GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: usr.sbin/npppd/npppd/parse.y Lines: 0 283 0.0 %
Date: 2017-11-13 Branches: 0 219 0.0 %

Line Branch Exec Source
1
/*	$OpenBSD: parse.y,v 1.19 2017/08/12 11:20:34 goda Exp $ */
2
3
/*
4
 * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
5
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
6
 * Copyright (c) 2001 Daniel Hartmeier.  All rights reserved.
7
 * Copyright (c) 2001 Theo de Raadt.  All rights reserved.
8
 *
9
 * Permission to use, copy, modify, and distribute this software for any
10
 * purpose with or without fee is hereby granted, provided that the above
11
 * copyright notice and this permission notice appear in all copies.
12
 *
13
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20
 */
21
22
%{
23
#include <sys/types.h>
24
#include <sys/socket.h>
25
#include <sys/queue.h>
26
#include <netinet/in.h>
27
#include <arpa/inet.h>
28
#include <net/if.h>
29
30
#include <ctype.h>
31
#include <errno.h>
32
#include <inttypes.h>
33
#include <limits.h>
34
#include <stdarg.h>
35
#include <stdio.h>
36
#include <stdlib.h>
37
#include <string.h>
38
#include <syslog.h>
39
#include <netdb.h>
40
#include <event.h>
41
42
#include <stdbool.h>
43
#include <stdarg.h>
44
#include "npppd_auth.h"
45
#include "slist.h"
46
#include "npppd.h"
47
#ifdef USE_NPPPD_RADIUS
48
#include "radius_req.h"
49
#endif
50
#include "privsep.h"
51
#include "log.h"
52
53
TAILQ_HEAD(files, file)		 files = TAILQ_HEAD_INITIALIZER(files);
54
static struct file {
55
	TAILQ_ENTRY(file)	 entry;
56
	FILE			*stream;
57
	char			*name;
58
	int			 lineno;
59
	int			 errors;
60
} *file, *topfile;
61
struct file	*pushfile(const char *);
62
int		 popfile(void);
63
int		 yyparse(void);
64
int		 yylex(void);
65
int		 yyerror(const char *, ...)
66
    __attribute__((__format__ (printf, 1, 2)))
67
    __attribute__((__nonnull__ (1)));
68
int		 kw_cmp(const void *, const void *);
69
int		 lookup(char *);
70
int		 lgetc(int);
71
int		 lungetc(int);
72
int		 findeol(void);
73
74
static void		 tunnconf_init (struct tunnconf *, int);
75
static void		 tunnconf_fini (struct tunnconf *);
76
static struct tunnconf	*tunnconf_find (const char *);
77
static void		 authconf_init (struct authconf *);
78
static void		 authconf_fini (struct authconf *);
79
static void		 radconf_fini (struct radconf *);
80
static struct authconf	*authconf_find (const char *);
81
static void		 ipcpconf_init (struct ipcpconf *);
82
static void		 ipcpconf_fini (struct ipcpconf *);
83
static struct ipcpconf	*ipcpconf_find (const char *);
84
static struct iface	*iface_find (const char *);
85
static void		 sa_set_in_addr_any(struct sockaddr *);
86
87
struct npppd_conf	*conf;
88
struct ipcpconf		*curr_ipcpconf;
89
struct tunnconf		*curr_tunnconf;
90
struct authconf		*curr_authconf;
91
struct radconf		*curr_radconf;
92
93
typedef struct {
94
	union {
95
		int64_t			 number;
96
		char			*string;
97
		struct sockaddr_storage  address;
98
		struct in_addr           in4_addr;
99
		bool                     yesno;
100
	} v;
101
	int lineno;
102
} YYSTYPE;
103
104
%}
105
106
%token	SET MAX_SESSION USER_MAX_SESSION
107
%token	TUNNEL LISTEN ON PROTOCOL
108
%token	MRU
109
%token	IP LCP PAP CHAP EAP MPPE CCP MSCHAPV2 STATEFUL STATELESS REQUIRED
110
%token	YES NO
111
%token	L2TP PPTP PPPOE L2TP_HOSTNAME L2TP_VENDOR_NAME L2TP_DATA_USE_SEQ
112
%token	L2TP_REQUIRE_IPSEC L2TP_LCP_RENEGOTIATION L2TP_FORCE_LCP_RENEGOTIATION
113
%token	L2TP_CTRL_IN_PKTDUMP L2TP_CTRL_OUT_PKTDUMP L2TP_DATA_IN_PKTDUMP
114
%token	L2TP_DATA_OUT_PKTDUMP PPTP_HOSTNAME
115
%token	PPTP_VENDOR_NAME PPTP_ECHO_INTERVAL PPTP_ECHO_TIMEOUT
116
%token	PPTP_CTRL_IN_PKTDUMP PPTP_CTRL_OUT_PKTDUMP PPTP_DATA_IN_PKTDUMP
117
%token	PPTP_DATA_OUT_PKTDUMP
118
%token	PPPOE_SERVICE_NAME PPPOE_ACCEPT_ANY_SERVICE PPPOE_AC_NAME
119
%token	PPPOE_DESC_IN_PKTDUMP PPPOE_DESC_OUT_PKTDUMP PPPOE_SESSION_IN_PKTDUMP
120
%token	PPPOE_SESSION_OUT_PKTDUMP
121
%token	LCP_TIMEOUT LCP_MAX_CONFIGURE LCP_MAX_TERMINATE LCP_MAX_NAK_LOOP
122
%token	LCP_KEEPALIVE LCP_KEEPALIVE_INTERVAL LCP_KEEPALIVE_RETRY_INTERVAL
123
%token	LCP_KEEPALIVE_MAX_RETRIES AUTHENTICATION_METHOD CHAP_NAME
124
%token	IPCP_TIMEOUT IPCP_MAX_CONFIGURE IPCP_MAX_TERMINATE IPCP_MAX_NAK_LOOP
125
%token	CCP_TIMEOUT CCP_MAX_CONFIGURE CCP_MAX_TERMINATE CCP_MAX_NAK_LOOP
126
%token	L2TP_HELLO_INTERVAL L2TP_HELLO_TIMEOUT L2TP_ACCEPT_DIALIN
127
%token	MPPE MPPE_KEY_LENGTH MPPE_KEY_STATE
128
%token	IDLE_TIMEOUT TCP_MSS_ADJUST INGRESS_FILTER CALLNUM_CHECK
129
%token	PIPEX DEBUG_DUMP_PKTIN DEBUG_DUMP_PKTOUT
130
%token	AUTHENTICATION TYPE LOCAL USERNAME_SUFFIX USERNAME_PREFIX EAP_CAPABLE
131
%token	STRIP_NT_DOMAIN STRIP_ATMARK_REALM USERS_FILE
132
%token	RADIUS AUTHENTICATION_SERVER ACCOUNTING_SERVER PORT
133
%token	X_TIMEOUT MAX_TRIES MAX_FAILOVERS SECRET
134
%token  POOL_ADDRESS DNS_SERVERS NBNS_SERVERS FOR STATIC DYNAMIC
135
%token  RESOLVER ALLOW_USER_SELECTED_ADDRESS
136
%token  INTERFACE ADDRESS IPCP
137
%token	BIND FROM AUTHENTICATED BY TO
138
%token	ERROR
139
%token	<v.string>		STRING
140
%token	<v.number>		NUMBER
141
%type	<v.yesno>		yesno
142
%type	<v.address>		address
143
%type	<v.address>		addressport
144
%type	<v.number>		optport
145
%type	<v.in4_addr>		in4_addr
146
%type	<v.number>		tunnelproto
147
%type	<v.number>		mppeyesno
148
%type	<v.number>		mppekeylen
149
%type	<v.number>		mppekeylen_l
150
%type	<v.number>		mppekeystate
151
%type	<v.number>		mppekeystate_l
152
%type	<v.number>		protobit
153
%type	<v.number>		protobit_l
154
%type	<v.number>		authtype
155
%type	<v.number>		authmethod
156
%type	<v.number>		authmethod_l
157
%type	<v.number>		ipcppooltype
158
159
%%
160
161
grammar		: /* empty */
162
		| grammar '\n'
163
		| grammar set '\n'
164
		| grammar tunnel '\n'
165
		| grammar authentication '\n'
166
		| grammar ipcp '\n'
167
		| grammar interface '\n'
168
		| grammar bind '\n'
169
		| grammar error '\n'		{ file->errors++; }
170
		;
171
172
173
set		: SET MAX_SESSION NUMBER        { conf->max_session = $3; }
174
		| SET USER_MAX_SESSION NUMBER   { conf->user_max_session = $3; }
175
		;
176
177
/*
178
 * tunnel { }
179
 */
180
tunnel		: TUNNEL STRING PROTOCOL tunnelproto {
181
			struct tunnconf *n;
182
183
			if (tunnconf_find($2) != NULL) {
184
				yyerror("tunnel name = %s is already in use.",
185
				    $2);
186
				free($2);
187
				YYERROR;
188
			}
189
190
			if ((n = malloc(sizeof(struct tunnconf))) == NULL) {
191
				yyerror("out of memory");
192
				free($2);
193
				YYERROR;
194
			}
195
			tunnconf_init(n, $4);
196
			switch ($4) {
197
			case NPPPD_TUNNEL_L2TP:
198
				strlcpy(n->proto.l2tp.name, $2,
199
				    sizeof(n->proto.l2tp.name));
200
				n->name = n->proto.l2tp.name;
201
				break;
202
			case NPPPD_TUNNEL_PPTP:
203
				strlcpy(n->proto.pptp.name, $2,
204
				    sizeof(n->proto.pptp.name));
205
				n->name = n->proto.pptp.name;
206
				break;
207
			case NPPPD_TUNNEL_PPPOE:
208
				strlcpy(n->proto.pppoe.name, $2,
209
				    sizeof(n->proto.pppoe.name));
210
				n->name = n->proto.pppoe.name;
211
				break;
212
			}
213
			free($2);
214
			n->protocol = $4;
215
			curr_tunnconf = n;
216
		} tunnopts {
217
			TAILQ_INSERT_TAIL(&conf->tunnconfs, curr_tunnconf,
218
			    entry);
219
			switch (curr_tunnconf->protocol) {
220
#ifdef USE_NPPPD_L2TP
221
			case NPPPD_TUNNEL_L2TP:
222
				if (TAILQ_EMPTY(
223
				    &curr_tunnconf->proto.l2tp.listen)) {
224
					struct l2tp_listen_addr *addr;
225
226
					if ((addr = malloc(sizeof(struct
227
					    l2tp_listen_addr))) == NULL) {
228
						free(curr_tunnconf);
229
						yyerror("out of memory");
230
						YYERROR;
231
					}
232
					sa_set_in_addr_any(
233
					    (struct sockaddr *)&addr->addr);
234
					TAILQ_INSERT_TAIL(&curr_tunnconf->proto.
235
					    l2tp.listen, addr, entry);
236
				}
237
				TAILQ_INSERT_TAIL(&conf->l2tp_confs,
238
				    &curr_tunnconf->proto.l2tp, entry);
239
				break;
240
#endif
241
#ifdef USE_NPPPD_PPTP
242
			case NPPPD_TUNNEL_PPTP:
243
				if (TAILQ_EMPTY(
244
				    &curr_tunnconf->proto.pptp.listen)) {
245
					struct pptp_listen_addr *addr;
246
247
					if ((addr = malloc(sizeof(struct
248
					    pptp_listen_addr))) == NULL) {
249
						free(curr_tunnconf);
250
						yyerror("out of memory");
251
						YYERROR;
252
					}
253
					sa_set_in_addr_any(
254
					    (struct sockaddr *)&addr->addr);
255
					TAILQ_INSERT_TAIL(&curr_tunnconf->proto.
256
					    pptp.listen, addr, entry);
257
				}
258
				TAILQ_INSERT_TAIL(&conf->pptp_confs,
259
				    &curr_tunnconf->proto.pptp, entry);
260
				break;
261
#endif
262
#ifdef USE_NPPPD_PPPOE
263
			case NPPPD_TUNNEL_PPPOE:
264
				TAILQ_INSERT_TAIL(&conf->pppoe_confs,
265
				    &curr_tunnconf->proto.pppoe, entry);
266
				break;
267
#endif
268
			default:
269
				yyerror("%s is not enabled.",
270
				    npppd_tunnel_protocol_name(
271
					    curr_tunnconf->protocol));
272
				tunnconf_fini(curr_tunnconf);
273
				free(curr_tunnconf);
274
				YYERROR;
275
			}
276
			curr_tunnconf = NULL;
277
		}
278
		;
279
280
281
tunnopts	:
282
		| '{' optnl tunnopt_l '}'
283
		;
284
285
tunnopt_l	: /* empty */
286
		| tunnopt_l tunnopt nl
287
		| tunnopt optnl
288
		;
289
290
tunnopt		: LISTEN ON addressport {
291
292
			switch (curr_tunnconf->protocol) {
293
			case NPPPD_TUNNEL_L2TP:
294
			    {
295
				struct l2tp_listen_addr	*l_listen;
296
297
				if ((l_listen = malloc(sizeof(
298
				    struct l2tp_listen_addr))) == NULL) {
299
					yyerror("out of memory");
300
					YYERROR;
301
				}
302
				l_listen->addr = $3;
303
				TAILQ_INSERT_TAIL(&curr_tunnconf->proto
304
				    .l2tp.listen, l_listen, entry);
305
				break;
306
			    }
307
			case NPPPD_TUNNEL_PPTP:
308
				if ($3.ss_family == AF_INET6) {
309
					yyerror("listen on IPv6 address is not "
310
					    "supported by pptp tunnel");
311
					YYERROR;
312
				}
313
			    {
314
				struct pptp_listen_addr	*p_listen;
315
316
				if ((p_listen = malloc(sizeof(
317
				    struct pptp_listen_addr))) == NULL) {
318
					yyerror("out of memory");
319
					YYERROR;
320
				}
321
				p_listen->addr = $3;
322
				TAILQ_INSERT_TAIL(&curr_tunnconf->proto
323
				    .pptp.listen, p_listen, entry);
324
				break;
325
			    }
326
			default:
327
				yyerror("listen on address is not supported "
328
				    "for specified protocol.\n");
329
				YYERROR;
330
			}
331
		}
332
		| LISTEN ON INTERFACE STRING {
333
			switch (curr_tunnconf->protocol) {
334
			case NPPPD_TUNNEL_PPPOE:
335
				strlcpy(curr_tunnconf->proto.pppoe.if_name, $4,
336
				    sizeof(curr_tunnconf->proto.pppoe.if_name));
337
				free($4);
338
				break;
339
			default:
340
				free($4);
341
				yyerror("listen on interface is not supported "
342
				    "for specified protocol.\n");
343
				YYERROR;
344
			}
345
		}
346
		| LCP_TIMEOUT NUMBER {
347
			curr_tunnconf->lcp_timeout = $2;
348
		}
349
		| LCP_MAX_CONFIGURE NUMBER {
350
			curr_tunnconf->lcp_max_configure = $2;
351
		}
352
		| LCP_MAX_TERMINATE NUMBER {
353
			curr_tunnconf->lcp_max_terminate = $2;
354
		}
355
		| LCP_MAX_NAK_LOOP NUMBER {
356
			curr_tunnconf->lcp_max_nak_loop = $2;
357
		}
358
		| MRU NUMBER {
359
			curr_tunnconf->mru = $2;
360
		}
361
		| LCP_KEEPALIVE yesno {
362
			curr_tunnconf->lcp_keepalive = $2;
363
		}
364
		| LCP_KEEPALIVE_INTERVAL NUMBER {
365
			curr_tunnconf->lcp_keepalive_interval = $2;
366
		}
367
		| LCP_KEEPALIVE_RETRY_INTERVAL NUMBER {
368
			curr_tunnconf->lcp_keepalive_retry_interval = $2;
369
		}
370
		| LCP_KEEPALIVE_MAX_RETRIES NUMBER {
371
			curr_tunnconf->lcp_keepalive_max_retries = $2;
372
		}
373
		| AUTHENTICATION_METHOD authmethod_l {
374
			curr_tunnconf->auth_methods = $2;
375
		}
376
		| CHAP_NAME STRING {
377
			curr_tunnconf->chap_name = $2;
378
		}
379
		| IPCP_TIMEOUT NUMBER {
380
			curr_tunnconf->ipcp_timeout = $2;
381
		}
382
		| IPCP_MAX_CONFIGURE NUMBER {
383
			curr_tunnconf->ipcp_max_configure = $2;
384
		}
385
		| IPCP_MAX_TERMINATE NUMBER {
386
			curr_tunnconf->ipcp_max_terminate = $2;
387
		}
388
		| IPCP_MAX_NAK_LOOP NUMBER {
389
			curr_tunnconf->ipcp_max_nak_loop = $2;
390
		}
391
		| CCP_TIMEOUT NUMBER {
392
			curr_tunnconf->ccp_timeout = $2;
393
		}
394
		| CCP_MAX_CONFIGURE NUMBER {
395
			curr_tunnconf->ccp_max_configure = $2;
396
		}
397
		| CCP_MAX_TERMINATE NUMBER {
398
			curr_tunnconf->ccp_max_terminate = $2;
399
		}
400
		| CCP_MAX_NAK_LOOP NUMBER {
401
			curr_tunnconf->ccp_max_nak_loop = $2;
402
		}
403
		| L2TP_HOSTNAME STRING {
404
			curr_tunnconf->proto.l2tp.hostname = $2;
405
		}
406
		| L2TP_VENDOR_NAME STRING {
407
			curr_tunnconf->proto.l2tp.vendor_name = $2;
408
		}
409
		| L2TP_HELLO_INTERVAL NUMBER {
410
			curr_tunnconf->proto.l2tp.hello_interval = $2;
411
		}
412
		| L2TP_HELLO_TIMEOUT NUMBER {
413
			curr_tunnconf->proto.l2tp.hello_timeout = $2;
414
		}
415
		| L2TP_ACCEPT_DIALIN yesno {
416
			curr_tunnconf->proto.l2tp.accept_dialin = $2;
417
		}
418
		| L2TP_DATA_USE_SEQ yesno {
419
			curr_tunnconf->proto.l2tp.data_use_seq = $2;
420
		}
421
		| L2TP_REQUIRE_IPSEC yesno {
422
			curr_tunnconf->proto.l2tp.require_ipsec = $2;
423
		}
424
		| L2TP_LCP_RENEGOTIATION yesno {
425
			curr_tunnconf->proto.l2tp.lcp_renegotiation = $2;
426
		}
427
		| L2TP_FORCE_LCP_RENEGOTIATION yesno {
428
			curr_tunnconf->proto.l2tp.force_lcp_renegotiation = $2;
429
		}
430
		| L2TP_CTRL_IN_PKTDUMP yesno {
431
			curr_tunnconf->proto.l2tp.ctrl_in_pktdump = $2;
432
		}
433
		| L2TP_CTRL_OUT_PKTDUMP yesno {
434
			curr_tunnconf->proto.l2tp.ctrl_out_pktdump = $2;
435
		}
436
		| L2TP_DATA_IN_PKTDUMP yesno {
437
			curr_tunnconf->proto.l2tp.data_in_pktdump = $2;
438
		}
439
		| L2TP_DATA_OUT_PKTDUMP yesno {
440
			curr_tunnconf->proto.l2tp.data_out_pktdump = $2;
441
		}
442
		| PPTP_HOSTNAME STRING {
443
			curr_tunnconf->proto.pptp.hostname = $2;
444
		}
445
		| PPTP_VENDOR_NAME STRING {
446
			curr_tunnconf->proto.pptp.vendor_name = $2;
447
		}
448
		| PPTP_ECHO_INTERVAL NUMBER {
449
			curr_tunnconf->proto.pptp.echo_interval = $2;
450
		}
451
		| PPTP_ECHO_TIMEOUT NUMBER {
452
			curr_tunnconf->proto.pptp.echo_timeout = $2;
453
		}
454
		| PPTP_CTRL_IN_PKTDUMP yesno {
455
			curr_tunnconf->proto.pptp.ctrl_in_pktdump = $2;
456
		}
457
		| PPTP_CTRL_OUT_PKTDUMP yesno {
458
			curr_tunnconf->proto.pptp.ctrl_out_pktdump = $2;
459
		}
460
		| PPTP_DATA_IN_PKTDUMP yesno {
461
			curr_tunnconf->proto.pptp.data_in_pktdump = $2;
462
		}
463
		| PPTP_DATA_OUT_PKTDUMP yesno {
464
			curr_tunnconf->proto.pptp.data_out_pktdump = $2;
465
		}
466
		| PPPOE_SERVICE_NAME STRING {
467
			curr_tunnconf->proto.pppoe.service_name = $2;
468
		}
469
		| PPPOE_ACCEPT_ANY_SERVICE yesno {
470
			curr_tunnconf->proto.pppoe.accept_any_service = $2;
471
		}
472
		| PPPOE_AC_NAME STRING {
473
			curr_tunnconf->proto.pppoe.ac_name = $2;
474
		}
475
		| PPPOE_DESC_IN_PKTDUMP yesno {
476
			curr_tunnconf->proto.pppoe.desc_in_pktdump = $2;
477
		}
478
		| PPPOE_DESC_OUT_PKTDUMP yesno {
479
			curr_tunnconf->proto.pppoe.desc_out_pktdump = $2;
480
		}
481
		| PPPOE_SESSION_IN_PKTDUMP yesno {
482
			curr_tunnconf->proto.pppoe.session_in_pktdump = $2;
483
		}
484
		| PPPOE_SESSION_OUT_PKTDUMP yesno {
485
			curr_tunnconf->proto.pppoe.session_out_pktdump = $2;
486
		}
487
		| MPPE mppeyesno {
488
			curr_tunnconf->mppe_yesno = $2;
489
		}
490
		| MPPE_KEY_LENGTH mppekeylen_l {
491
			curr_tunnconf->mppe_keylen = $2;
492
		}
493
		| MPPE_KEY_STATE mppekeystate_l {
494
			curr_tunnconf->mppe_keystate = $2;
495
		}
496
		| TCP_MSS_ADJUST yesno {
497
			curr_tunnconf->tcp_mss_adjust = $2;
498
		}
499
		| IDLE_TIMEOUT NUMBER {
500
			curr_tunnconf->idle_timeout = $2;
501
		}
502
		| INGRESS_FILTER yesno {
503
			curr_tunnconf->ingress_filter = $2;
504
		}
505
		| CALLNUM_CHECK yesno {
506
			curr_tunnconf->callnum_check = $2;
507
		}
508
		| PIPEX yesno {
509
			curr_tunnconf->pipex = $2;
510
		}
511
		| DEBUG_DUMP_PKTIN protobit_l {
512
			curr_tunnconf->debug_dump_pktin = $2;
513
		}
514
		| DEBUG_DUMP_PKTOUT protobit_l {
515
			curr_tunnconf->debug_dump_pktout = $2;
516
		}
517
		;
518
519
tunnelproto	: L2TP                        { $$ = NPPPD_TUNNEL_L2TP; }
520
		| PPTP                        { $$ = NPPPD_TUNNEL_PPTP; }
521
		| PPPOE                       { $$ = NPPPD_TUNNEL_PPPOE; }
522
		;
523
524
mppeyesno	: YES                         { $$ = NPPPD_MPPE_ENABLED; }
525
		| NO                          { $$ = NPPPD_MPPE_DISABLED; }
526
		| REQUIRED                    { $$ = NPPPD_MPPE_REQUIRED; }
527
		;
528
529
address		: STRING {
530
			int              retval;
531
			struct addrinfo  hint, *res;
532
533
			memset(&hint, 0, sizeof(hint));
534
			hint.ai_family = PF_UNSPEC;
535
			hint.ai_socktype = SOCK_DGRAM;	/* dummy */
536
			hint.ai_flags = AI_NUMERICHOST;
537
538
			if ((retval = getaddrinfo($1, NULL, &hint, &res))
539
			    != 0) {
540
				yyerror("could not parse the address %s: %s",
541
				    $1, gai_strerror(retval));
542
				free($1);
543
				YYERROR;
544
			}
545
			free($1);
546
547
			if (res->ai_family != AF_INET &&
548
			    res->ai_family != AF_INET6) {
549
				yyerror("address family(%d) is not supported",
550
				    res->ai_family);
551
				freeaddrinfo(res);
552
				YYERROR;
553
			}
554
			memcpy(&($$), res->ai_addr, res->ai_addrlen);
555
556
			freeaddrinfo(res);
557
		}
558
		;
559
560
addressport	: address optport {
561
			$$ = $1;
562
			((struct sockaddr_in *)&($$))->sin_port = htons($2);
563
		}
564
		;
565
566
in4_addr	: STRING {
567
			if (inet_aton($1, &($$)) != 1) {
568
				yyerror("could not parse the address %s", $1);
569
				free($1);
570
				YYERROR;
571
			}
572
		}
573
		;
574
575
authmethod_l	: authmethod                  { $$ = $1; }
576
		| authmethod_l authmethod     { $$ |= $2; }
577
		;
578
579
authmethod	: PAP                         { $$ = NPPPD_AUTH_METHODS_PAP; }
580
		| CHAP                        { $$ = NPPPD_AUTH_METHODS_CHAP; }
581
		| MSCHAPV2 {
582
		    $$ = NPPPD_AUTH_METHODS_MSCHAPV2;
583
		}
584
		;
585
586
mppekeylen_l    : mppekeylen                  { $$ = $1; }
587
		| mppekeylen_l mppekeylen     { $$ |= $2; }
588
		;
589
590
mppekeylen	: NUMBER {
591
			if ($1 == 40)       $$ = NPPPD_MPPE_40BIT;
592
			else if ($1 == 56)  $$ = NPPPD_MPPE_56BIT;
593
			else if ($1 == 128) $$ = NPPPD_MPPE_128BIT;
594
			else {
595
				yyerror("%"PRId64": unknown mppe key length",
596
				    $$);
597
				YYERROR;
598
			}
599
		}
600
		;
601
602
mppekeystate_l	: mppekeystate                { $$ = $1; }
603
		| mppekeystate_l mppekeystate { $$ |= $2; }
604
		;
605
606
mppekeystate	: STATEFUL                    { $$ = NPPPD_MPPE_STATEFUL; }
607
		| STATELESS                   { $$ = NPPPD_MPPE_STATELESS; }
608
		;
609
610
protobit_l	: protobit                    { $$ = $1; }
611
		| protobit_l protobit         { $$ |= $2; }
612
		;
613
614
protobit	: IP                          { $$ = NPPPD_PROTO_BIT_IP; }
615
		| LCP                         { $$ = NPPPD_PROTO_BIT_LCP; }
616
		| PAP                         { $$ = NPPPD_PROTO_BIT_PAP; }
617
		| CHAP                        { $$ = NPPPD_PROTO_BIT_CHAP; }
618
		| EAP                         { $$ = NPPPD_PROTO_BIT_EAP; }
619
		| MPPE                        { $$ = NPPPD_PROTO_BIT_MPPE; }
620
		| CCP                         { $$ = NPPPD_PROTO_BIT_CCP; }
621
		| IPCP                        { $$ = NPPPD_PROTO_BIT_IPCP; }
622
		;
623
624
/*
625
 * authentication { }
626
 */
627
authentication	: AUTHENTICATION STRING TYPE authtype {
628
			struct authconf *n;
629
630
			if (authconf_find($2) != NULL) {
631
				yyerror("authentication name %s is already in "
632
				    "use.", $2);
633
				free($2);
634
				YYERROR;
635
			}
636
			if ((n = malloc(sizeof(struct authconf))) == NULL) {
637
				yyerror("out of memory");
638
				free($2);
639
				YYERROR;
640
			}
641
			authconf_init(n);
642
			strlcpy(n->name, $2, sizeof(n->name));
643
			free($2);
644
			n->auth_type = $4;
645
			if ($4 == NPPPD_AUTH_TYPE_RADIUS) {
646
				TAILQ_INIT(&n->data.radius.auth.servers);
647
				TAILQ_INIT(&n->data.radius.acct.servers);
648
			}
649
			curr_authconf = n;
650
		} '{' optnl authopt_l '}' {
651
			TAILQ_INSERT_TAIL(&conf->authconfs, curr_authconf,
652
			    entry);
653
			curr_authconf = NULL;
654
		}
655
		;
656
657
authopt_l	: /* empty */
658
		| authopt_l authopt nl
659
		| authopt optnl
660
		;
661
662
authopt	: USERNAME_SUFFIX STRING {
663
			curr_authconf->username_suffix = $2;
664
		}
665
		| EAP_CAPABLE yesno {
666
			curr_authconf->eap_capable = $2;
667
		}
668
		| STRIP_NT_DOMAIN yesno {
669
			curr_authconf->strip_nt_domain = $2;
670
		}
671
		| STRIP_ATMARK_REALM yesno {
672
			curr_authconf->strip_atmark_realm = $2;
673
		}
674
		| USERS_FILE STRING {
675
			strlcpy(curr_authconf->users_file_path, $2,
676
			    sizeof(curr_authconf->users_file_path));
677
			free($2);
678
		}
679
		| USER_MAX_SESSION NUMBER {
680
			curr_authconf->user_max_session = $2;
681
		}
682
		| AUTHENTICATION_SERVER {
683
			if (curr_authconf->auth_type != NPPPD_AUTH_TYPE_RADIUS){
684
				yyerror("`authentication-server' can not be "
685
				    "used for this type.");
686
				YYERROR;
687
			}
688
			curr_radconf = &curr_authconf->data.radius.auth;
689
		} '{' optnl radopt_l '}'
690
		| ACCOUNTING_SERVER {
691
			if (curr_authconf->auth_type != NPPPD_AUTH_TYPE_RADIUS){
692
				yyerror("`accounting-server' can not be used "
693
				    "for this type.");
694
				YYERROR;
695
			}
696
			curr_radconf = &curr_authconf->data.radius.acct;
697
		} '{' optnl radopt_l '}'
698
		;
699
700
optport		: /* empty */                 { $$ = 0; }
701
		| PORT NUMBER                 { $$ = $2; }
702
		;
703
704
authtype	: LOCAL		              { $$ = NPPPD_AUTH_TYPE_LOCAL; }
705
		| RADIUS	              { $$ = NPPPD_AUTH_TYPE_RADIUS; }
706
		;
707
708
radopt_l	:
709
		| radopt_l radopt nl
710
		| radopt optnl
711
		;
712
713
radopt		: ADDRESS address optport SECRET STRING {
714
			int               cnt;
715
			struct radserver *n;
716
717
			if (strlen($5) > MAX_RADIUS_SECRET - 1) {
718
				yyerror("`secret' is too long.  "
719
				    "use less than %d chars.",
720
				    MAX_RADIUS_SECRET - 1);
721
				YYERROR;
722
			}
723
			cnt = 0;
724
			TAILQ_FOREACH(n, &curr_radconf->servers, entry) {
725
				cnt++;
726
			}
727
			if (cnt >= MAX_RADIUS_SERVERS) {
728
				yyerror("too many radius servers.  use less "
729
				    "than or equal to %d servers.",
730
				    MAX_RADIUS_SERVERS);
731
				YYERROR;
732
			}
733
			if ((n = malloc(sizeof(struct radserver))) == NULL) {
734
				yyerror("out of memory");
735
				YYERROR;
736
			}
737
			n->address = $2;
738
			((struct sockaddr_in *)&n->address)->sin_port =
739
			    htons($3);
740
			n->secret = $5;
741
			TAILQ_INSERT_TAIL(&curr_radconf->servers, n, entry);
742
		}
743
		| X_TIMEOUT NUMBER {
744
			curr_radconf->timeout = $2;
745
		}
746
		| MAX_TRIES NUMBER {
747
			curr_radconf->max_tries = $2;
748
		}
749
		| MAX_FAILOVERS NUMBER {
750
			curr_radconf->max_failovers = $2;
751
		}
752
		;
753
/*
754
 * ipcp { }
755
 */
756
ipcp		: IPCP STRING {
757
			int              cnt;
758
			struct ipcpconf *n;
759
760
			cnt = 0;
761
			/*
762
			TAILQ_FOREACH(n, &conf->ipcpconfs, entry) {
763
				cnt++;
764
			}
765
			if (cnt >= NPPPD_MAX_POOL) {
766
				yyerror("too many `ipcp' settings.  it must be "
767
				    "less than or euals to %d.",
768
				    NPPPD_MAX_POOL);
769
				YYERROR;
770
			}
771
			*/
772
773
			if (ipcpconf_find($2) != NULL) {
774
				yyerror("ipcp name %s is already in use.", $2);
775
				free($2);
776
				YYERROR;
777
			}
778
			if ((n = malloc(sizeof(struct ipcpconf))) == NULL) {
779
				yyerror("out of memory");
780
				free($2);
781
				YYERROR;
782
			}
783
			ipcpconf_init(n);
784
			strlcpy(n->name, $2, sizeof(n->name));
785
			free($2);
786
			curr_ipcpconf = n;
787
		} '{' optnl ipcpopt_l '}' {
788
			TAILQ_INSERT_TAIL(&conf->ipcpconfs, curr_ipcpconf,
789
			    entry);
790
			curr_ipcpconf = NULL;
791
		}
792
		;
793
794
ipcpopt_l	: /* empty */
795
		| ipcpopt_l ipcpopt nl
796
		| ipcpopt optnl
797
		;
798
799
ipcpopt		: POOL_ADDRESS STRING ipcppooltype {
800
			if ($3 != 1) {
801
				if (in_addr_range_list_add(
802
				    &curr_ipcpconf->dynamic_pool, $2) != 0) {
803
					yyerror("out of memory");
804
					free($2);
805
					YYERROR;
806
				}
807
			}
808
			if (in_addr_range_list_add(
809
			    &curr_ipcpconf->static_pool, $2) != 0) {
810
				yyerror("out of memory");
811
				free($2);
812
				YYERROR;
813
			}
814
			free($2);
815
		}
816
		| DNS_SERVERS RESOLVER {
817
			curr_ipcpconf->dns_use_resolver = true;
818
			curr_ipcpconf->dns_servers[0].s_addr = 0;
819
			curr_ipcpconf->dns_servers[1].s_addr = 0;
820
		}
821
		| DNS_SERVERS in4_addr in4_addr {
822
			curr_ipcpconf->dns_use_resolver  = false;
823
			curr_ipcpconf->dns_servers[0] = $2;
824
			curr_ipcpconf->dns_servers[1] = $3;
825
		}
826
		| DNS_SERVERS in4_addr {
827
			curr_ipcpconf->dns_use_resolver  = false;
828
			curr_ipcpconf->dns_servers[0] = $2;
829
			curr_ipcpconf->dns_servers[1].s_addr = 0;
830
		}
831
		| NBNS_SERVERS in4_addr in4_addr {
832
			curr_ipcpconf->nbns_servers[0] = $2;
833
			curr_ipcpconf->nbns_servers[1] = $3;
834
		}
835
		| NBNS_SERVERS in4_addr {
836
			curr_ipcpconf->nbns_servers[0] = $2;
837
			curr_ipcpconf->nbns_servers[1].s_addr = 0;
838
		}
839
		| ALLOW_USER_SELECTED_ADDRESS yesno {
840
			curr_ipcpconf->allow_user_select = $2;
841
		}
842
		| MAX_SESSION NUMBER {
843
			curr_ipcpconf->max_session = $2;
844
		}
845
		;
846
847
ipcppooltype	: /* empty */                 { $$ = 0; }
848
		| FOR DYNAMIC                 { $$ = 0; }
849
		| FOR STATIC                  { $$ = 1; }
850
		;
851
852
853
/*
854
 * interface
855
 */
856
interface	: INTERFACE STRING ADDRESS in4_addr IPCP STRING {
857
			int              cnt;
858
			struct iface    *n;
859
			struct ipcpconf *ipcp;
860
861
			cnt = 0;
862
			TAILQ_FOREACH(n, &conf->ifaces, entry) {
863
				cnt++;
864
			}
865
			if (cnt >= NPPPD_MAX_IFACE) {
866
				yyerror("too many interfaces.  use less than "
867
				    "or equal to %d", NPPPD_MAX_IFACE);
868
				YYERROR;
869
			}
870
871
			if ((ipcp = ipcpconf_find($6)) == NULL) {
872
				yyerror("ipcp %s is not found", $6);
873
				free($2);
874
				YYERROR;
875
			}
876
			if (iface_find($2) != NULL) {
877
				yyerror("interface %s is already in used.", $2);
878
				free($2);
879
				YYERROR;
880
			}
881
882
			if ((n = calloc(1, sizeof(struct iface))) == NULL) {
883
				yyerror("out of memory");
884
				free($2);
885
				YYERROR;
886
			}
887
			strlcpy(n->name, $2, sizeof(n->name));
888
			free($2);
889
			n->ip4addr = $4;
890
			if (strncmp(n->name, "pppx", 4) == 0)
891
				n->is_pppx = true;
892
893
			n->ipcpconf = ipcp;
894
			TAILQ_INSERT_TAIL(&conf->ifaces, n, entry);
895
		}
896
		;
897
898
/*
899
 * bind
900
 */
901
bind		: BIND TUNNEL FROM STRING AUTHENTICATED BY STRING TO STRING {
902
			struct authconf  *auth;
903
			struct tunnconf  *tunn;
904
			struct iface     *iface;
905
			struct confbind  *n;
906
907
			if ((tunn = tunnconf_find($4)) == NULL) {
908
				yyerror("tunnel %s is not found", $4);
909
				free($4);
910
				free($7);
911
				free($9);
912
				YYERROR;
913
			}
914
			if ((auth = authconf_find($7)) == NULL) {
915
				yyerror("authentication %s is not found", $7);
916
				free($4);
917
				free($7);
918
				free($9);
919
				YYERROR;
920
			}
921
			if ((iface = iface_find($9)) == NULL) {
922
				yyerror("interface %s is not found", $9);
923
				free($4);
924
				free($7);
925
				free($9);
926
				YYERROR;
927
			}
928
			if ((n = malloc(sizeof(struct confbind))) == NULL) {
929
				yyerror("out of memory");
930
				free($4);
931
				free($7);
932
				free($9);
933
				YYERROR;
934
			}
935
			n->tunnconf = tunn;
936
			n->authconf = auth;
937
			n->iface = iface;
938
			TAILQ_INSERT_TAIL(&conf->confbinds, n, entry);
939
		}
940
		;
941
942
yesno           : YES                         { $$ = true; }
943
		| NO                          { $$ = false; }
944
		;
945
946
optnl		: '\n' optnl
947
		|
948
		;
949
950
nl		: '\n' optnl
951
		;
952
953
%%
954
955
struct keywords {
956
	const char	*k_name;
957
	int		 k_val;
958
};
959
960
int
961
yyerror(const char *fmt, ...)
962
{
963
	va_list		 ap;
964
	char		*msg;
965
966
	file->errors++;
967
	va_start(ap, fmt);
968
	if (vasprintf(&msg, fmt, ap) == -1)
969
		fatalx("yyerror vasprintf");
970
	va_end(ap);
971
	logit(LOG_CRIT, "%s:%d: %s", file->name, yylval.lineno, msg);
972
	free(msg);
973
	return (0);
974
}
975
976
int
977
kw_cmp(const void *k, const void *e)
978
{
979
	return (strcmp(k, ((const struct keywords *)e)->k_name));
980
}
981
982
int
983
lookup(char *s)
984
{
985
	/* this has to be sorted always */
986
	static const struct keywords keywords[] = {
987
		{ "accounting-server",            ACCOUNTING_SERVER},
988
		{ "address",                      ADDRESS},
989
		{ "allow-user-selected-address",  ALLOW_USER_SELECTED_ADDRESS},
990
		{ "authenticated",                AUTHENTICATED},
991
		{ "authentication",               AUTHENTICATION},
992
		{ "authentication-method",        AUTHENTICATION_METHOD},
993
		{ "authentication-server",        AUTHENTICATION_SERVER},
994
		{ "bind",                         BIND},
995
		{ "by",                           BY},
996
		{ "callnum-check",                CALLNUM_CHECK},
997
		{ "ccp",                          CCP},
998
		{ "ccp-max-configure",            CCP_MAX_CONFIGURE},
999
		{ "ccp-max-nak-loop",             CCP_MAX_NAK_LOOP},
1000
		{ "ccp-max-terminate",            CCP_MAX_TERMINATE},
1001
		{ "ccp-timeout",                  CCP_TIMEOUT},
1002
		{ "chap",                         CHAP},
1003
		{ "chap-name",                    CHAP_NAME},
1004
		{ "debug-dump-pktin",             DEBUG_DUMP_PKTIN},
1005
		{ "debug-dump-pktout",            DEBUG_DUMP_PKTOUT},
1006
		{ "dns-servers",                  DNS_SERVERS},
1007
		{ "dynamic",                      DYNAMIC},
1008
		{ "eap",                          EAP},
1009
		{ "eap-capable",                  EAP_CAPABLE},
1010
		{ "for",                          FOR},
1011
		{ "from",                         FROM},
1012
		{ "idle-timeout",                 IDLE_TIMEOUT},
1013
		{ "ingress-filter",               INGRESS_FILTER},
1014
		{ "interface",                    INTERFACE},
1015
		{ "ip",                           IP},
1016
		{ "ipcp",                         IPCP},
1017
		{ "ipcp-max-configure",           IPCP_MAX_CONFIGURE},
1018
		{ "ipcp-max-nak-loop",            IPCP_MAX_NAK_LOOP},
1019
		{ "ipcp-max-terminate",           IPCP_MAX_TERMINATE},
1020
		{ "ipcp-timeout",                 IPCP_TIMEOUT},
1021
		{ "l2tp",                         L2TP},
1022
		{ "l2tp-accept-dialin",           L2TP_ACCEPT_DIALIN},
1023
		{ "l2tp-ctrl-in-pktdump",         L2TP_CTRL_IN_PKTDUMP},
1024
		{ "l2tp-ctrl-out-pktdump",        L2TP_CTRL_OUT_PKTDUMP},
1025
		{ "l2tp-data-in-pktdump",         L2TP_DATA_IN_PKTDUMP},
1026
		{ "l2tp-data-out-pktdump",        L2TP_DATA_OUT_PKTDUMP},
1027
		{ "l2tp-data-use-seq",            L2TP_DATA_USE_SEQ},
1028
		{ "l2tp-force-lcp-renegotiation", L2TP_FORCE_LCP_RENEGOTIATION},
1029
		{ "l2tp-hello-interval",          L2TP_HELLO_INTERVAL},
1030
		{ "l2tp-hello-timeout",           L2TP_HELLO_TIMEOUT},
1031
		{ "l2tp-hostname",                L2TP_HOSTNAME},
1032
		{ "l2tp-lcp-renegotiation",       L2TP_LCP_RENEGOTIATION},
1033
		{ "l2tp-require-ipsec",           L2TP_REQUIRE_IPSEC},
1034
		{ "l2tp-vendor-name",             L2TP_VENDOR_NAME},
1035
		{ "lcp",                          LCP},
1036
		{ "lcp-keepalive",                LCP_KEEPALIVE},
1037
		{ "lcp-keepalive-interval",       LCP_KEEPALIVE_INTERVAL},
1038
		{ "lcp-keepalive-max-retries",    LCP_KEEPALIVE_MAX_RETRIES },
1039
		{ "lcp-keepalive-retry-interval", LCP_KEEPALIVE_RETRY_INTERVAL},
1040
		{ "lcp-max-configure",            LCP_MAX_CONFIGURE},
1041
		{ "lcp-max-nak-loop",             LCP_MAX_NAK_LOOP},
1042
		{ "lcp-max-terminate",            LCP_MAX_TERMINATE},
1043
		{ "lcp-timeout",                  LCP_TIMEOUT},
1044
		{ "listen",                       LISTEN},
1045
		{ "local",                        LOCAL},
1046
		{ "max-failovers",                MAX_FAILOVERS},
1047
		{ "max-session",                  MAX_SESSION},
1048
		{ "max-tries",                    MAX_TRIES},
1049
		{ "mppe",                         MPPE},
1050
		{ "mppe-key-length",              MPPE_KEY_LENGTH},
1051
		{ "mppe-key-state",               MPPE_KEY_STATE},
1052
		{ "mru",                          MRU},
1053
		{ "mschapv2",                     MSCHAPV2},
1054
		{ "nbns-servers",                 NBNS_SERVERS},
1055
		{ "no",                           NO},
1056
		{ "on",                           ON},
1057
		{ "pap",                          PAP},
1058
		{ "pipex",                        PIPEX},
1059
		{ "pool-address",                 POOL_ADDRESS},
1060
		{ "port",                         PORT},
1061
		{ "pppoe",                        PPPOE},
1062
		{ "pppoe-ac-name",                PPPOE_AC_NAME},
1063
		{ "pppoe-accept-any-service",     PPPOE_ACCEPT_ANY_SERVICE},
1064
		{ "pppoe-desc-in-pktdump",        PPPOE_DESC_IN_PKTDUMP},
1065
		{ "pppoe-desc-out-pktdump",       PPPOE_DESC_OUT_PKTDUMP},
1066
		{ "pppoe-service-name",           PPPOE_SERVICE_NAME},
1067
		{ "pppoe-session-in-pktdump",     PPPOE_SESSION_IN_PKTDUMP},
1068
		{ "pppoe-session-out-pktdump",    PPPOE_SESSION_OUT_PKTDUMP},
1069
		{ "pptp",                         PPTP},
1070
		{ "pptp-ctrl-in-pktdump",         PPTP_CTRL_IN_PKTDUMP},
1071
		{ "pptp-ctrl-out-pktdump",        PPTP_CTRL_OUT_PKTDUMP},
1072
		{ "pptp-data-in-pktdump",         PPTP_DATA_IN_PKTDUMP},
1073
		{ "pptp-data-out-pktdump",        PPTP_DATA_OUT_PKTDUMP},
1074
		{ "pptp-echo-interval",           PPTP_ECHO_INTERVAL},
1075
		{ "pptp-echo-timeout",            PPTP_ECHO_TIMEOUT},
1076
		{ "pptp-hostname",                PPTP_HOSTNAME},
1077
		{ "pptp-vendor-name",             PPTP_VENDOR_NAME},
1078
		{ "protocol",                     PROTOCOL},
1079
		{ "radius",                       RADIUS},
1080
		{ "required",                     REQUIRED},
1081
		{ "resolver",                     RESOLVER},
1082
		{ "secret",                       SECRET},
1083
		{ "set",                          SET},
1084
		{ "stateful",                     STATEFUL},
1085
		{ "stateless",                    STATELESS},
1086
		{ "static",                       STATIC},
1087
		{ "strip-atmark-realm",           STRIP_ATMARK_REALM},
1088
		{ "strip-nt-domain",              STRIP_NT_DOMAIN},
1089
		{ "tcp-mss-adjust",               TCP_MSS_ADJUST},
1090
		{ "timeout",                      X_TIMEOUT},
1091
		{ "to",                           TO},
1092
		{ "tunnel",                       TUNNEL},
1093
		{ "type",                         TYPE},
1094
		{ "user-max-session",             USER_MAX_SESSION},
1095
		{ "username-suffix",              USERNAME_SUFFIX},
1096
		{ "users-file",                   USERS_FILE},
1097
		{ "yes",                          YES}
1098
	};
1099
	const struct keywords	*p;
1100
1101
	p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]),
1102
	    sizeof(keywords[0]), kw_cmp);
1103
1104
	if (p)
1105
		return (p->k_val);
1106
	else
1107
		return (STRING);
1108
}
1109
1110
#define MAXPUSHBACK	128
1111
1112
u_char	*parsebuf;
1113
int	 parseindex;
1114
u_char	 pushback_buffer[MAXPUSHBACK];
1115
int	 pushback_index = 0;
1116
1117
int
1118
lgetc(int quotec)
1119
{
1120
	int		c, next;
1121
1122
	if (parsebuf) {
1123
		/* Read character from the parsebuffer instead of input. */
1124
		if (parseindex >= 0) {
1125
			c = parsebuf[parseindex++];
1126
			if (c != '\0')
1127
				return (c);
1128
			parsebuf = NULL;
1129
		} else
1130
			parseindex++;
1131
	}
1132
1133
	if (pushback_index)
1134
		return (pushback_buffer[--pushback_index]);
1135
1136
	if (quotec) {
1137
		if ((c = getc(file->stream)) == EOF) {
1138
			yyerror("reached end of file while parsing "
1139
			    "quoted string");
1140
			if (file == topfile || popfile() == EOF)
1141
				return (EOF);
1142
			return (quotec);
1143
		}
1144
		return (c);
1145
	}
1146
1147
	while ((c = getc(file->stream)) == '\\') {
1148
		next = getc(file->stream);
1149
		if (next != '\n') {
1150
			c = next;
1151
			break;
1152
		}
1153
		yylval.lineno = file->lineno;
1154
		file->lineno++;
1155
	}
1156
1157
	while (c == EOF) {
1158
		if (file == topfile || popfile() == EOF)
1159
			return (EOF);
1160
		c = getc(file->stream);
1161
	}
1162
	return (c);
1163
}
1164
1165
int
1166
lungetc(int c)
1167
{
1168
	if (c == EOF)
1169
		return (EOF);
1170
	if (parsebuf) {
1171
		parseindex--;
1172
		if (parseindex >= 0)
1173
			return (c);
1174
	}
1175
	if (pushback_index < MAXPUSHBACK-1)
1176
		return (pushback_buffer[pushback_index++] = c);
1177
	else
1178
		return (EOF);
1179
}
1180
1181
int
1182
findeol(void)
1183
{
1184
	int	c;
1185
1186
	parsebuf = NULL;
1187
1188
	/* skip to either EOF or the first real EOL */
1189
	while (1) {
1190
		if (pushback_index)
1191
			c = pushback_buffer[--pushback_index];
1192
		else
1193
			c = lgetc(0);
1194
		if (c == '\n') {
1195
			file->lineno++;
1196
			break;
1197
		}
1198
		if (c == EOF)
1199
			break;
1200
	}
1201
	return (ERROR);
1202
}
1203
1204
int
1205
yylex(void)
1206
{
1207
	u_char	 buf[8096];
1208
	u_char	*p;
1209
	int	 quotec, next, c;
1210
	int	 token;
1211
1212
	p = buf;
1213
	while ((c = lgetc(0)) == ' ' || c == '\t')
1214
		; /* nothing */
1215
1216
	yylval.lineno = file->lineno;
1217
	if (c == '#')
1218
		while ((c = lgetc(0)) != '\n' && c != EOF)
1219
			; /* nothing */
1220
1221
	switch (c) {
1222
	case '\'':
1223
	case '"':
1224
		quotec = c;
1225
		while (1) {
1226
			if ((c = lgetc(quotec)) == EOF)
1227
				return (0);
1228
			if (c == '\n') {
1229
				file->lineno++;
1230
				continue;
1231
			} else if (c == '\\') {
1232
				if ((next = lgetc(quotec)) == EOF)
1233
					return (0);
1234
				if (next == quotec || c == ' ' || c == '\t')
1235
					c = next;
1236
				else if (next == '\n') {
1237
					file->lineno++;
1238
					continue;
1239
				} else
1240
					lungetc(next);
1241
			} else if (c == quotec) {
1242
				*p = '\0';
1243
				break;
1244
			} else if (c == '\0') {
1245
				yyerror("syntax error");
1246
				return (findeol());
1247
			}
1248
			if (p + 1 >= buf + sizeof(buf) - 1) {
1249
				yyerror("string too long");
1250
				return (findeol());
1251
			}
1252
			*p++ = c;
1253
		}
1254
		yylval.v.string = strdup(buf);
1255
		if (yylval.v.string == NULL)
1256
			fatal("yylex: strdup");
1257
		return (STRING);
1258
	}
1259
1260
#define allowed_to_end_number(x) \
1261
	(isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' || x == '=')
1262
1263
	if (c == '-' || isdigit(c)) {
1264
		do {
1265
			*p++ = c;
1266
			if ((unsigned)(p-buf) >= sizeof(buf)) {
1267
				yyerror("string too long");
1268
				return (findeol());
1269
			}
1270
		} while ((c = lgetc(0)) != EOF && isdigit(c));
1271
		lungetc(c);
1272
		if (p == buf + 1 && buf[0] == '-')
1273
			goto nodigits;
1274
		if (c == EOF || allowed_to_end_number(c)) {
1275
			const char *errstr = NULL;
1276
1277
			*p = '\0';
1278
			yylval.v.number = strtonum(buf, LLONG_MIN,
1279
			    LLONG_MAX, &errstr);
1280
			if (errstr) {
1281
				yyerror("\"%s\" invalid number: %s",
1282
				    buf, errstr);
1283
				return (findeol());
1284
			}
1285
			return (NUMBER);
1286
		} else {
1287
nodigits:
1288
			while (p > buf + 1)
1289
				lungetc(*--p);
1290
			c = *--p;
1291
			if (c == '-')
1292
				return (c);
1293
		}
1294
	}
1295
1296
#define allowed_in_string(x) \
1297
	(isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \
1298
	x != '{' && x != '}' && x != '<' && x != '>' && \
1299
	x != '!' && x != '=' && x != '/' && x != '#' && \
1300
	x != ','))
1301
1302
	if (isalnum(c) || c == ':' || c == '_' || c == '*') {
1303
		do {
1304
			*p++ = c;
1305
			if ((unsigned)(p-buf) >= sizeof(buf)) {
1306
				yyerror("string too long");
1307
				return (findeol());
1308
			}
1309
		} while ((c = lgetc(0)) != EOF && (allowed_in_string(c)));
1310
		lungetc(c);
1311
		*p = '\0';
1312
		if ((token = lookup(buf)) == STRING)
1313
			if ((yylval.v.string = strdup(buf)) == NULL)
1314
				fatal("yylex: strdup");
1315
		return (token);
1316
	}
1317
	if (c == '\n') {
1318
		yylval.lineno = file->lineno;
1319
		file->lineno++;
1320
	}
1321
	if (c == EOF)
1322
		return (0);
1323
	return (c);
1324
}
1325
1326
struct file *
1327
pushfile(const char *name)
1328
{
1329
	struct file	*nfile;
1330
1331
	if ((nfile = calloc(1, sizeof(struct file))) == NULL) {
1332
		log_warn("malloc");
1333
		return (NULL);
1334
	}
1335
	if ((nfile->name = strdup(name)) == NULL) {
1336
		log_warn("malloc");
1337
		free(nfile);
1338
		return (NULL);
1339
	}
1340
#ifdef NO_PRIVSEP
1341
	if ((nfile->stream = fopen(nfile->name, "r")) == NULL) {
1342
#else
1343
	if ((nfile->stream = priv_fopen(nfile->name)) == NULL) {
1344
#endif
1345
		log_warn("%s", nfile->name);
1346
		free(nfile->name);
1347
		free(nfile);
1348
		return (NULL);
1349
	}
1350
	nfile->lineno = 1;
1351
	TAILQ_INSERT_TAIL(&files, nfile, entry);
1352
	return (nfile);
1353
}
1354
1355
int
1356
popfile(void)
1357
{
1358
	struct file	*prev;
1359
1360
	if ((prev = TAILQ_PREV(file, files, entry)) != NULL)
1361
		prev->errors += file->errors;
1362
1363
	TAILQ_REMOVE(&files, file, entry);
1364
	fclose(file->stream);
1365
	free(file->name);
1366
	free(file);
1367
	file = prev;
1368
	return (file ? 0 : EOF);
1369
}
1370
1371
int
1372
npppd_conf_parse(struct npppd_conf *xconf, const char *filename)
1373
{
1374
	int  errors = 0;
1375
1376
	conf = xconf;
1377
1378
	if ((file = pushfile(filename)) == NULL) {
1379
		return (-1);
1380
	}
1381
	topfile = file;
1382
1383
	yyparse();
1384
	errors = file->errors;
1385
	popfile();
1386
1387
	if (curr_tunnconf != NULL) {
1388
		tunnconf_fini(curr_tunnconf);
1389
		free(curr_tunnconf);
1390
	}
1391
	curr_tunnconf = NULL;
1392
	if (curr_authconf != NULL) {
1393
		authconf_fini(curr_authconf);
1394
		free(curr_authconf);
1395
	}
1396
	curr_authconf = NULL;
1397
	if (curr_ipcpconf != NULL) {
1398
		ipcpconf_fini(curr_ipcpconf);
1399
		free(curr_ipcpconf);
1400
	}
1401
	curr_ipcpconf = NULL;
1402
1403
	if (errors)
1404
		npppd_conf_fini(xconf);
1405
1406
	return (errors ? -1 : 0);
1407
}
1408
1409
void
1410
npppd_conf_init(struct npppd_conf *xconf)
1411
{
1412
	memset(xconf, 0, sizeof(struct npppd_conf));
1413
	TAILQ_INIT(&xconf->tunnconfs);
1414
	TAILQ_INIT(&xconf->authconfs);
1415
	TAILQ_INIT(&xconf->ipcpconfs);
1416
	TAILQ_INIT(&xconf->ifaces);
1417
	TAILQ_INIT(&xconf->confbinds);
1418
	TAILQ_INIT(&xconf->l2tp_confs);
1419
	TAILQ_INIT(&xconf->pptp_confs);
1420
	TAILQ_INIT(&xconf->pppoe_confs);
1421
}
1422
1423
void
1424
npppd_conf_fini(struct npppd_conf *xconf)
1425
{
1426
	struct tunnconf *tunn, *tunn0;
1427
	struct authconf *auth, *auth0;
1428
	struct ipcpconf *ipcp, *ipcp0;
1429
	struct iface    *iface, *iface0;
1430
	struct confbind *confbind, *confbind0;
1431
1432
	TAILQ_FOREACH_SAFE(tunn, &xconf->tunnconfs, entry, tunn0) {
1433
		tunnconf_fini(tunn);
1434
	}
1435
	TAILQ_FOREACH_SAFE(auth, &xconf->authconfs, entry, auth0) {
1436
		authconf_fini(auth);
1437
	}
1438
	TAILQ_FOREACH_SAFE(ipcp, &xconf->ipcpconfs, entry, ipcp0) {
1439
		ipcpconf_fini(ipcp);
1440
	}
1441
	TAILQ_FOREACH_SAFE(iface, &xconf->ifaces, entry, iface0) {
1442
		free(iface);
1443
	}
1444
	TAILQ_FOREACH_SAFE(confbind, &xconf->confbinds, entry, confbind0) {
1445
		free(confbind);
1446
	}
1447
	TAILQ_INIT(&xconf->l2tp_confs);
1448
	TAILQ_INIT(&xconf->pptp_confs);
1449
	TAILQ_INIT(&xconf->pppoe_confs);
1450
}
1451
1452
void
1453
tunnconf_fini(struct tunnconf *tun)
1454
{
1455
	if (tun->chap_name != NULL)
1456
		free(tun->chap_name);
1457
	tun->chap_name = NULL;
1458
1459
	switch (tun->protocol) {
1460
	case NPPPD_TUNNEL_L2TP:
1461
	    {
1462
		struct l2tp_listen_addr	*l_addr, *l_tmp;
1463
1464
		if (tun->proto.l2tp.hostname != NULL)
1465
			free(tun->proto.l2tp.hostname);
1466
		tun->proto.l2tp.hostname = NULL;
1467
		if (tun->proto.l2tp.vendor_name != NULL)
1468
			free(tun->proto.l2tp.vendor_name);
1469
		tun->proto.l2tp.vendor_name = NULL;
1470
		TAILQ_FOREACH_SAFE(l_addr, &tun->proto.l2tp.listen, entry,
1471
		    l_tmp) {
1472
			TAILQ_REMOVE(&tun->proto.l2tp.listen, l_addr, entry);
1473
			free(l_addr);
1474
		}
1475
		break;
1476
	    }
1477
	case NPPPD_TUNNEL_PPTP:
1478
	    {
1479
		struct pptp_listen_addr	*p_addr, *p_tmp;
1480
1481
		if (tun->proto.pptp.hostname != NULL)
1482
			free(tun->proto.pptp.hostname);
1483
		tun->proto.pptp.hostname = NULL;
1484
		if (tun->proto.pptp.vendor_name != NULL)
1485
			free(tun->proto.pptp.vendor_name);
1486
		tun->proto.pptp.vendor_name = NULL;
1487
		TAILQ_FOREACH_SAFE(p_addr, &tun->proto.pptp.listen, entry,
1488
		    p_tmp) {
1489
			TAILQ_REMOVE(&tun->proto.pptp.listen, p_addr, entry);
1490
			free(p_addr);
1491
		}
1492
		break;
1493
	    }
1494
	case NPPPD_TUNNEL_PPPOE:
1495
		if (tun->proto.pppoe.service_name != NULL)
1496
			free(tun->proto.pppoe.service_name);
1497
		tun->proto.pppoe.service_name = NULL;
1498
		if (tun->proto.pppoe.ac_name != NULL)
1499
			free(tun->proto.pppoe.ac_name);
1500
		tun->proto.pppoe.ac_name = NULL;
1501
		break;
1502
	}
1503
}
1504
1505
void
1506
tunnconf_init(struct tunnconf *tun, int protocol)
1507
{
1508
	extern struct tunnconf tunnconf_default_l2tp, tunnconf_default_pptp;
1509
	extern struct tunnconf tunnconf_default_pppoe;
1510
1511
	switch (protocol) {
1512
	case NPPPD_TUNNEL_L2TP:
1513
		memcpy(tun, &tunnconf_default_l2tp, sizeof(struct tunnconf));
1514
		TAILQ_INIT(&tun->proto.l2tp.listen);
1515
		break;
1516
	case NPPPD_TUNNEL_PPTP:
1517
		memcpy(tun, &tunnconf_default_pptp, sizeof(struct tunnconf));
1518
		TAILQ_INIT(&tun->proto.pptp.listen);
1519
		break;
1520
	case NPPPD_TUNNEL_PPPOE:
1521
		memcpy(tun, &tunnconf_default_pppoe, sizeof(struct tunnconf));
1522
		break;
1523
	}
1524
}
1525
1526
struct tunnconf *
1527
tunnconf_find(const char *name)
1528
{
1529
	struct tunnconf *tunn;
1530
1531
	TAILQ_FOREACH(tunn, &conf->tunnconfs, entry) {
1532
		if (strcmp(tunn->name, name) == 0)
1533
			return tunn;
1534
	}
1535
1536
	return NULL;
1537
}
1538
1539
void
1540
authconf_init(struct authconf *auth)
1541
{
1542
	memset(auth, 0, sizeof(struct authconf));
1543
	auth->eap_capable = true;
1544
	auth->strip_nt_domain = true;
1545
	auth->strip_atmark_realm = false;
1546
}
1547
1548
void
1549
authconf_fini(struct authconf *auth)
1550
{
1551
	if (auth->username_suffix != NULL)
1552
		free(auth->username_suffix);
1553
	auth->username_suffix = NULL;
1554
1555
	switch (auth->auth_type) {
1556
	case NPPPD_AUTH_TYPE_RADIUS:
1557
		radconf_fini(&auth->data.radius.auth);
1558
		radconf_fini(&auth->data.radius.acct);
1559
		break;
1560
	}
1561
}
1562
1563
void
1564
radconf_fini(struct radconf *radconf)
1565
{
1566
	struct radserver *server, *server0;
1567
1568
	TAILQ_FOREACH_SAFE(server, &radconf->servers, entry, server0) {
1569
		if (server->secret != NULL)
1570
			free(server->secret);
1571
		server->secret = NULL;
1572
	}
1573
}
1574
1575
struct authconf *
1576
authconf_find(const char *name)
1577
{
1578
	struct authconf *auth;
1579
1580
	TAILQ_FOREACH(auth, &conf->authconfs, entry) {
1581
		if (strcmp(auth->name, name) == 0)
1582
			return auth;
1583
	}
1584
1585
	return NULL;
1586
}
1587
1588
void
1589
ipcpconf_init(struct ipcpconf *ipcp)
1590
{
1591
	memset(ipcp, 0, sizeof(struct ipcpconf));
1592
}
1593
1594
void
1595
ipcpconf_fini(struct ipcpconf *ipcp)
1596
{
1597
	if (ipcp->dynamic_pool != NULL)
1598
		in_addr_range_list_remove_all(&ipcp->dynamic_pool);
1599
	if (ipcp->static_pool != NULL)
1600
		in_addr_range_list_remove_all(&ipcp->static_pool);
1601
}
1602
1603
struct ipcpconf *
1604
ipcpconf_find(const char *name)
1605
{
1606
	struct ipcpconf *ipcp;
1607
1608
	TAILQ_FOREACH(ipcp, &conf->ipcpconfs, entry) {
1609
		if (strcmp(ipcp->name, name) == 0)
1610
			return ipcp;
1611
	}
1612
1613
	return NULL;
1614
}
1615
1616
struct iface *
1617
iface_find(const char *name)
1618
{
1619
	struct iface *iface;
1620
1621
	TAILQ_FOREACH(iface, &conf->ifaces, entry) {
1622
		if (strcmp(iface->name, name) == 0)
1623
			return iface;
1624
	}
1625
1626
	return NULL;
1627
}
1628
1629
void
1630
sa_set_in_addr_any(struct sockaddr *sa)
1631
{
1632
	memset(sa, 0, sizeof(struct sockaddr_in));
1633
1634
	sa->sa_family = AF_INET,
1635
	sa->sa_len = sizeof(struct sockaddr_in);
1636
	((struct sockaddr_in *)sa)->sin_addr.s_addr = htonl(INADDR_ANY);
1637
}