2 * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
3 * Copyright (c) 2018 Florian Obser <florian@openbsd.org>
4 * Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org>
5 * Copyright (c) 2004 Ryan McBride <mcbride@openbsd.org>
6 * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
7 * Copyright (c) 2001 Markus Friedl. All rights reserved.
8 * Copyright (c) 2001 Daniel Hartmeier. All rights reserved.
9 * Copyright (c) 2001 Theo de Raadt. All rights reserved.
11 * Permission to use, copy, modify, and distribute this software for any
12 * purpose with or without fee is hereby granted, provided that the above
13 * copyright notice and this permission notice appear in all copies.
15 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
16 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
17 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
18 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
19 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
47 TAILQ_HEAD(files, file) files = TAILQ_HEAD_INITIALIZER(files);
49 TAILQ_ENTRY(file) entry;
59 struct file *pushfile(const char *, int);
61 int check_file_secrecy(int, const char *);
64 int yyerror(const char *, ...)
65 __attribute__((__format__ (printf, 1, 2)))
66 __attribute__((__nonnull__ (1)));
67 int kw_cmp(const void *, const void *);
74 TAILQ_HEAD(symhead, sym) symhead = TAILQ_HEAD_INITIALIZER(symhead);
76 TAILQ_ENTRY(sym) entry;
83 int symset(const char *, const char *, int);
84 char *symget(const char *);
86 void clear_config(struct kd_conf *xconf);
88 static void add_table(const char *, const char *, const char *);
89 static struct table *findtable(const char *name);
90 static void add_cert(const char *, const char *);
91 static void add_key(const char *, const char *);
92 static struct kd_listen_conf *listen_new(void);
94 static uint32_t counter;
95 static struct table *table;
96 static struct kd_listen_conf *listener;
97 static struct kd_conf *conf;
125 %token <v.string> STRING
126 %token <v.number> NUMBER
127 %type <v.number> yesno
128 %type <v.string> string
129 %type <v.table> tableref
133 grammar : /* empty */
134 | grammar include '\n'
138 | grammar listen '\n'
139 | grammar varset '\n'
140 | grammar error '\n' { file->errors++; }
143 include : INCLUDE STRING {
146 if ((nfile = pushfile($2, 0)) == NULL) {
147 yyerror("failed to include file %s", $2);
158 string : string STRING {
159 if (asprintf(&$$, "%s %s", $1, $2) == -1) {
162 yyerror("string: asprintf");
171 yesno : YES { $$ = 1; }
175 optnl : '\n' optnl /* zero or more newlines */
179 nl : '\n' optnl /* one or more newlines */
187 varset : STRING '=' string {
190 printf("%s = \"%s\"\n", $1, $3);
192 if (isspace((unsigned char)*s)) {
193 yyerror("macro name cannot contain "
200 if (symset($1, $3, 0) == -1)
201 fatal("cannot store variable");
207 pki : PKI STRING CERT STRING { add_cert($2, $4); }
208 | PKI STRING KEY STRING { add_key($2, $4); }
211 table_kp : string arrow string optnl {
212 if (table_add(table, $1, $3) == -1)
213 yyerror("can't add to table %s",
221 | table_kp comma table_kps
225 if (table_add(table, $1, NULL) == -1)
226 yyerror("can't add to table %s",
232 string_list : stringel
233 | stringel comma string_list
236 table_vals : table_kps
240 table : TABLE STRING STRING {
243 if ((p = strchr($3, ':')) == NULL) {
244 yyerror("invalid table %s", $2);
249 add_table($2, $3, p+1);
254 add_table($2, "static", NULL);
255 } '{' optnl table_vals '}' {
260 tableref : '<' STRING '>' {
271 listen : LISTEN { listener = listen_new(); }
273 if (listener->auth_table == NULL)
274 yyerror("missing auth table");
275 if (!(listener->flags & L_TLS))
276 yyerror("can't define a non-tls listener");
281 listen_opts : listen_opt
282 | listen_opt listen_opts
285 listen_opt : ON STRING PORT NUMBER {
286 if (*listener->iface != '\0')
287 yyerror("listen address and port already"
289 strlcpy(listener->iface, $2, sizeof(listener->iface));
293 if (*listener->pki != '\0')
294 yyerror("listen tls pki already defined");
295 listener->flags |= L_TLS;
296 strlcpy(listener->pki, $3, sizeof(listener->pki));
299 if (listener->auth_table != NULL)
300 yyerror("listen auth already defined");
301 listener->auth_table = $2;
303 | USERDATA tableref {
304 if (listener->userdata_table != NULL)
305 yyerror("userdata table already defined");
306 listener->userdata_table = $2;
309 if (listener->virtual_table != NULL)
310 yyerror("virtual table already defined");
311 listener->virtual_table = $2;
323 yyerror(const char *fmt, ...)
330 if (vasprintf(&msg, fmt, ap) == -1)
331 fatalx("yyerror vasprintf");
333 logit(LOG_CRIT, "%s:%d: %s", file->name, yylval.lineno, msg);
339 kw_cmp(const void *k, const void *e)
341 return strcmp(k, ((const struct keywords *)e)->k_name);
347 /* This has to be sorted always. */
348 static const struct keywords keywords[] = {
351 {"include", INCLUDE},
360 {"userdata", USERDATA},
361 {"virtual", VIRTUAL},
364 const struct keywords *p;
366 p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]),
367 sizeof(keywords[0]), kw_cmp);
375 #define START_EXPAND 1
376 #define DONE_EXPAND 2
378 static int expanding;
386 if (file->ungetpos > 0)
387 c = file->ungetbuf[--file->ungetpos];
389 c = getc(file->stream);
391 if (c == START_EXPAND)
393 else if (c == DONE_EXPAND)
407 if ((c = igetc()) == EOF) {
408 yyerror("reached end of file while parsing "
410 if (file == topfile || popfile() == EOF)
417 while ((c = igetc()) == '\\') {
423 yylval.lineno = file->lineno;
429 * Fake EOL when hit EOF for the first time. This gets line
430 * count right if last line in included file is syntactically
431 * invalid and has no newline.
433 if (file->eof_reached == 0) {
434 file->eof_reached = 1;
438 if (file == topfile || popfile() == EOF)
452 if (file->ungetpos >= file->ungetsize) {
453 void *p = reallocarray(file->ungetbuf, file->ungetsize, 2);
457 file->ungetsize *= 2;
459 file->ungetbuf[file->ungetpos++] = c;
467 /* Skip to either EOF or the first real EOL. */
488 switch (x = my_yylex()) {
529 printf("string \"%s\"\n", yylval.v.string);
532 printf("number %"PRIi64"\n", yylval.v.number);
534 printf("character ");
539 printf(" [0x%x]", x);
561 while ((c = lgetc(0)) == ' ' || c == '\t')
564 yylval.lineno = file->lineno;
566 while ((c = lgetc(0)) != '\n' && c != EOF)
568 if (c == '$' && !expanding) {
570 if ((c = lgetc(0)) == EOF)
573 if (p + 1 >= buf + sizeof(buf) - 1) {
574 yyerror("string too long");
577 if (isalnum(c) || c == '_') {
587 yyerror("macro '%s' not defined", buf);
590 p = val + strlen(val) - 1;
591 lungetc(DONE_EXPAND);
593 lungetc((unsigned char)*p);
596 lungetc(START_EXPAND);
605 if ((c = lgetc(quotec)) == EOF)
610 } else if (c == '\\') {
611 if ((next = lgetc(quotec)) == EOF)
613 if (next == quotec || next == ' ' ||
616 else if (next == '\n') {
621 } else if (c == quotec) {
624 } else if (c == '\0') {
625 yyerror("syntax error");
628 if (p + 1 >= buf + sizeof(buf) - 1) {
629 yyerror("string too long");
634 yylval.v.string = strdup(buf);
635 if (yylval.v.string == NULL)
636 err(1, "yylex: strdup");
640 #define allowed_to_end_number(x) \
641 (isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' || x == '=')
643 if (c == '-' || isdigit(c)) {
646 if ((size_t)(p-buf) >= sizeof(buf)) {
647 yyerror("string too long");
650 } while ((c = lgetc(0)) != EOF && isdigit(c));
652 if (p == buf + 1 && buf[0] == '-')
654 if (c == EOF || allowed_to_end_number(c)) {
655 const char *errstr = NULL;
658 yylval.v.number = strtonum(buf, LLONG_MIN,
661 yyerror("\"%s\" invalid number: %s",
669 lungetc((unsigned char)*--p);
670 c = (unsigned char)*--p;
676 #define allowed_in_string(x) \
677 (isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \
678 x != '{' && x != '}' && \
679 x != '!' && x != '=' && x != '#' && \
680 x != ',' && x != '>'))
682 if (isalnum(c) || c == ':' || c == '_') {
685 if ((size_t)(p-buf) >= sizeof(buf)) {
686 yyerror("string too long");
689 } while ((c = lgetc(0)) != EOF && (allowed_in_string(c)));
692 if ((token = lookup(buf)) == STRING)
693 if ((yylval.v.string = strdup(buf)) == NULL)
694 err(1, "yylex: strdup");
698 yylval.lineno = file->lineno;
707 check_file_secrecy(int fd, const char *fname)
711 if (fstat(fd, &st)) {
712 log_warn("cannot stat %s", fname);
715 if (st.st_uid != 0 && st.st_uid != getuid()) {
716 log_warnx("%s: owner not root or current user", fname);
719 if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {
720 log_warnx("%s: group writable or world read/writable", fname);
727 pushfile(const char *name, int secret)
731 if ((nfile = calloc(1, sizeof(struct file))) == NULL) {
735 if ((nfile->name = strdup(name)) == NULL) {
740 if ((nfile->stream = fopen(nfile->name, "r")) == NULL) {
741 log_warn("%s", nfile->name);
746 check_file_secrecy(fileno(nfile->stream), nfile->name)) {
747 fclose(nfile->stream);
752 nfile->lineno = TAILQ_EMPTY(&files) ? 1 : 0;
753 nfile->ungetsize = 16;
754 nfile->ungetbuf = malloc(nfile->ungetsize);
755 if (nfile->ungetbuf == NULL) {
757 fclose(nfile->stream);
762 TAILQ_INSERT_TAIL(&files, nfile, entry);
771 if ((prev = TAILQ_PREV(file, files, entry)) != NULL)
772 prev->errors += file->errors;
774 TAILQ_REMOVE(&files, file, entry);
775 fclose(file->stream);
777 free(file->ungetbuf);
780 return file ? 0 : EOF;
784 parse_config(const char *filename)
786 struct sym *sym, *next;
789 conf = config_new_empty();
791 file = pushfile(filename, 0);
799 errors = file->errors;
802 /* Free macros and check which have not been used. */
803 TAILQ_FOREACH_SAFE(sym, &symhead, entry, next) {
804 if (verbose && !sym->used)
805 fprintf(stderr, "warning: macro '%s' not used\n",
810 TAILQ_REMOVE(&symhead, sym, entry);
824 symset(const char *nam, const char *val, int persist)
828 TAILQ_FOREACH(sym, &symhead, entry) {
829 if (strcmp(nam, sym->nam) == 0)
834 if (sym->persist == 1)
839 TAILQ_REMOVE(&symhead, sym, entry);
843 if ((sym = calloc(1, sizeof(*sym))) == NULL)
846 sym->nam = strdup(nam);
847 if (sym->nam == NULL) {
851 sym->val = strdup(val);
852 if (sym->val == NULL) {
858 sym->persist = persist;
859 TAILQ_INSERT_TAIL(&symhead, sym, entry);
864 cmdline_symset(char *s)
869 if ((val = strrchr(s, '=')) == NULL)
871 sym = strndup(s, val - s);
873 errx(1, "%s: strndup", __func__);
874 ret = symset(sym, val + 1, 1);
881 symget(const char *nam)
885 TAILQ_FOREACH(sym, &symhead, entry) {
886 if (strcmp(nam, sym->nam) == 0) {
895 clear_config(struct kd_conf *xconf)
903 add_table(const char *name, const char *type, const char *path)
905 if (table_open(conf, name, type, path) == -1)
906 yyerror("can't initialize table %s", name);
907 table = STAILQ_FIRST(&conf->table_head)->table;
910 static struct table *
911 findtable(const char *name)
913 struct kd_tables_conf *i;
915 STAILQ_FOREACH(i, &conf->table_head, entry) {
916 if (!strcmp(i->table->t_name, name))
920 yyerror("unknown table %s", name);
925 add_cert(const char *name, const char *path)
927 struct kd_pki_conf *pki;
929 STAILQ_FOREACH(pki, &conf->pki_head, entry) {
930 if (strcmp(name, pki->name) != 0)
933 if (pki->cert != NULL) {
934 yyerror("duplicate `pki %s cert'", name);
941 pki = xcalloc(1, sizeof(*pki));
942 strlcpy(pki->name, name, sizeof(pki->name));
943 STAILQ_INSERT_HEAD(&conf->pki_head, pki, entry);
946 if ((pki->cert = tls_load_file(path, &pki->certlen, NULL)) == NULL)
951 add_key(const char *name, const char *path)
953 struct kd_pki_conf *pki;
955 STAILQ_FOREACH(pki, &conf->pki_head, entry) {
956 if (strcmp(name, pki->name) != 0)
959 if (pki->key != NULL) {
960 yyerror("duplicate `pki %s key'", name);
967 pki = xcalloc(1, sizeof(*pki));
968 strlcpy(pki->name, name, sizeof(pki->name));
969 STAILQ_INSERT_HEAD(&conf->pki_head, pki, entry);
972 if ((pki->key = tls_load_file(path, &pki->keylen, NULL)) == NULL)
976 static struct kd_listen_conf *
979 struct kd_listen_conf *l;
981 l = xcalloc(1, sizeof(*l));
985 STAILQ_INSERT_HEAD(&conf->listen_head, l, entry);
