GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: usr.sbin/ldapd/parse.c Lines: 114 265 43.0 %
Date: 2017-11-07 Branches: 63 218 28.9 %

Line Branch Exec Source
1
#include <stdlib.h>
2
#include <string.h>
3
#define YYBYACC 1
4
#define YYMAJOR 1
5
#define YYMINOR 9
6
#define YYLEX yylex()
7
#define YYEMPTY -1
8
#define yyclearin (yychar=(YYEMPTY))
9
#define yyerrok (yyerrflag=0)
10
#define YYRECOVERING() (yyerrflag!=0)
11
#define YYPREFIX "yy"
12
#line 25 "parse.y"
13
#include <sys/types.h>
14
#include <sys/queue.h>
15
#include <sys/tree.h>
16
#include <sys/socket.h>
17
#include <sys/stat.h>
18
#include <sys/un.h>
19
#include <netinet/in.h>
20
#include <arpa/inet.h>
21
22
#include <ctype.h>
23
#include <err.h>
24
#include <errno.h>
25
#include <ifaddrs.h>
26
#include <limits.h>
27
#include <netdb.h>
28
#include <stdarg.h>
29
#include <stdio.h>
30
#include <stdlib.h>
31
#include <string.h>
32
#include <syslog.h>
33
#include <unistd.h>
34
35
#include "ldapd.h"
36
#include "log.h"
37
38
TAILQ_HEAD(files, file)		 files = TAILQ_HEAD_INITIALIZER(files);
39
static struct file {
40
	TAILQ_ENTRY(file)	 entry;
41
	FILE			*stream;
42
	char			*name;
43
	int			 lineno;
44
	int			 errors;
45
} *file, *topfile;
46
struct file	*pushfile(const char *, int);
47
int		 popfile(void);
48
int		 check_file_secrecy(int, const char *);
49
int		 yyparse(void);
50
int		 yylex(void);
51
int		 yyerror(const char *, ...)
52
    __attribute__((__format__ (printf, 1, 2)))
53
    __attribute__((__nonnull__ (1)));
54
int		 kw_cmp(const void *, const void *);
55
int		 lookup(char *);
56
int		 lgetc(int);
57
int		 lungetc(int);
58
int		 findeol(void);
59
60
struct listener *host_unix(const char *path);
61
struct listener	*host_v4(const char *, in_port_t);
62
struct listener	*host_v6(const char *, in_port_t);
63
int		 host_dns(const char *, const char *,
64
		    struct listenerlist *, int, in_port_t, u_int8_t);
65
int		 host(const char *, const char *,
66
		    struct listenerlist *, int, in_port_t, u_int8_t);
67
int		 interface(const char *, const char *,
68
		    struct listenerlist *, int, in_port_t, u_int8_t);
69
int		 load_certfile(struct ldapd_config *, const char *, u_int8_t);
70
71
TAILQ_HEAD(symhead, sym)	 symhead = TAILQ_HEAD_INITIALIZER(symhead);
72
struct sym {
73
	TAILQ_ENTRY(sym)	 entry;
74
	int			 used;
75
	int			 persist;
76
	char			*nam;
77
	char			*val;
78
};
79
int		 symset(const char *, const char *, int);
80
char		*symget(const char *);
81
82
struct ldapd_config	*conf;
83
84
SPLAY_GENERATE(ssltree, ssl, ssl_nodes, ssl_cmp);
85
86
static struct aci	*mk_aci(int type, int rights, enum scope scope,
87
				char *target, char *subject);
88
89
typedef struct {
90
	union {
91
		int64_t		 number;
92
		char		*string;
93
		struct aci	*aci;
94
	} v;
95
	int lineno;
96
} YYSTYPE;
97
98
static struct namespace *current_ns = NULL;
99
100
#line 101 "parse.c"
101
#define ERROR 257
102
#define LISTEN 258
103
#define ON 259
104
#define TLS 260
105
#define LDAPS 261
106
#define PORT 262
107
#define NAMESPACE 263
108
#define ROOTDN 264
109
#define ROOTPW 265
110
#define INDEX 266
111
#define SECURE 267
112
#define RELAX 268
113
#define STRICT 269
114
#define SCHEMA 270
115
#define USE 271
116
#define COMPRESSION 272
117
#define LEVEL 273
118
#define INCLUDE 274
119
#define CERTIFICATE 275
120
#define FSYNC 276
121
#define CACHE_SIZE 277
122
#define INDEX_CACHE_SIZE 278
123
#define DENY 279
124
#define ALLOW 280
125
#define READ 281
126
#define WRITE 282
127
#define BIND 283
128
#define ACCESS 284
129
#define TO 285
130
#define ROOT 286
131
#define REFERRAL 287
132
#define ANY 288
133
#define CHILDREN 289
134
#define OF 290
135
#define ATTRIBUTE 291
136
#define IN 292
137
#define SUBTREE 293
138
#define BY 294
139
#define SELF 295
140
#define STRING 296
141
96
#define NUMBER 297
142
96
#define YYERRCODE 256
143
const short yylhs[] =
144
48
	{                                        -1,
145
48
    0,    0,    0,    0,    0,    0,    0,    0,    0,    2,
146
    2,    2,    2,   12,   12,    1,    1,    1,   16,   16,
147
144
   16,   16,   20,   17,    3,    3,   19,   19,   19,   21,
148
144
   21,   21,   21,   21,   21,   21,   21,   21,   21,   21,
149
    4,    4,   13,   13,    5,    5,    6,    6,    6,    7,
150
    7,    8,    8,    8,    9,    9,    9,   10,   10,   10,
151
   11,   11,   11,   11,   14,   15,   18,
152
};
153
const short yylen[] =
154
	{                                         2,
155
    0,    2,    3,    3,    3,    3,    3,    3,    3,    0,
156
    1,    1,    1,    0,    2,    2,    2,    0,    6,    2,
157
    2,    2,    0,    7,    1,    1,    0,    2,    3,    2,
158
    2,    2,    2,    2,    2,    1,    2,    2,    3,    2,
159
    0,    2,    6,    2,    1,    1,    0,    1,    2,    1,
160
    3,    1,    1,    1,    0,    1,    2,    1,    1,    1,
161
    0,    2,    2,    2,    2,    3,    2,
162
};
163
const short yydefred[] =
164

192
	{                                      1,
165
    0,    0,    0,    0,    0,    0,    0,    0,   45,   46,
166
    0,    0,    2,    0,    0,    0,    0,    0,    0,    0,
167
    6,    0,    0,   21,   22,   67,   65,   20,    0,   52,
168
96
   53,   54,   48,    0,    0,   50,    8,    3,    4,    5,
169
    7,    9,    0,    0,   66,    0,   49,    0,    0,    0,
170
96
   23,    0,   56,    0,   51,   16,   17,   11,   12,   13,
171
48
    0,   27,   57,   59,   58,   60,    0,    0,   19,    0,
172
    0,   43,   15,    0,    0,    0,    0,    0,    0,    0,
173
48
    0,    0,    0,   28,   24,   36,    0,   62,   64,   63,
174
   30,   31,   32,   37,   38,    0,   26,   25,   35,   33,
175
   34,   40,   29,    0,   39,   42,
176
};
177
const short yydgoto[] =
178
144
	{                                       1,
179
48
   50,   61,   99,  105,   14,   34,   35,   36,   54,   67,
180
   72,   69,   15,   16,   17,   18,   19,   20,   70,   62,
181
   87,
182
};
183
48
const short yysindex[] =
184
	{                                      0,
185
144
  -10,    1, -245, -276, -270, -262, -261, -260,    0,    0,
186
 -259,  -23,    0, -254,   29,   30,   32,   33,   34,   35,
187

288
    0, -249,  -77,    0,    0,    0,    0,    0, -247,    0,
188
    0,    0,    0, -237,  -41,    0,    0,    0,    0,    0,
189
    0,    0, -212,   41,    0, -268,    0, -250, -274, -248,
190
    0, -238,    0, -281,    0,    0,    0,    0,    0,    0,
191
 -222,    0,    0,    0,    0,    0, -240, -241,    0,   14,
192
 -279,    0,    0, -239, -236, -235, -214, -211, -210, -255,
193
 -234, -233, -231,    0,    0,    0,   48,    0,    0,    0,
194
    0,    0,    0,    0,    0, -207,    0,    0,    0,    0,
195
288
    0,    0,    0, -230,    0,    0,};
196
144
const short yyrindex[] =
197
144
	{                                      0,
198
96
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
199
    0,    0,    0,   -9,    0,    0,    0,    0,    0,    0,
200
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
201
    0,    0,    0,   58,    0,    0,    0,    0,    0,    0,
202
    0,    0,   -4,    0,    0, -278,    0,    0,    0,   -8,
203
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
204
   59,    0,    0,    0,    0,    0,   60,    0,    0,    0,
205
144
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
206
144
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
207
144
    0,    0,    0,    0,    0,   34,    0,    0,    0,    0,
208
    0,    0,    0,    0,    0,    0,};
209
const short yygindex[] =
210
	{                                      0,
211
    0,    0,    0,    0,    0,    0,    0,   23,    0,    0,
212
    0,    0,    2,    0,    0,    0,    0,    0,    0,    0,
213
    0,
214
};
215
#define YYTABLESIZE 301
216
const short yytable[] =
217
	{                                      13,
218
   47,   10,   48,   97,   64,   18,   65,   55,   88,   55,
219
   21,   58,   59,   22,   66,   89,   90,   55,   60,   23,
220
   52,   56,   57,   84,   53,   24,   30,   31,   32,   33,
221
   30,   31,   32,   25,   26,   27,   28,   29,   37,   38,
222
   98,   39,   40,   41,   42,   44,   43,   46,   45,   49,
223
   51,   63,   68,   71,   73,   94,   91,  103,   95,   92,
224
   93,   96,  100,  101,  102,  104,  106,   44,   14,   61,
225
   55,   86,    0,    0,    0,    0,    0,    0,    0,    0,
226
96
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
227
96
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
228
96
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
229
96
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
230
96
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
231
192
    0,    0,    0,    0,    0,    0,    0,    0,   85,    0,
232
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
233
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
234
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
235
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
236
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
237
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
238
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
239
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
240
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
241
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
242
    0,    0,   47,    0,    0,    2,    0,    3,    0,    0,
243
    0,    0,    4,    5,    6,   18,   18,    0,    0,    7,
244
    0,    0,   18,    8,    0,    0,   10,    0,    9,   10,
245
   18,    0,    0,    0,    0,   47,   11,   74,   75,   76,
246
    0,   77,   78,    0,   79,   12,    0,    0,    0,   80,
247
   81,   82,    9,   10,    0,    0,    0,    0,    0,    0,
248
   83,
249
};
250
const short yycheck[] =
251
	{                                      10,
252
   10,   10,   44,  259,  286,   10,  288,  286,  288,  288,
253
   10,  260,  261,  259,  296,  295,  296,  296,  267,  296,
254
  289,  296,  297,   10,  293,  296,  281,  282,  283,  284,
255
  281,  282,  283,  296,  296,  296,  296,   61,   10,   10,
256
  296,   10,   10,   10,   10,  123,  296,  285,  296,  262,
257
96
   10,  290,  275,  294,  296,  270,  296,   10,  270,  296,
258
96
  296,  272,  297,  297,  296,  273,  297,   10,   10,   10,
259
   48,   70,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
260
192
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
261
96
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
262
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
263
192
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
264
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
265
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,  125,   -1,
266
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
267
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
268
192
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
269
192
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
270
192
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
271
192
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
272
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
273
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
274
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
275
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
276
   -1,   -1,  284,   -1,   -1,  256,   -1,  258,   -1,   -1,
277
   -1,   -1,  263,  264,  265,  260,  261,   -1,   -1,  270,
278
   -1,   -1,  267,  274,   -1,   -1,  275,   -1,  279,  280,
279
  275,   -1,   -1,   -1,   -1,  285,  287,  264,  265,  266,
280
   -1,  268,  269,   -1,  271,  296,   -1,   -1,   -1,  276,
281
  277,  278,  279,  280,   -1,   -1,   -1,   -1,   -1,   -1,
282
  287,
283
};
284
#define YYFINAL 1
285
#ifndef YYDEBUG
286
#define YYDEBUG 0
287
#endif
288
#define YYMAXTOKEN 297
289
#if YYDEBUG
290
const char * const yyname[] =
291
	{
292
"end-of-file",0,0,0,0,0,0,0,0,0,"'\\n'",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
293
0,0,0,0,0,0,0,0,0,0,0,0,0,"','",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"'='",0,0,0,0,0,
294
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
295
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"'{'",0,"'}'",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
296
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
297
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
298
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"ERROR",
299
"LISTEN","ON","TLS","LDAPS","PORT","NAMESPACE","ROOTDN","ROOTPW","INDEX",
300
"SECURE","RELAX","STRICT","SCHEMA","USE","COMPRESSION","LEVEL","INCLUDE",
301
"CERTIFICATE","FSYNC","CACHE_SIZE","INDEX_CACHE_SIZE","DENY","ALLOW","READ",
302
"WRITE","BIND","ACCESS","TO","ROOT","REFERRAL","ANY","CHILDREN","OF",
303
"ATTRIBUTE","IN","SUBTREE","BY","SELF","STRING","NUMBER",
304
};
305
const char * const yyrule[] =
306
	{"$accept : grammar",
307
"grammar :",
308
"grammar : grammar '\\n'",
309
"grammar : grammar include '\\n'",
310
"grammar : grammar varset '\\n'",
311
"grammar : grammar conf_main '\\n'",
312
"grammar : grammar error '\\n'",
313
"grammar : grammar namespace '\\n'",
314
"grammar : grammar aci '\\n'",
315
"grammar : grammar schema '\\n'",
316
"ssl :",
317
"ssl : TLS",
318
"ssl : LDAPS",
319
"ssl : SECURE",
320
"certname :",
321
"certname : CERTIFICATE STRING",
322
"port : PORT STRING",
323
"port : PORT NUMBER",
324
"port :",
325
"conf_main : LISTEN ON STRING port ssl certname",
326
"conf_main : REFERRAL STRING",
327
"conf_main : ROOTDN STRING",
328
"conf_main : ROOTPW STRING",
329
"$$1 :",
330
"namespace : NAMESPACE STRING '{' '\\n' $$1 ns_opts '}'",
331
"boolean : STRING",
332
"boolean : ON",
333
"ns_opts :",
334
"ns_opts : ns_opts '\\n'",
335
"ns_opts : ns_opts ns_opt '\\n'",
336
"ns_opt : ROOTDN STRING",
337
"ns_opt : ROOTPW STRING",
338
"ns_opt : INDEX STRING",
339
"ns_opt : CACHE_SIZE NUMBER",
340
"ns_opt : INDEX_CACHE_SIZE NUMBER",
341
"ns_opt : FSYNC boolean",
342
"ns_opt : aci",
343
"ns_opt : RELAX SCHEMA",
344
"ns_opt : STRICT SCHEMA",
345
"ns_opt : USE COMPRESSION comp_level",
346
"ns_opt : REFERRAL STRING",
347
"comp_level :",
348
"comp_level : LEVEL NUMBER",
349
"aci : aci_type aci_access TO aci_scope aci_target aci_subject",
350
"aci : aci_type aci_access",
351
"aci_type : DENY",
352
"aci_type : ALLOW",
353
"aci_access :",
354
"aci_access : ACCESS",
355
"aci_access : aci_rights ACCESS",
356
"aci_rights : aci_right",
357
"aci_rights : aci_rights ',' aci_right",
358
"aci_right : READ",
359
"aci_right : WRITE",
360
"aci_right : BIND",
361
"aci_scope :",
362
"aci_scope : SUBTREE",
363
"aci_scope : CHILDREN OF",
364
"aci_target : ANY",
365
"aci_target : ROOT",
366
"aci_target : STRING",
367
"aci_subject :",
368
"aci_subject : BY ANY",
369
"aci_subject : BY STRING",
370
"aci_subject : BY SELF",
371
"include : INCLUDE STRING",
372
"varset : STRING '=' STRING",
373
"schema : SCHEMA STRING",
374
};
375
#endif
376
#ifdef YYSTACKSIZE
377
#undef YYMAXDEPTH
378
#define YYMAXDEPTH YYSTACKSIZE
379
#else
380
#ifdef YYMAXDEPTH
381
144
#define YYSTACKSIZE YYMAXDEPTH
382
144
#else
383
144
#define YYSTACKSIZE 10000
384
#define YYMAXDEPTH 10000
385
#endif
386
144
#endif
387
#define YYINITSTACKSIZE 200
388
/* LINTUSED */
389
int yydebug;
390
int yynerrs;
391
int yyerrflag;
392
int yychar;
393
short *yyssp;
394
YYSTYPE *yyvsp;
395
YYSTYPE yyval;
396
YYSTYPE yylval;
397
short *yyss;
398
short *yysslim;
399
YYSTYPE *yyvs;
400
unsigned int yystacksize;
401
int yyparse(void);
402
#line 390 "parse.y"
403
404
struct keywords {
405
	const char	*k_name;
406
	int		 k_val;
407
};
408
409
int
410
yyerror(const char *fmt, ...)
411
{
412
	va_list		 ap;
413
	char		*msg;
414
415
	file->errors++;
416
	va_start(ap, fmt);
417
	if (vasprintf(&msg, fmt, ap) == -1)
418
		fatalx("yyerror vasprintf");
419
	va_end(ap);
420
	logit(LOG_CRIT, "%s:%d: %s", file->name, yylval.lineno, msg);
421
	free(msg);
422
	return (0);
423
}
424
425
int
426
kw_cmp(const void *k, const void *e)
427
{
428
	return (strcmp(k, ((const struct keywords *)e)->k_name));
429
}
430
431
int
432
lookup(char *s)
433
{
434
	/* this has to be sorted always */
435
	static const struct keywords keywords[] = {
436
		{ "access",		ACCESS },
437
		{ "allow",		ALLOW },
438
		{ "any",		ANY },
439
		{ "bind",		BIND },
440
		{ "by",			BY },
441
		{ "cache-size",		CACHE_SIZE },
442
		{ "certificate",	CERTIFICATE },
443
		{ "children",		CHILDREN },
444
		{ "compression",	COMPRESSION },
445
		{ "deny",		DENY },
446
		{ "fsync",		FSYNC },
447
		{ "in",			IN },
448
		{ "include",		INCLUDE },
449
		{ "index",		INDEX },
450
		{ "index-cache-size",	INDEX_CACHE_SIZE },
451
		{ "ldaps",		LDAPS },
452
		{ "level",		LEVEL },
453
		{ "listen",		LISTEN },
454
		{ "namespace",		NAMESPACE },
455
		{ "of",			OF },
456
		{ "on",			ON },
457
		{ "port",		PORT },
458
		{ "read",		READ },
459
		{ "referral",		REFERRAL },
460
		{ "relax",		RELAX },
461
		{ "root",		ROOT },
462
		{ "rootdn",		ROOTDN },
463
		{ "rootpw",		ROOTPW },
464
		{ "schema",		SCHEMA },
465
		{ "secure",		SECURE },
466
		{ "self",		SELF },
467
		{ "strict",		STRICT },
468
		{ "subtree",		SUBTREE },
469
		{ "tls",		TLS },
470
		{ "to",			TO },
471
		{ "use",		USE },
472
		{ "write",		WRITE },
473
474
	};
475
	const struct keywords	*p;
476
477
	p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]),
478
	    sizeof(keywords[0]), kw_cmp);
479
480
	if (p)
481
		return (p->k_val);
482
	else
483
		return (STRING);
484
}
485
486
#define MAXPUSHBACK	128
487
488
u_char	*parsebuf;
489
int	 parseindex;
490
u_char	 pushback_buffer[MAXPUSHBACK];
491
int	 pushback_index = 0;
492
493
int
494
lgetc(int quotec)
495
{
496
	int		c, next;
497
498
	if (parsebuf) {
499
		/* Read character from the parsebuffer instead of input. */
500
		if (parseindex >= 0) {
501
			c = parsebuf[parseindex++];
502
			if (c != '\0')
503
				return (c);
504
			parsebuf = NULL;
505
		} else
506
			parseindex++;
507
	}
508
509
	if (pushback_index)
510
		return (pushback_buffer[--pushback_index]);
511
512
	if (quotec) {
513
		if ((c = getc(file->stream)) == EOF) {
514
			yyerror("reached end of file while parsing "
515
			    "quoted string");
516
			if (file == topfile || popfile() == EOF)
517
				return (EOF);
518
			return (quotec);
519
		}
520
		return (c);
521
	}
522
523
	while ((c = getc(file->stream)) == '\\') {
524
		next = getc(file->stream);
525
		if (next != '\n') {
526
			c = next;
527
			break;
528
		}
529
		yylval.lineno = file->lineno;
530
		file->lineno++;
531
	}
532
533
	while (c == EOF) {
534
		if (file == topfile || popfile() == EOF)
535
			return (EOF);
536
		c = getc(file->stream);
537
	}
538
	return (c);
539
}
540
541
int
542
lungetc(int c)
543
{
544
	if (c == EOF)
545
		return (EOF);
546
	if (parsebuf) {
547
		parseindex--;
548
		if (parseindex >= 0)
549
			return (c);
550
	}
551
	if (pushback_index < MAXPUSHBACK-1)
552
		return (pushback_buffer[pushback_index++] = c);
553
	else
554
		return (EOF);
555
}
556
557
int
558
findeol(void)
559
{
560
	int	c;
561
562
	parsebuf = NULL;
563
564
	/* skip to either EOF or the first real EOL */
565
	while (1) {
566
		if (pushback_index)
567
			c = pushback_buffer[--pushback_index];
568
		else
569
			c = lgetc(0);
570
		if (c == '\n') {
571
			file->lineno++;
572
			break;
573
		}
574
		if (c == EOF)
575
			break;
576
	}
577
	return (ERROR);
578
}
579
580
int
581
yylex(void)
582
{
583
	u_char	 buf[4096];
584
	u_char	*p, *val;
585
	int	 quotec, next, c;
586
	int	 token;
587
588
top:
589
	p = buf;
590
	while ((c = lgetc(0)) == ' ' || c == '\t')
591
		; /* nothing */
592
593
	yylval.lineno = file->lineno;
594
	if (c == '#')
595
		while ((c = lgetc(0)) != '\n' && c != EOF)
596
			; /* nothing */
597
	if (c == '$' && parsebuf == NULL) {
598
		while (1) {
599
			if ((c = lgetc(0)) == EOF)
600
				return (0);
601
602
			if (p + 1 >= buf + sizeof(buf) - 1) {
603
				yyerror("string too long");
604
				return (findeol());
605
			}
606
			if (isalnum(c) || c == '_') {
607
				*p++ = c;
608
				continue;
609
			}
610
			*p = '\0';
611
			lungetc(c);
612
			break;
613
		}
614
		val = symget(buf);
615
		if (val == NULL) {
616
			yyerror("macro '%s' not defined", buf);
617
			return (findeol());
618
		}
619
		parsebuf = val;
620
		parseindex = 0;
621
		goto top;
622
	}
623
624
	switch (c) {
625
	case '\'':
626
	case '"':
627
		quotec = c;
628
		while (1) {
629
			if ((c = lgetc(quotec)) == EOF)
630
				return (0);
631
			if (c == '\n') {
632
				file->lineno++;
633
				continue;
634
			} else if (c == '\\') {
635
				if ((next = lgetc(quotec)) == EOF)
636
					return (0);
637
				if (next == quotec || c == ' ' || c == '\t')
638
					c = next;
639
				else if (next == '\n') {
640
					file->lineno++;
641
					continue;
642
				} else
643
					lungetc(next);
644
			} else if (c == quotec) {
645
				*p = '\0';
646
				break;
647
			} else if (c == '\0') {
648
				yyerror("syntax error");
649
				return (findeol());
650
			}
651
			if (p + 1 >= buf + sizeof(buf) - 1) {
652
				log_warnx("string too long");
653
				return (findeol());
654
			}
655
			*p++ = c;
656
		}
657
		yylval.v.string = strdup(buf);
658
		if (yylval.v.string == NULL)
659
			fatal("yylex: strdup");
660
		return (STRING);
661
	}
662
663
#define allowed_to_end_number(x) \
664
	(isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' || x == '=')
665
666
	if (c == '-' || isdigit(c)) {
667
		do {
668
			*p++ = c;
669
			if ((unsigned)(p-buf) >= sizeof(buf)) {
670
				yyerror("string too long");
671
				return (findeol());
672
			}
673
		} while ((c = lgetc(0)) != EOF && isdigit(c));
674
		lungetc(c);
675
		if (p == buf + 1 && buf[0] == '-')
676
			goto nodigits;
677
		if (c == EOF || allowed_to_end_number(c)) {
678
			const char *errstr = NULL;
679
680
			*p = '\0';
681
			yylval.v.number = strtonum(buf, LLONG_MIN,
682
			    LLONG_MAX, &errstr);
683
			if (errstr) {
684
				yyerror("\"%s\" invalid number: %s",
685
				    buf, errstr);
686
				return (findeol());
687
			}
688
			return (NUMBER);
689
		} else {
690
nodigits:
691
			while (p > buf + 1)
692
				lungetc(*--p);
693
			c = *--p;
694
			if (c == '-')
695
				return (c);
696
		}
697
	}
698
699
#define allowed_in_string(x) \
700
	(isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \
701
	x != '{' && x != '}' && x != '<' && x != '>' && \
702
	x != '!' && x != '=' && x != '/' && x != '#' && \
703
	x != ','))
704
705
	if (isalnum(c) || c == ':' || c == '_' || c == '*') {
706
		do {
707
			*p++ = c;
708
			if ((unsigned)(p-buf) >= sizeof(buf)) {
709
				yyerror("string too long");
710
				return (findeol());
711
			}
712
		} while ((c = lgetc(0)) != EOF && (allowed_in_string(c)));
713
		lungetc(c);
714
		*p = '\0';
715
		if ((token = lookup(buf)) == STRING)
716
			if ((yylval.v.string = strdup(buf)) == NULL)
717
				fatal("yylex: strdup");
718
		return (token);
719
	}
720
	if (c == '\n') {
721
		yylval.lineno = file->lineno;
722
		file->lineno++;
723
	}
724
	if (c == EOF)
725
		return (0);
726
	return (c);
727
}
728
729
int
730
check_file_secrecy(int fd, const char *fname)
731
{
732
	struct stat	st;
733
734
	if (fstat(fd, &st)) {
735
		log_warn("cannot stat %s", fname);
736
		return (-1);
737
	}
738
	if (st.st_uid != 0 && st.st_uid != getuid()) {
739
		log_warnx("%s: owner not root or current user", fname);
740
		return (-1);
741
	}
742
	if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {
743
		log_warnx("%s: group writable or world read/writable", fname);
744
		return (-1);
745
	}
746
	return (0);
747
}
748
749
struct file *
750
pushfile(const char *name, int secret)
751
{
752
	struct file	*nfile;
753
754
	log_debug("parsing config %s", name);
755
756
	if ((nfile = calloc(1, sizeof(struct file))) == NULL) {
757
		log_warn("malloc");
758
		return (NULL);
759
	}
760
	if ((nfile->name = strdup(name)) == NULL) {
761
		log_warn("malloc");
762
		free(nfile);
763
		return (NULL);
764
	}
765
	if ((nfile->stream = fopen(nfile->name, "r")) == NULL) {
766
		log_warn("%s", nfile->name);
767
		free(nfile->name);
768
		free(nfile);
769
		return (NULL);
770
	}
771
	if (secret &&
772
	    check_file_secrecy(fileno(nfile->stream), nfile->name)) {
773
		fclose(nfile->stream);
774
		free(nfile->name);
775
		free(nfile);
776
		return (NULL);
777
	}
778
	nfile->lineno = 1;
779
	TAILQ_INSERT_TAIL(&files, nfile, entry);
780
	return (nfile);
781
}
782
783
int
784
popfile(void)
785
{
786
	struct file	*prev;
787
788
	if ((prev = TAILQ_PREV(file, files, entry)) != NULL)
789
		prev->errors += file->errors;
790
791
	TAILQ_REMOVE(&files, file, entry);
792
	fclose(file->stream);
793
	free(file->name);
794
	free(file);
795
	file = prev;
796
	return (file ? 0 : EOF);
797
}
798
799
int
800
parse_config(char *filename)
801
{
802
	struct sym		*sym, *next;
803
	int			 errors = 0;
804
805
	if ((conf = calloc(1, sizeof(struct ldapd_config))) == NULL)
806
		fatal(NULL);
807
808
	conf->schema = schema_new();
809
	if (conf->schema == NULL)
810
		fatal("schema_new");
811
812
	TAILQ_INIT(&conf->namespaces);
813
	TAILQ_INIT(&conf->listeners);
814
	if ((conf->sc_ssl = calloc(1, sizeof(*conf->sc_ssl))) == NULL)
815
		fatal(NULL);
816
	SPLAY_INIT(conf->sc_ssl);
817
	SIMPLEQ_INIT(&conf->acl);
818
	SLIST_INIT(&conf->referrals);
819
820
	if ((file = pushfile(filename, 1)) == NULL) {
821
		free(conf);
822
		return (-1);
823
	}
824
	topfile = file;
825
826
	yyparse();
827
	errors = file->errors;
828
	popfile();
829
830
	/* Free macros and check which have not been used. */
831
	TAILQ_FOREACH_SAFE(sym, &symhead, entry, next) {
832
		log_debug("warning: macro \"%s\" not used", sym->nam);
833
		if (!sym->persist) {
834
			free(sym->nam);
835
			free(sym->val);
836
			TAILQ_REMOVE(&symhead, sym, entry);
837
			free(sym);
838
		}
839
	}
840
841
	return (errors ? -1 : 0);
842
}
843
844
int
845
symset(const char *nam, const char *val, int persist)
846
{
847
	struct sym	*sym;
848
849
	TAILQ_FOREACH(sym, &symhead, entry) {
850
		if (strcmp(nam, sym->nam) == 0)
851
			break;
852
	}
853
854
	if (sym != NULL) {
855
		if (sym->persist == 1)
856
			return (0);
857
		else {
858
			free(sym->nam);
859
			free(sym->val);
860
			TAILQ_REMOVE(&symhead, sym, entry);
861
			free(sym);
862
		}
863
	}
864
	if ((sym = calloc(1, sizeof(*sym))) == NULL)
865
		return (-1);
866
867
	sym->nam = strdup(nam);
868
	if (sym->nam == NULL) {
869
		free(sym);
870
		return (-1);
871
	}
872
	sym->val = strdup(val);
873
	if (sym->val == NULL) {
874
		free(sym->nam);
875
		free(sym);
876
		return (-1);
877
	}
878
	sym->used = 0;
879
	sym->persist = persist;
880
	TAILQ_INSERT_TAIL(&symhead, sym, entry);
881
	return (0);
882
}
883
884
int
885
cmdline_symset(char *s)
886
{
887
	char	*sym, *val;
888
	int	ret;
889
	size_t	len;
890
891
	if ((val = strrchr(s, '=')) == NULL)
892
		return (-1);
893
894
	len = strlen(s) - strlen(val) + 1;
895
	if ((sym = malloc(len)) == NULL)
896
		fatal("cmdline_symset: malloc");
897
898
	strlcpy(sym, s, len);
899
900
	ret = symset(sym, val + 1, 1);
901
	free(sym);
902
903
	return (ret);
904
}
905
906
char *
907
symget(const char *nam)
908
{
909
	struct sym	*sym;
910
911
	TAILQ_FOREACH(sym, &symhead, entry) {
912
		if (strcmp(nam, sym->nam) == 0) {
913
			sym->used = 1;
914
			return (sym->val);
915
		}
916
	}
917
	return (NULL);
918
}
919
920
struct listener *
921
host_unix(const char *path)
922
{
923
	struct sockaddr_un	*saun;
924
	struct listener		*h;
925
926
	if (*path != '/')
927
		return (NULL);
928
929
	if ((h = calloc(1, sizeof(*h))) == NULL)
930
		fatal(NULL);
931
	saun = (struct sockaddr_un *)&h->ss;
932
	saun->sun_len = sizeof(struct sockaddr_un);
933
	saun->sun_family = AF_UNIX;
934
	if (strlcpy(saun->sun_path, path, sizeof(saun->sun_path)) >=
935
	    sizeof(saun->sun_path))
936
		fatal("socket path too long");
937
	h->flags = F_SECURE;
938
939
	return (h);
940
}
941
942
struct listener *
943
host_v4(const char *s, in_port_t port)
944
{
945
	struct in_addr		 ina;
946
	struct sockaddr_in	*sain;
947
	struct listener		*h;
948
949
	memset(&ina, 0, sizeof(ina));
950
	if (inet_pton(AF_INET, s, &ina) != 1)
951
		return (NULL);
952
953
	if ((h = calloc(1, sizeof(*h))) == NULL)
954
		fatal(NULL);
955
	sain = (struct sockaddr_in *)&h->ss;
956
	sain->sin_len = sizeof(struct sockaddr_in);
957
	sain->sin_family = AF_INET;
958
	sain->sin_addr.s_addr = ina.s_addr;
959
	sain->sin_port = port;
960
961
	return (h);
962
}
963
964
struct listener *
965
host_v6(const char *s, in_port_t port)
966
{
967
	struct in6_addr		 ina6;
968
	struct sockaddr_in6	*sin6;
969
	struct listener		*h;
970
971
	memset(&ina6, 0, sizeof(ina6));
972
	if (inet_pton(AF_INET6, s, &ina6) != 1)
973
		return (NULL);
974
975
	if ((h = calloc(1, sizeof(*h))) == NULL)
976
		fatal(NULL);
977
	sin6 = (struct sockaddr_in6 *)&h->ss;
978
	sin6->sin6_len = sizeof(struct sockaddr_in6);
979
	sin6->sin6_family = AF_INET6;
980
	sin6->sin6_port = port;
981
	memcpy(&sin6->sin6_addr, &ina6, sizeof(ina6));
982
983
	return (h);
984
}
985
986
int
987
host_dns(const char *s, const char *cert,
988
    struct listenerlist *al, int max, in_port_t port, u_int8_t flags)
989
{
990
	struct addrinfo		 hints, *res0, *res;
991
	int			 error, cnt = 0;
992
	struct sockaddr_in	*sain;
993
	struct sockaddr_in6	*sin6;
994
	struct listener		*h;
995
996
	memset(&hints, 0, sizeof(hints));
997
	hints.ai_family = PF_UNSPEC;
998
	hints.ai_socktype = SOCK_DGRAM; /* DUMMY */
999
	error = getaddrinfo(s, NULL, &hints, &res0);
1000
	if (error == EAI_AGAIN || error == EAI_NODATA || error == EAI_NONAME)
1001
		return (0);
1002
	if (error) {
1003
		log_warnx("host_dns: could not parse \"%s\": %s", s,
1004
		    gai_strerror(error));
1005
		return (-1);
1006
	}
1007
1008
	for (res = res0; res && cnt < max; res = res->ai_next) {
1009
		if (res->ai_family != AF_INET &&
1010
		    res->ai_family != AF_INET6)
1011
			continue;
1012
		if ((h = calloc(1, sizeof(*h))) == NULL)
1013
			fatal(NULL);
1014
1015
		h->port = port;
1016
		h->flags = flags;
1017
		h->ss.ss_family = res->ai_family;
1018
		h->ssl = NULL;
1019
		h->ssl_cert_name[0] = '\0';
1020
		if (cert != NULL)
1021
			(void)strlcpy(h->ssl_cert_name, cert, sizeof(h->ssl_cert_name));
1022
1023
		if (res->ai_family == AF_INET) {
1024
			sain = (struct sockaddr_in *)&h->ss;
1025
			sain->sin_len = sizeof(struct sockaddr_in);
1026
			sain->sin_addr.s_addr = ((struct sockaddr_in *)
1027
			    res->ai_addr)->sin_addr.s_addr;
1028
			sain->sin_port = port;
1029
		} else {
1030
			sin6 = (struct sockaddr_in6 *)&h->ss;
1031
			sin6->sin6_len = sizeof(struct sockaddr_in6);
1032
			memcpy(&sin6->sin6_addr, &((struct sockaddr_in6 *)
1033
			    res->ai_addr)->sin6_addr, sizeof(struct in6_addr));
1034
			sin6->sin6_port = port;
1035
		}
1036
1037
		TAILQ_INSERT_HEAD(al, h, entry);
1038
		cnt++;
1039
	}
1040
	if (cnt == max && res) {
1041
		log_warnx("host_dns: %s resolves to more than %d hosts",
1042
		    s, max);
1043
	}
1044
	freeaddrinfo(res0);
1045
	return (cnt);
1046
}
1047
1048
int
1049
host(const char *s, const char *cert, struct listenerlist *al,
1050
    int max, in_port_t port, u_int8_t flags)
1051
{
1052
	struct listener *h;
1053
1054
	/* Unix socket path? */
1055
	h = host_unix(s);
1056
1057
	/* IPv4 address? */
1058
	if (h == NULL)
1059
		h = host_v4(s, port);
1060
1061
	/* IPv6 address? */
1062
	if (h == NULL)
1063
		h = host_v6(s, port);
1064
1065
	if (h != NULL) {
1066
		h->port = port;
1067
		h->flags |= flags;
1068
		h->ssl = NULL;
1069
		h->ssl_cert_name[0] = '\0';
1070
		if (cert != NULL)
1071
			strlcpy(h->ssl_cert_name, cert, sizeof(h->ssl_cert_name));
1072
1073
		TAILQ_INSERT_HEAD(al, h, entry);
1074
		return (1);
1075
	}
1076
1077
	return (host_dns(s, cert, al, max, port, flags));
1078
}
1079
1080
int
1081
interface(const char *s, const char *cert,
1082
    struct listenerlist *al, int max, in_port_t port, u_int8_t flags)
1083
{
1084
	int			 ret = 0;
1085
	struct ifaddrs		*ifap, *p;
1086
	struct sockaddr_in	*sain;
1087
	struct sockaddr_in6	*sin6;
1088
	struct listener		*h;
1089
1090
	if (getifaddrs(&ifap) == -1)
1091
		fatal("getifaddrs");
1092
1093
	for (p = ifap; p != NULL; p = p->ifa_next) {
1094
		if (strcmp(s, p->ifa_name) != 0)
1095
			continue;
1096
1097
		switch (p->ifa_addr->sa_family) {
1098
		case AF_INET:
1099
			if ((h = calloc(1, sizeof(*h))) == NULL)
1100
				fatal(NULL);
1101
			sain = (struct sockaddr_in *)&h->ss;
1102
			*sain = *(struct sockaddr_in *)p->ifa_addr;
1103
			sain->sin_len = sizeof(struct sockaddr_in);
1104
			sain->sin_port = port;
1105
1106
			h->fd = -1;
1107
			h->port = port;
1108
			h->flags = flags;
1109
			h->ssl = NULL;
1110
			h->ssl_cert_name[0] = '\0';
1111
			if (cert != NULL)
1112
				(void)strlcpy(h->ssl_cert_name, cert, sizeof(h->ssl_cert_name));
1113
1114
			ret = 1;
1115
			TAILQ_INSERT_HEAD(al, h, entry);
1116
1117
			break;
1118
1119
		case AF_INET6:
1120
			if ((h = calloc(1, sizeof(*h))) == NULL)
1121
				fatal(NULL);
1122
			sin6 = (struct sockaddr_in6 *)&h->ss;
1123
			*sin6 = *(struct sockaddr_in6 *)p->ifa_addr;
1124
			sin6->sin6_len = sizeof(struct sockaddr_in6);
1125
			sin6->sin6_port = port;
1126
1127
			h->fd = -1;
1128
			h->port = port;
1129
			h->flags = flags;
1130
			h->ssl = NULL;
1131
			h->ssl_cert_name[0] = '\0';
1132
			if (cert != NULL)
1133
				(void)strlcpy(h->ssl_cert_name, cert, sizeof(h->ssl_cert_name));
1134
1135
			ret = 1;
1136
			TAILQ_INSERT_HEAD(al, h, entry);
1137
1138
			break;
1139
		}
1140
	}
1141
1142
	freeifaddrs(ifap);
1143
1144
	return ret;
1145
}
1146
1147
static struct aci *
1148
mk_aci(int type, int rights, enum scope scope, char *target, char *subject)
1149
{
1150
	struct aci	*aci;
1151
1152
	if ((aci = calloc(1, sizeof(*aci))) == NULL) {
1153
		yyerror("calloc");
1154
		return NULL;
1155
	}
1156
	aci->type = type;
1157
	aci->rights = rights;
1158
	aci->scope = scope;
1159
	aci->target = target;
1160
	aci->subject = subject;
1161
1162
	log_debug("%s %02X access to %s scope %d by %s",
1163
	    aci->type == ACI_DENY ? "deny" : "allow",
1164
	    aci->rights,
1165
	    aci->target ? aci->target : "any",
1166
	    aci->scope,
1167
	    aci->subject ? aci->subject : "any");
1168
1169
	return aci;
1170
}
1171
1172
struct namespace *
1173
namespace_new(const char *suffix)
1174
{
1175
	struct namespace		*ns;
1176
1177
	if ((ns = calloc(1, sizeof(*ns))) == NULL)
1178
		return NULL;
1179
	ns->suffix = strdup(suffix);
1180
	ns->sync = 1;
1181
	ns->cache_size = 1024;
1182
	ns->index_cache_size = 512;
1183
	if (ns->suffix == NULL) {
1184
		free(ns->suffix);
1185
		free(ns);
1186
		return NULL;
1187
	}
1188
	TAILQ_INIT(&ns->indices);
1189
	TAILQ_INIT(&ns->request_queue);
1190
	SIMPLEQ_INIT(&ns->acl);
1191
	SLIST_INIT(&ns->referrals);
1192
1193
	return ns;
1194
}
1195
1196
int
1197
ssl_cmp(struct ssl *s1, struct ssl *s2)
1198
{
1199
	return (strcmp(s1->ssl_name, s2->ssl_name));
1200
}
1201
1202
int
1203
load_certfile(struct ldapd_config *env, const char *name, u_int8_t flags)
1204
{
1205
	struct ssl	*s;
1206
	struct ssl	 key;
1207
	char		 certfile[PATH_MAX];
1208
1209
	if (strlcpy(key.ssl_name, name, sizeof(key.ssl_name))
1210
	    >= sizeof(key.ssl_name)) {
1211
		log_warn("load_certfile: certificate name truncated");
1212
		return -1;
1213
	}
1214
1215
	s = SPLAY_FIND(ssltree, env->sc_ssl, &key);
1216
	if (s != NULL) {
1217
		s->flags |= flags;
1218
		return 0;
1219
	}
1220
1221
	if ((s = calloc(1, sizeof(*s))) == NULL)
1222
		fatal(NULL);
1223
1224
	s->flags = flags;
1225
	(void)strlcpy(s->ssl_name, key.ssl_name, sizeof(s->ssl_name));
1226
1227
	s->config = tls_config_new();
1228
	if (s->config == NULL)
1229
		goto err;
1230
1231
	if (tls_config_set_protocols(s->config, TLS_PROTOCOLS_ALL) != 0) {
1232
		log_warn("load_certfile: failed to set tls protocols: %s",
1233
		    tls_config_error(s->config));
1234
		goto err;
1235
	}
1236
	if (tls_config_set_ciphers(s->config, "all")) {
1237
		log_warn("load_certfile: failed to set tls ciphers: %s",
1238
		    tls_config_error(s->config));
1239
		goto err;
1240
	}
1241
1242
	if ((name[0] == '/' &&
1243
	     !bsnprintf(certfile, sizeof(certfile), "%s.crt", name)) ||
1244
	    !bsnprintf(certfile, sizeof(certfile), "/etc/ldap/certs/%s.crt",
1245
		name)) {
1246
		log_warn("load_certfile: path truncated");
1247
		goto err;
1248
	}
1249
1250
	log_debug("loading certificate file %s", certfile);
1251
	s->ssl_cert = tls_load_file(certfile, &s->ssl_cert_len, NULL);
1252
	if (s->ssl_cert == NULL)
1253
		goto err;
1254
1255
	if (tls_config_set_cert_mem(s->config, s->ssl_cert, s->ssl_cert_len)) {
1256
		log_warn("load_certfile: failed to set tls certificate: %s",
1257
		    tls_config_error(s->config));
1258
		goto err;
1259
	}
1260
1261
	if ((name[0] == '/' &&
1262
	     !bsnprintf(certfile, sizeof(certfile), "%s.key", name)) ||
1263
	    !bsnprintf(certfile, sizeof(certfile), "/etc/ldap/certs/%s.key",
1264
		name)) {
1265
		log_warn("load_certfile: path truncated");
1266
		goto err;
1267
	}
1268
1269
	log_debug("loading key file %s", certfile);
1270
	s->ssl_key = tls_load_file(certfile, &s->ssl_key_len, NULL);
1271
	if (s->ssl_key == NULL)
1272
		goto err;
1273
1274
	if (tls_config_set_key_mem(s->config, s->ssl_key, s->ssl_key_len)) {
1275
		log_warn("load_certfile: failed to set tls key: %s",
1276
		    tls_config_error(s->config));
1277
		goto err;
1278
	}
1279
1280
	SPLAY_INSERT(ssltree, env->sc_ssl, s);
1281
1282
	return (0);
1283
err:
1284
	free(s->ssl_cert);
1285
	free(s->ssl_key);
1286
	tls_config_free(s->config);
1287
	free(s);
1288
	return (-1);
1289
}
1290
#line 1283 "parse.c"
1291
96
/* allocate initial stack or double stack size, up to YYMAXDEPTH */
1292
48
static int yygrowstack(void)
1293
{
1294
    unsigned int newsize;
1295
    long sslen;
1296
    short *newss;
1297
48
    YYSTYPE *newvs;
1298
1299
    if ((newsize = yystacksize) == 0)
1300
        newsize = YYINITSTACKSIZE;
1301
    else if (newsize >= YYMAXDEPTH)
1302
        return -1;
1303

96
    else if ((newsize *= 2) > YYMAXDEPTH)
1304
        newsize = YYMAXDEPTH;
1305
96
    sslen = yyssp - yyss;
1306
48
#ifdef SIZE_MAX
1307
48
#define YY_SIZE_MAX SIZE_MAX
1308
#else
1309
48
#define YY_SIZE_MAX 0xffffffffU
1310
48
#endif
1311

96
    if (newsize && YY_SIZE_MAX / newsize < sizeof *newss)
1312
        goto bail;
1313
96
    newss = yyss ? (short *)realloc(yyss, newsize * sizeof *newss) :
1314
48
      (short *)malloc(newsize * sizeof *newss); /* overflow check above */
1315
48
    if (newss == NULL)
1316
        goto bail;
1317
48
    yyss = newss;
1318
48
    yyssp = newss + sslen;
1319
48
    if (newsize && YY_SIZE_MAX / newsize < sizeof *newvs)
1320
48
        goto bail;
1321
48
    newvs = yyvs ? (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs) :
1322
      (YYSTYPE *)malloc(newsize * sizeof *newvs); /* overflow check above */
1323
    if (newvs == NULL)
1324
        goto bail;
1325
    yyvs = newvs;
1326
    yyvsp = newvs + sslen;
1327
    yystacksize = newsize;
1328
    yysslim = yyss + newsize - 1;
1329
    return 0;
1330
bail:
1331
48
    if (yyss)
1332
            free(yyss);
1333
    if (yyvs)
1334
            free(yyvs);
1335
    yyss = yyssp = NULL;
1336
    yyvs = yyvsp = NULL;
1337
    yystacksize = 0;
1338
    return -1;
1339
}
1340
1341
#define YYABORT goto yyabort
1342
#define YYREJECT goto yyabort
1343
#define YYACCEPT goto yyaccept
1344
#define YYERROR goto yyerrlab
1345
int
1346
yyparse(void)
1347
{
1348
    int yym, yyn, yystate;
1349
#if YYDEBUG
1350
    const char *yys;
1351
1352
96
    if ((yys = getenv("YYDEBUG")))
1353
48
    {
1354
48
        yyn = *yys;
1355
        if (yyn >= '0' && yyn <= '9')
1356

96
            yydebug = yyn - '0';
1357
48
    }
1358
48
#endif /* YYDEBUG */
1359
48
1360
    yynerrs = 0;
1361
    yyerrflag = 0;
1362
5568
    yychar = (-1);
1363
3456
1364
    if (yyss == NULL && yygrowstack()) goto yyoverflow;
1365
2640
    yyssp = yyss;
1366
    yyvsp = yyvs;
1367
    *yyssp = yystate = 0;
1368
1369
yyloop:
1370
    if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
1371
    if (yychar < 0)
1372
    {
1373
        if ((yychar = yylex()) < 0) yychar = 0;
1374
#if YYDEBUG
1375
        if (yydebug)
1376
2640
        {
1377

13536
            yys = 0;
1378
6624
            if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
1379
            if (!yys) yys = "illegal-symbol";
1380
            printf("%sdebug: state %d, reading %d (%s)\n",
1381
                    YYPREFIX, yystate, yychar, yys);
1382
        }
1383
#endif
1384
    }
1385

3168
    if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 &&
1386
            yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
1387
    {
1388
#if YYDEBUG
1389
3168
        if (yydebug)
1390
3168
            printf("%sdebug: state %d, shifting to state %d\n",
1391
3168
                    YYPREFIX, yystate, yytable[yyn]);
1392
3168
#endif
1393
        if (yyssp >= yysslim && yygrowstack())
1394
        {
1395

1152
            goto yyoverflow;
1396
576
        }
1397
        *++yyssp = yystate = yytable[yyn];
1398
288
        *++yyvsp = yylval;
1399
288
        yychar = (-1);
1400
        if (yyerrflag > 0)  --yyerrflag;
1401
        goto yyloop;
1402
    }
1403
    if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 &&
1404
            yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
1405
    {
1406
        yyn = yytable[yyn];
1407
        goto yyreduce;
1408
    }
1409
    if (yyerrflag) goto yyinrecovery;
1410
#if defined(__GNUC__)
1411
    goto yynewerror;
1412
#endif
1413
yynewerror:
1414
    yyerror("syntax error");
1415
#if defined(__GNUC__)
1416
    goto yyerrlab;
1417
#endif
1418
yyerrlab:
1419
    ++yynerrs;
1420
yyinrecovery:
1421
    if (yyerrflag < 3)
1422
    {
1423
        yyerrflag = 3;
1424
        for (;;)
1425
        {
1426
            if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 &&
1427
                    yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE)
1428
            {
1429
#if YYDEBUG
1430
                if (yydebug)
1431
                    printf("%sdebug: state %d, error recovery shifting\
1432
 to state %d\n", YYPREFIX, *yyssp, yytable[yyn]);
1433
#endif
1434
                if (yyssp >= yysslim && yygrowstack())
1435
                {
1436
                    goto yyoverflow;
1437
                }
1438
                *++yyssp = yystate = yytable[yyn];
1439
                *++yyvsp = yylval;
1440
                goto yyloop;
1441
            }
1442
            else
1443
            {
1444
#if YYDEBUG
1445
                if (yydebug)
1446
                    printf("%sdebug: error recovery discarding state %d\n",
1447
                            YYPREFIX, *yyssp);
1448
#endif
1449
                if (yyssp <= yyss) goto yyabort;
1450
                --yyssp;
1451
                --yyvsp;
1452
            }
1453
        }
1454
    }
1455
    else
1456
    {
1457
        if (yychar == 0) goto yyabort;
1458
#if YYDEBUG
1459
        if (yydebug)
1460
        {
1461
            yys = 0;
1462
            if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
1463
            if (!yys) yys = "illegal-symbol";
1464
            printf("%sdebug: state %d, error recovery discards token %d (%s)\n",
1465
                    YYPREFIX, yystate, yychar, yys);
1466
        }
1467
#endif
1468
        yychar = (-1);
1469
2400
        goto yyloop;
1470
2400
    }
1471
1872
yyreduce:
1472
#if YYDEBUG
1473
528
    if (yydebug)
1474














3696
        printf("%sdebug: state %d, reducing by rule %d (%s)\n",
1475
                YYPREFIX, yystate, yyn, yyrule[yyn]);
1476
#endif
1477
    yym = yylen[yyn];
1478
    if (yym)
1479
        yyval = yyvsp[1-yym];
1480
    else
1481
        memset(&yyval, 0, sizeof yyval);
1482
    switch (yyn)
1483
    {
1484
case 6:
1485
#line 133 "parse.y"
1486
{ file->errors++; }
1487
break;
1488
case 8:
1489
#line 135 "parse.y"
1490
{
1491
			SIMPLEQ_INSERT_TAIL(&conf->acl, yyvsp[-1].v.aci, entry);
1492
		}
1493
break;
1494
case 10:
1495
#line 141 "parse.y"
1496
{ yyval.v.number = 0; }
1497
break;
1498
case 11:
1499
#line 142 "parse.y"
1500
{ yyval.v.number = F_STARTTLS; }
1501
break;
1502
case 12:
1503
#line 143 "parse.y"
1504
{ yyval.v.number = F_LDAPS; }
1505
break;
1506
case 13:
1507
#line 144 "parse.y"
1508
{ yyval.v.number = F_SECURE; }
1509
break;
1510
case 14:
1511
#line 147 "parse.y"
1512
{ yyval.v.string = NULL; }
1513
break;
1514
case 15:
1515
#line 148 "parse.y"
1516
{ yyval.v.string = yyvsp[0].v.string; }
1517
break;
1518
case 16:
1519
#line 151 "parse.y"
1520
{
1521
			struct servent	*servent;
1522
1523
			servent = getservbyname(yyvsp[0].v.string, "tcp");
1524
			if (servent == NULL) {
1525
				yyerror("port %s is invalid", yyvsp[0].v.string);
1526
				free(yyvsp[0].v.string);
1527
				YYERROR;
1528
			}
1529
			yyval.v.number = servent->s_port;
1530
			free(yyvsp[0].v.string);
1531
		}
1532
break;
1533
case 17:
1534
#line 163 "parse.y"
1535
{
1536
			if (yyvsp[0].v.number <= 0 || yyvsp[0].v.number > (int)USHRT_MAX) {
1537
				yyerror("invalid port: %lld", yyvsp[0].v.number);
1538
				YYERROR;
1539
			}
1540
			yyval.v.number = htons(yyvsp[0].v.number);
1541
		}
1542
break;
1543
case 18:
1544
#line 170 "parse.y"
1545
{
1546
			yyval.v.number = 0;
1547
		}
1548
break;
1549
case 19:
1550
#line 175 "parse.y"
1551
{
1552
			char			*cert;
1553
1554
			if (yyvsp[-2].v.number == 0) {
1555
				if (yyvsp[-1].v.number == F_LDAPS)
1556
					yyvsp[-2].v.number = htons(LDAPS_PORT);
1557
				else
1558
					yyvsp[-2].v.number = htons(LDAP_PORT);
1559
			}
1560
1561
			cert = (yyvsp[0].v.string != NULL) ? yyvsp[0].v.string : yyvsp[-3].v.string;
1562
1563
			if ((yyvsp[-1].v.number == F_STARTTLS || yyvsp[-1].v.number == F_LDAPS) &&
1564
			    load_certfile(conf, cert, F_SCERT) < 0) {
1565
				yyerror("cannot load certificate: %s", cert);
1566
				free(yyvsp[0].v.string);
1567
				free(yyvsp[-3].v.string);
1568
				YYERROR;
1569
			}
1570
1571
			if (! interface(yyvsp[-3].v.string, cert, &conf->listeners,
1572
				MAX_LISTEN, yyvsp[-2].v.number, yyvsp[-1].v.number)) {
1573
				if (host(yyvsp[-3].v.string, cert, &conf->listeners,
1574
					MAX_LISTEN, yyvsp[-2].v.number, yyvsp[-1].v.number) <= 0) {
1575
					yyerror("invalid virtual ip or interface: %s", yyvsp[-3].v.string);
1576
					free(yyvsp[0].v.string);
1577
					free(yyvsp[-3].v.string);
1578
					YYERROR;
1579
				}
1580
			}
1581
			free(yyvsp[0].v.string);
1582
			free(yyvsp[-3].v.string);
1583
		}
1584
break;
1585
case 20:
1586
#line 208 "parse.y"
1587
{
1588
			struct referral	*ref;
1589
			if ((ref = calloc(1, sizeof(*ref))) == NULL) {
1590
				yyerror("calloc");
1591
				free(yyvsp[0].v.string);
1592
				YYERROR;
1593
			}
1594
			ref->url = yyvsp[0].v.string;
1595
			SLIST_INSERT_HEAD(&conf->referrals, ref, next);
1596
		}
1597
break;
1598
case 21:
1599
#line 218 "parse.y"
1600
{
1601
			conf->rootdn = yyvsp[0].v.string;
1602
			normalize_dn(conf->rootdn);
1603
		}
1604
break;
1605
case 22:
1606
#line 222 "parse.y"
1607
{ conf->rootpw = yyvsp[0].v.string; }
1608
break;
1609
case 23:
1610
#line 225 "parse.y"
1611
{
1612
			log_debug("parsing namespace %s", yyvsp[-2].v.string);
1613
			current_ns = namespace_new(yyvsp[-2].v.string);
1614
			free(yyvsp[-2].v.string);
1615
			TAILQ_INSERT_TAIL(&conf->namespaces, current_ns, next);
1616
		}
1617
break;
1618
case 24:
1619
#line 230 "parse.y"
1620
{ current_ns = NULL; }
1621
break;
1622
case 25:
1623
#line 233 "parse.y"
1624
{
1625
			if (strcasecmp(yyvsp[0].v.string, "true") == 0 ||
1626
			    strcasecmp(yyvsp[0].v.string, "yes") == 0)
1627
				yyval.v.number = 1;
1628
			else if (strcasecmp(yyvsp[0].v.string, "false") == 0 ||
1629
			    strcasecmp(yyvsp[0].v.string, "off") == 0 ||
1630
			    strcasecmp(yyvsp[0].v.string, "no") == 0)
1631
				yyval.v.number = 0;
1632
			else {
1633
				yyerror("invalid boolean value '%s'", yyvsp[0].v.string);
1634
				free(yyvsp[0].v.string);
1635
				YYERROR;
1636
			}
1637
			free(yyvsp[0].v.string);
1638
		}
1639
break;
1640
case 26:
1641
#line 248 "parse.y"
1642
{ yyval.v.number = 1; }
1643
break;
1644
case 30:
1645
#line 256 "parse.y"
1646
{
1647
			current_ns->rootdn = yyvsp[0].v.string;
1648
			normalize_dn(current_ns->rootdn);
1649
		}
1650
break;
1651
case 31:
1652
#line 260 "parse.y"
1653
{ current_ns->rootpw = yyvsp[0].v.string; }
1654
break;
1655
case 32:
1656
#line 261 "parse.y"
1657
{
1658
			struct attr_index	*ai;
1659
			if ((ai = calloc(1, sizeof(*ai))) == NULL) {
1660
				yyerror("calloc");
1661
                                free(yyvsp[0].v.string);
1662
				YYERROR;
1663
			}
1664
			ai->attr = yyvsp[0].v.string;
1665
			ai->type = INDEX_EQUAL;
1666
			TAILQ_INSERT_TAIL(&current_ns->indices, ai, next);
1667
		}
1668
break;
1669
case 33:
1670
#line 272 "parse.y"
1671
{ current_ns->cache_size = yyvsp[0].v.number; }
1672
break;
1673
case 34:
1674
#line 273 "parse.y"
1675
{ current_ns->index_cache_size = yyvsp[0].v.number; }
1676
break;
1677
case 35:
1678
#line 274 "parse.y"
1679
{ current_ns->sync = yyvsp[0].v.number; }
1680
break;
1681
case 36:
1682
#line 275 "parse.y"
1683
{
1684
			SIMPLEQ_INSERT_TAIL(&current_ns->acl, yyvsp[0].v.aci, entry);
1685
		}
1686
break;
1687
case 37:
1688
#line 278 "parse.y"
1689
{ current_ns->relax = 1; }
1690
break;
1691
case 38:
1692
#line 279 "parse.y"
1693
{ current_ns->relax = 0; }
1694
break;
1695
case 39:
1696
#line 280 "parse.y"
1697
{ current_ns->compression_level = yyvsp[0].v.number; }
1698
break;
1699
case 40:
1700
#line 281 "parse.y"
1701
{
1702
			struct referral	*ref;
1703
			if ((ref = calloc(1, sizeof(*ref))) == NULL) {
1704
				yyerror("calloc");
1705
				free(yyvsp[0].v.string);
1706
				YYERROR;
1707
			}
1708
			ref->url = yyvsp[0].v.string;
1709
			SLIST_INSERT_HEAD(&current_ns->referrals, ref, next);
1710
		}
1711
break;
1712
case 41:
1713
#line 293 "parse.y"
1714
{ yyval.v.number = 6; }
1715
break;
1716
case 42:
1717
#line 294 "parse.y"
1718
{ yyval.v.number = yyvsp[0].v.number; }
1719
break;
1720
case 43:
1721
#line 297 "parse.y"
1722
{
1723
			if ((yyval.v.aci = mk_aci(yyvsp[-5].v.number, yyvsp[-4].v.number, yyvsp[-2].v.number, yyvsp[-1].v.string, yyvsp[0].v.string)) == NULL) {
1724
				free(yyvsp[-1].v.string);
1725
				free(yyvsp[0].v.string);
1726
				YYERROR;
1727
			}
1728
		}
1729
break;
1730
case 44:
1731
#line 304 "parse.y"
1732
{
1733
			if ((yyval.v.aci = mk_aci(yyvsp[-1].v.number, yyvsp[0].v.number, LDAP_SCOPE_SUBTREE, NULL,
1734
			    NULL)) == NULL) {
1735
				YYERROR;
1736
			}
1737
		}
1738
break;
1739
case 45:
1740
#line 312 "parse.y"
1741
{ yyval.v.number = ACI_DENY; }
1742
break;
1743
case 46:
1744
#line 313 "parse.y"
1745
{ yyval.v.number = ACI_ALLOW; }
1746
break;
1747
case 47:
1748
#line 316 "parse.y"
1749
{ yyval.v.number = ACI_ALL; }
1750
break;
1751
case 48:
1752
#line 317 "parse.y"
1753
{ yyval.v.number = ACI_ALL; }
1754
break;
1755
case 49:
1756
#line 318 "parse.y"
1757
{ yyval.v.number = yyvsp[-1].v.number; }
1758
break;
1759
case 50:
1760
#line 321 "parse.y"
1761
{ yyval.v.number = yyvsp[0].v.number; }
1762
break;
1763
case 51:
1764
#line 322 "parse.y"
1765
{ yyval.v.number = yyvsp[-2].v.number | yyvsp[0].v.number; }
1766
break;
1767
case 52:
1768
#line 325 "parse.y"
1769
{ yyval.v.number = ACI_READ; }
1770
break;
1771
case 53:
1772
#line 326 "parse.y"
1773
{ yyval.v.number = ACI_WRITE; }
1774
break;
1775
case 54:
1776
#line 327 "parse.y"
1777
{ yyval.v.number = ACI_BIND; }
1778
break;
1779
case 55:
1780
#line 331 "parse.y"
1781
{ yyval.v.number = LDAP_SCOPE_BASE; }
1782
break;
1783
case 56:
1784
#line 332 "parse.y"
1785
{ yyval.v.number = LDAP_SCOPE_SUBTREE; }
1786
break;
1787
case 57:
1788
#line 333 "parse.y"
1789
{ yyval.v.number = LDAP_SCOPE_ONELEVEL; }
1790
break;
1791
case 58:
1792
#line 336 "parse.y"
1793
{ yyval.v.string = NULL; }
1794
break;
1795
case 59:
1796
#line 337 "parse.y"
1797
{ yyval.v.string = strdup(""); }
1798
break;
1799
case 60:
1800
#line 338 "parse.y"
1801
{ yyval.v.string = yyvsp[0].v.string; normalize_dn(yyval.v.string); }
1802
break;
1803
case 61:
1804
#line 341 "parse.y"
1805
{ yyval.v.string = NULL; }
1806
break;
1807
case 62:
1808
#line 342 "parse.y"
1809
{ yyval.v.string = NULL; }
1810
break;
1811
case 63:
1812
#line 343 "parse.y"
1813
{ yyval.v.string = yyvsp[0].v.string; normalize_dn(yyval.v.string); }
1814
break;
1815
case 64:
1816
#line 344 "parse.y"
1817
{ yyval.v.string = strdup("@"); }
1818
break;
1819
case 65:
1820
#line 347 "parse.y"
1821
{
1822
			struct file	*nfile;
1823
1824
			if ((nfile = pushfile(yyvsp[0].v.string, 1)) == NULL) {
1825
				yyerror("failed to include file %s", yyvsp[0].v.string);
1826
				free(yyvsp[0].v.string);
1827
				YYERROR;
1828
			}
1829
			free(yyvsp[0].v.string);
1830
1831
			file = nfile;
1832
			lungetc('\n');
1833
		}
1834
break;
1835
case 66:
1836
#line 362 "parse.y"
1837
{
1838
			char *s = yyvsp[-2].v.string;
1839
			while (*s++) {
1840
				if (isspace((unsigned char)*s)) {
1841
					yyerror("macro name cannot contain "
1842
					    "whitespace");
1843
					YYERROR;
1844
				}
1845
			}
1846
			if (symset(yyvsp[-2].v.string, yyvsp[0].v.string, 0) == -1)
1847
				fatal("cannot store variable");
1848
			free(yyvsp[-2].v.string);
1849
			free(yyvsp[0].v.string);
1850
		}
1851
break;
1852
case 67:
1853
#line 378 "parse.y"
1854
{
1855
			int	 ret;
1856
1857
			ret = schema_parse(conf->schema, yyvsp[0].v.string);
1858
2400
			free(yyvsp[0].v.string);
1859
2400
			if (ret != 0) {
1860
2400
				YYERROR;
1861
2400
			}
1862
2400
		}
1863
break;
1864
#line 1857 "parse.c"
1865
    }
1866
    yyssp -= yym;
1867
    yystate = *yyssp;
1868
    yyvsp -= yym;
1869
    yym = yylhs[yyn];
1870
576
    if (yystate == 0 && yym == 0)
1871
576
    {
1872
576
#if YYDEBUG
1873
        if (yydebug)
1874
576
            printf("%sdebug: after reduction, shifting from state 0 to\
1875
 state %d\n", YYPREFIX, YYFINAL);
1876
#endif
1877
        yystate = YYFINAL;
1878
        *++yyssp = YYFINAL;
1879
        *++yyvsp = yyval;
1880
        if (yychar < 0)
1881
        {
1882
            if ((yychar = yylex()) < 0) yychar = 0;
1883
#if YYDEBUG
1884
            if (yydebug)
1885
576
            {
1886
576
                yys = 0;
1887
                if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
1888
                if (!yys) yys = "illegal-symbol";
1889

1824
                printf("%sdebug: state %d, reading %d (%s)\n",
1890
                        YYPREFIX, YYFINAL, yychar, yys);
1891
            }
1892
#endif
1893
1824
        }
1894
        if (yychar == 0) goto yyaccept;
1895
        goto yyloop;
1896
    }
1897
    if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 &&
1898
            yyn <= YYTABLESIZE && yycheck[yyn] == yystate)
1899

1824
        yystate = yytable[yyn];
1900
    else
1901
        yystate = yydgoto[yym];
1902
#if YYDEBUG
1903
1824
    if (yydebug)
1904
1824
        printf("%sdebug: after reduction, shifting from state %d \
1905
1824
to state %d\n", YYPREFIX, *yyssp, yystate);
1906
#endif
1907
    if (yyssp >= yysslim && yygrowstack())
1908
    {
1909
        goto yyoverflow;
1910
    }
1911
    *++yyssp = yystate;
1912
    *++yyvsp = yyval;
1913
    goto yyloop;
1914
yyoverflow:
1915
    yyerror("yacc stack overflow");
1916
yyabort:
1917
    if (yyss)
1918
48
            free(yyss);
1919
48
    if (yyvs)
1920
48
            free(yyvs);
1921
48
    yyss = yyssp = NULL;
1922
48
    yyvs = yyvsp = NULL;
1923
48
    yystacksize = 0;
1924
48
    return (1);
1925
48
yyaccept:
1926
48
    if (yyss)
1927
            free(yyss);
1928
    if (yyvs)
1929
            free(yyvs);
1930
    yyss = yyssp = NULL;
1931
    yyvs = yyvsp = NULL;
1932
    yystacksize = 0;
1933
    return (0);
1934
}