1 /* $OpenBSD: parse.y,v 1.31 2024/08/22 07:56:47 florian Exp $ */
2
3 /*
4 * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
5 * Copyright (c) 2001 Markus Friedl. All rights reserved.
6 * Copyright (c) 2001 Daniel Hartmeier. All rights reserved.
7 * Copyright (c) 2001 Theo de Raadt. All rights reserved.
8 *
9 * Permission to use, copy, modify, and distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 */
21
22 %{
23 #include <sys/types.h>
24 #include <sys/socket.h>
25 #include <sys/queue.h>
26 #include <netinet/in.h>
27 #include <arpa/inet.h>
28 #include <net/if.h>
29
30 #include <ctype.h>
31 #include <errno.h>
32 #include <inttypes.h>
33 #include <limits.h>
34 #include <stdarg.h>
35 #include <stddef.h>
36 #include <stdio.h>
37 #include <stdlib.h>
38 #include <string.h>
39 #include <syslog.h>
40 #include <netdb.h>
41 #include <event.h>
42
43 #include <stdbool.h>
44 #include "npppd_auth.h"
45 #include "npppd.h"
46 #ifdef USE_NPPPD_RADIUS
47 #include "radius_req.h"
48 #endif
49 #include "privsep.h"
50 #include "log.h"
51
52 TAILQ_HEAD(files, file) files = TAILQ_HEAD_INITIALIZER(files);
53 static struct file {
54 TAILQ_ENTRY(file) entry;
55 FILE *stream;
56 char *name;
57 int lineno;
58 int errors;
59 } *file, *topfile;
60 struct file *pushfile(const char *);
61 int popfile(void);
62 int yyparse(void);
63 int yylex(void);
64 int yyerror(const char *, ...)
65 __attribute__((__format__ (printf, 1, 2)))
66 __attribute__((__nonnull__ (1)));
67 int kw_cmp(const void *, const void *);
68 int lookup(char *);
69 int lgetc(int);
70 int lungetc(int);
71 int findeol(void);
72
73 static void tunnconf_init (struct tunnconf *, int);
74 static void tunnconf_fini (struct tunnconf *);
75 static struct tunnconf *tunnconf_find (const char *);
76 static void authconf_init (struct authconf *);
77 static void authconf_fini (struct authconf *);
78 static void radconf_fini (struct radconf *);
79 static struct authconf *authconf_find (const char *);
80 static void ipcpconf_init (struct ipcpconf *);
81 static void ipcpconf_fini (struct ipcpconf *);
82 static struct ipcpconf *ipcpconf_find (const char *);
83 static struct iface *iface_find (const char *);
84 static void sa_set_in_addr_any(struct sockaddr *);
85
86 struct npppd_conf *conf;
87 struct ipcpconf *curr_ipcpconf;
88 struct tunnconf *curr_tunnconf;
89 struct authconf *curr_authconf;
90 struct radconf *curr_radconf;
91
92 typedef struct {
93 union {
94 int64_t number;
95 char *string;
96 struct sockaddr_storage address;
97 struct in_addr in4_addr;
98 bool yesno;
99 } v;
100 int lineno;
101 } YYSTYPE;
102
103 %}
104
105 %token SET MAX_SESSION USER_MAX_SESSION
106 %token TUNNEL LISTEN ON PROTOCOL
107 %token MRU
108 %token IP LCP PAP CHAP EAP MPPE CCP MSCHAPV2 STATEFUL STATELESS REQUIRED
109 %token YES NO
110 %token L2TP PPTP PPPOE L2TP_HOSTNAME L2TP_VENDOR_NAME L2TP_DATA_USE_SEQ
111 %token L2TP_REQUIRE_IPSEC L2TP_LCP_RENEGOTIATION L2TP_FORCE_LCP_RENEGOTIATION
112 %token L2TP_CTRL_IN_PKTDUMP L2TP_CTRL_OUT_PKTDUMP L2TP_DATA_IN_PKTDUMP
113 %token L2TP_DATA_OUT_PKTDUMP PPTP_HOSTNAME
114 %token PPTP_VENDOR_NAME PPTP_ECHO_INTERVAL PPTP_ECHO_TIMEOUT
115 %token PPTP_CTRL_IN_PKTDUMP PPTP_CTRL_OUT_PKTDUMP PPTP_DATA_IN_PKTDUMP
116 %token PPTP_DATA_OUT_PKTDUMP
117 %token PPPOE_SERVICE_NAME PPPOE_ACCEPT_ANY_SERVICE PPPOE_AC_NAME
118 %token PPPOE_DESC_IN_PKTDUMP PPPOE_DESC_OUT_PKTDUMP PPPOE_SESSION_IN_PKTDUMP
119 %token PPPOE_SESSION_OUT_PKTDUMP
120 %token LCP_TIMEOUT LCP_MAX_CONFIGURE LCP_MAX_TERMINATE LCP_MAX_NAK_LOOP
121 %token LCP_KEEPALIVE LCP_KEEPALIVE_INTERVAL LCP_KEEPALIVE_RETRY_INTERVAL
122 %token LCP_KEEPALIVE_MAX_RETRIES AUTHENTICATION_METHOD CHAP_NAME
123 %token IPCP_TIMEOUT IPCP_MAX_CONFIGURE IPCP_MAX_TERMINATE IPCP_MAX_NAK_LOOP
124 %token CCP_TIMEOUT CCP_MAX_CONFIGURE CCP_MAX_TERMINATE CCP_MAX_NAK_LOOP
125 %token L2TP_HELLO_INTERVAL L2TP_HELLO_TIMEOUT L2TP_ACCEPT_DIALIN
126 %token MPPE MPPE_KEY_LENGTH MPPE_KEY_STATE
127 %token IDLE_TIMEOUT TCP_MSS_ADJUST INGRESS_FILTER CALLNUM_CHECK
128 %token PIPEX DEBUG_DUMP_PKTIN DEBUG_DUMP_PKTOUT
129 %token AUTHENTICATION TYPE LOCAL USERNAME_SUFFIX USERNAME_PREFIX EAP_CAPABLE
130 %token STRIP_NT_DOMAIN STRIP_ATMARK_REALM USERS_FILE
131 %token RADIUS AUTHENTICATION_SERVER ACCOUNTING_SERVER PORT
132 %token X_TIMEOUT MAX_TRIES MAX_FAILOVERS SECRET
133 %token POOL_ADDRESS DNS_SERVERS NBNS_SERVERS FOR STATIC DYNAMIC
134 %token RESOLVER ALLOW_USER_SELECTED_ADDRESS
135 %token INTERFACE ADDRESS IPCP
136 %token BIND FROM AUTHENTICATED BY TO
137 %token ERROR
138 %token DAE CLIENT NAS_ID
139 %token <v.string> STRING
140 %token <v.number> NUMBER
141 %type <v.yesno> yesno
142 %type <v.address> address
143 %type <v.address> addressport
144 %type <v.number> optport
145 %type <v.in4_addr> in4_addr
146 %type <v.number> tunnelproto
147 %type <v.number> mppeyesno
148 %type <v.number> mppekeylen
149 %type <v.number> mppekeylen_l
150 %type <v.number> mppekeystate
151 %type <v.number> mppekeystate_l
152 %type <v.number> protobit
153 %type <v.number> protobit_l
154 %type <v.number> authtype
155 %type <v.number> authmethod
156 %type <v.number> authmethod_l
157 %type <v.number> ipcppooltype
158
159 %%
160
161 grammar : /* empty */
162 | grammar '\n'
163 | grammar set '\n'
164 | grammar tunnel '\n'
165 | grammar authentication '\n'
166 | grammar ipcp '\n'
167 | grammar interface '\n'
168 | grammar bind '\n'
169 | grammar radius '\n'
170 | grammar error '\n' { file->errors++; }
171 ;
172
173
174 set : SET MAX_SESSION NUMBER { conf->max_session = $3; }
175 | SET USER_MAX_SESSION NUMBER { conf->user_max_session = $3; }
176 ;
177
178 /*
179 * tunnel { }
180 */
181 tunnel : TUNNEL STRING PROTOCOL tunnelproto {
182 struct tunnconf *n;
183
184 if (tunnconf_find($2) != NULL) {
185 yyerror("tunnel name = %s is already in use.",
186 $2);
187 free($2);
188 YYERROR;
189 }
190
191 if ((n = malloc(sizeof(struct tunnconf))) == NULL) {
192 yyerror("out of memory");
193 free($2);
194 YYERROR;
195 }
196 tunnconf_init(n, $4);
197 switch ($4) {
198 case NPPPD_TUNNEL_L2TP:
199 strlcpy(n->proto.l2tp.name, $2,
200 sizeof(n->proto.l2tp.name));
201 n->name = n->proto.l2tp.name;
202 break;
203 case NPPPD_TUNNEL_PPTP:
204 strlcpy(n->proto.pptp.name, $2,
205 sizeof(n->proto.pptp.name));
206 n->name = n->proto.pptp.name;
207 break;
208 case NPPPD_TUNNEL_PPPOE:
209 strlcpy(n->proto.pppoe.name, $2,
210 sizeof(n->proto.pppoe.name));
211 n->name = n->proto.pppoe.name;
212 break;
213 }
214 free($2);
215 n->protocol = $4;
216 curr_tunnconf = n;
217 } tunnopts {
218 TAILQ_INSERT_TAIL(&conf->tunnconfs, curr_tunnconf,
219 entry);
220 switch (curr_tunnconf->protocol) {
221 #ifdef USE_NPPPD_L2TP
222 case NPPPD_TUNNEL_L2TP:
223 if (TAILQ_EMPTY(
224 &curr_tunnconf->proto.l2tp.listen)) {
225 struct l2tp_listen_addr *addr;
226
227 if ((addr = malloc(sizeof(struct
228 l2tp_listen_addr))) == NULL) {
229 free(curr_tunnconf);
230 yyerror("out of memory");
231 YYERROR;
232 }
233 sa_set_in_addr_any(
234 (struct sockaddr *)&addr->addr);
235 TAILQ_INSERT_TAIL(&curr_tunnconf->proto.
236 l2tp.listen, addr, entry);
237 }
238 TAILQ_INSERT_TAIL(&conf->l2tp_confs,
239 &curr_tunnconf->proto.l2tp, entry);
240 break;
241 #endif
242 #ifdef USE_NPPPD_PPTP
243 case NPPPD_TUNNEL_PPTP:
244 if (TAILQ_EMPTY(
245 &curr_tunnconf->proto.pptp.listen)) {
246 struct pptp_listen_addr *addr;
247
248 if ((addr = malloc(sizeof(struct
249 pptp_listen_addr))) == NULL) {
250 free(curr_tunnconf);
251 yyerror("out of memory");
252 YYERROR;
253 }
254 sa_set_in_addr_any(
255 (struct sockaddr *)&addr->addr);
256 TAILQ_INSERT_TAIL(&curr_tunnconf->proto.
257 pptp.listen, addr, entry);
258 }
259 TAILQ_INSERT_TAIL(&conf->pptp_confs,
260 &curr_tunnconf->proto.pptp, entry);
261 break;
262 #endif
263 #ifdef USE_NPPPD_PPPOE
264 case NPPPD_TUNNEL_PPPOE:
265 TAILQ_INSERT_TAIL(&conf->pppoe_confs,
266 &curr_tunnconf->proto.pppoe, entry);
267 break;
268 #endif
269 default:
270 yyerror("%s is not enabled.",
271 npppd_tunnel_protocol_name(
272 curr_tunnconf->protocol));
273 tunnconf_fini(curr_tunnconf);
274 free(curr_tunnconf);
275 YYERROR;
276 }
277 curr_tunnconf = NULL;
278 }
279 ;
280
281
282 tunnopts :
283 | '{' optnl tunnopt_l '}'
284 ;
285
286 tunnopt_l : /* empty */
287 | tunnopt_l tunnopt nl
288 | tunnopt optnl
289 ;
290
291 tunnopt : LISTEN ON addressport {
292
293 switch (curr_tunnconf->protocol) {
294 case NPPPD_TUNNEL_L2TP:
295 {
296 struct l2tp_listen_addr *l_listen;
297
298 if ((l_listen = malloc(sizeof(
299 struct l2tp_listen_addr))) == NULL) {
300 yyerror("out of memory");
301 YYERROR;
302 }
303 l_listen->addr = $3;
304 TAILQ_INSERT_TAIL(&curr_tunnconf->proto
305 .l2tp.listen, l_listen, entry);
306 break;
307 }
308 case NPPPD_TUNNEL_PPTP:
309 if ($3.ss_family == AF_INET6) {
310 yyerror("listen on IPv6 address is not "
311 "supported by pptp tunnel");
312 YYERROR;
313 }
314 {
315 struct pptp_listen_addr *p_listen;
316
317 if ((p_listen = malloc(sizeof(
318 struct pptp_listen_addr))) == NULL) {
319 yyerror("out of memory");
320 YYERROR;
321 }
322 p_listen->addr = $3;
323 TAILQ_INSERT_TAIL(&curr_tunnconf->proto
324 .pptp.listen, p_listen, entry);
325 break;
326 }
327 default:
328 yyerror("listen on address is not supported "
329 "for specified protocol.\n");
330 YYERROR;
331 }
332 }
333 | LISTEN ON INTERFACE STRING {
334 switch (curr_tunnconf->protocol) {
335 case NPPPD_TUNNEL_PPPOE:
336 strlcpy(curr_tunnconf->proto.pppoe.if_name, $4,
337 sizeof(curr_tunnconf->proto.pppoe.if_name));
338 free($4);
339 break;
340 default:
341 free($4);
342 yyerror("listen on interface is not supported "
343 "for specified protocol.\n");
344 YYERROR;
345 }
346 }
347 | LCP_TIMEOUT NUMBER {
348 curr_tunnconf->lcp_timeout = $2;
349 }
350 | LCP_MAX_CONFIGURE NUMBER {
351 curr_tunnconf->lcp_max_configure = $2;
352 }
353 | LCP_MAX_TERMINATE NUMBER {
354 curr_tunnconf->lcp_max_terminate = $2;
355 }
356 | LCP_MAX_NAK_LOOP NUMBER {
357 curr_tunnconf->lcp_max_nak_loop = $2;
358 }
359 | MRU NUMBER {
360 curr_tunnconf->mru = $2;
361 }
362 | LCP_KEEPALIVE yesno {
363 curr_tunnconf->lcp_keepalive = $2;
364 }
365 | LCP_KEEPALIVE_INTERVAL NUMBER {
366 curr_tunnconf->lcp_keepalive_interval = $2;
367 }
368 | LCP_KEEPALIVE_RETRY_INTERVAL NUMBER {
369 curr_tunnconf->lcp_keepalive_retry_interval = $2;
370 }
371 | LCP_KEEPALIVE_MAX_RETRIES NUMBER {
372 curr_tunnconf->lcp_keepalive_max_retries = $2;
373 }
374 | AUTHENTICATION_METHOD authmethod_l {
375 curr_tunnconf->auth_methods = $2;
376 }
377 | CHAP_NAME STRING {
378 curr_tunnconf->chap_name = $2;
379 }
380 | IPCP_TIMEOUT NUMBER {
381 curr_tunnconf->ipcp_timeout = $2;
382 }
383 | IPCP_MAX_CONFIGURE NUMBER {
384 curr_tunnconf->ipcp_max_configure = $2;
385 }
386 | IPCP_MAX_TERMINATE NUMBER {
387 curr_tunnconf->ipcp_max_terminate = $2;
388 }
389 | IPCP_MAX_NAK_LOOP NUMBER {
390 curr_tunnconf->ipcp_max_nak_loop = $2;
391 }
392 | CCP_TIMEOUT NUMBER {
393 curr_tunnconf->ccp_timeout = $2;
394 }
395 | CCP_MAX_CONFIGURE NUMBER {
396 curr_tunnconf->ccp_max_configure = $2;
397 }
398 | CCP_MAX_TERMINATE NUMBER {
399 curr_tunnconf->ccp_max_terminate = $2;
400 }
401 | CCP_MAX_NAK_LOOP NUMBER {
402 curr_tunnconf->ccp_max_nak_loop = $2;
403 }
404 | L2TP_HOSTNAME STRING {
405 curr_tunnconf->proto.l2tp.hostname = $2;
406 }
407 | L2TP_VENDOR_NAME STRING {
408 curr_tunnconf->proto.l2tp.vendor_name = $2;
409 }
410 | L2TP_HELLO_INTERVAL NUMBER {
411 curr_tunnconf->proto.l2tp.hello_interval = $2;
412 }
413 | L2TP_HELLO_TIMEOUT NUMBER {
414 curr_tunnconf->proto.l2tp.hello_timeout = $2;
415 }
416 | L2TP_ACCEPT_DIALIN yesno {
417 curr_tunnconf->proto.l2tp.accept_dialin = $2;
418 }
419 | L2TP_DATA_USE_SEQ yesno {
420 curr_tunnconf->proto.l2tp.data_use_seq = $2;
421 }
422 | L2TP_REQUIRE_IPSEC yesno {
423 curr_tunnconf->proto.l2tp.require_ipsec = $2;
424 }
425 | L2TP_LCP_RENEGOTIATION yesno {
426 curr_tunnconf->proto.l2tp.lcp_renegotiation = $2;
427 }
428 | L2TP_FORCE_LCP_RENEGOTIATION yesno {
429 curr_tunnconf->proto.l2tp.force_lcp_renegotiation = $2;
430 }
431 | L2TP_CTRL_IN_PKTDUMP yesno {
432 curr_tunnconf->proto.l2tp.ctrl_in_pktdump = $2;
433 }
434 | L2TP_CTRL_OUT_PKTDUMP yesno {
435 curr_tunnconf->proto.l2tp.ctrl_out_pktdump = $2;
436 }
437 | L2TP_DATA_IN_PKTDUMP yesno {
438 curr_tunnconf->proto.l2tp.data_in_pktdump = $2;
439 }
440 | L2TP_DATA_OUT_PKTDUMP yesno {
441 curr_tunnconf->proto.l2tp.data_out_pktdump = $2;
442 }
443 | PPTP_HOSTNAME STRING {
444 curr_tunnconf->proto.pptp.hostname = $2;
445 }
446 | PPTP_VENDOR_NAME STRING {
447 curr_tunnconf->proto.pptp.vendor_name = $2;
448 }
449 | PPTP_ECHO_INTERVAL NUMBER {
450 curr_tunnconf->proto.pptp.echo_interval = $2;
451 }
452 | PPTP_ECHO_TIMEOUT NUMBER {
453 curr_tunnconf->proto.pptp.echo_timeout = $2;
454 }
455 | PPTP_CTRL_IN_PKTDUMP yesno {
456 curr_tunnconf->proto.pptp.ctrl_in_pktdump = $2;
457 }
458 | PPTP_CTRL_OUT_PKTDUMP yesno {
459 curr_tunnconf->proto.pptp.ctrl_out_pktdump = $2;
460 }
461 | PPTP_DATA_IN_PKTDUMP yesno {
462 curr_tunnconf->proto.pptp.data_in_pktdump = $2;
463 }
464 | PPTP_DATA_OUT_PKTDUMP yesno {
465 curr_tunnconf->proto.pptp.data_out_pktdump = $2;
466 }
467 | PPPOE_SERVICE_NAME STRING {
468 curr_tunnconf->proto.pppoe.service_name = $2;
469 }
470 | PPPOE_ACCEPT_ANY_SERVICE yesno {
471 curr_tunnconf->proto.pppoe.accept_any_service = $2;
472 }
473 | PPPOE_AC_NAME STRING {
474 curr_tunnconf->proto.pppoe.ac_name = $2;
475 }
476 | PPPOE_DESC_IN_PKTDUMP yesno {
477 curr_tunnconf->proto.pppoe.desc_in_pktdump = $2;
478 }
479 | PPPOE_DESC_OUT_PKTDUMP yesno {
480 curr_tunnconf->proto.pppoe.desc_out_pktdump = $2;
481 }
482 | PPPOE_SESSION_IN_PKTDUMP yesno {
483 curr_tunnconf->proto.pppoe.session_in_pktdump = $2;
484 }
485 | PPPOE_SESSION_OUT_PKTDUMP yesno {
486 curr_tunnconf->proto.pppoe.session_out_pktdump = $2;
487 }
488 | MPPE mppeyesno {
489 curr_tunnconf->mppe_yesno = $2;
490 }
491 | MPPE_KEY_LENGTH mppekeylen_l {
492 curr_tunnconf->mppe_keylen = $2;
493 }
494 | MPPE_KEY_STATE mppekeystate_l {
495 curr_tunnconf->mppe_keystate = $2;
496 }
497 | TCP_MSS_ADJUST yesno {
498 curr_tunnconf->tcp_mss_adjust = $2;
499 }
500 | IDLE_TIMEOUT NUMBER {
501 curr_tunnconf->idle_timeout = $2;
502 }
503 | INGRESS_FILTER yesno {
504 curr_tunnconf->ingress_filter = $2;
505 }
506 | CALLNUM_CHECK yesno {
507 curr_tunnconf->callnum_check = $2;
508 }
509 | PIPEX yesno {
510 curr_tunnconf->pipex = $2;
511 }
512 | DEBUG_DUMP_PKTIN protobit_l {
513 curr_tunnconf->debug_dump_pktin = $2;
514 }
515 | DEBUG_DUMP_PKTOUT protobit_l {
516 curr_tunnconf->debug_dump_pktout = $2;
517 }
518 ;
519 radius : RADIUS NAS_ID STRING {
520 if (strlcpy(conf->nas_id, $3, sizeof(conf->nas_id))
521 >= sizeof(conf->nas_id)) {
522 yyerror("`radius nas-id' is too long. use "
523 "less than %u chars.",
524 (unsigned)sizeof(conf->nas_id) - 1);
525 free($3);
526 YYERROR;
527 }
528 free($3);
529 }
530 | RADIUS DAE CLIENT address SECRET STRING {
531 struct radclientconf *client;
532 int secretsiz;
533
534 secretsiz = strlen($6) + 1;
535 if ((client = calloc(1, offsetof(struct radclientconf,
536 secret[secretsiz]))) == NULL) {
537 yyerror("%s", strerror(errno));
538 free($6);
539 YYERROR;
540 }
541 strlcpy(client->secret, $6, secretsiz);
542
543 switch ($4.ss_family) {
544 case AF_INET:
545 memcpy(&client->addr, &$4,
546 sizeof(struct sockaddr_in));
547 break;
548 case AF_INET6:
549 memcpy(&client->addr, &$4,
550 sizeof(struct sockaddr_in6));
551 break;
552 default:
553 yyerror("address family %d not supported",
554 $4.ss_family);
555 free($6);
556 YYERROR;
557 break;
558 }
559 TAILQ_INSERT_TAIL(&conf->raddaeclientconfs, client,
560 entry);
561 free($6);
562 }
563 | RADIUS DAE LISTEN ON addressport {
564 struct radlistenconf *listen;
565
566 if (ntohs(((struct sockaddr_in *)&$5)->sin_port) == 0)
567 ((struct sockaddr_in *)&$5)->sin_port = htons(
568 RADIUS_DAE_DEFAULT_PORT);
569
570 if ((listen = calloc(1, sizeof(*listen))) == NULL) {
571 yyerror("%s", strerror(errno));
572 YYERROR;
573 }
574 switch ($5.ss_family) {
575 case AF_INET:
576 memcpy(&listen->addr, &$5,
577 sizeof(struct sockaddr_in));
578 break;
579 case AF_INET6:
580 memcpy(&listen->addr, &$5,
581 sizeof(struct sockaddr_in6));
582 break;
583 default:
584 yyerror("address family %d not supported",
585 $5.ss_family);
586 YYERROR;
587 break;
588 }
589 TAILQ_INSERT_TAIL(&conf->raddaelistenconfs, listen,
590 entry);
591 }
592 ;
593
594 tunnelproto : L2TP { $$ = NPPPD_TUNNEL_L2TP; }
595 | PPTP { $$ = NPPPD_TUNNEL_PPTP; }
596 | PPPOE { $$ = NPPPD_TUNNEL_PPPOE; }
597 ;
598
599 mppeyesno : YES { $$ = NPPPD_MPPE_ENABLED; }
600 | NO { $$ = NPPPD_MPPE_DISABLED; }
601 | REQUIRED { $$ = NPPPD_MPPE_REQUIRED; }
602 ;
603
604 address : STRING {
605 int retval;
606 struct addrinfo hint, *res;
607
608 memset(&hint, 0, sizeof(hint));
609 hint.ai_family = PF_UNSPEC;
610 hint.ai_socktype = SOCK_DGRAM; /* dummy */
611 hint.ai_flags = AI_NUMERICHOST;
612
613 if ((retval = getaddrinfo($1, NULL, &hint, &res))
614 != 0) {
615 yyerror("could not parse the address %s: %s",
616 $1, gai_strerror(retval));
617 free($1);
618 YYERROR;
619 }
620 free($1);
621
622 if (res->ai_family != AF_INET &&
623 res->ai_family != AF_INET6) {
624 yyerror("address family(%d) is not supported",
625 res->ai_family);
626 freeaddrinfo(res);
627 YYERROR;
628 }
629 memcpy(&($$), res->ai_addr, res->ai_addrlen);
630
631 freeaddrinfo(res);
632 }
633 ;
634
635 addressport : address optport {
636 $$ = $1;
637 ((struct sockaddr_in *)&($$))->sin_port = htons($2);
638 }
639 ;
640
641 in4_addr : STRING {
642 if (inet_pton(AF_INET, $1, &($$)) != 1) {
643 yyerror("could not parse the address %s", $1);
644 free($1);
645 YYERROR;
646 }
647 }
648 ;
649
650 authmethod_l : authmethod { $$ = $1; }
651 | authmethod_l authmethod { $$ |= $2; }
652 ;
653
654 authmethod : PAP { $$ = NPPPD_AUTH_METHODS_PAP; }
655 | CHAP { $$ = NPPPD_AUTH_METHODS_CHAP; }
656 | MSCHAPV2 {
657 $$ = NPPPD_AUTH_METHODS_MSCHAPV2;
658 }
659 ;
660
661 mppekeylen_l : mppekeylen { $$ = $1; }
662 | mppekeylen_l mppekeylen { $$ |= $2; }
663 ;
664
665 mppekeylen : NUMBER {
666 if ($1 == 40) $$ = NPPPD_MPPE_40BIT;
667 else if ($1 == 56) $$ = NPPPD_MPPE_56BIT;
668 else if ($1 == 128) $$ = NPPPD_MPPE_128BIT;
669 else {
670 yyerror("%"PRId64": unknown mppe key length",
671 $$);
672 YYERROR;
673 }
674 }
675 ;
676
677 mppekeystate_l : mppekeystate { $$ = $1; }
678 | mppekeystate_l mppekeystate { $$ |= $2; }
679 ;
680
681 mppekeystate : STATEFUL { $$ = NPPPD_MPPE_STATEFUL; }
682 | STATELESS { $$ = NPPPD_MPPE_STATELESS; }
683 ;
684
685 protobit_l : protobit { $$ = $1; }
686 | protobit_l protobit { $$ |= $2; }
687 ;
688
689 protobit : IP { $$ = NPPPD_PROTO_BIT_IP; }
690 | LCP { $$ = NPPPD_PROTO_BIT_LCP; }
691 | PAP { $$ = NPPPD_PROTO_BIT_PAP; }
692 | CHAP { $$ = NPPPD_PROTO_BIT_CHAP; }
693 | EAP { $$ = NPPPD_PROTO_BIT_EAP; }
694 | MPPE { $$ = NPPPD_PROTO_BIT_MPPE; }
695 | CCP { $$ = NPPPD_PROTO_BIT_CCP; }
696 | IPCP { $$ = NPPPD_PROTO_BIT_IPCP; }
697 ;
698
699 /*
700 * authentication { }
701 */
702 authentication : AUTHENTICATION STRING TYPE authtype {
703 struct authconf *n;
704
705 if (authconf_find($2) != NULL) {
706 yyerror("authentication name %s is already in "
707 "use.", $2);
708 free($2);
709 YYERROR;
710 }
711 if ((n = malloc(sizeof(struct authconf))) == NULL) {
712 yyerror("out of memory");
713 free($2);
714 YYERROR;
715 }
716 authconf_init(n);
717 strlcpy(n->name, $2, sizeof(n->name));
718 free($2);
719 n->auth_type = $4;
720 if ($4 == NPPPD_AUTH_TYPE_RADIUS) {
721 TAILQ_INIT(&n->data.radius.auth.servers);
722 TAILQ_INIT(&n->data.radius.acct.servers);
723 }
724 curr_authconf = n;
725 } '{' optnl authopt_l '}' {
726 TAILQ_INSERT_TAIL(&conf->authconfs, curr_authconf,
727 entry);
728 curr_authconf = NULL;
729 }
730 ;
731
732 authopt_l : /* empty */
733 | authopt_l authopt nl
734 | authopt optnl
735 ;
736
737 authopt : USERNAME_SUFFIX STRING {
738 curr_authconf->username_suffix = $2;
739 }
740 | EAP_CAPABLE yesno {
741 curr_authconf->eap_capable = $2;
742 }
743 | STRIP_NT_DOMAIN yesno {
744 curr_authconf->strip_nt_domain = $2;
745 }
746 | STRIP_ATMARK_REALM yesno {
747 curr_authconf->strip_atmark_realm = $2;
748 }
749 | USERS_FILE STRING {
750 strlcpy(curr_authconf->users_file_path, $2,
751 sizeof(curr_authconf->users_file_path));
752 free($2);
753 }
754 | USER_MAX_SESSION NUMBER {
755 curr_authconf->user_max_session = $2;
756 }
757 | AUTHENTICATION_SERVER {
758 if (curr_authconf->auth_type != NPPPD_AUTH_TYPE_RADIUS){
759 yyerror("`authentication-server' can not be "
760 "used for this type.");
761 YYERROR;
762 }
763 curr_radconf = &curr_authconf->data.radius.auth;
764 } '{' optnl radopt_l '}'
765 | ACCOUNTING_SERVER {
766 if (curr_authconf->auth_type != NPPPD_AUTH_TYPE_RADIUS){
767 yyerror("`accounting-server' can not be used "
768 "for this type.");
769 YYERROR;
770 }
771 curr_radconf = &curr_authconf->data.radius.acct;
772 } '{' optnl radopt_l '}'
773 ;
774
775 optport : /* empty */ { $$ = 0; }
776 | PORT NUMBER { $$ = $2; }
777 ;
778
779 authtype : LOCAL { $$ = NPPPD_AUTH_TYPE_LOCAL; }
780 | RADIUS { $$ = NPPPD_AUTH_TYPE_RADIUS; }
781 ;
782
783 radopt_l :
784 | radopt_l radopt nl
785 | radopt optnl
786 ;
787
788 radopt : ADDRESS address optport SECRET STRING {
789 int cnt;
790 struct radserver *n;
791
792 if (strlen($5) > MAX_RADIUS_SECRET - 1) {
793 yyerror("`secret' is too long. "
794 "use less than %d chars.",
795 MAX_RADIUS_SECRET - 1);
796 YYERROR;
797 }
798 cnt = 0;
799 TAILQ_FOREACH(n, &curr_radconf->servers, entry) {
800 cnt++;
801 }
802 if (cnt >= MAX_RADIUS_SERVERS) {
803 yyerror("too many radius servers. use less "
804 "than or equal to %d servers.",
805 MAX_RADIUS_SERVERS);
806 YYERROR;
807 }
808 if ((n = malloc(sizeof(struct radserver))) == NULL) {
809 yyerror("out of memory");
810 YYERROR;
811 }
812 n->address = $2;
813 ((struct sockaddr_in *)&n->address)->sin_port =
814 htons($3);
815 n->secret = $5;
816 TAILQ_INSERT_TAIL(&curr_radconf->servers, n, entry);
817 }
818 | X_TIMEOUT NUMBER {
819 curr_radconf->timeout = $2;
820 }
821 | MAX_TRIES NUMBER {
822 curr_radconf->max_tries = $2;
823 }
824 | MAX_FAILOVERS NUMBER {
825 curr_radconf->max_failovers = $2;
826 }
827 ;
828 /*
829 * ipcp { }
830 */
831 ipcp : IPCP STRING {
832 int cnt;
833 struct ipcpconf *n;
834
835 cnt = 0;
836 /*
837 TAILQ_FOREACH(n, &conf->ipcpconfs, entry) {
838 cnt++;
839 }
840 if (cnt >= NPPPD_MAX_POOL) {
841 yyerror("too many `ipcp' settings. it must be "
842 "less than or euals to %d.",
843 NPPPD_MAX_POOL);
844 YYERROR;
845 }
846 */
847
848 if (ipcpconf_find($2) != NULL) {
849 yyerror("ipcp name %s is already in use.", $2);
850 free($2);
851 YYERROR;
852 }
853 if ((n = malloc(sizeof(struct ipcpconf))) == NULL) {
854 yyerror("out of memory");
855 free($2);
856 YYERROR;
857 }
858 ipcpconf_init(n);
859 strlcpy(n->name, $2, sizeof(n->name));
860 free($2);
861 curr_ipcpconf = n;
862 } '{' optnl ipcpopt_l '}' {
863 TAILQ_INSERT_TAIL(&conf->ipcpconfs, curr_ipcpconf,
864 entry);
865 curr_ipcpconf = NULL;
866 }
867 ;
868
869 ipcpopt_l : /* empty */
870 | ipcpopt_l ipcpopt nl
871 | ipcpopt optnl
872 ;
873
874 ipcpopt : POOL_ADDRESS STRING ipcppooltype {
875 if ($3 != 1) {
876 if (in_addr_range_list_add(
877 &curr_ipcpconf->dynamic_pool, $2) != 0) {
878 yyerror("out of memory");
879 free($2);
880 YYERROR;
881 }
882 }
883 if (in_addr_range_list_add(
884 &curr_ipcpconf->static_pool, $2) != 0) {
885 yyerror("out of memory");
886 free($2);
887 YYERROR;
888 }
889 free($2);
890 }
891 | DNS_SERVERS RESOLVER {
892 curr_ipcpconf->dns_use_resolver = true;
893 curr_ipcpconf->dns_servers[0].s_addr = 0;
894 curr_ipcpconf->dns_servers[1].s_addr = 0;
895 }
896 | DNS_SERVERS in4_addr in4_addr {
897 curr_ipcpconf->dns_use_resolver = false;
898 curr_ipcpconf->dns_configured = true;
899 curr_ipcpconf->dns_servers[0] = $2;
900 curr_ipcpconf->dns_servers[1] = $3;
901 }
902 | DNS_SERVERS in4_addr {
903 curr_ipcpconf->dns_use_resolver = false;
904 curr_ipcpconf->dns_configured = true;
905 curr_ipcpconf->dns_servers[0] = $2;
906 curr_ipcpconf->dns_servers[1].s_addr = 0;
907 }
908 | NBNS_SERVERS in4_addr in4_addr {
909 curr_ipcpconf->nbns_configured = true;
910 curr_ipcpconf->nbns_servers[0] = $2;
911 curr_ipcpconf->nbns_servers[1] = $3;
912 }
913 | NBNS_SERVERS in4_addr {
914 curr_ipcpconf->nbns_configured = true;
915 curr_ipcpconf->nbns_servers[0] = $2;
916 curr_ipcpconf->nbns_servers[1].s_addr = 0;
917 }
918 | ALLOW_USER_SELECTED_ADDRESS yesno {
919 curr_ipcpconf->allow_user_select = $2;
920 }
921 | MAX_SESSION NUMBER {
922 curr_ipcpconf->max_session = $2;
923 }
924 ;
925
926 ipcppooltype : /* empty */ { $$ = 0; }
927 | FOR DYNAMIC { $$ = 0; }
928 | FOR STATIC { $$ = 1; }
929 ;
930
931
932 /*
933 * interface
934 */
935 interface : INTERFACE STRING ADDRESS in4_addr IPCP STRING {
936 int cnt;
937 struct iface *n;
938 struct ipcpconf *ipcp;
939
940 cnt = 0;
941 TAILQ_FOREACH(n, &conf->ifaces, entry) {
942 cnt++;
943 }
944 if (cnt >= NPPPD_MAX_IFACE) {
945 yyerror("too many interfaces. use less than "
946 "or equal to %d", NPPPD_MAX_IFACE);
947 YYERROR;
948 }
949
950 if ((ipcp = ipcpconf_find($6)) == NULL) {
951 yyerror("ipcp %s is not found", $6);
952 free($2);
953 YYERROR;
954 }
955 if (iface_find($2) != NULL) {
956 yyerror("interface %s is already in used.", $2);
957 free($2);
958 YYERROR;
959 }
960
961 if ((n = calloc(1, sizeof(struct iface))) == NULL) {
962 yyerror("out of memory");
963 free($2);
964 YYERROR;
965 }
966 strlcpy(n->name, $2, sizeof(n->name));
967 free($2);
968 n->ip4addr = $4;
969 if (strncmp(n->name, "pppx", 4) == 0)
970 n->is_pppx = true;
971
972 n->ipcpconf = ipcp;
973 TAILQ_INSERT_TAIL(&conf->ifaces, n, entry);
974 }
975 ;
976
977 /*
978 * bind
979 */
980 bind : BIND TUNNEL FROM STRING AUTHENTICATED BY STRING TO STRING {
981 struct authconf *auth;
982 struct tunnconf *tunn;
983 struct iface *iface;
984 struct confbind *n;
985
986 if ((tunn = tunnconf_find($4)) == NULL) {
987 yyerror("tunnel %s is not found", $4);
988 free($4);
989 free($7);
990 free($9);
991 YYERROR;
992 }
993 if ((auth = authconf_find($7)) == NULL) {
994 yyerror("authentication %s is not found", $7);
995 free($4);
996 free($7);
997 free($9);
998 YYERROR;
999 }
1000 if ((iface = iface_find($9)) == NULL) {
1001 yyerror("interface %s is not found", $9);
1002 free($4);
1003 free($7);
1004 free($9);
1005 YYERROR;
1006 }
1007 if (tunn->pipex == 0 && iface->is_pppx) {
1008 yyerror("pipex should be enabled for"
1009 " interface %s", $9);
1010 free($4);
1011 free($7);
1012 free($9);
1013 YYERROR;
1014 }
1015 if ((n = malloc(sizeof(struct confbind))) == NULL) {
1016 yyerror("out of memory");
1017 free($4);
1018 free($7);
1019 free($9);
1020 YYERROR;
1021 }
1022 n->tunnconf = tunn;
1023 n->authconf = auth;
1024 n->iface = iface;
1025 TAILQ_INSERT_TAIL(&conf->confbinds, n, entry);
1026 }
1027 ;
1028
1029 yesno : YES { $$ = true; }
1030 | NO { $$ = false; }
1031 ;
1032
1033 optnl : '\n' optnl
1034 |
1035 ;
1036
1037 nl : '\n' optnl
1038 ;
1039
1040 %%
1041
1042 struct keywords {
1043 const char *k_name;
1044 int k_val;
1045 };
1046
1047 int
yyerror(const char * fmt,...)1048 yyerror(const char *fmt, ...)
1049 {
1050 va_list ap;
1051 char *msg;
1052
1053 file->errors++;
1054 va_start(ap, fmt);
1055 if (vasprintf(&msg, fmt, ap) == -1)
1056 fatalx("yyerror vasprintf");
1057 va_end(ap);
1058 logit(LOG_CRIT, "%s:%d: %s", file->name, yylval.lineno, msg);
1059 free(msg);
1060 return (0);
1061 }
1062
1063 int
kw_cmp(const void * k,const void * e)1064 kw_cmp(const void *k, const void *e)
1065 {
1066 return (strcmp(k, ((const struct keywords *)e)->k_name));
1067 }
1068
1069 int
lookup(char * s)1070 lookup(char *s)
1071 {
1072 /* this has to be sorted always */
1073 static const struct keywords keywords[] = {
1074 { "accounting-server", ACCOUNTING_SERVER},
1075 { "address", ADDRESS},
1076 { "allow-user-selected-address", ALLOW_USER_SELECTED_ADDRESS},
1077 { "authenticated", AUTHENTICATED},
1078 { "authentication", AUTHENTICATION},
1079 { "authentication-method", AUTHENTICATION_METHOD},
1080 { "authentication-server", AUTHENTICATION_SERVER},
1081 { "bind", BIND},
1082 { "by", BY},
1083 { "callnum-check", CALLNUM_CHECK},
1084 { "ccp", CCP},
1085 { "ccp-max-configure", CCP_MAX_CONFIGURE},
1086 { "ccp-max-nak-loop", CCP_MAX_NAK_LOOP},
1087 { "ccp-max-terminate", CCP_MAX_TERMINATE},
1088 { "ccp-timeout", CCP_TIMEOUT},
1089 { "chap", CHAP},
1090 { "chap-name", CHAP_NAME},
1091 { "client", CLIENT},
1092 { "dae", DAE},
1093 { "debug-dump-pktin", DEBUG_DUMP_PKTIN},
1094 { "debug-dump-pktout", DEBUG_DUMP_PKTOUT},
1095 { "dns-servers", DNS_SERVERS},
1096 { "dynamic", DYNAMIC},
1097 { "eap", EAP},
1098 { "eap-capable", EAP_CAPABLE},
1099 { "for", FOR},
1100 { "from", FROM},
1101 { "idle-timeout", IDLE_TIMEOUT},
1102 { "ingress-filter", INGRESS_FILTER},
1103 { "interface", INTERFACE},
1104 { "ip", IP},
1105 { "ipcp", IPCP},
1106 { "ipcp-max-configure", IPCP_MAX_CONFIGURE},
1107 { "ipcp-max-nak-loop", IPCP_MAX_NAK_LOOP},
1108 { "ipcp-max-terminate", IPCP_MAX_TERMINATE},
1109 { "ipcp-timeout", IPCP_TIMEOUT},
1110 { "l2tp", L2TP},
1111 { "l2tp-accept-dialin", L2TP_ACCEPT_DIALIN},
1112 { "l2tp-ctrl-in-pktdump", L2TP_CTRL_IN_PKTDUMP},
1113 { "l2tp-ctrl-out-pktdump", L2TP_CTRL_OUT_PKTDUMP},
1114 { "l2tp-data-in-pktdump", L2TP_DATA_IN_PKTDUMP},
1115 { "l2tp-data-out-pktdump", L2TP_DATA_OUT_PKTDUMP},
1116 { "l2tp-data-use-seq", L2TP_DATA_USE_SEQ},
1117 { "l2tp-force-lcp-renegotiation", L2TP_FORCE_LCP_RENEGOTIATION},
1118 { "l2tp-hello-interval", L2TP_HELLO_INTERVAL},
1119 { "l2tp-hello-timeout", L2TP_HELLO_TIMEOUT},
1120 { "l2tp-hostname", L2TP_HOSTNAME},
1121 { "l2tp-lcp-renegotiation", L2TP_LCP_RENEGOTIATION},
1122 { "l2tp-require-ipsec", L2TP_REQUIRE_IPSEC},
1123 { "l2tp-vendor-name", L2TP_VENDOR_NAME},
1124 { "lcp", LCP},
1125 { "lcp-keepalive", LCP_KEEPALIVE},
1126 { "lcp-keepalive-interval", LCP_KEEPALIVE_INTERVAL},
1127 { "lcp-keepalive-max-retries", LCP_KEEPALIVE_MAX_RETRIES },
1128 { "lcp-keepalive-retry-interval", LCP_KEEPALIVE_RETRY_INTERVAL},
1129 { "lcp-max-configure", LCP_MAX_CONFIGURE},
1130 { "lcp-max-nak-loop", LCP_MAX_NAK_LOOP},
1131 { "lcp-max-terminate", LCP_MAX_TERMINATE},
1132 { "lcp-timeout", LCP_TIMEOUT},
1133 { "listen", LISTEN},
1134 { "local", LOCAL},
1135 { "max-failovers", MAX_FAILOVERS},
1136 { "max-session", MAX_SESSION},
1137 { "max-tries", MAX_TRIES},
1138 { "mppe", MPPE},
1139 { "mppe-key-length", MPPE_KEY_LENGTH},
1140 { "mppe-key-state", MPPE_KEY_STATE},
1141 { "mru", MRU},
1142 { "mschapv2", MSCHAPV2},
1143 { "nas-id", NAS_ID},
1144 { "nbns-servers", NBNS_SERVERS},
1145 { "no", NO},
1146 { "on", ON},
1147 { "pap", PAP},
1148 { "pipex", PIPEX},
1149 { "pool-address", POOL_ADDRESS},
1150 { "port", PORT},
1151 { "pppoe", PPPOE},
1152 { "pppoe-ac-name", PPPOE_AC_NAME},
1153 { "pppoe-accept-any-service", PPPOE_ACCEPT_ANY_SERVICE},
1154 { "pppoe-desc-in-pktdump", PPPOE_DESC_IN_PKTDUMP},
1155 { "pppoe-desc-out-pktdump", PPPOE_DESC_OUT_PKTDUMP},
1156 { "pppoe-service-name", PPPOE_SERVICE_NAME},
1157 { "pppoe-session-in-pktdump", PPPOE_SESSION_IN_PKTDUMP},
1158 { "pppoe-session-out-pktdump", PPPOE_SESSION_OUT_PKTDUMP},
1159 { "pptp", PPTP},
1160 { "pptp-ctrl-in-pktdump", PPTP_CTRL_IN_PKTDUMP},
1161 { "pptp-ctrl-out-pktdump", PPTP_CTRL_OUT_PKTDUMP},
1162 { "pptp-data-in-pktdump", PPTP_DATA_IN_PKTDUMP},
1163 { "pptp-data-out-pktdump", PPTP_DATA_OUT_PKTDUMP},
1164 { "pptp-echo-interval", PPTP_ECHO_INTERVAL},
1165 { "pptp-echo-timeout", PPTP_ECHO_TIMEOUT},
1166 { "pptp-hostname", PPTP_HOSTNAME},
1167 { "pptp-vendor-name", PPTP_VENDOR_NAME},
1168 { "protocol", PROTOCOL},
1169 { "radius", RADIUS},
1170 { "required", REQUIRED},
1171 { "resolver", RESOLVER},
1172 { "secret", SECRET},
1173 { "set", SET},
1174 { "stateful", STATEFUL},
1175 { "stateless", STATELESS},
1176 { "static", STATIC},
1177 { "strip-atmark-realm", STRIP_ATMARK_REALM},
1178 { "strip-nt-domain", STRIP_NT_DOMAIN},
1179 { "tcp-mss-adjust", TCP_MSS_ADJUST},
1180 { "timeout", X_TIMEOUT},
1181 { "to", TO},
1182 { "tunnel", TUNNEL},
1183 { "type", TYPE},
1184 { "user-max-session", USER_MAX_SESSION},
1185 { "username-suffix", USERNAME_SUFFIX},
1186 { "users-file", USERS_FILE},
1187 { "yes", YES}
1188 };
1189 const struct keywords *p;
1190
1191 p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]),
1192 sizeof(keywords[0]), kw_cmp);
1193
1194 if (p)
1195 return (p->k_val);
1196 else
1197 return (STRING);
1198 }
1199
1200 #define MAXPUSHBACK 128
1201
1202 char *parsebuf;
1203 int parseindex;
1204 char pushback_buffer[MAXPUSHBACK];
1205 int pushback_index = 0;
1206
1207 int
lgetc(int quotec)1208 lgetc(int quotec)
1209 {
1210 int c, next;
1211
1212 if (parsebuf) {
1213 /* Read character from the parsebuffer instead of input. */
1214 if (parseindex >= 0) {
1215 c = (unsigned char)parsebuf[parseindex++];
1216 if (c != '\0')
1217 return (c);
1218 parsebuf = NULL;
1219 } else
1220 parseindex++;
1221 }
1222
1223 if (pushback_index)
1224 return ((unsigned char)pushback_buffer[--pushback_index]);
1225
1226 if (quotec) {
1227 if ((c = getc(file->stream)) == EOF) {
1228 yyerror("reached end of file while parsing "
1229 "quoted string");
1230 if (file == topfile || popfile() == EOF)
1231 return (EOF);
1232 return (quotec);
1233 }
1234 return (c);
1235 }
1236
1237 while ((c = getc(file->stream)) == '\\') {
1238 next = getc(file->stream);
1239 if (next != '\n') {
1240 c = next;
1241 break;
1242 }
1243 yylval.lineno = file->lineno;
1244 file->lineno++;
1245 }
1246
1247 while (c == EOF) {
1248 if (file == topfile || popfile() == EOF)
1249 return (EOF);
1250 c = getc(file->stream);
1251 }
1252 return (c);
1253 }
1254
1255 int
lungetc(int c)1256 lungetc(int c)
1257 {
1258 if (c == EOF)
1259 return (EOF);
1260 if (parsebuf) {
1261 parseindex--;
1262 if (parseindex >= 0)
1263 return (c);
1264 }
1265 if (pushback_index + 1 >= MAXPUSHBACK)
1266 return (EOF);
1267 pushback_buffer[pushback_index++] = c;
1268 return (c);
1269 }
1270
1271 int
findeol(void)1272 findeol(void)
1273 {
1274 int c;
1275
1276 parsebuf = NULL;
1277
1278 /* skip to either EOF or the first real EOL */
1279 while (1) {
1280 if (pushback_index)
1281 c = (unsigned char)pushback_buffer[--pushback_index];
1282 else
1283 c = lgetc(0);
1284 if (c == '\n') {
1285 file->lineno++;
1286 break;
1287 }
1288 if (c == EOF)
1289 break;
1290 }
1291 return (ERROR);
1292 }
1293
1294 int
yylex(void)1295 yylex(void)
1296 {
1297 char buf[8096];
1298 char *p;
1299 int quotec, next, c;
1300 int token;
1301
1302 p = buf;
1303 while ((c = lgetc(0)) == ' ' || c == '\t')
1304 ; /* nothing */
1305
1306 yylval.lineno = file->lineno;
1307 if (c == '#')
1308 while ((c = lgetc(0)) != '\n' && c != EOF)
1309 ; /* nothing */
1310
1311 switch (c) {
1312 case '\'':
1313 case '"':
1314 quotec = c;
1315 while (1) {
1316 if ((c = lgetc(quotec)) == EOF)
1317 return (0);
1318 if (c == '\n') {
1319 file->lineno++;
1320 continue;
1321 } else if (c == '\\') {
1322 if ((next = lgetc(quotec)) == EOF)
1323 return (0);
1324 if (next == quotec || next == ' ' ||
1325 next == '\t')
1326 c = next;
1327 else if (next == '\n') {
1328 file->lineno++;
1329 continue;
1330 } else
1331 lungetc(next);
1332 } else if (c == quotec) {
1333 *p = '\0';
1334 break;
1335 } else if (c == '\0') {
1336 yyerror("syntax error");
1337 return (findeol());
1338 }
1339 if (p + 1 >= buf + sizeof(buf) - 1) {
1340 yyerror("string too long");
1341 return (findeol());
1342 }
1343 *p++ = c;
1344 }
1345 yylval.v.string = strdup(buf);
1346 if (yylval.v.string == NULL)
1347 fatal("yylex: strdup");
1348 return (STRING);
1349 }
1350
1351 #define allowed_to_end_number(x) \
1352 (isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' || x == '=')
1353
1354 if (c == '-' || isdigit(c)) {
1355 do {
1356 *p++ = c;
1357 if ((size_t)(p-buf) >= sizeof(buf)) {
1358 yyerror("string too long");
1359 return (findeol());
1360 }
1361 } while ((c = lgetc(0)) != EOF && isdigit(c));
1362 lungetc(c);
1363 if (p == buf + 1 && buf[0] == '-')
1364 goto nodigits;
1365 if (c == EOF || allowed_to_end_number(c)) {
1366 const char *errstr = NULL;
1367
1368 *p = '\0';
1369 yylval.v.number = strtonum(buf, LLONG_MIN,
1370 LLONG_MAX, &errstr);
1371 if (errstr) {
1372 yyerror("\"%s\" invalid number: %s",
1373 buf, errstr);
1374 return (findeol());
1375 }
1376 return (NUMBER);
1377 } else {
1378 nodigits:
1379 while (p > buf + 1)
1380 lungetc((unsigned char)*--p);
1381 c = (unsigned char)*--p;
1382 if (c == '-')
1383 return (c);
1384 }
1385 }
1386
1387 #define allowed_in_string(x) \
1388 (isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \
1389 x != '{' && x != '}' && x != '<' && x != '>' && \
1390 x != '!' && x != '=' && x != '/' && x != '#' && \
1391 x != ','))
1392
1393 if (isalnum(c) || c == ':' || c == '_' || c == '*') {
1394 do {
1395 *p++ = c;
1396 if ((size_t)(p-buf) >= sizeof(buf)) {
1397 yyerror("string too long");
1398 return (findeol());
1399 }
1400 } while ((c = lgetc(0)) != EOF && (allowed_in_string(c)));
1401 lungetc(c);
1402 *p = '\0';
1403 if ((token = lookup(buf)) == STRING)
1404 if ((yylval.v.string = strdup(buf)) == NULL)
1405 fatal("yylex: strdup");
1406 return (token);
1407 }
1408 if (c == '\n') {
1409 yylval.lineno = file->lineno;
1410 file->lineno++;
1411 }
1412 if (c == EOF)
1413 return (0);
1414 return (c);
1415 }
1416
1417 struct file *
pushfile(const char * name)1418 pushfile(const char *name)
1419 {
1420 struct file *nfile;
1421
1422 if ((nfile = calloc(1, sizeof(struct file))) == NULL) {
1423 log_warn("%s", __func__);
1424 return (NULL);
1425 }
1426 if ((nfile->name = strdup(name)) == NULL) {
1427 log_warn("%s", __func__);
1428 free(nfile);
1429 return (NULL);
1430 }
1431 #ifdef NO_PRIVSEP
1432 if ((nfile->stream = fopen(nfile->name, "r")) == NULL) {
1433 #else
1434 if ((nfile->stream = priv_fopen(nfile->name)) == NULL) {
1435 #endif
1436 log_warn("%s: %s", __func__, nfile->name);
1437 free(nfile->name);
1438 free(nfile);
1439 return (NULL);
1440 }
1441 nfile->lineno = 1;
1442 TAILQ_INSERT_TAIL(&files, nfile, entry);
1443 return (nfile);
1444 }
1445
1446 int
1447 popfile(void)
1448 {
1449 struct file *prev;
1450
1451 if ((prev = TAILQ_PREV(file, files, entry)) != NULL)
1452 prev->errors += file->errors;
1453
1454 TAILQ_REMOVE(&files, file, entry);
1455 fclose(file->stream);
1456 free(file->name);
1457 free(file);
1458 file = prev;
1459 return (file ? 0 : EOF);
1460 }
1461
1462 int
1463 npppd_conf_parse(struct npppd_conf *xconf, const char *filename)
1464 {
1465 int errors = 0;
1466
1467 conf = xconf;
1468
1469 if ((file = pushfile(filename)) == NULL) {
1470 return (-1);
1471 }
1472 topfile = file;
1473
1474 yyparse();
1475 errors = file->errors;
1476 popfile();
1477
1478 if (curr_tunnconf != NULL) {
1479 tunnconf_fini(curr_tunnconf);
1480 free(curr_tunnconf);
1481 }
1482 curr_tunnconf = NULL;
1483 if (curr_authconf != NULL) {
1484 authconf_fini(curr_authconf);
1485 free(curr_authconf);
1486 }
1487 curr_authconf = NULL;
1488 if (curr_ipcpconf != NULL) {
1489 ipcpconf_fini(curr_ipcpconf);
1490 free(curr_ipcpconf);
1491 }
1492 curr_ipcpconf = NULL;
1493
1494 if (errors)
1495 npppd_conf_fini(xconf);
1496
1497 return (errors ? -1 : 0);
1498 }
1499
1500 void
1501 npppd_conf_init(struct npppd_conf *xconf)
1502 {
1503 memset(xconf, 0, sizeof(struct npppd_conf));
1504 TAILQ_INIT(&xconf->tunnconfs);
1505 TAILQ_INIT(&xconf->authconfs);
1506 TAILQ_INIT(&xconf->ipcpconfs);
1507 TAILQ_INIT(&xconf->ifaces);
1508 TAILQ_INIT(&xconf->confbinds);
1509 TAILQ_INIT(&xconf->l2tp_confs);
1510 TAILQ_INIT(&xconf->pptp_confs);
1511 TAILQ_INIT(&xconf->pppoe_confs);
1512 TAILQ_INIT(&xconf->raddaeclientconfs);
1513 TAILQ_INIT(&xconf->raddaelistenconfs);
1514 strlcpy(xconf->nas_id, "npppd", sizeof(xconf->nas_id));
1515 }
1516
1517 void
1518 npppd_conf_fini(struct npppd_conf *xconf)
1519 {
1520 struct tunnconf *tunn, *tunn0;
1521 struct authconf *auth, *auth0;
1522 struct ipcpconf *ipcp, *ipcp0;
1523 struct iface *iface, *iface0;
1524 struct confbind *confbind, *confbind0;
1525 struct radclientconf *radc, *radct;
1526 struct radlistenconf *radl, *radlt;
1527
1528 TAILQ_FOREACH_SAFE(tunn, &xconf->tunnconfs, entry, tunn0) {
1529 tunnconf_fini(tunn);
1530 }
1531 TAILQ_FOREACH_SAFE(auth, &xconf->authconfs, entry, auth0) {
1532 authconf_fini(auth);
1533 }
1534 TAILQ_FOREACH_SAFE(ipcp, &xconf->ipcpconfs, entry, ipcp0) {
1535 ipcpconf_fini(ipcp);
1536 }
1537 TAILQ_FOREACH_SAFE(iface, &xconf->ifaces, entry, iface0) {
1538 free(iface);
1539 }
1540 TAILQ_FOREACH_SAFE(confbind, &xconf->confbinds, entry, confbind0) {
1541 free(confbind);
1542 }
1543 TAILQ_FOREACH_SAFE(radc, &xconf->raddaeclientconfs, entry, radct)
1544 free(radc);
1545 TAILQ_FOREACH_SAFE(radl, &xconf->raddaelistenconfs, entry, radlt)
1546 free(radl);
1547 TAILQ_INIT(&xconf->l2tp_confs);
1548 TAILQ_INIT(&xconf->pptp_confs);
1549 TAILQ_INIT(&xconf->pppoe_confs);
1550 }
1551
1552 void
1553 tunnconf_fini(struct tunnconf *tun)
1554 {
1555 if (tun->chap_name != NULL)
1556 free(tun->chap_name);
1557 tun->chap_name = NULL;
1558
1559 switch (tun->protocol) {
1560 case NPPPD_TUNNEL_L2TP:
1561 {
1562 struct l2tp_listen_addr *l_addr, *l_tmp;
1563
1564 if (tun->proto.l2tp.hostname != NULL)
1565 free(tun->proto.l2tp.hostname);
1566 tun->proto.l2tp.hostname = NULL;
1567 if (tun->proto.l2tp.vendor_name != NULL)
1568 free(tun->proto.l2tp.vendor_name);
1569 tun->proto.l2tp.vendor_name = NULL;
1570 TAILQ_FOREACH_SAFE(l_addr, &tun->proto.l2tp.listen, entry,
1571 l_tmp) {
1572 TAILQ_REMOVE(&tun->proto.l2tp.listen, l_addr, entry);
1573 free(l_addr);
1574 }
1575 break;
1576 }
1577 case NPPPD_TUNNEL_PPTP:
1578 {
1579 struct pptp_listen_addr *p_addr, *p_tmp;
1580
1581 if (tun->proto.pptp.hostname != NULL)
1582 free(tun->proto.pptp.hostname);
1583 tun->proto.pptp.hostname = NULL;
1584 if (tun->proto.pptp.vendor_name != NULL)
1585 free(tun->proto.pptp.vendor_name);
1586 tun->proto.pptp.vendor_name = NULL;
1587 TAILQ_FOREACH_SAFE(p_addr, &tun->proto.pptp.listen, entry,
1588 p_tmp) {
1589 TAILQ_REMOVE(&tun->proto.pptp.listen, p_addr, entry);
1590 free(p_addr);
1591 }
1592 break;
1593 }
1594 case NPPPD_TUNNEL_PPPOE:
1595 if (tun->proto.pppoe.service_name != NULL)
1596 free(tun->proto.pppoe.service_name);
1597 tun->proto.pppoe.service_name = NULL;
1598 if (tun->proto.pppoe.ac_name != NULL)
1599 free(tun->proto.pppoe.ac_name);
1600 tun->proto.pppoe.ac_name = NULL;
1601 break;
1602 }
1603 }
1604
1605 void
1606 tunnconf_init(struct tunnconf *tun, int protocol)
1607 {
1608 extern struct tunnconf tunnconf_default_l2tp, tunnconf_default_pptp;
1609 extern struct tunnconf tunnconf_default_pppoe;
1610
1611 switch (protocol) {
1612 case NPPPD_TUNNEL_L2TP:
1613 memcpy(tun, &tunnconf_default_l2tp, sizeof(struct tunnconf));
1614 TAILQ_INIT(&tun->proto.l2tp.listen);
1615 break;
1616 case NPPPD_TUNNEL_PPTP:
1617 memcpy(tun, &tunnconf_default_pptp, sizeof(struct tunnconf));
1618 TAILQ_INIT(&tun->proto.pptp.listen);
1619 break;
1620 case NPPPD_TUNNEL_PPPOE:
1621 memcpy(tun, &tunnconf_default_pppoe, sizeof(struct tunnconf));
1622 break;
1623 }
1624 }
1625
1626 struct tunnconf *
1627 tunnconf_find(const char *name)
1628 {
1629 struct tunnconf *tunn;
1630
1631 TAILQ_FOREACH(tunn, &conf->tunnconfs, entry) {
1632 if (strcmp(tunn->name, name) == 0)
1633 return tunn;
1634 }
1635
1636 return NULL;
1637 }
1638
1639 void
1640 authconf_init(struct authconf *auth)
1641 {
1642 memset(auth, 0, sizeof(struct authconf));
1643 auth->eap_capable = true;
1644 auth->strip_nt_domain = true;
1645 auth->strip_atmark_realm = false;
1646 }
1647
1648 void
1649 authconf_fini(struct authconf *auth)
1650 {
1651 if (auth->username_suffix != NULL)
1652 free(auth->username_suffix);
1653 auth->username_suffix = NULL;
1654
1655 switch (auth->auth_type) {
1656 case NPPPD_AUTH_TYPE_RADIUS:
1657 radconf_fini(&auth->data.radius.auth);
1658 radconf_fini(&auth->data.radius.acct);
1659 break;
1660 }
1661 }
1662
1663 void
1664 radconf_fini(struct radconf *radconf)
1665 {
1666 struct radserver *server, *server0;
1667
1668 TAILQ_FOREACH_SAFE(server, &radconf->servers, entry, server0) {
1669 if (server->secret != NULL)
1670 free(server->secret);
1671 server->secret = NULL;
1672 }
1673 }
1674
1675 struct authconf *
1676 authconf_find(const char *name)
1677 {
1678 struct authconf *auth;
1679
1680 TAILQ_FOREACH(auth, &conf->authconfs, entry) {
1681 if (strcmp(auth->name, name) == 0)
1682 return auth;
1683 }
1684
1685 return NULL;
1686 }
1687
1688 void
1689 ipcpconf_init(struct ipcpconf *ipcp)
1690 {
1691 memset(ipcp, 0, sizeof(struct ipcpconf));
1692 }
1693
1694 void
1695 ipcpconf_fini(struct ipcpconf *ipcp)
1696 {
1697 if (ipcp->dynamic_pool != NULL)
1698 in_addr_range_list_remove_all(&ipcp->dynamic_pool);
1699 if (ipcp->static_pool != NULL)
1700 in_addr_range_list_remove_all(&ipcp->static_pool);
1701 }
1702
1703 struct ipcpconf *
1704 ipcpconf_find(const char *name)
1705 {
1706 struct ipcpconf *ipcp;
1707
1708 TAILQ_FOREACH(ipcp, &conf->ipcpconfs, entry) {
1709 if (strcmp(ipcp->name, name) == 0)
1710 return ipcp;
1711 }
1712
1713 return NULL;
1714 }
1715
1716 struct iface *
1717 iface_find(const char *name)
1718 {
1719 struct iface *iface;
1720
1721 TAILQ_FOREACH(iface, &conf->ifaces, entry) {
1722 if (strcmp(iface->name, name) == 0)
1723 return iface;
1724 }
1725
1726 return NULL;
1727 }
1728
1729 void
1730 sa_set_in_addr_any(struct sockaddr *sa)
1731 {
1732 memset(sa, 0, sizeof(struct sockaddr_in));
1733
1734 sa->sa_family = AF_INET,
1735 sa->sa_len = sizeof(struct sockaddr_in);
1736 ((struct sockaddr_in *)sa)->sin_addr.s_addr = htonl(INADDR_ANY);
1737 }
1738