| /* $NetBSD: cftoken.l,v 1.11.4.2 2007/09/03 18:07:29 mgrooms Exp $ */ |
| |
| /* Id: cftoken.l,v 1.53 2006/08/22 18:17:17 manubsd Exp */ |
| |
| %{ |
| /* |
| * Copyright (C) 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002 and 2003 WIDE Project. |
| * All rights reserved. |
| * |
| * Redistribution and use in source and binary forms, with or without |
| * modification, are permitted provided that the following conditions |
| * are met: |
| * 1. Redistributions of source code must retain the above copyright |
| * notice, this list of conditions and the following disclaimer. |
| * 2. Redistributions in binary form must reproduce the above copyright |
| * notice, this list of conditions and the following disclaimer in the |
| * documentation and/or other materials provided with the distribution. |
| * 3. Neither the name of the project nor the names of its contributors |
| * may be used to endorse or promote products derived from this software |
| * without specific prior written permission. |
| * |
| * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND |
| * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE |
| * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| * SUCH DAMAGE. |
| */ |
| |
| #include "config.h" |
| |
| #include <sys/types.h> |
| #include <sys/param.h> |
| #include <sys/socket.h> |
| |
| #include <netinet/in.h> |
| #include PATH_IPSEC_H |
| |
| #include <stdlib.h> |
| #include <stdio.h> |
| #include <string.h> |
| #include <errno.h> |
| #include <limits.h> |
| #include <ctype.h> |
| #include <glob.h> |
| #ifdef HAVE_STDARG_H |
| #include <stdarg.h> |
| #else |
| #include <varargs.h> |
| #endif |
| |
| #include "var.h" |
| #include "misc.h" |
| #include "vmbuf.h" |
| #include "plog.h" |
| #include "debug.h" |
| |
| #include "algorithm.h" |
| #include "cfparse_proto.h" |
| #include "cftoken_proto.h" |
| #include "localconf.h" |
| #include "oakley.h" |
| #include "isakmp_var.h" |
| #include "isakmp.h" |
| #include "ipsec_doi.h" |
| #include "policy.h" |
| #include "proposal.h" |
| #include "remoteconf.h" |
| #ifdef GC |
| #include "gcmalloc.h" |
| #endif |
| |
| #include "cfparse.h" |
| |
| int yyerrorcount = 0; |
| |
| #if defined(YIPS_DEBUG) |
| # define YYDB plog(LLV_DEBUG2, LOCATION, NULL, \ |
| "begin <%d>%s\n", yy_start, yytext); |
| # define YYD { \ |
| plog(LLV_DEBUG2, LOCATION, NULL, "<%d>%s", \ |
| yy_start, loglevel >= LLV_DEBUG2 ? "\n" : ""); \ |
| } |
| #else |
| # define YYDB |
| # define YYD |
| #endif /* defined(YIPS_DEBUG) */ |
| |
| #define MAX_INCLUDE_DEPTH 10 |
| |
| static struct include_stack { |
| char *path; |
| FILE *fp; |
| YY_BUFFER_STATE prevstate; |
| int lineno; |
| glob_t matches; |
| int matchon; |
| } incstack[MAX_INCLUDE_DEPTH]; |
| static int incstackp = 0; |
| |
| static int yy_first_time = 1; |
| %} |
| |
| /* common seciton */ |
| nl \n |
| ws [ \t]+ |
| digit [0-9] |
| letter [A-Za-z] |
| hexdigit [0-9A-Fa-f] |
| /*octet (([01]?{digit}?{digit})|((2([0-4]{digit}))|(25[0-5]))) */ |
| special [()+\|\?\*] |
| comma \, |
| dot \. |
| slash \/ |
| bcl \{ |
| ecl \} |
| blcl \[ |
| elcl \] |
| hyphen \- |
| percent \% |
| semi \; |
| comment \#.* |
| ccomment "/*" |
| bracketstring \<[^>]*\> |
| quotedstring \"[^"]*\" |
| addrstring [a-fA-F0-9:]([a-fA-F0-9:\.]*|[a-fA-F0-9:\.]*%[a-zA-Z0-9]*) |
| decstring {digit}+ |
| hexstring 0x{hexdigit}+ |
| |
| %s S_INI S_PRIV S_PTH S_INF S_LOG S_PAD S_LST S_RTRY S_CFG S_LDAP |
| %s S_ALGST S_ALGCL |
| %s S_SAINF S_SAINFS |
| %s S_RMT S_RMTS S_RMTP |
| %s S_SA |
| %s S_GSSENC |
| |
| %% |
| %{ |
| if (yy_first_time) { |
| BEGIN S_INI; |
| yy_first_time = 0; |
| } |
| %} |
| |
| /* privsep */ |
| <S_INI>privsep { BEGIN S_PRIV; YYDB; return(PRIVSEP); } |
| <S_PRIV>{bcl} { return(BOC); } |
| <S_PRIV>user { YYD; return(USER); } |
| <S_PRIV>group { YYD; return(GROUP); } |
| <S_PRIV>chroot { YYD; return(CHROOT); } |
| <S_PRIV>{ecl} { BEGIN S_INI; return(EOC); } |
| |
| /* path */ |
| <S_INI>path { BEGIN S_PTH; YYDB; return(PATH); } |
| <S_PTH>include { YYD; yylval.num = LC_PATHTYPE_INCLUDE; |
| return(PATHTYPE); } |
| <S_PTH>pre_shared_key { YYD; yylval.num = LC_PATHTYPE_PSK; |
| return(PATHTYPE); } |
| <S_PTH>certificate { YYD; yylval.num = LC_PATHTYPE_CERT; |
| return(PATHTYPE); } |
| <S_PTH>script { YYD; yylval.num = LC_PATHTYPE_SCRIPT; |
| return(PATHTYPE); } |
| <S_PTH>backupsa { YYD; yylval.num = LC_PATHTYPE_BACKUPSA; |
| return(PATHTYPE); } |
| <S_PTH>pidfile { YYD; yylval.num = LC_PATHTYPE_PIDFILE; |
| return(PATHTYPE); } |
| <S_PTH>{semi} { BEGIN S_INI; YYDB; return(EOS); } |
| |
| /* include */ |
| <S_INI>include { YYDB; return(INCLUDE); } |
| |
| /* self information */ |
| <S_INI>identifier { BEGIN S_INF; YYDB; yywarn("it is obsoleted. use \"my_identifier\" in each remote directives."); return(IDENTIFIER); } |
| <S_INF>{semi} { BEGIN S_INI; return(EOS); } |
| |
| /* special */ |
| <S_INI>complex_bundle { YYDB; return(COMPLEX_BUNDLE); } |
| |
| /* logging */ |
| <S_INI>log { BEGIN S_LOG; YYDB; return(LOGGING); } |
| <S_LOG>error { YYD; yylval.num = LLV_ERROR; return(LOGLEV); } |
| <S_LOG>warning { YYD; yylval.num = LLV_WARNING; return(LOGLEV); } |
| <S_LOG>notify { YYD; yylval.num = LLV_NOTIFY; return(LOGLEV); } |
| <S_LOG>info { YYD; yylval.num = LLV_INFO; return(LOGLEV); } |
| <S_LOG>debug { YYD; yylval.num = LLV_DEBUG; return(LOGLEV); } |
| <S_LOG>debug2 { YYD; yylval.num = LLV_DEBUG2; return(LOGLEV); } |
| <S_LOG>debug3 { YYD; yywarn("it is obsoleted. use \"debug2\""); yylval.num = LLV_DEBUG2; return(LOGLEV); } |
| <S_LOG>debug4 { YYD; yywarn("it is obsoleted. use \"debug2\""); yylval.num = LLV_DEBUG2; return(LOGLEV); } |
| <S_LOG>{semi} { BEGIN S_INI; return(EOS); } |
| |
| /* padding */ |
| <S_INI>padding { BEGIN S_PAD; YYDB; return(PADDING); } |
| <S_PAD>{bcl} { return(BOC); } |
| <S_PAD>randomize { YYD; return(PAD_RANDOMIZE); } |
| <S_PAD>randomize_length { YYD; return(PAD_RANDOMIZELEN); } |
| <S_PAD>maximum_length { YYD; return(PAD_MAXLEN); } |
| <S_PAD>strict_check { YYD; return(PAD_STRICT); } |
| <S_PAD>exclusive_tail { YYD; return(PAD_EXCLTAIL); } |
| <S_PAD>{ecl} { BEGIN S_INI; return(EOC); } |
| |
| /* listen */ |
| <S_INI>listen { BEGIN S_LST; YYDB; return(LISTEN); } |
| <S_LST>{bcl} { return(BOC); } |
| <S_LST>isakmp { YYD; return(X_ISAKMP); } |
| <S_LST>isakmp_natt { YYD; return(X_ISAKMP_NATT); } |
| <S_LST>admin { YYD; return(X_ADMIN); } |
| <S_LST>adminsock { YYD; return(ADMINSOCK); } |
| <S_LST>disabled { YYD; return(DISABLED); } |
| <S_LST>strict_address { YYD; return(STRICT_ADDRESS); } |
| <S_LST>{ecl} { BEGIN S_INI; return(EOC); } |
| |
| /* ldap config */ |
| <S_INI>ldapcfg { BEGIN S_LDAP; YYDB; return(LDAPCFG); } |
| <S_LDAP>{bcl} { return(BOC); } |
| <S_LDAP>version { YYD; return(LDAP_PVER); } |
| <S_LDAP>host { YYD; return(LDAP_HOST); } |
| <S_LDAP>port { YYD; return(LDAP_PORT); } |
| <S_LDAP>base { YYD; return(LDAP_BASE); } |
| <S_LDAP>subtree { YYD; return(LDAP_SUBTREE); } |
| <S_LDAP>bind_dn { YYD; return(LDAP_BIND_DN); } |
| <S_LDAP>bind_pw { YYD; return(LDAP_BIND_PW); } |
| <S_LDAP>attr_user { YYD; return(LDAP_ATTR_USER); } |
| <S_LDAP>attr_addr { YYD; return(LDAP_ATTR_ADDR); } |
| <S_LDAP>attr_mask { YYD; return(LDAP_ATTR_MASK); } |
| <S_LDAP>attr_group { YYD; return(LDAP_ATTR_GROUP); } |
| <S_LDAP>attr_member { YYD; return(LDAP_ATTR_MEMBER); } |
| <S_LDAP>{ecl} { BEGIN S_INI; return(EOC); } |
| |
| /* mode_cfg */ |
| <S_INI>mode_cfg { BEGIN S_CFG; YYDB; return(MODECFG); } |
| <S_CFG>{bcl} { return(BOC); } |
| <S_CFG>network4 { YYD; return(CFG_NET4); } |
| <S_CFG>netmask4 { YYD; return(CFG_MASK4); } |
| <S_CFG>dns4 { YYD; return(CFG_DNS4); } |
| <S_CFG>nbns4 { YYD; return(CFG_NBNS4); } |
| <S_CFG>wins4 { YYD; return(CFG_NBNS4); } |
| <S_CFG>default_domain { YYD; return(CFG_DEFAULT_DOMAIN); } |
| <S_CFG>auth_source { YYD; return(CFG_AUTH_SOURCE); } |
| <S_CFG>auth_groups { YYD; return(CFG_AUTH_GROUPS); } |
| <S_CFG>group_source { YYD; return(CFG_GROUP_SOURCE); } |
| <S_CFG>conf_source { YYD; return(CFG_CONF_SOURCE); } |
| <S_CFG>accounting { YYD; return(CFG_ACCOUNTING); } |
| <S_CFG>system { YYD; return(CFG_SYSTEM); } |
| <S_CFG>local { YYD; return(CFG_LOCAL); } |
| <S_CFG>none { YYD; return(CFG_NONE); } |
| <S_CFG>radius { YYD; return(CFG_RADIUS); } |
| <S_CFG>pam { YYD; return(CFG_PAM); } |
| <S_CFG>ldap { YYD; return(CFG_LDAP); } |
| <S_CFG>pool_size { YYD; return(CFG_POOL_SIZE); } |
| <S_CFG>banner { YYD; return(CFG_MOTD); } |
| <S_CFG>auth_throttle { YYD; return(CFG_AUTH_THROTTLE); } |
| <S_CFG>split_network { YYD; return(CFG_SPLIT_NETWORK); } |
| <S_CFG>local_lan { YYD; return(CFG_SPLIT_LOCAL); } |
| <S_CFG>include { YYD; return(CFG_SPLIT_INCLUDE); } |
| <S_CFG>split_dns { YYD; return(CFG_SPLIT_DNS); } |
| <S_CFG>pfs_group { YYD; return(CFG_PFS_GROUP); } |
| <S_CFG>save_passwd { YYD; return(CFG_SAVE_PASSWD); } |
| <S_CFG>{comma} { YYD; return(COMMA); } |
| <S_CFG>{ecl} { BEGIN S_INI; return(EOC); } |
| |
| /* timer */ |
| <S_INI>timer { BEGIN S_RTRY; YYDB; return(RETRY); } |
| <S_RTRY>{bcl} { return(BOC); } |
| <S_RTRY>counter { YYD; return(RETRY_COUNTER); } |
| <S_RTRY>interval { YYD; return(RETRY_INTERVAL); } |
| <S_RTRY>persend { YYD; return(RETRY_PERSEND); } |
| <S_RTRY>phase1 { YYD; return(RETRY_PHASE1); } |
| <S_RTRY>phase2 { YYD; return(RETRY_PHASE2); } |
| <S_RTRY>natt_keepalive { YYD; return(NATT_KA); } |
| <S_RTRY>{ecl} { BEGIN S_INI; return(EOC); } |
| |
| /* sainfo */ |
| <S_INI>sainfo { BEGIN S_SAINF; YYDB; return(SAINFO); } |
| <S_SAINF>anonymous { YYD; return(ANONYMOUS); } |
| <S_SAINF>{blcl}any{elcl} { YYD; return(PORTANY); } |
| <S_SAINF>any { YYD; return(ANY); } |
| <S_SAINF>from { YYD; return(FROM); } |
| <S_SAINF>group { YYD; return(GROUP); } |
| /* sainfo spec */ |
| <S_SAINF>{bcl} { BEGIN S_SAINFS; return(BOC); } |
| <S_SAINF>{semi} { BEGIN S_INI; return(EOS); } |
| <S_SAINFS>{ecl} { BEGIN S_INI; return(EOC); } |
| <S_SAINFS>pfs_group { YYD; return(PFS_GROUP); } |
| <S_SAINFS>remoteid { YYD; return(REMOTEID); } |
| <S_SAINFS>identifier { YYD; yywarn("it is obsoleted. use \"my_identifier\"."); return(IDENTIFIER); } |
| <S_SAINFS>my_identifier { YYD; return(MY_IDENTIFIER); } |
| <S_SAINFS>lifetime { YYD; return(LIFETIME); } |
| <S_SAINFS>time { YYD; return(LIFETYPE_TIME); } |
| <S_SAINFS>byte { YYD; return(LIFETYPE_BYTE); } |
| <S_SAINFS>encryption_algorithm { YYD; yylval.num = algclass_ipsec_enc; return(ALGORITHM_CLASS); } |
| <S_SAINFS>authentication_algorithm { YYD; yylval.num = algclass_ipsec_auth; return(ALGORITHM_CLASS); } |
| <S_SAINFS>compression_algorithm { YYD; yylval.num = algclass_ipsec_comp; return(ALGORITHM_CLASS); } |
| <S_SAINFS>{comma} { YYD; return(COMMA); } |
| |
| /* remote */ |
| <S_INI>remote { BEGIN S_RMT; YYDB; return(REMOTE); } |
| <S_RMT>anonymous { YYD; return(ANONYMOUS); } |
| <S_RMT>inherit { YYD; return(INHERIT); } |
| /* remote spec */ |
| <S_RMT>{bcl} { BEGIN S_RMTS; return(BOC); } |
| <S_RMTS>{ecl} { BEGIN S_INI; return(EOC); } |
| <S_RMTS>exchange_mode { YYD; return(EXCHANGE_MODE); } |
| <S_RMTS>{comma} { YYD; /* XXX ignored, but to be handled. */ ; } |
| <S_RMTS>base { YYD; yylval.num = ISAKMP_ETYPE_BASE; return(EXCHANGETYPE); } |
| <S_RMTS>main { YYD; yylval.num = ISAKMP_ETYPE_IDENT; return(EXCHANGETYPE); } |
| <S_RMTS>aggressive { YYD; yylval.num = ISAKMP_ETYPE_AGG; return(EXCHANGETYPE); } |
| <S_RMTS>doi { YYD; return(DOI); } |
| <S_RMTS>ipsec_doi { YYD; yylval.num = IPSEC_DOI; return(DOITYPE); } |
| <S_RMTS>situation { YYD; return(SITUATION); } |
| <S_RMTS>identity_only { YYD; yylval.num = IPSECDOI_SIT_IDENTITY_ONLY; return(SITUATIONTYPE); } |
| <S_RMTS>secrecy { YYD; yylval.num = IPSECDOI_SIT_SECRECY; return(SITUATIONTYPE); } |
| <S_RMTS>integrity { YYD; yylval.num = IPSECDOI_SIT_INTEGRITY; return(SITUATIONTYPE); } |
| <S_RMTS>identifier { YYD; yywarn("it is obsoleted. use \"my_identifier\"."); return(IDENTIFIER); } |
| <S_RMTS>my_identifier { YYD; return(MY_IDENTIFIER); } |
| <S_RMTS>xauth_login { YYD; return(XAUTH_LOGIN); /* formerly identifier type login */ } |
| <S_RMTS>peers_identifier { YYD; return(PEERS_IDENTIFIER); } |
| <S_RMTS>verify_identifier { YYD; return(VERIFY_IDENTIFIER); } |
| <S_RMTS>certificate_type { YYD; return(CERTIFICATE_TYPE); } |
| <S_RMTS>ca_type { YYD; return(CA_TYPE); } |
| <S_RMTS>x509 { YYD; yylval.num = ISAKMP_CERT_X509SIGN; return(CERT_X509); } |
| <S_RMTS>plain_rsa { YYD; yylval.num = ISAKMP_CERT_PLAINRSA; return(CERT_PLAINRSA); } |
| <S_RMTS>peers_certfile { YYD; return(PEERS_CERTFILE); } |
| <S_RMTS>dnssec { YYD; return(DNSSEC); } |
| <S_RMTS>verify_cert { YYD; return(VERIFY_CERT); } |
| <S_RMTS>send_cert { YYD; return(SEND_CERT); } |
| <S_RMTS>send_cr { YYD; return(SEND_CR); } |
| <S_RMTS>dh_group { YYD; return(DH_GROUP); } |
| <S_RMTS>nonce_size { YYD; return(NONCE_SIZE); } |
| <S_RMTS>generate_policy { YYD; return(GENERATE_POLICY); } |
| <S_RMTS>unique { YYD; yylval.num = GENERATE_POLICY_UNIQUE; return(GENERATE_LEVEL); } |
| <S_RMTS>require { YYD; yylval.num = GENERATE_POLICY_REQUIRE; return(GENERATE_LEVEL); } |
| <S_RMTS>support_mip6 { YYD; yywarn("it is obsoleted. use \"support_proxy\"."); return(SUPPORT_PROXY); } |
| <S_RMTS>support_proxy { YYD; return(SUPPORT_PROXY); } |
| <S_RMTS>initial_contact { YYD; return(INITIAL_CONTACT); } |
| <S_RMTS>nat_traversal { YYD; return(NAT_TRAVERSAL); } |
| <S_RMTS>force { YYD; return(REMOTE_FORCE_LEVEL); } |
| <S_RMTS>proposal_check { YYD; return(PROPOSAL_CHECK); } |
| <S_RMTS>obey { YYD; yylval.num = PROP_CHECK_OBEY; return(PROPOSAL_CHECK_LEVEL); } |
| <S_RMTS>strict { YYD; yylval.num = PROP_CHECK_STRICT; return(PROPOSAL_CHECK_LEVEL); } |
| <S_RMTS>exact { YYD; yylval.num = PROP_CHECK_EXACT; return(PROPOSAL_CHECK_LEVEL); } |
| <S_RMTS>claim { YYD; yylval.num = PROP_CHECK_CLAIM; return(PROPOSAL_CHECK_LEVEL); } |
| <S_RMTS>keepalive { YYD; return(KEEPALIVE); } |
| <S_RMTS>passive { YYD; return(PASSIVE); } |
| <S_RMTS>lifetime { YYD; return(LIFETIME); } |
| <S_RMTS>time { YYD; return(LIFETYPE_TIME); } |
| <S_RMTS>byte { YYD; return(LIFETYPE_BYTE); } |
| <S_RMTS>dpd { YYD; return(DPD); } |
| <S_RMTS>dpd_delay { YYD; return(DPD_DELAY); } |
| <S_RMTS>dpd_retry { YYD; return(DPD_RETRY); } |
| <S_RMTS>dpd_maxfail { YYD; return(DPD_MAXFAIL); } |
| <S_RMTS>ph1id { YYD; return(PH1ID); } |
| <S_RMTS>ike_frag { YYD; return(IKE_FRAG); } |
| <S_RMTS>esp_frag { YYD; return(ESP_FRAG); } |
| <S_RMTS>script { YYD; return(SCRIPT); } |
| <S_RMTS>phase1_up { YYD; return(PHASE1_UP); } |
| <S_RMTS>phase1_down { YYD; return(PHASE1_DOWN); } |
| <S_RMTS>mode_cfg { YYD; return(MODE_CFG); } |
| <S_RMTS>weak_phase1_check { YYD; return(WEAK_PHASE1_CHECK); } |
| /* remote proposal */ |
| <S_RMTS>proposal { BEGIN S_RMTP; YYDB; return(PROPOSAL); } |
| <S_RMTP>{bcl} { return(BOC); } |
| <S_RMTP>{ecl} { BEGIN S_RMTS; return(EOC); } |
| <S_RMTP>lifetime { YYD; return(LIFETIME); } |
| <S_RMTP>time { YYD; return(LIFETYPE_TIME); } |
| <S_RMTP>byte { YYD; return(LIFETYPE_BYTE); } |
| <S_RMTP>encryption_algorithm { YYD; yylval.num = algclass_isakmp_enc; return(ALGORITHM_CLASS); } |
| <S_RMTP>authentication_method { YYD; yylval.num = algclass_isakmp_ameth; return(ALGORITHM_CLASS); } |
| <S_RMTP>hash_algorithm { YYD; yylval.num = algclass_isakmp_hash; return(ALGORITHM_CLASS); } |
| <S_RMTP>dh_group { YYD; return(DH_GROUP); } |
| <S_RMTP>gss_id { YYD; return(GSS_ID); } |
| <S_RMTP>gssapi_id { YYD; return(GSS_ID); } /* for back compatibility */ |
| |
| /* GSS ID encoding type (global) */ |
| <S_INI>gss_id_enc { BEGIN S_GSSENC; YYDB; return(GSS_ID_ENC); } |
| <S_GSSENC>latin1 { YYD; yylval.num = LC_GSSENC_LATIN1; |
| return(GSS_ID_ENCTYPE); } |
| <S_GSSENC>utf-16le { YYD; yylval.num = LC_GSSENC_UTF16LE; |
| return(GSS_ID_ENCTYPE); } |
| <S_GSSENC>{semi} { BEGIN S_INI; YYDB; return(EOS); } |
| |
| /* parameter */ |
| on { YYD; yylval.num = TRUE; return(SWITCH); } |
| off { YYD; yylval.num = FALSE; return(SWITCH); } |
| |
| /* prefix */ |
| {slash}{digit}{1,3} { |
| YYD; |
| yytext++; |
| yylval.num = atoi(yytext); |
| return(PREFIX); |
| } |
| |
| /* port number */ |
| {blcl}{decstring}{elcl} { |
| char *p = yytext; |
| YYD; |
| while (*++p != ']') ; |
| *p = 0; |
| yytext++; |
| yylval.num = atoi(yytext); |
| return(PORT); |
| } |
| |
| /* address range */ |
| {hyphen}{addrstring} { |
| YYD; |
| yytext++; |
| yylval.val = vmalloc(yyleng + 1); |
| if (yylval.val == NULL) { |
| yyerror("vmalloc failed"); |
| return -1; |
| } |
| memcpy(yylval.val->v, yytext, yylval.val->l); |
| return(ADDRRANGE); |
| } |
| |
| /* upper protocol */ |
| esp { YYD; yylval.num = IPPROTO_ESP; return(UL_PROTO); } |
| ah { YYD; yylval.num = IPPROTO_AH; return(UL_PROTO); } |
| ipcomp { YYD; yylval.num = IPPROTO_IPCOMP; return(UL_PROTO); } |
| icmp { YYD; yylval.num = IPPROTO_ICMP; return(UL_PROTO); } |
| icmp6 { YYD; yylval.num = IPPROTO_ICMPV6; return(UL_PROTO); } |
| tcp { YYD; yylval.num = IPPROTO_TCP; return(UL_PROTO); } |
| udp { YYD; yylval.num = IPPROTO_UDP; return(UL_PROTO); } |
| |
| /* algorithm type */ |
| des_iv64 { YYD; yylval.num = algtype_des_iv64; return(ALGORITHMTYPE); } |
| des { YYD; yylval.num = algtype_des; return(ALGORITHMTYPE); } |
| 3des { YYD; yylval.num = algtype_3des; return(ALGORITHMTYPE); } |
| rc5 { YYD; yylval.num = algtype_rc5; return(ALGORITHMTYPE); } |
| idea { YYD; yylval.num = algtype_idea; return(ALGORITHMTYPE); } |
| cast128 { YYD; yylval.num = algtype_cast128; return(ALGORITHMTYPE); } |
| blowfish { YYD; yylval.num = algtype_blowfish; return(ALGORITHMTYPE); } |
| 3idea { YYD; yylval.num = algtype_3idea; return(ALGORITHMTYPE); } |
| des_iv32 { YYD; yylval.num = algtype_des_iv32; return(ALGORITHMTYPE); } |
| rc4 { YYD; yylval.num = algtype_rc4; return(ALGORITHMTYPE); } |
| null_enc { YYD; yylval.num = algtype_null_enc; return(ALGORITHMTYPE); } |
| null { YYD; yylval.num = algtype_null_enc; return(ALGORITHMTYPE); } |
| aes { YYD; yylval.num = algtype_aes; return(ALGORITHMTYPE); } |
| rijndael { YYD; yylval.num = algtype_aes; return(ALGORITHMTYPE); } |
| twofish { YYD; yylval.num = algtype_twofish; return(ALGORITHMTYPE); } |
| camellia { YYD; yylval.num = algtype_camellia; return(ALGORITHMTYPE); } |
| non_auth { YYD; yylval.num = algtype_non_auth; return(ALGORITHMTYPE); } |
| hmac_md5 { YYD; yylval.num = algtype_hmac_md5; return(ALGORITHMTYPE); } |
| hmac_sha1 { YYD; yylval.num = algtype_hmac_sha1; return(ALGORITHMTYPE); } |
| hmac_sha2_256 { YYD; yylval.num = algtype_hmac_sha2_256; return(ALGORITHMTYPE); } |
| hmac_sha256 { YYD; yylval.num = algtype_hmac_sha2_256; return(ALGORITHMTYPE); } |
| hmac_sha2_384 { YYD; yylval.num = algtype_hmac_sha2_384; return(ALGORITHMTYPE); } |
| hmac_sha384 { YYD; yylval.num = algtype_hmac_sha2_384; return(ALGORITHMTYPE); } |
| hmac_sha2_512 { YYD; yylval.num = algtype_hmac_sha2_512; return(ALGORITHMTYPE); } |
| hmac_sha512 { YYD; yylval.num = algtype_hmac_sha2_512; return(ALGORITHMTYPE); } |
| des_mac { YYD; yylval.num = algtype_des_mac; return(ALGORITHMTYPE); } |
| kpdk { YYD; yylval.num = algtype_kpdk; return(ALGORITHMTYPE); } |
| md5 { YYD; yylval.num = algtype_md5; return(ALGORITHMTYPE); } |
| sha1 { YYD; yylval.num = algtype_sha1; return(ALGORITHMTYPE); } |
| tiger { YYD; yylval.num = algtype_tiger; return(ALGORITHMTYPE); } |
| sha2_256 { YYD; yylval.num = algtype_sha2_256; return(ALGORITHMTYPE); } |
| sha256 { YYD; yylval.num = algtype_sha2_256; return(ALGORITHMTYPE); } |
| sha2_384 { YYD; yylval.num = algtype_sha2_384; return(ALGORITHMTYPE); } |
| sha384 { YYD; yylval.num = algtype_sha2_384; return(ALGORITHMTYPE); } |
| sha2_512 { YYD; yylval.num = algtype_sha2_512; return(ALGORITHMTYPE); } |
| sha512 { YYD; yylval.num = algtype_sha2_512; return(ALGORITHMTYPE); } |
| oui { YYD; yylval.num = algtype_oui; return(ALGORITHMTYPE); } |
| deflate { YYD; yylval.num = algtype_deflate; return(ALGORITHMTYPE); } |
| lzs { YYD; yylval.num = algtype_lzs; return(ALGORITHMTYPE); } |
| modp768 { YYD; yylval.num = algtype_modp768; return(ALGORITHMTYPE); } |
| modp1024 { YYD; yylval.num = algtype_modp1024; return(ALGORITHMTYPE); } |
| modp1536 { YYD; yylval.num = algtype_modp1536; return(ALGORITHMTYPE); } |
| ec2n155 { YYD; yylval.num = algtype_ec2n155; return(ALGORITHMTYPE); } |
| ec2n185 { YYD; yylval.num = algtype_ec2n185; return(ALGORITHMTYPE); } |
| modp2048 { YYD; yylval.num = algtype_modp2048; return(ALGORITHMTYPE); } |
| modp3072 { YYD; yylval.num = algtype_modp3072; return(ALGORITHMTYPE); } |
| modp4096 { YYD; yylval.num = algtype_modp4096; return(ALGORITHMTYPE); } |
| modp6144 { YYD; yylval.num = algtype_modp6144; return(ALGORITHMTYPE); } |
| modp8192 { YYD; yylval.num = algtype_modp8192; return(ALGORITHMTYPE); } |
| pre_shared_key { YYD; yylval.num = algtype_psk; return(ALGORITHMTYPE); } |
| rsasig { YYD; yylval.num = algtype_rsasig; return(ALGORITHMTYPE); } |
| dsssig { YYD; yylval.num = algtype_dsssig; return(ALGORITHMTYPE); } |
| rsaenc { YYD; yylval.num = algtype_rsaenc; return(ALGORITHMTYPE); } |
| rsarev { YYD; yylval.num = algtype_rsarev; return(ALGORITHMTYPE); } |
| gssapi_krb { YYD; yylval.num = algtype_gssapikrb; return(ALGORITHMTYPE); } |
| hybrid_rsa_server { |
| #ifdef ENABLE_HYBRID |
| YYD; yylval.num = algtype_hybrid_rsa_s; return(ALGORITHMTYPE); |
| #else |
| yyerror("racoon not configured with --enable-hybrid"); |
| #endif |
| } |
| hybrid_dss_server { |
| #ifdef ENABLE_HYBRID |
| YYD; yylval.num = algtype_hybrid_dss_s; return(ALGORITHMTYPE); |
| #else |
| yyerror("racoon not configured with --enable-hybrid"); |
| #endif |
| } |
| hybrid_rsa_client { |
| #ifdef ENABLE_HYBRID |
| YYD; yylval.num = algtype_hybrid_rsa_c; return(ALGORITHMTYPE); |
| #else |
| yyerror("racoon not configured with --enable-hybrid"); |
| #endif |
| } |
| hybrid_dss_client { |
| #ifdef ENABLE_HYBRID |
| YYD; yylval.num = algtype_hybrid_dss_c; return(ALGORITHMTYPE); |
| #else |
| yyerror("racoon not configured with --enable-hybrid"); |
| #endif |
| } |
| xauth_psk_server { |
| #ifdef ENABLE_HYBRID |
| YYD; yylval.num = algtype_xauth_psk_s; return(ALGORITHMTYPE); |
| #else |
| yyerror("racoon not configured with --enable-hybrid"); |
| #endif |
| } |
| xauth_psk_client { |
| #ifdef ENABLE_HYBRID |
| YYD; yylval.num = algtype_xauth_psk_c; return(ALGORITHMTYPE); |
| #else |
| yyerror("racoon not configured with --enable-hybrid"); |
| #endif |
| } |
| xauth_rsa_server { |
| #ifdef ENABLE_HYBRID |
| YYD; yylval.num = algtype_xauth_rsa_s; return(ALGORITHMTYPE); |
| #else |
| yyerror("racoon not configured with --enable-hybrid"); |
| #endif |
| } |
| xauth_rsa_client { |
| #ifdef ENABLE_HYBRID |
| YYD; yylval.num = algtype_xauth_rsa_c; return(ALGORITHMTYPE); |
| #else |
| yyerror("racoon not configured with --enable-hybrid"); |
| #endif |
| } |
| |
| |
| /* identifier type */ |
| vendor_id { YYD; yywarn("it is obsoleted."); return(VENDORID); } |
| user_fqdn { YYD; yylval.num = IDTYPE_USERFQDN; return(IDENTIFIERTYPE); } |
| fqdn { YYD; yylval.num = IDTYPE_FQDN; return(IDENTIFIERTYPE); } |
| keyid { YYD; yylval.num = IDTYPE_KEYID; return(IDENTIFIERTYPE); } |
| address { YYD; yylval.num = IDTYPE_ADDRESS; return(IDENTIFIERTYPE); } |
| subnet { YYD; yylval.num = IDTYPE_SUBNET; return(IDENTIFIERTYPE); } |
| asn1dn { YYD; yylval.num = IDTYPE_ASN1DN; return(IDENTIFIERTYPE); } |
| certname { YYD; yywarn("certname will be obsoleted in near future."); yylval.num = IDTYPE_ASN1DN; return(IDENTIFIERTYPE); } |
| |
| /* identifier qualifier */ |
| tag { YYD; yylval.num = IDQUAL_TAG; return(IDENTIFIERQUAL); } |
| file { YYD; yylval.num = IDQUAL_FILE; return(IDENTIFIERQUAL); } |
| |
| /* units */ |
| B|byte|bytes { YYD; return(UNITTYPE_BYTE); } |
| KB { YYD; return(UNITTYPE_KBYTES); } |
| MB { YYD; return(UNITTYPE_MBYTES); } |
| TB { YYD; return(UNITTYPE_TBYTES); } |
| sec|secs|second|seconds { YYD; return(UNITTYPE_SEC); } |
| min|mins|minute|minutes { YYD; return(UNITTYPE_MIN); } |
| hour|hours { YYD; return(UNITTYPE_HOUR); } |
| |
| /* boolean */ |
| yes { YYD; yylval.num = TRUE; return(BOOLEAN); } |
| no { YYD; yylval.num = FALSE; return(BOOLEAN); } |
| |
| {decstring} { |
| char *bp; |
| |
| YYD; |
| yylval.num = strtol(yytext, &bp, 10); |
| return(NUMBER); |
| } |
| |
| {hexstring} { |
| char *p; |
| |
| YYD; |
| yylval.val = vmalloc(yyleng + (yyleng & 1) + 1); |
| if (yylval.val == NULL) { |
| yyerror("vmalloc failed"); |
| return -1; |
| } |
| |
| p = yylval.val->v; |
| *p++ = '0'; |
| *p++ = 'x'; |
| |
| /* fixed string if length is odd. */ |
| if (yyleng & 1) |
| *p++ = '0'; |
| memcpy(p, &yytext[2], yyleng - 1); |
| |
| return(HEXSTRING); |
| } |
| |
| {quotedstring} { |
| char *p = yytext; |
| |
| YYD; |
| while (*++p != '"') ; |
| *p = '\0'; |
| |
| yylval.val = vmalloc(yyleng - 1); |
| if (yylval.val == NULL) { |
| yyerror("vmalloc failed"); |
| return -1; |
| } |
| memcpy(yylval.val->v, &yytext[1], yylval.val->l); |
| |
| return(QUOTEDSTRING); |
| } |
| |
| {addrstring} { |
| YYD; |
| |
| yylval.val = vmalloc(yyleng + 1); |
| if (yylval.val == NULL) { |
| yyerror("vmalloc failed"); |
| return -1; |
| } |
| memcpy(yylval.val->v, yytext, yylval.val->l); |
| |
| return(ADDRSTRING); |
| } |
| |
| <<EOF>> { |
| yy_delete_buffer(YY_CURRENT_BUFFER); |
| incstackp--; |
| nextfile: |
| if (incstack[incstackp].matchon < |
| incstack[incstackp].matches.gl_pathc) { |
| char* filepath = incstack[incstackp].matches.gl_pathv[incstack[incstackp].matchon]; |
| incstack[incstackp].matchon++; |
| incstackp++; |
| if (yycf_set_buffer(filepath) != 0) { |
| incstackp--; |
| goto nextfile; |
| } |
| yy_switch_to_buffer(yy_create_buffer(yyin, YY_BUF_SIZE)); |
| BEGIN(S_INI); |
| } else { |
| globfree(&incstack[incstackp].matches); |
| if (incstackp == 0) |
| yyterminate(); |
| else |
| yy_switch_to_buffer(incstack[incstackp].prevstate); |
| } |
| } |
| |
| /* ... */ |
| {ws} { ; } |
| {nl} { incstack[incstackp].lineno++; } |
| {comment} { YYD; } |
| {semi} { return(EOS); } |
| . { yymore(); } |
| |
| %% |
| |
| void |
| yyerror(char *s, ...) |
| { |
| char fmt[512]; |
| |
| va_list ap; |
| #ifdef HAVE_STDARG_H |
| va_start(ap, s); |
| #else |
| va_start(ap); |
| #endif |
| snprintf(fmt, sizeof(fmt), "%s:%d: \"%s\" %s\n", |
| incstack[incstackp].path, incstack[incstackp].lineno, |
| yytext, s); |
| plogv(LLV_ERROR, LOCATION, NULL, fmt, ap); |
| va_end(ap); |
| |
| yyerrorcount++; |
| } |
| |
| void |
| yywarn(char *s, ...) |
| { |
| char fmt[512]; |
| |
| va_list ap; |
| #ifdef HAVE_STDARG_H |
| va_start(ap, s); |
| #else |
| va_start(ap); |
| #endif |
| snprintf(fmt, sizeof(fmt), "%s:%d: \"%s\" %s\n", |
| incstack[incstackp].path, incstack[incstackp].lineno, |
| yytext, s); |
| plogv(LLV_WARNING, LOCATION, NULL, fmt, ap); |
| va_end(ap); |
| } |
| |
| int |
| yycf_switch_buffer(path) |
| char *path; |
| { |
| char *filepath = NULL; |
| |
| /* got the include file name */ |
| if (incstackp >= MAX_INCLUDE_DEPTH) { |
| plog(LLV_ERROR, LOCATION, NULL, |
| "Includes nested too deeply"); |
| return -1; |
| } |
| |
| if (glob(path, GLOB_TILDE, NULL, &incstack[incstackp].matches) != 0 || |
| incstack[incstackp].matches.gl_pathc == 0) { |
| plog(LLV_ERROR, LOCATION, NULL, |
| "glob found no matches for path \"%s\"\n", path); |
| return -1; |
| } |
| incstack[incstackp].matchon = 0; |
| incstack[incstackp].prevstate = YY_CURRENT_BUFFER; |
| |
| nextmatch: |
| if (incstack[incstackp].matchon >= incstack[incstackp].matches.gl_pathc) |
| return -1; |
| filepath = |
| incstack[incstackp].matches.gl_pathv[incstack[incstackp].matchon]; |
| incstack[incstackp].matchon++; |
| incstackp++; |
| |
| if (yycf_set_buffer(filepath) != 0) { |
| incstackp--; |
| goto nextmatch; |
| } |
| |
| yy_switch_to_buffer(yy_create_buffer(yyin, YY_BUF_SIZE)); |
| |
| BEGIN(S_INI); |
| |
| return 0; |
| } |
| |
| int |
| yycf_set_buffer(path) |
| char *path; |
| { |
| yyin = fopen(path, "r"); |
| if (yyin == NULL) { |
| fprintf(stderr, "failed to open file %s (%s)\n", |
| path, strerror(errno)); |
| plog(LLV_ERROR, LOCATION, NULL, |
| "failed to open file %s (%s)\n", |
| path, strerror(errno)); |
| return -1; |
| } |
| |
| /* initialize */ |
| incstack[incstackp].fp = yyin; |
| if (incstack[incstackp].path != NULL) |
| racoon_free(incstack[incstackp].path); |
| incstack[incstackp].path = racoon_strdup(path); |
| STRDUP_FATAL(incstack[incstackp].path); |
| incstack[incstackp].lineno = 1; |
| plog(LLV_DEBUG, LOCATION, NULL, |
| "reading config file %s\n", path); |
| |
| return 0; |
| } |
| |
| void |
| yycf_init_buffer() |
| { |
| int i; |
| |
| for (i = 0; i < MAX_INCLUDE_DEPTH; i++) |
| memset(&incstack[i], 0, sizeof(incstack[i])); |
| incstackp = 0; |
| } |
| |
| void |
| yycf_clean_buffer() |
| { |
| int i; |
| |
| for (i = 0; i < MAX_INCLUDE_DEPTH; i++) { |
| if (incstack[i].path != NULL) { |
| fclose(incstack[i].fp); |
| racoon_free(incstack[i].path); |
| incstack[i].path = NULL; |
| } |
| } |
| } |
| |
