684 yylval.lineno = file->lineno;
693 check_file_secrecy(int fd, const char *fname)
697 if (fstat(fd, &st)) {
698 log_warn("cannot stat %s", fname);
701 if (st.st_uid != 0 && st.st_uid != getuid()) {
702 log_warnx("%s: owner not root or current user", fname);
705 if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {
706 log_warnx("%s: group writable or world read/writable", fname);
713 pushfile(const char *name, int secret)
717 if ((nfile = calloc(1, sizeof(struct file))) == NULL) {
721 if ((nfile->name = strdup(name)) == NULL) {
726 if ((nfile->stream = fopen(nfile->name, "r")) == NULL) {
727 log_warn("%s", nfile->name);
732 check_file_secrecy(fileno(nfile->stream), nfile->name)) {
733 fclose(nfile->stream);
738 nfile->lineno = TAILQ_EMPTY(&files) ? 1 : 0;
739 nfile->ungetsize = 16;
740 nfile->ungetbuf = malloc(nfile->ungetsize);
741 if (nfile->ungetbuf == NULL) {
743 fclose(nfile->stream);
748 TAILQ_INSERT_TAIL(&files, nfile, entry);
757 if ((prev = TAILQ_PREV(file, files, entry)) != NULL)
758 prev->errors += file->errors;
760 TAILQ_REMOVE(&files, file, entry);
761 fclose(file->stream);
763 free(file->ungetbuf);
766 return file ? 0 : EOF;
770 parse_config(const char *filename)
772 struct sym *sym, *next;
775 conf = config_new_empty();
777 file = pushfile(filename, 0);
785 errors = file->errors;
788 /* Free macros and check which have not been used. */
789 TAILQ_FOREACH_SAFE(sym, &symhead, entry, next) {
790 if (verbose && !sym->used)
791 fprintf(stderr, "warning: macro '%s' not used\n",
796 TAILQ_REMOVE(&symhead, sym, entry);
810 symset(const char *nam, const char *val, int persist)
814 TAILQ_FOREACH(sym, &symhead, entry) {
815 if (strcmp(nam, sym->nam) == 0)
820 if (sym->persist == 1)
825 TAILQ_REMOVE(&symhead, sym, entry);
829 if ((sym = calloc(1, sizeof(*sym))) == NULL)
832 sym->nam = strdup(nam);
833 if (sym->nam == NULL) {
837 sym->val = strdup(val);
838 if (sym->val == NULL) {
844 sym->persist = persist;
845 TAILQ_INSERT_TAIL(&symhead, sym, entry);
850 cmdline_symset(char *s)
855 if ((val = strrchr(s, '=')) == NULL)
857 sym = strndup(s, val - s);
859 errx(1, "%s: strndup", __func__);
860 ret = symset(sym, val + 1, 1);
867 symget(const char *nam)
871 TAILQ_FOREACH(sym, &symhead, entry) {
872 if (strcmp(nam, sym->nam) == 0) {
881 clear_config(struct kd_conf *xconf)
889 add_table(const char *name, const char *type, const char *path)
891 if (table_open(conf, name, type, path) == -1)
892 yyerror("can't initialize table %s", name);
893 table = STAILQ_FIRST(&conf->table_head)->table;
896 static struct table *
897 findtable(const char *name)
899 struct kd_tables_conf *i;
901 STAILQ_FOREACH(i, &conf->table_head, entry) {
902 if (!strcmp(i->table->t_name, name))
906 yyerror("unknown table %s", name);
911 add_cert(const char *name, const char *path)
913 struct kd_pki_conf *pki;
915 STAILQ_FOREACH(pki, &conf->pki_head, entry) {
916 if (strcmp(name, pki->name) != 0)
919 if (pki->cert != NULL) {
920 yyerror("duplicate `pki %s cert'", name);
927 pki = xcalloc(1, sizeof(*pki));
928 strlcpy(pki->name, name, sizeof(pki->name));
929 STAILQ_INSERT_HEAD(&conf->pki_head, pki, entry);
932 if ((pki->cert = tls_load_file(path, &pki->certlen, NULL)) == NULL)
937 add_key(const char *name, const char *path)
939 struct kd_pki_conf *pki;
941 STAILQ_FOREACH(pki, &conf->pki_head, entry) {
942 if (strcmp(name, pki->name) != 0)
945 if (pki->key != NULL) {
946 yyerror("duplicate `pki %s key'", name);
953 pki = xcalloc(1, sizeof(*pki));
954 strlcpy(pki->name, name, sizeof(pki->name));
955 STAILQ_INSERT_HEAD(&conf->pki_head, pki, entry);
958 if ((pki->key = tls_load_file(path, &pki->keylen, NULL)) == NULL)
962 static struct kd_listen_conf *
965 struct kd_listen_conf *l;
967 l = xcalloc(1, sizeof(*l));
971 STAILQ_INSERT_HEAD(&conf->listen_head, l, entry);
