1 /* $OpenBSD: parse.y,v 1.27 2023/04/19 13:33:37 jsg Exp $ */
2
3 /*
4 * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
5 * Copyright (c) 2001 Markus Friedl. All rights reserved.
6 * Copyright (c) 2001 Daniel Hartmeier. All rights reserved.
7 * Copyright (c) 2001 Theo de Raadt. All rights reserved.
8 *
9 * Permission to use, copy, modify, and distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 */
21
22 %{
23 #include <sys/types.h>
24 #include <sys/socket.h>
25 #include <sys/queue.h>
26 #include <netinet/in.h>
27 #include <arpa/inet.h>
28 #include <net/if.h>
29
30 #include <ctype.h>
31 #include <errno.h>
32 #include <inttypes.h>
33 #include <limits.h>
34 #include <stdarg.h>
35 #include <stdio.h>
36 #include <stdlib.h>
37 #include <string.h>
38 #include <syslog.h>
39 #include <netdb.h>
40 #include <event.h>
41
42 #include <stdbool.h>
43 #include "npppd_auth.h"
44 #include "npppd.h"
45 #ifdef USE_NPPPD_RADIUS
46 #include "radius_req.h"
47 #endif
48 #include "privsep.h"
49 #include "log.h"
50
51 TAILQ_HEAD(files, file) files = TAILQ_HEAD_INITIALIZER(files);
52 static struct file {
53 TAILQ_ENTRY(file) entry;
54 FILE *stream;
55 char *name;
56 int lineno;
57 int errors;
58 } *file, *topfile;
59 struct file *pushfile(const char *);
60 int popfile(void);
61 int yyparse(void);
62 int yylex(void);
63 int yyerror(const char *, ...)
64 __attribute__((__format__ (printf, 1, 2)))
65 __attribute__((__nonnull__ (1)));
66 int kw_cmp(const void *, const void *);
67 int lookup(char *);
68 int lgetc(int);
69 int lungetc(int);
70 int findeol(void);
71
72 static void tunnconf_init (struct tunnconf *, int);
73 static void tunnconf_fini (struct tunnconf *);
74 static struct tunnconf *tunnconf_find (const char *);
75 static void authconf_init (struct authconf *);
76 static void authconf_fini (struct authconf *);
77 static void radconf_fini (struct radconf *);
78 static struct authconf *authconf_find (const char *);
79 static void ipcpconf_init (struct ipcpconf *);
80 static void ipcpconf_fini (struct ipcpconf *);
81 static struct ipcpconf *ipcpconf_find (const char *);
82 static struct iface *iface_find (const char *);
83 static void sa_set_in_addr_any(struct sockaddr *);
84
85 struct npppd_conf *conf;
86 struct ipcpconf *curr_ipcpconf;
87 struct tunnconf *curr_tunnconf;
88 struct authconf *curr_authconf;
89 struct radconf *curr_radconf;
90
91 typedef struct {
92 union {
93 int64_t number;
94 char *string;
95 struct sockaddr_storage address;
96 struct in_addr in4_addr;
97 bool yesno;
98 } v;
99 int lineno;
100 } YYSTYPE;
101
102 %}
103
104 %token SET MAX_SESSION USER_MAX_SESSION
105 %token TUNNEL LISTEN ON PROTOCOL
106 %token MRU
107 %token IP LCP PAP CHAP EAP MPPE CCP MSCHAPV2 STATEFUL STATELESS REQUIRED
108 %token YES NO
109 %token L2TP PPTP PPPOE L2TP_HOSTNAME L2TP_VENDOR_NAME L2TP_DATA_USE_SEQ
110 %token L2TP_REQUIRE_IPSEC L2TP_LCP_RENEGOTIATION L2TP_FORCE_LCP_RENEGOTIATION
111 %token L2TP_CTRL_IN_PKTDUMP L2TP_CTRL_OUT_PKTDUMP L2TP_DATA_IN_PKTDUMP
112 %token L2TP_DATA_OUT_PKTDUMP PPTP_HOSTNAME
113 %token PPTP_VENDOR_NAME PPTP_ECHO_INTERVAL PPTP_ECHO_TIMEOUT
114 %token PPTP_CTRL_IN_PKTDUMP PPTP_CTRL_OUT_PKTDUMP PPTP_DATA_IN_PKTDUMP
115 %token PPTP_DATA_OUT_PKTDUMP
116 %token PPPOE_SERVICE_NAME PPPOE_ACCEPT_ANY_SERVICE PPPOE_AC_NAME
117 %token PPPOE_DESC_IN_PKTDUMP PPPOE_DESC_OUT_PKTDUMP PPPOE_SESSION_IN_PKTDUMP
118 %token PPPOE_SESSION_OUT_PKTDUMP
119 %token LCP_TIMEOUT LCP_MAX_CONFIGURE LCP_MAX_TERMINATE LCP_MAX_NAK_LOOP
120 %token LCP_KEEPALIVE LCP_KEEPALIVE_INTERVAL LCP_KEEPALIVE_RETRY_INTERVAL
121 %token LCP_KEEPALIVE_MAX_RETRIES AUTHENTICATION_METHOD CHAP_NAME
122 %token IPCP_TIMEOUT IPCP_MAX_CONFIGURE IPCP_MAX_TERMINATE IPCP_MAX_NAK_LOOP
123 %token CCP_TIMEOUT CCP_MAX_CONFIGURE CCP_MAX_TERMINATE CCP_MAX_NAK_LOOP
124 %token L2TP_HELLO_INTERVAL L2TP_HELLO_TIMEOUT L2TP_ACCEPT_DIALIN
125 %token MPPE MPPE_KEY_LENGTH MPPE_KEY_STATE
126 %token IDLE_TIMEOUT TCP_MSS_ADJUST INGRESS_FILTER CALLNUM_CHECK
127 %token PIPEX DEBUG_DUMP_PKTIN DEBUG_DUMP_PKTOUT
128 %token AUTHENTICATION TYPE LOCAL USERNAME_SUFFIX USERNAME_PREFIX EAP_CAPABLE
129 %token STRIP_NT_DOMAIN STRIP_ATMARK_REALM USERS_FILE
130 %token RADIUS AUTHENTICATION_SERVER ACCOUNTING_SERVER PORT
131 %token X_TIMEOUT MAX_TRIES MAX_FAILOVERS SECRET
132 %token POOL_ADDRESS DNS_SERVERS NBNS_SERVERS FOR STATIC DYNAMIC
133 %token RESOLVER ALLOW_USER_SELECTED_ADDRESS
134 %token INTERFACE ADDRESS IPCP
135 %token BIND FROM AUTHENTICATED BY TO
136 %token ERROR
137 %token <v.string> STRING
138 %token <v.number> NUMBER
139 %type <v.yesno> yesno
140 %type <v.address> address
141 %type <v.address> addressport
142 %type <v.number> optport
143 %type <v.in4_addr> in4_addr
144 %type <v.number> tunnelproto
145 %type <v.number> mppeyesno
146 %type <v.number> mppekeylen
147 %type <v.number> mppekeylen_l
148 %type <v.number> mppekeystate
149 %type <v.number> mppekeystate_l
150 %type <v.number> protobit
151 %type <v.number> protobit_l
152 %type <v.number> authtype
153 %type <v.number> authmethod
154 %type <v.number> authmethod_l
155 %type <v.number> ipcppooltype
156
157 %%
158
159 grammar : /* empty */
160 | grammar '\n'
161 | grammar set '\n'
162 | grammar tunnel '\n'
163 | grammar authentication '\n'
164 | grammar ipcp '\n'
165 | grammar interface '\n'
166 | grammar bind '\n'
167 | grammar error '\n' { file->errors++; }
168 ;
169
170
171 set : SET MAX_SESSION NUMBER { conf->max_session = $3; }
172 | SET USER_MAX_SESSION NUMBER { conf->user_max_session = $3; }
173 ;
174
175 /*
176 * tunnel { }
177 */
178 tunnel : TUNNEL STRING PROTOCOL tunnelproto {
179 struct tunnconf *n;
180
181 if (tunnconf_find($2) != NULL) {
182 yyerror("tunnel name = %s is already in use.",
183 $2);
184 free($2);
185 YYERROR;
186 }
187
188 if ((n = malloc(sizeof(struct tunnconf))) == NULL) {
189 yyerror("out of memory");
190 free($2);
191 YYERROR;
192 }
193 tunnconf_init(n, $4);
194 switch ($4) {
195 case NPPPD_TUNNEL_L2TP:
196 strlcpy(n->proto.l2tp.name, $2,
197 sizeof(n->proto.l2tp.name));
198 n->name = n->proto.l2tp.name;
199 break;
200 case NPPPD_TUNNEL_PPTP:
201 strlcpy(n->proto.pptp.name, $2,
202 sizeof(n->proto.pptp.name));
203 n->name = n->proto.pptp.name;
204 break;
205 case NPPPD_TUNNEL_PPPOE:
206 strlcpy(n->proto.pppoe.name, $2,
207 sizeof(n->proto.pppoe.name));
208 n->name = n->proto.pppoe.name;
209 break;
210 }
211 free($2);
212 n->protocol = $4;
213 curr_tunnconf = n;
214 } tunnopts {
215 TAILQ_INSERT_TAIL(&conf->tunnconfs, curr_tunnconf,
216 entry);
217 switch (curr_tunnconf->protocol) {
218 #ifdef USE_NPPPD_L2TP
219 case NPPPD_TUNNEL_L2TP:
220 if (TAILQ_EMPTY(
221 &curr_tunnconf->proto.l2tp.listen)) {
222 struct l2tp_listen_addr *addr;
223
224 if ((addr = malloc(sizeof(struct
225 l2tp_listen_addr))) == NULL) {
226 free(curr_tunnconf);
227 yyerror("out of memory");
228 YYERROR;
229 }
230 sa_set_in_addr_any(
231 (struct sockaddr *)&addr->addr);
232 TAILQ_INSERT_TAIL(&curr_tunnconf->proto.
233 l2tp.listen, addr, entry);
234 }
235 TAILQ_INSERT_TAIL(&conf->l2tp_confs,
236 &curr_tunnconf->proto.l2tp, entry);
237 break;
238 #endif
239 #ifdef USE_NPPPD_PPTP
240 case NPPPD_TUNNEL_PPTP:
241 if (TAILQ_EMPTY(
242 &curr_tunnconf->proto.pptp.listen)) {
243 struct pptp_listen_addr *addr;
244
245 if ((addr = malloc(sizeof(struct
246 pptp_listen_addr))) == NULL) {
247 free(curr_tunnconf);
248 yyerror("out of memory");
249 YYERROR;
250 }
251 sa_set_in_addr_any(
252 (struct sockaddr *)&addr->addr);
253 TAILQ_INSERT_TAIL(&curr_tunnconf->proto.
254 pptp.listen, addr, entry);
255 }
256 TAILQ_INSERT_TAIL(&conf->pptp_confs,
257 &curr_tunnconf->proto.pptp, entry);
258 break;
259 #endif
260 #ifdef USE_NPPPD_PPPOE
261 case NPPPD_TUNNEL_PPPOE:
262 TAILQ_INSERT_TAIL(&conf->pppoe_confs,
263 &curr_tunnconf->proto.pppoe, entry);
264 break;
265 #endif
266 default:
267 yyerror("%s is not enabled.",
268 npppd_tunnel_protocol_name(
269 curr_tunnconf->protocol));
270 tunnconf_fini(curr_tunnconf);
271 free(curr_tunnconf);
272 YYERROR;
273 }
274 curr_tunnconf = NULL;
275 }
276 ;
277
278
279 tunnopts :
280 | '{' optnl tunnopt_l '}'
281 ;
282
283 tunnopt_l : /* empty */
284 | tunnopt_l tunnopt nl
285 | tunnopt optnl
286 ;
287
288 tunnopt : LISTEN ON addressport {
289
290 switch (curr_tunnconf->protocol) {
291 case NPPPD_TUNNEL_L2TP:
292 {
293 struct l2tp_listen_addr *l_listen;
294
295 if ((l_listen = malloc(sizeof(
296 struct l2tp_listen_addr))) == NULL) {
297 yyerror("out of memory");
298 YYERROR;
299 }
300 l_listen->addr = $3;
301 TAILQ_INSERT_TAIL(&curr_tunnconf->proto
302 .l2tp.listen, l_listen, entry);
303 break;
304 }
305 case NPPPD_TUNNEL_PPTP:
306 if ($3.ss_family == AF_INET6) {
307 yyerror("listen on IPv6 address is not "
308 "supported by pptp tunnel");
309 YYERROR;
310 }
311 {
312 struct pptp_listen_addr *p_listen;
313
314 if ((p_listen = malloc(sizeof(
315 struct pptp_listen_addr))) == NULL) {
316 yyerror("out of memory");
317 YYERROR;
318 }
319 p_listen->addr = $3;
320 TAILQ_INSERT_TAIL(&curr_tunnconf->proto
321 .pptp.listen, p_listen, entry);
322 break;
323 }
324 default:
325 yyerror("listen on address is not supported "
326 "for specified protocol.\n");
327 YYERROR;
328 }
329 }
330 | LISTEN ON INTERFACE STRING {
331 switch (curr_tunnconf->protocol) {
332 case NPPPD_TUNNEL_PPPOE:
333 strlcpy(curr_tunnconf->proto.pppoe.if_name, $4,
334 sizeof(curr_tunnconf->proto.pppoe.if_name));
335 free($4);
336 break;
337 default:
338 free($4);
339 yyerror("listen on interface is not supported "
340 "for specified protocol.\n");
341 YYERROR;
342 }
343 }
344 | LCP_TIMEOUT NUMBER {
345 curr_tunnconf->lcp_timeout = $2;
346 }
347 | LCP_MAX_CONFIGURE NUMBER {
348 curr_tunnconf->lcp_max_configure = $2;
349 }
350 | LCP_MAX_TERMINATE NUMBER {
351 curr_tunnconf->lcp_max_terminate = $2;
352 }
353 | LCP_MAX_NAK_LOOP NUMBER {
354 curr_tunnconf->lcp_max_nak_loop = $2;
355 }
356 | MRU NUMBER {
357 curr_tunnconf->mru = $2;
358 }
359 | LCP_KEEPALIVE yesno {
360 curr_tunnconf->lcp_keepalive = $2;
361 }
362 | LCP_KEEPALIVE_INTERVAL NUMBER {
363 curr_tunnconf->lcp_keepalive_interval = $2;
364 }
365 | LCP_KEEPALIVE_RETRY_INTERVAL NUMBER {
366 curr_tunnconf->lcp_keepalive_retry_interval = $2;
367 }
368 | LCP_KEEPALIVE_MAX_RETRIES NUMBER {
369 curr_tunnconf->lcp_keepalive_max_retries = $2;
370 }
371 | AUTHENTICATION_METHOD authmethod_l {
372 curr_tunnconf->auth_methods = $2;
373 }
374 | CHAP_NAME STRING {
375 curr_tunnconf->chap_name = $2;
376 }
377 | IPCP_TIMEOUT NUMBER {
378 curr_tunnconf->ipcp_timeout = $2;
379 }
380 | IPCP_MAX_CONFIGURE NUMBER {
381 curr_tunnconf->ipcp_max_configure = $2;
382 }
383 | IPCP_MAX_TERMINATE NUMBER {
384 curr_tunnconf->ipcp_max_terminate = $2;
385 }
386 | IPCP_MAX_NAK_LOOP NUMBER {
387 curr_tunnconf->ipcp_max_nak_loop = $2;
388 }
389 | CCP_TIMEOUT NUMBER {
390 curr_tunnconf->ccp_timeout = $2;
391 }
392 | CCP_MAX_CONFIGURE NUMBER {
393 curr_tunnconf->ccp_max_configure = $2;
394 }
395 | CCP_MAX_TERMINATE NUMBER {
396 curr_tunnconf->ccp_max_terminate = $2;
397 }
398 | CCP_MAX_NAK_LOOP NUMBER {
399 curr_tunnconf->ccp_max_nak_loop = $2;
400 }
401 | L2TP_HOSTNAME STRING {
402 curr_tunnconf->proto.l2tp.hostname = $2;
403 }
404 | L2TP_VENDOR_NAME STRING {
405 curr_tunnconf->proto.l2tp.vendor_name = $2;
406 }
407 | L2TP_HELLO_INTERVAL NUMBER {
408 curr_tunnconf->proto.l2tp.hello_interval = $2;
409 }
410 | L2TP_HELLO_TIMEOUT NUMBER {
411 curr_tunnconf->proto.l2tp.hello_timeout = $2;
412 }
413 | L2TP_ACCEPT_DIALIN yesno {
414 curr_tunnconf->proto.l2tp.accept_dialin = $2;
415 }
416 | L2TP_DATA_USE_SEQ yesno {
417 curr_tunnconf->proto.l2tp.data_use_seq = $2;
418 }
419 | L2TP_REQUIRE_IPSEC yesno {
420 curr_tunnconf->proto.l2tp.require_ipsec = $2;
421 }
422 | L2TP_LCP_RENEGOTIATION yesno {
423 curr_tunnconf->proto.l2tp.lcp_renegotiation = $2;
424 }
425 | L2TP_FORCE_LCP_RENEGOTIATION yesno {
426 curr_tunnconf->proto.l2tp.force_lcp_renegotiation = $2;
427 }
428 | L2TP_CTRL_IN_PKTDUMP yesno {
429 curr_tunnconf->proto.l2tp.ctrl_in_pktdump = $2;
430 }
431 | L2TP_CTRL_OUT_PKTDUMP yesno {
432 curr_tunnconf->proto.l2tp.ctrl_out_pktdump = $2;
433 }
434 | L2TP_DATA_IN_PKTDUMP yesno {
435 curr_tunnconf->proto.l2tp.data_in_pktdump = $2;
436 }
437 | L2TP_DATA_OUT_PKTDUMP yesno {
438 curr_tunnconf->proto.l2tp.data_out_pktdump = $2;
439 }
440 | PPTP_HOSTNAME STRING {
441 curr_tunnconf->proto.pptp.hostname = $2;
442 }
443 | PPTP_VENDOR_NAME STRING {
444 curr_tunnconf->proto.pptp.vendor_name = $2;
445 }
446 | PPTP_ECHO_INTERVAL NUMBER {
447 curr_tunnconf->proto.pptp.echo_interval = $2;
448 }
449 | PPTP_ECHO_TIMEOUT NUMBER {
450 curr_tunnconf->proto.pptp.echo_timeout = $2;
451 }
452 | PPTP_CTRL_IN_PKTDUMP yesno {
453 curr_tunnconf->proto.pptp.ctrl_in_pktdump = $2;
454 }
455 | PPTP_CTRL_OUT_PKTDUMP yesno {
456 curr_tunnconf->proto.pptp.ctrl_out_pktdump = $2;
457 }
458 | PPTP_DATA_IN_PKTDUMP yesno {
459 curr_tunnconf->proto.pptp.data_in_pktdump = $2;
460 }
461 | PPTP_DATA_OUT_PKTDUMP yesno {
462 curr_tunnconf->proto.pptp.data_out_pktdump = $2;
463 }
464 | PPPOE_SERVICE_NAME STRING {
465 curr_tunnconf->proto.pppoe.service_name = $2;
466 }
467 | PPPOE_ACCEPT_ANY_SERVICE yesno {
468 curr_tunnconf->proto.pppoe.accept_any_service = $2;
469 }
470 | PPPOE_AC_NAME STRING {
471 curr_tunnconf->proto.pppoe.ac_name = $2;
472 }
473 | PPPOE_DESC_IN_PKTDUMP yesno {
474 curr_tunnconf->proto.pppoe.desc_in_pktdump = $2;
475 }
476 | PPPOE_DESC_OUT_PKTDUMP yesno {
477 curr_tunnconf->proto.pppoe.desc_out_pktdump = $2;
478 }
479 | PPPOE_SESSION_IN_PKTDUMP yesno {
480 curr_tunnconf->proto.pppoe.session_in_pktdump = $2;
481 }
482 | PPPOE_SESSION_OUT_PKTDUMP yesno {
483 curr_tunnconf->proto.pppoe.session_out_pktdump = $2;
484 }
485 | MPPE mppeyesno {
486 curr_tunnconf->mppe_yesno = $2;
487 }
488 | MPPE_KEY_LENGTH mppekeylen_l {
489 curr_tunnconf->mppe_keylen = $2;
490 }
491 | MPPE_KEY_STATE mppekeystate_l {
492 curr_tunnconf->mppe_keystate = $2;
493 }
494 | TCP_MSS_ADJUST yesno {
495 curr_tunnconf->tcp_mss_adjust = $2;
496 }
497 | IDLE_TIMEOUT NUMBER {
498 curr_tunnconf->idle_timeout = $2;
499 }
500 | INGRESS_FILTER yesno {
501 curr_tunnconf->ingress_filter = $2;
502 }
503 | CALLNUM_CHECK yesno {
504 curr_tunnconf->callnum_check = $2;
505 }
506 | PIPEX yesno {
507 curr_tunnconf->pipex = $2;
508 }
509 | DEBUG_DUMP_PKTIN protobit_l {
510 curr_tunnconf->debug_dump_pktin = $2;
511 }
512 | DEBUG_DUMP_PKTOUT protobit_l {
513 curr_tunnconf->debug_dump_pktout = $2;
514 }
515 ;
516
517 tunnelproto : L2TP { $$ = NPPPD_TUNNEL_L2TP; }
518 | PPTP { $$ = NPPPD_TUNNEL_PPTP; }
519 | PPPOE { $$ = NPPPD_TUNNEL_PPPOE; }
520 ;
521
522 mppeyesno : YES { $$ = NPPPD_MPPE_ENABLED; }
523 | NO { $$ = NPPPD_MPPE_DISABLED; }
524 | REQUIRED { $$ = NPPPD_MPPE_REQUIRED; }
525 ;
526
527 address : STRING {
528 int retval;
529 struct addrinfo hint, *res;
530
531 memset(&hint, 0, sizeof(hint));
532 hint.ai_family = PF_UNSPEC;
533 hint.ai_socktype = SOCK_DGRAM; /* dummy */
534 hint.ai_flags = AI_NUMERICHOST;
535
536 if ((retval = getaddrinfo($1, NULL, &hint, &res))
537 != 0) {
538 yyerror("could not parse the address %s: %s",
539 $1, gai_strerror(retval));
540 free($1);
541 YYERROR;
542 }
543 free($1);
544
545 if (res->ai_family != AF_INET &&
546 res->ai_family != AF_INET6) {
547 yyerror("address family(%d) is not supported",
548 res->ai_family);
549 freeaddrinfo(res);
550 YYERROR;
551 }
552 memcpy(&($$), res->ai_addr, res->ai_addrlen);
553
554 freeaddrinfo(res);
555 }
556 ;
557
558 addressport : address optport {
559 $$ = $1;
560 ((struct sockaddr_in *)&($$))->sin_port = htons($2);
561 }
562 ;
563
564 in4_addr : STRING {
565 if (inet_aton($1, &($$)) != 1) {
566 yyerror("could not parse the address %s", $1);
567 free($1);
568 YYERROR;
569 }
570 }
571 ;
572
573 authmethod_l : authmethod { $$ = $1; }
574 | authmethod_l authmethod { $$ |= $2; }
575 ;
576
577 authmethod : PAP { $$ = NPPPD_AUTH_METHODS_PAP; }
578 | CHAP { $$ = NPPPD_AUTH_METHODS_CHAP; }
579 | MSCHAPV2 {
580 $$ = NPPPD_AUTH_METHODS_MSCHAPV2;
581 }
582 ;
583
584 mppekeylen_l : mppekeylen { $$ = $1; }
585 | mppekeylen_l mppekeylen { $$ |= $2; }
586 ;
587
588 mppekeylen : NUMBER {
589 if ($1 == 40) $$ = NPPPD_MPPE_40BIT;
590 else if ($1 == 56) $$ = NPPPD_MPPE_56BIT;
591 else if ($1 == 128) $$ = NPPPD_MPPE_128BIT;
592 else {
593 yyerror("%"PRId64": unknown mppe key length",
594 $$);
595 YYERROR;
596 }
597 }
598 ;
599
600 mppekeystate_l : mppekeystate { $$ = $1; }
601 | mppekeystate_l mppekeystate { $$ |= $2; }
602 ;
603
604 mppekeystate : STATEFUL { $$ = NPPPD_MPPE_STATEFUL; }
605 | STATELESS { $$ = NPPPD_MPPE_STATELESS; }
606 ;
607
608 protobit_l : protobit { $$ = $1; }
609 | protobit_l protobit { $$ |= $2; }
610 ;
611
612 protobit : IP { $$ = NPPPD_PROTO_BIT_IP; }
613 | LCP { $$ = NPPPD_PROTO_BIT_LCP; }
614 | PAP { $$ = NPPPD_PROTO_BIT_PAP; }
615 | CHAP { $$ = NPPPD_PROTO_BIT_CHAP; }
616 | EAP { $$ = NPPPD_PROTO_BIT_EAP; }
617 | MPPE { $$ = NPPPD_PROTO_BIT_MPPE; }
618 | CCP { $$ = NPPPD_PROTO_BIT_CCP; }
619 | IPCP { $$ = NPPPD_PROTO_BIT_IPCP; }
620 ;
621
622 /*
623 * authentication { }
624 */
625 authentication : AUTHENTICATION STRING TYPE authtype {
626 struct authconf *n;
627
628 if (authconf_find($2) != NULL) {
629 yyerror("authentication name %s is already in "
630 "use.", $2);
631 free($2);
632 YYERROR;
633 }
634 if ((n = malloc(sizeof(struct authconf))) == NULL) {
635 yyerror("out of memory");
636 free($2);
637 YYERROR;
638 }
639 authconf_init(n);
640 strlcpy(n->name, $2, sizeof(n->name));
641 free($2);
642 n->auth_type = $4;
643 if ($4 == NPPPD_AUTH_TYPE_RADIUS) {
644 TAILQ_INIT(&n->data.radius.auth.servers);
645 TAILQ_INIT(&n->data.radius.acct.servers);
646 }
647 curr_authconf = n;
648 } '{' optnl authopt_l '}' {
649 TAILQ_INSERT_TAIL(&conf->authconfs, curr_authconf,
650 entry);
651 curr_authconf = NULL;
652 }
653 ;
654
655 authopt_l : /* empty */
656 | authopt_l authopt nl
657 | authopt optnl
658 ;
659
660 authopt : USERNAME_SUFFIX STRING {
661 curr_authconf->username_suffix = $2;
662 }
663 | EAP_CAPABLE yesno {
664 curr_authconf->eap_capable = $2;
665 }
666 | STRIP_NT_DOMAIN yesno {
667 curr_authconf->strip_nt_domain = $2;
668 }
669 | STRIP_ATMARK_REALM yesno {
670 curr_authconf->strip_atmark_realm = $2;
671 }
672 | USERS_FILE STRING {
673 strlcpy(curr_authconf->users_file_path, $2,
674 sizeof(curr_authconf->users_file_path));
675 free($2);
676 }
677 | USER_MAX_SESSION NUMBER {
678 curr_authconf->user_max_session = $2;
679 }
680 | AUTHENTICATION_SERVER {
681 if (curr_authconf->auth_type != NPPPD_AUTH_TYPE_RADIUS){
682 yyerror("`authentication-server' can not be "
683 "used for this type.");
684 YYERROR;
685 }
686 curr_radconf = &curr_authconf->data.radius.auth;
687 } '{' optnl radopt_l '}'
688 | ACCOUNTING_SERVER {
689 if (curr_authconf->auth_type != NPPPD_AUTH_TYPE_RADIUS){
690 yyerror("`accounting-server' can not be used "
691 "for this type.");
692 YYERROR;
693 }
694 curr_radconf = &curr_authconf->data.radius.acct;
695 } '{' optnl radopt_l '}'
696 ;
697
698 optport : /* empty */ { $$ = 0; }
699 | PORT NUMBER { $$ = $2; }
700 ;
701
702 authtype : LOCAL { $$ = NPPPD_AUTH_TYPE_LOCAL; }
703 | RADIUS { $$ = NPPPD_AUTH_TYPE_RADIUS; }
704 ;
705
706 radopt_l :
707 | radopt_l radopt nl
708 | radopt optnl
709 ;
710
711 radopt : ADDRESS address optport SECRET STRING {
712 int cnt;
713 struct radserver *n;
714
715 if (strlen($5) > MAX_RADIUS_SECRET - 1) {
716 yyerror("`secret' is too long. "
717 "use less than %d chars.",
718 MAX_RADIUS_SECRET - 1);
719 YYERROR;
720 }
721 cnt = 0;
722 TAILQ_FOREACH(n, &curr_radconf->servers, entry) {
723 cnt++;
724 }
725 if (cnt >= MAX_RADIUS_SERVERS) {
726 yyerror("too many radius servers. use less "
727 "than or equal to %d servers.",
728 MAX_RADIUS_SERVERS);
729 YYERROR;
730 }
731 if ((n = malloc(sizeof(struct radserver))) == NULL) {
732 yyerror("out of memory");
733 YYERROR;
734 }
735 n->address = $2;
736 ((struct sockaddr_in *)&n->address)->sin_port =
737 htons($3);
738 n->secret = $5;
739 TAILQ_INSERT_TAIL(&curr_radconf->servers, n, entry);
740 }
741 | X_TIMEOUT NUMBER {
742 curr_radconf->timeout = $2;
743 }
744 | MAX_TRIES NUMBER {
745 curr_radconf->max_tries = $2;
746 }
747 | MAX_FAILOVERS NUMBER {
748 curr_radconf->max_failovers = $2;
749 }
750 ;
751 /*
752 * ipcp { }
753 */
754 ipcp : IPCP STRING {
755 int cnt;
756 struct ipcpconf *n;
757
758 cnt = 0;
759 /*
760 TAILQ_FOREACH(n, &conf->ipcpconfs, entry) {
761 cnt++;
762 }
763 if (cnt >= NPPPD_MAX_POOL) {
764 yyerror("too many `ipcp' settings. it must be "
765 "less than or euals to %d.",
766 NPPPD_MAX_POOL);
767 YYERROR;
768 }
769 */
770
771 if (ipcpconf_find($2) != NULL) {
772 yyerror("ipcp name %s is already in use.", $2);
773 free($2);
774 YYERROR;
775 }
776 if ((n = malloc(sizeof(struct ipcpconf))) == NULL) {
777 yyerror("out of memory");
778 free($2);
779 YYERROR;
780 }
781 ipcpconf_init(n);
782 strlcpy(n->name, $2, sizeof(n->name));
783 free($2);
784 curr_ipcpconf = n;
785 } '{' optnl ipcpopt_l '}' {
786 TAILQ_INSERT_TAIL(&conf->ipcpconfs, curr_ipcpconf,
787 entry);
788 curr_ipcpconf = NULL;
789 }
790 ;
791
792 ipcpopt_l : /* empty */
793 | ipcpopt_l ipcpopt nl
794 | ipcpopt optnl
795 ;
796
797 ipcpopt : POOL_ADDRESS STRING ipcppooltype {
798 if ($3 != 1) {
799 if (in_addr_range_list_add(
800 &curr_ipcpconf->dynamic_pool, $2) != 0) {
801 yyerror("out of memory");
802 free($2);
803 YYERROR;
804 }
805 }
806 if (in_addr_range_list_add(
807 &curr_ipcpconf->static_pool, $2) != 0) {
808 yyerror("out of memory");
809 free($2);
810 YYERROR;
811 }
812 free($2);
813 }
814 | DNS_SERVERS RESOLVER {
815 curr_ipcpconf->dns_use_resolver = true;
816 curr_ipcpconf->dns_servers[0].s_addr = 0;
817 curr_ipcpconf->dns_servers[1].s_addr = 0;
818 }
819 | DNS_SERVERS in4_addr in4_addr {
820 curr_ipcpconf->dns_use_resolver = false;
821 curr_ipcpconf->dns_servers[0] = $2;
822 curr_ipcpconf->dns_servers[1] = $3;
823 }
824 | DNS_SERVERS in4_addr {
825 curr_ipcpconf->dns_use_resolver = false;
826 curr_ipcpconf->dns_servers[0] = $2;
827 curr_ipcpconf->dns_servers[1].s_addr = 0;
828 }
829 | NBNS_SERVERS in4_addr in4_addr {
830 curr_ipcpconf->nbns_servers[0] = $2;
831 curr_ipcpconf->nbns_servers[1] = $3;
832 }
833 | NBNS_SERVERS in4_addr {
834 curr_ipcpconf->nbns_servers[0] = $2;
835 curr_ipcpconf->nbns_servers[1].s_addr = 0;
836 }
837 | ALLOW_USER_SELECTED_ADDRESS yesno {
838 curr_ipcpconf->allow_user_select = $2;
839 }
840 | MAX_SESSION NUMBER {
841 curr_ipcpconf->max_session = $2;
842 }
843 ;
844
845 ipcppooltype : /* empty */ { $$ = 0; }
846 | FOR DYNAMIC { $$ = 0; }
847 | FOR STATIC { $$ = 1; }
848 ;
849
850
851 /*
852 * interface
853 */
854 interface : INTERFACE STRING ADDRESS in4_addr IPCP STRING {
855 int cnt;
856 struct iface *n;
857 struct ipcpconf *ipcp;
858
859 cnt = 0;
860 TAILQ_FOREACH(n, &conf->ifaces, entry) {
861 cnt++;
862 }
863 if (cnt >= NPPPD_MAX_IFACE) {
864 yyerror("too many interfaces. use less than "
865 "or equal to %d", NPPPD_MAX_IFACE);
866 YYERROR;
867 }
868
869 if ((ipcp = ipcpconf_find($6)) == NULL) {
870 yyerror("ipcp %s is not found", $6);
871 free($2);
872 YYERROR;
873 }
874 if (iface_find($2) != NULL) {
875 yyerror("interface %s is already in used.", $2);
876 free($2);
877 YYERROR;
878 }
879
880 if ((n = calloc(1, sizeof(struct iface))) == NULL) {
881 yyerror("out of memory");
882 free($2);
883 YYERROR;
884 }
885 strlcpy(n->name, $2, sizeof(n->name));
886 free($2);
887 n->ip4addr = $4;
888 if (strncmp(n->name, "pppx", 4) == 0)
889 n->is_pppx = true;
890
891 n->ipcpconf = ipcp;
892 TAILQ_INSERT_TAIL(&conf->ifaces, n, entry);
893 }
894 ;
895
896 /*
897 * bind
898 */
899 bind : BIND TUNNEL FROM STRING AUTHENTICATED BY STRING TO STRING {
900 struct authconf *auth;
901 struct tunnconf *tunn;
902 struct iface *iface;
903 struct confbind *n;
904
905 if ((tunn = tunnconf_find($4)) == NULL) {
906 yyerror("tunnel %s is not found", $4);
907 free($4);
908 free($7);
909 free($9);
910 YYERROR;
911 }
912 if ((auth = authconf_find($7)) == NULL) {
913 yyerror("authentication %s is not found", $7);
914 free($4);
915 free($7);
916 free($9);
917 YYERROR;
918 }
919 if ((iface = iface_find($9)) == NULL) {
920 yyerror("interface %s is not found", $9);
921 free($4);
922 free($7);
923 free($9);
924 YYERROR;
925 }
926 if (tunn->pipex == 0 && iface->is_pppx) {
927 yyerror("pipex should be enabled for"
928 " interface %s", $9);
929 free($4);
930 free($7);
931 free($9);
932 YYERROR;
933 }
934 if ((n = malloc(sizeof(struct confbind))) == NULL) {
935 yyerror("out of memory");
936 free($4);
937 free($7);
938 free($9);
939 YYERROR;
940 }
941 n->tunnconf = tunn;
942 n->authconf = auth;
943 n->iface = iface;
944 TAILQ_INSERT_TAIL(&conf->confbinds, n, entry);
945 }
946 ;
947
948 yesno : YES { $$ = true; }
949 | NO { $$ = false; }
950 ;
951
952 optnl : '\n' optnl
953 |
954 ;
955
956 nl : '\n' optnl
957 ;
958
959 %%
960
961 struct keywords {
962 const char *k_name;
963 int k_val;
964 };
965
966 int
yyerror(const char * fmt,...)967 yyerror(const char *fmt, ...)
968 {
969 va_list ap;
970 char *msg;
971
972 file->errors++;
973 va_start(ap, fmt);
974 if (vasprintf(&msg, fmt, ap) == -1)
975 fatalx("yyerror vasprintf");
976 va_end(ap);
977 logit(LOG_CRIT, "%s:%d: %s", file->name, yylval.lineno, msg);
978 free(msg);
979 return (0);
980 }
981
982 int
kw_cmp(const void * k,const void * e)983 kw_cmp(const void *k, const void *e)
984 {
985 return (strcmp(k, ((const struct keywords *)e)->k_name));
986 }
987
988 int
lookup(char * s)989 lookup(char *s)
990 {
991 /* this has to be sorted always */
992 static const struct keywords keywords[] = {
993 { "accounting-server", ACCOUNTING_SERVER},
994 { "address", ADDRESS},
995 { "allow-user-selected-address", ALLOW_USER_SELECTED_ADDRESS},
996 { "authenticated", AUTHENTICATED},
997 { "authentication", AUTHENTICATION},
998 { "authentication-method", AUTHENTICATION_METHOD},
999 { "authentication-server", AUTHENTICATION_SERVER},
1000 { "bind", BIND},
1001 { "by", BY},
1002 { "callnum-check", CALLNUM_CHECK},
1003 { "ccp", CCP},
1004 { "ccp-max-configure", CCP_MAX_CONFIGURE},
1005 { "ccp-max-nak-loop", CCP_MAX_NAK_LOOP},
1006 { "ccp-max-terminate", CCP_MAX_TERMINATE},
1007 { "ccp-timeout", CCP_TIMEOUT},
1008 { "chap", CHAP},
1009 { "chap-name", CHAP_NAME},
1010 { "debug-dump-pktin", DEBUG_DUMP_PKTIN},
1011 { "debug-dump-pktout", DEBUG_DUMP_PKTOUT},
1012 { "dns-servers", DNS_SERVERS},
1013 { "dynamic", DYNAMIC},
1014 { "eap", EAP},
1015 { "eap-capable", EAP_CAPABLE},
1016 { "for", FOR},
1017 { "from", FROM},
1018 { "idle-timeout", IDLE_TIMEOUT},
1019 { "ingress-filter", INGRESS_FILTER},
1020 { "interface", INTERFACE},
1021 { "ip", IP},
1022 { "ipcp", IPCP},
1023 { "ipcp-max-configure", IPCP_MAX_CONFIGURE},
1024 { "ipcp-max-nak-loop", IPCP_MAX_NAK_LOOP},
1025 { "ipcp-max-terminate", IPCP_MAX_TERMINATE},
1026 { "ipcp-timeout", IPCP_TIMEOUT},
1027 { "l2tp", L2TP},
1028 { "l2tp-accept-dialin", L2TP_ACCEPT_DIALIN},
1029 { "l2tp-ctrl-in-pktdump", L2TP_CTRL_IN_PKTDUMP},
1030 { "l2tp-ctrl-out-pktdump", L2TP_CTRL_OUT_PKTDUMP},
1031 { "l2tp-data-in-pktdump", L2TP_DATA_IN_PKTDUMP},
1032 { "l2tp-data-out-pktdump", L2TP_DATA_OUT_PKTDUMP},
1033 { "l2tp-data-use-seq", L2TP_DATA_USE_SEQ},
1034 { "l2tp-force-lcp-renegotiation", L2TP_FORCE_LCP_RENEGOTIATION},
1035 { "l2tp-hello-interval", L2TP_HELLO_INTERVAL},
1036 { "l2tp-hello-timeout", L2TP_HELLO_TIMEOUT},
1037 { "l2tp-hostname", L2TP_HOSTNAME},
1038 { "l2tp-lcp-renegotiation", L2TP_LCP_RENEGOTIATION},
1039 { "l2tp-require-ipsec", L2TP_REQUIRE_IPSEC},
1040 { "l2tp-vendor-name", L2TP_VENDOR_NAME},
1041 { "lcp", LCP},
1042 { "lcp-keepalive", LCP_KEEPALIVE},
1043 { "lcp-keepalive-interval", LCP_KEEPALIVE_INTERVAL},
1044 { "lcp-keepalive-max-retries", LCP_KEEPALIVE_MAX_RETRIES },
1045 { "lcp-keepalive-retry-interval", LCP_KEEPALIVE_RETRY_INTERVAL},
1046 { "lcp-max-configure", LCP_MAX_CONFIGURE},
1047 { "lcp-max-nak-loop", LCP_MAX_NAK_LOOP},
1048 { "lcp-max-terminate", LCP_MAX_TERMINATE},
1049 { "lcp-timeout", LCP_TIMEOUT},
1050 { "listen", LISTEN},
1051 { "local", LOCAL},
1052 { "max-failovers", MAX_FAILOVERS},
1053 { "max-session", MAX_SESSION},
1054 { "max-tries", MAX_TRIES},
1055 { "mppe", MPPE},
1056 { "mppe-key-length", MPPE_KEY_LENGTH},
1057 { "mppe-key-state", MPPE_KEY_STATE},
1058 { "mru", MRU},
1059 { "mschapv2", MSCHAPV2},
1060 { "nbns-servers", NBNS_SERVERS},
1061 { "no", NO},
1062 { "on", ON},
1063 { "pap", PAP},
1064 { "pipex", PIPEX},
1065 { "pool-address", POOL_ADDRESS},
1066 { "port", PORT},
1067 { "pppoe", PPPOE},
1068 { "pppoe-ac-name", PPPOE_AC_NAME},
1069 { "pppoe-accept-any-service", PPPOE_ACCEPT_ANY_SERVICE},
1070 { "pppoe-desc-in-pktdump", PPPOE_DESC_IN_PKTDUMP},
1071 { "pppoe-desc-out-pktdump", PPPOE_DESC_OUT_PKTDUMP},
1072 { "pppoe-service-name", PPPOE_SERVICE_NAME},
1073 { "pppoe-session-in-pktdump", PPPOE_SESSION_IN_PKTDUMP},
1074 { "pppoe-session-out-pktdump", PPPOE_SESSION_OUT_PKTDUMP},
1075 { "pptp", PPTP},
1076 { "pptp-ctrl-in-pktdump", PPTP_CTRL_IN_PKTDUMP},
1077 { "pptp-ctrl-out-pktdump", PPTP_CTRL_OUT_PKTDUMP},
1078 { "pptp-data-in-pktdump", PPTP_DATA_IN_PKTDUMP},
1079 { "pptp-data-out-pktdump", PPTP_DATA_OUT_PKTDUMP},
1080 { "pptp-echo-interval", PPTP_ECHO_INTERVAL},
1081 { "pptp-echo-timeout", PPTP_ECHO_TIMEOUT},
1082 { "pptp-hostname", PPTP_HOSTNAME},
1083 { "pptp-vendor-name", PPTP_VENDOR_NAME},
1084 { "protocol", PROTOCOL},
1085 { "radius", RADIUS},
1086 { "required", REQUIRED},
1087 { "resolver", RESOLVER},
1088 { "secret", SECRET},
1089 { "set", SET},
1090 { "stateful", STATEFUL},
1091 { "stateless", STATELESS},
1092 { "static", STATIC},
1093 { "strip-atmark-realm", STRIP_ATMARK_REALM},
1094 { "strip-nt-domain", STRIP_NT_DOMAIN},
1095 { "tcp-mss-adjust", TCP_MSS_ADJUST},
1096 { "timeout", X_TIMEOUT},
1097 { "to", TO},
1098 { "tunnel", TUNNEL},
1099 { "type", TYPE},
1100 { "user-max-session", USER_MAX_SESSION},
1101 { "username-suffix", USERNAME_SUFFIX},
1102 { "users-file", USERS_FILE},
1103 { "yes", YES}
1104 };
1105 const struct keywords *p;
1106
1107 p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]),
1108 sizeof(keywords[0]), kw_cmp);
1109
1110 if (p)
1111 return (p->k_val);
1112 else
1113 return (STRING);
1114 }
1115
1116 #define MAXPUSHBACK 128
1117
1118 char *parsebuf;
1119 int parseindex;
1120 char pushback_buffer[MAXPUSHBACK];
1121 int pushback_index = 0;
1122
1123 int
lgetc(int quotec)1124 lgetc(int quotec)
1125 {
1126 int c, next;
1127
1128 if (parsebuf) {
1129 /* Read character from the parsebuffer instead of input. */
1130 if (parseindex >= 0) {
1131 c = (unsigned char)parsebuf[parseindex++];
1132 if (c != '\0')
1133 return (c);
1134 parsebuf = NULL;
1135 } else
1136 parseindex++;
1137 }
1138
1139 if (pushback_index)
1140 return ((unsigned char)pushback_buffer[--pushback_index]);
1141
1142 if (quotec) {
1143 if ((c = getc(file->stream)) == EOF) {
1144 yyerror("reached end of file while parsing "
1145 "quoted string");
1146 if (file == topfile || popfile() == EOF)
1147 return (EOF);
1148 return (quotec);
1149 }
1150 return (c);
1151 }
1152
1153 while ((c = getc(file->stream)) == '\\') {
1154 next = getc(file->stream);
1155 if (next != '\n') {
1156 c = next;
1157 break;
1158 }
1159 yylval.lineno = file->lineno;
1160 file->lineno++;
1161 }
1162
1163 while (c == EOF) {
1164 if (file == topfile || popfile() == EOF)
1165 return (EOF);
1166 c = getc(file->stream);
1167 }
1168 return (c);
1169 }
1170
1171 int
lungetc(int c)1172 lungetc(int c)
1173 {
1174 if (c == EOF)
1175 return (EOF);
1176 if (parsebuf) {
1177 parseindex--;
1178 if (parseindex >= 0)
1179 return (c);
1180 }
1181 if (pushback_index + 1 >= MAXPUSHBACK)
1182 return (EOF);
1183 pushback_buffer[pushback_index++] = c;
1184 return (c);
1185 }
1186
1187 int
findeol(void)1188 findeol(void)
1189 {
1190 int c;
1191
1192 parsebuf = NULL;
1193
1194 /* skip to either EOF or the first real EOL */
1195 while (1) {
1196 if (pushback_index)
1197 c = (unsigned char)pushback_buffer[--pushback_index];
1198 else
1199 c = lgetc(0);
1200 if (c == '\n') {
1201 file->lineno++;
1202 break;
1203 }
1204 if (c == EOF)
1205 break;
1206 }
1207 return (ERROR);
1208 }
1209
1210 int
yylex(void)1211 yylex(void)
1212 {
1213 char buf[8096];
1214 char *p;
1215 int quotec, next, c;
1216 int token;
1217
1218 p = buf;
1219 while ((c = lgetc(0)) == ' ' || c == '\t')
1220 ; /* nothing */
1221
1222 yylval.lineno = file->lineno;
1223 if (c == '#')
1224 while ((c = lgetc(0)) != '\n' && c != EOF)
1225 ; /* nothing */
1226
1227 switch (c) {
1228 case '\'':
1229 case '"':
1230 quotec = c;
1231 while (1) {
1232 if ((c = lgetc(quotec)) == EOF)
1233 return (0);
1234 if (c == '\n') {
1235 file->lineno++;
1236 continue;
1237 } else if (c == '\\') {
1238 if ((next = lgetc(quotec)) == EOF)
1239 return (0);
1240 if (next == quotec || next == ' ' ||
1241 next == '\t')
1242 c = next;
1243 else if (next == '\n') {
1244 file->lineno++;
1245 continue;
1246 } else
1247 lungetc(next);
1248 } else if (c == quotec) {
1249 *p = '\0';
1250 break;
1251 } else if (c == '\0') {
1252 yyerror("syntax error");
1253 return (findeol());
1254 }
1255 if (p + 1 >= buf + sizeof(buf) - 1) {
1256 yyerror("string too long");
1257 return (findeol());
1258 }
1259 *p++ = c;
1260 }
1261 yylval.v.string = strdup(buf);
1262 if (yylval.v.string == NULL)
1263 fatal("yylex: strdup");
1264 return (STRING);
1265 }
1266
1267 #define allowed_to_end_number(x) \
1268 (isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' || x == '=')
1269
1270 if (c == '-' || isdigit(c)) {
1271 do {
1272 *p++ = c;
1273 if ((size_t)(p-buf) >= sizeof(buf)) {
1274 yyerror("string too long");
1275 return (findeol());
1276 }
1277 } while ((c = lgetc(0)) != EOF && isdigit(c));
1278 lungetc(c);
1279 if (p == buf + 1 && buf[0] == '-')
1280 goto nodigits;
1281 if (c == EOF || allowed_to_end_number(c)) {
1282 const char *errstr = NULL;
1283
1284 *p = '\0';
1285 yylval.v.number = strtonum(buf, LLONG_MIN,
1286 LLONG_MAX, &errstr);
1287 if (errstr) {
1288 yyerror("\"%s\" invalid number: %s",
1289 buf, errstr);
1290 return (findeol());
1291 }
1292 return (NUMBER);
1293 } else {
1294 nodigits:
1295 while (p > buf + 1)
1296 lungetc((unsigned char)*--p);
1297 c = (unsigned char)*--p;
1298 if (c == '-')
1299 return (c);
1300 }
1301 }
1302
1303 #define allowed_in_string(x) \
1304 (isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \
1305 x != '{' && x != '}' && x != '<' && x != '>' && \
1306 x != '!' && x != '=' && x != '/' && x != '#' && \
1307 x != ','))
1308
1309 if (isalnum(c) || c == ':' || c == '_' || c == '*') {
1310 do {
1311 *p++ = c;
1312 if ((size_t)(p-buf) >= sizeof(buf)) {
1313 yyerror("string too long");
1314 return (findeol());
1315 }
1316 } while ((c = lgetc(0)) != EOF && (allowed_in_string(c)));
1317 lungetc(c);
1318 *p = '\0';
1319 if ((token = lookup(buf)) == STRING)
1320 if ((yylval.v.string = strdup(buf)) == NULL)
1321 fatal("yylex: strdup");
1322 return (token);
1323 }
1324 if (c == '\n') {
1325 yylval.lineno = file->lineno;
1326 file->lineno++;
1327 }
1328 if (c == EOF)
1329 return (0);
1330 return (c);
1331 }
1332
1333 struct file *
pushfile(const char * name)1334 pushfile(const char *name)
1335 {
1336 struct file *nfile;
1337
1338 if ((nfile = calloc(1, sizeof(struct file))) == NULL) {
1339 log_warn("%s", __func__);
1340 return (NULL);
1341 }
1342 if ((nfile->name = strdup(name)) == NULL) {
1343 log_warn("%s", __func__);
1344 free(nfile);
1345 return (NULL);
1346 }
1347 #ifdef NO_PRIVSEP
1348 if ((nfile->stream = fopen(nfile->name, "r")) == NULL) {
1349 #else
1350 if ((nfile->stream = priv_fopen(nfile->name)) == NULL) {
1351 #endif
1352 log_warn("%s: %s", __func__, nfile->name);
1353 free(nfile->name);
1354 free(nfile);
1355 return (NULL);
1356 }
1357 nfile->lineno = 1;
1358 TAILQ_INSERT_TAIL(&files, nfile, entry);
1359 return (nfile);
1360 }
1361
1362 int
1363 popfile(void)
1364 {
1365 struct file *prev;
1366
1367 if ((prev = TAILQ_PREV(file, files, entry)) != NULL)
1368 prev->errors += file->errors;
1369
1370 TAILQ_REMOVE(&files, file, entry);
1371 fclose(file->stream);
1372 free(file->name);
1373 free(file);
1374 file = prev;
1375 return (file ? 0 : EOF);
1376 }
1377
1378 int
1379 npppd_conf_parse(struct npppd_conf *xconf, const char *filename)
1380 {
1381 int errors = 0;
1382
1383 conf = xconf;
1384
1385 if ((file = pushfile(filename)) == NULL) {
1386 return (-1);
1387 }
1388 topfile = file;
1389
1390 yyparse();
1391 errors = file->errors;
1392 popfile();
1393
1394 if (curr_tunnconf != NULL) {
1395 tunnconf_fini(curr_tunnconf);
1396 free(curr_tunnconf);
1397 }
1398 curr_tunnconf = NULL;
1399 if (curr_authconf != NULL) {
1400 authconf_fini(curr_authconf);
1401 free(curr_authconf);
1402 }
1403 curr_authconf = NULL;
1404 if (curr_ipcpconf != NULL) {
1405 ipcpconf_fini(curr_ipcpconf);
1406 free(curr_ipcpconf);
1407 }
1408 curr_ipcpconf = NULL;
1409
1410 if (errors)
1411 npppd_conf_fini(xconf);
1412
1413 return (errors ? -1 : 0);
1414 }
1415
1416 void
1417 npppd_conf_init(struct npppd_conf *xconf)
1418 {
1419 memset(xconf, 0, sizeof(struct npppd_conf));
1420 TAILQ_INIT(&xconf->tunnconfs);
1421 TAILQ_INIT(&xconf->authconfs);
1422 TAILQ_INIT(&xconf->ipcpconfs);
1423 TAILQ_INIT(&xconf->ifaces);
1424 TAILQ_INIT(&xconf->confbinds);
1425 TAILQ_INIT(&xconf->l2tp_confs);
1426 TAILQ_INIT(&xconf->pptp_confs);
1427 TAILQ_INIT(&xconf->pppoe_confs);
1428 }
1429
1430 void
1431 npppd_conf_fini(struct npppd_conf *xconf)
1432 {
1433 struct tunnconf *tunn, *tunn0;
1434 struct authconf *auth, *auth0;
1435 struct ipcpconf *ipcp, *ipcp0;
1436 struct iface *iface, *iface0;
1437 struct confbind *confbind, *confbind0;
1438
1439 TAILQ_FOREACH_SAFE(tunn, &xconf->tunnconfs, entry, tunn0) {
1440 tunnconf_fini(tunn);
1441 }
1442 TAILQ_FOREACH_SAFE(auth, &xconf->authconfs, entry, auth0) {
1443 authconf_fini(auth);
1444 }
1445 TAILQ_FOREACH_SAFE(ipcp, &xconf->ipcpconfs, entry, ipcp0) {
1446 ipcpconf_fini(ipcp);
1447 }
1448 TAILQ_FOREACH_SAFE(iface, &xconf->ifaces, entry, iface0) {
1449 free(iface);
1450 }
1451 TAILQ_FOREACH_SAFE(confbind, &xconf->confbinds, entry, confbind0) {
1452 free(confbind);
1453 }
1454 TAILQ_INIT(&xconf->l2tp_confs);
1455 TAILQ_INIT(&xconf->pptp_confs);
1456 TAILQ_INIT(&xconf->pppoe_confs);
1457 }
1458
1459 void
1460 tunnconf_fini(struct tunnconf *tun)
1461 {
1462 if (tun->chap_name != NULL)
1463 free(tun->chap_name);
1464 tun->chap_name = NULL;
1465
1466 switch (tun->protocol) {
1467 case NPPPD_TUNNEL_L2TP:
1468 {
1469 struct l2tp_listen_addr *l_addr, *l_tmp;
1470
1471 if (tun->proto.l2tp.hostname != NULL)
1472 free(tun->proto.l2tp.hostname);
1473 tun->proto.l2tp.hostname = NULL;
1474 if (tun->proto.l2tp.vendor_name != NULL)
1475 free(tun->proto.l2tp.vendor_name);
1476 tun->proto.l2tp.vendor_name = NULL;
1477 TAILQ_FOREACH_SAFE(l_addr, &tun->proto.l2tp.listen, entry,
1478 l_tmp) {
1479 TAILQ_REMOVE(&tun->proto.l2tp.listen, l_addr, entry);
1480 free(l_addr);
1481 }
1482 break;
1483 }
1484 case NPPPD_TUNNEL_PPTP:
1485 {
1486 struct pptp_listen_addr *p_addr, *p_tmp;
1487
1488 if (tun->proto.pptp.hostname != NULL)
1489 free(tun->proto.pptp.hostname);
1490 tun->proto.pptp.hostname = NULL;
1491 if (tun->proto.pptp.vendor_name != NULL)
1492 free(tun->proto.pptp.vendor_name);
1493 tun->proto.pptp.vendor_name = NULL;
1494 TAILQ_FOREACH_SAFE(p_addr, &tun->proto.pptp.listen, entry,
1495 p_tmp) {
1496 TAILQ_REMOVE(&tun->proto.pptp.listen, p_addr, entry);
1497 free(p_addr);
1498 }
1499 break;
1500 }
1501 case NPPPD_TUNNEL_PPPOE:
1502 if (tun->proto.pppoe.service_name != NULL)
1503 free(tun->proto.pppoe.service_name);
1504 tun->proto.pppoe.service_name = NULL;
1505 if (tun->proto.pppoe.ac_name != NULL)
1506 free(tun->proto.pppoe.ac_name);
1507 tun->proto.pppoe.ac_name = NULL;
1508 break;
1509 }
1510 }
1511
1512 void
1513 tunnconf_init(struct tunnconf *tun, int protocol)
1514 {
1515 extern struct tunnconf tunnconf_default_l2tp, tunnconf_default_pptp;
1516 extern struct tunnconf tunnconf_default_pppoe;
1517
1518 switch (protocol) {
1519 case NPPPD_TUNNEL_L2TP:
1520 memcpy(tun, &tunnconf_default_l2tp, sizeof(struct tunnconf));
1521 TAILQ_INIT(&tun->proto.l2tp.listen);
1522 break;
1523 case NPPPD_TUNNEL_PPTP:
1524 memcpy(tun, &tunnconf_default_pptp, sizeof(struct tunnconf));
1525 TAILQ_INIT(&tun->proto.pptp.listen);
1526 break;
1527 case NPPPD_TUNNEL_PPPOE:
1528 memcpy(tun, &tunnconf_default_pppoe, sizeof(struct tunnconf));
1529 break;
1530 }
1531 }
1532
1533 struct tunnconf *
1534 tunnconf_find(const char *name)
1535 {
1536 struct tunnconf *tunn;
1537
1538 TAILQ_FOREACH(tunn, &conf->tunnconfs, entry) {
1539 if (strcmp(tunn->name, name) == 0)
1540 return tunn;
1541 }
1542
1543 return NULL;
1544 }
1545
1546 void
1547 authconf_init(struct authconf *auth)
1548 {
1549 memset(auth, 0, sizeof(struct authconf));
1550 auth->eap_capable = true;
1551 auth->strip_nt_domain = true;
1552 auth->strip_atmark_realm = false;
1553 }
1554
1555 void
1556 authconf_fini(struct authconf *auth)
1557 {
1558 if (auth->username_suffix != NULL)
1559 free(auth->username_suffix);
1560 auth->username_suffix = NULL;
1561
1562 switch (auth->auth_type) {
1563 case NPPPD_AUTH_TYPE_RADIUS:
1564 radconf_fini(&auth->data.radius.auth);
1565 radconf_fini(&auth->data.radius.acct);
1566 break;
1567 }
1568 }
1569
1570 void
1571 radconf_fini(struct radconf *radconf)
1572 {
1573 struct radserver *server, *server0;
1574
1575 TAILQ_FOREACH_SAFE(server, &radconf->servers, entry, server0) {
1576 if (server->secret != NULL)
1577 free(server->secret);
1578 server->secret = NULL;
1579 }
1580 }
1581
1582 struct authconf *
1583 authconf_find(const char *name)
1584 {
1585 struct authconf *auth;
1586
1587 TAILQ_FOREACH(auth, &conf->authconfs, entry) {
1588 if (strcmp(auth->name, name) == 0)
1589 return auth;
1590 }
1591
1592 return NULL;
1593 }
1594
1595 void
1596 ipcpconf_init(struct ipcpconf *ipcp)
1597 {
1598 memset(ipcp, 0, sizeof(struct ipcpconf));
1599 }
1600
1601 void
1602 ipcpconf_fini(struct ipcpconf *ipcp)
1603 {
1604 if (ipcp->dynamic_pool != NULL)
1605 in_addr_range_list_remove_all(&ipcp->dynamic_pool);
1606 if (ipcp->static_pool != NULL)
1607 in_addr_range_list_remove_all(&ipcp->static_pool);
1608 }
1609
1610 struct ipcpconf *
1611 ipcpconf_find(const char *name)
1612 {
1613 struct ipcpconf *ipcp;
1614
1615 TAILQ_FOREACH(ipcp, &conf->ipcpconfs, entry) {
1616 if (strcmp(ipcp->name, name) == 0)
1617 return ipcp;
1618 }
1619
1620 return NULL;
1621 }
1622
1623 struct iface *
1624 iface_find(const char *name)
1625 {
1626 struct iface *iface;
1627
1628 TAILQ_FOREACH(iface, &conf->ifaces, entry) {
1629 if (strcmp(iface->name, name) == 0)
1630 return iface;
1631 }
1632
1633 return NULL;
1634 }
1635
1636 void
1637 sa_set_in_addr_any(struct sockaddr *sa)
1638 {
1639 memset(sa, 0, sizeof(struct sockaddr_in));
1640
1641 sa->sa_family = AF_INET,
1642 sa->sa_len = sizeof(struct sockaddr_in);
1643 ((struct sockaddr_in *)sa)->sin_addr.s_addr = htonl(INADDR_ANY);
1644 }
1645