/* $NetBSD: cftoken.l,v 1.11.4.2 2007/09/03 18:07:29 mgrooms Exp $ */ /* Id: cftoken.l,v 1.53 2006/08/22 18:17:17 manubsd Exp */ %{ /* * Copyright (C) 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002 and 2003 WIDE Project. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "config.h" #include #include #include #include #include PATH_IPSEC_H #include #include #include #include #include #include #include #ifdef HAVE_STDARG_H #include #else #include #endif #include "var.h" #include "misc.h" #include "vmbuf.h" #include "plog.h" #include "debug.h" #include "algorithm.h" #include "cfparse_proto.h" #include "cftoken_proto.h" #include "localconf.h" #include "oakley.h" #include "isakmp_var.h" #include "isakmp.h" #include "ipsec_doi.h" #include "policy.h" #include "proposal.h" #include "remoteconf.h" #ifdef GC #include "gcmalloc.h" #endif #include "cfparse.h" int yyerrorcount = 0; #if defined(YIPS_DEBUG) # define YYDB plog(LLV_DEBUG2, LOCATION, NULL, \ "begin <%d>%s\n", yy_start, yytext); # define YYD { \ plog(LLV_DEBUG2, LOCATION, NULL, "<%d>%s", \ yy_start, loglevel >= LLV_DEBUG2 ? "\n" : ""); \ } #else # define YYDB # define YYD #endif /* defined(YIPS_DEBUG) */ #define MAX_INCLUDE_DEPTH 10 static struct include_stack { char *path; FILE *fp; YY_BUFFER_STATE prevstate; int lineno; glob_t matches; int matchon; } incstack[MAX_INCLUDE_DEPTH]; static int incstackp = 0; static int yy_first_time = 1; %} /* common seciton */ nl \n ws [ \t]+ digit [0-9] letter [A-Za-z] hexdigit [0-9A-Fa-f] /*octet (([01]?{digit}?{digit})|((2([0-4]{digit}))|(25[0-5]))) */ special [()+\|\?\*] comma \, dot \. slash \/ bcl \{ ecl \} blcl \[ elcl \] hyphen \- percent \% semi \; comment \#.* ccomment "/*" bracketstring \<[^>]*\> quotedstring \"[^"]*\" addrstring [a-fA-F0-9:]([a-fA-F0-9:\.]*|[a-fA-F0-9:\.]*%[a-zA-Z0-9]*) decstring {digit}+ hexstring 0x{hexdigit}+ %s S_INI S_PRIV S_PTH S_INF S_LOG S_PAD S_LST S_RTRY S_CFG S_LDAP %s S_ALGST S_ALGCL %s S_SAINF S_SAINFS %s S_RMT S_RMTS S_RMTP %s S_SA %s S_GSSENC %% %{ if (yy_first_time) { BEGIN S_INI; yy_first_time = 0; } %} /* privsep */ privsep { BEGIN S_PRIV; YYDB; return(PRIVSEP); } {bcl} { return(BOC); } user { YYD; return(USER); } group { YYD; return(GROUP); } chroot { YYD; return(CHROOT); } {ecl} { BEGIN S_INI; return(EOC); } /* path */ path { BEGIN S_PTH; YYDB; return(PATH); } include { YYD; yylval.num = LC_PATHTYPE_INCLUDE; return(PATHTYPE); } pre_shared_key { YYD; yylval.num = LC_PATHTYPE_PSK; return(PATHTYPE); } certificate { YYD; yylval.num = LC_PATHTYPE_CERT; return(PATHTYPE); } script { YYD; yylval.num = LC_PATHTYPE_SCRIPT; return(PATHTYPE); } backupsa { YYD; yylval.num = LC_PATHTYPE_BACKUPSA; return(PATHTYPE); } pidfile { YYD; yylval.num = LC_PATHTYPE_PIDFILE; return(PATHTYPE); } {semi} { BEGIN S_INI; YYDB; return(EOS); } /* include */ include { YYDB; return(INCLUDE); } /* self information */ identifier { BEGIN S_INF; YYDB; yywarn("it is obsoleted. use \"my_identifier\" in each remote directives."); return(IDENTIFIER); } {semi} { BEGIN S_INI; return(EOS); } /* special */ complex_bundle { YYDB; return(COMPLEX_BUNDLE); } /* logging */ log { BEGIN S_LOG; YYDB; return(LOGGING); } error { YYD; yylval.num = LLV_ERROR; return(LOGLEV); } warning { YYD; yylval.num = LLV_WARNING; return(LOGLEV); } notify { YYD; yylval.num = LLV_NOTIFY; return(LOGLEV); } info { YYD; yylval.num = LLV_INFO; return(LOGLEV); } debug { YYD; yylval.num = LLV_DEBUG; return(LOGLEV); } debug2 { YYD; yylval.num = LLV_DEBUG2; return(LOGLEV); } debug3 { YYD; yywarn("it is obsoleted. use \"debug2\""); yylval.num = LLV_DEBUG2; return(LOGLEV); } debug4 { YYD; yywarn("it is obsoleted. use \"debug2\""); yylval.num = LLV_DEBUG2; return(LOGLEV); } {semi} { BEGIN S_INI; return(EOS); } /* padding */ padding { BEGIN S_PAD; YYDB; return(PADDING); } {bcl} { return(BOC); } randomize { YYD; return(PAD_RANDOMIZE); } randomize_length { YYD; return(PAD_RANDOMIZELEN); } maximum_length { YYD; return(PAD_MAXLEN); } strict_check { YYD; return(PAD_STRICT); } exclusive_tail { YYD; return(PAD_EXCLTAIL); } {ecl} { BEGIN S_INI; return(EOC); } /* listen */ listen { BEGIN S_LST; YYDB; return(LISTEN); } {bcl} { return(BOC); } isakmp { YYD; return(X_ISAKMP); } isakmp_natt { YYD; return(X_ISAKMP_NATT); } admin { YYD; return(X_ADMIN); } adminsock { YYD; return(ADMINSOCK); } disabled { YYD; return(DISABLED); } strict_address { YYD; return(STRICT_ADDRESS); } {ecl} { BEGIN S_INI; return(EOC); } /* ldap config */ ldapcfg { BEGIN S_LDAP; YYDB; return(LDAPCFG); } {bcl} { return(BOC); } version { YYD; return(LDAP_PVER); } host { YYD; return(LDAP_HOST); } port { YYD; return(LDAP_PORT); } base { YYD; return(LDAP_BASE); } subtree { YYD; return(LDAP_SUBTREE); } bind_dn { YYD; return(LDAP_BIND_DN); } bind_pw { YYD; return(LDAP_BIND_PW); } attr_user { YYD; return(LDAP_ATTR_USER); } attr_addr { YYD; return(LDAP_ATTR_ADDR); } attr_mask { YYD; return(LDAP_ATTR_MASK); } attr_group { YYD; return(LDAP_ATTR_GROUP); } attr_member { YYD; return(LDAP_ATTR_MEMBER); } {ecl} { BEGIN S_INI; return(EOC); } /* mode_cfg */ mode_cfg { BEGIN S_CFG; YYDB; return(MODECFG); } {bcl} { return(BOC); } network4 { YYD; return(CFG_NET4); } netmask4 { YYD; return(CFG_MASK4); } dns4 { YYD; return(CFG_DNS4); } nbns4 { YYD; return(CFG_NBNS4); } wins4 { YYD; return(CFG_NBNS4); } default_domain { YYD; return(CFG_DEFAULT_DOMAIN); } auth_source { YYD; return(CFG_AUTH_SOURCE); } auth_groups { YYD; return(CFG_AUTH_GROUPS); } group_source { YYD; return(CFG_GROUP_SOURCE); } conf_source { YYD; return(CFG_CONF_SOURCE); } accounting { YYD; return(CFG_ACCOUNTING); } system { YYD; return(CFG_SYSTEM); } local { YYD; return(CFG_LOCAL); } none { YYD; return(CFG_NONE); } radius { YYD; return(CFG_RADIUS); } pam { YYD; return(CFG_PAM); } ldap { YYD; return(CFG_LDAP); } pool_size { YYD; return(CFG_POOL_SIZE); } banner { YYD; return(CFG_MOTD); } auth_throttle { YYD; return(CFG_AUTH_THROTTLE); } split_network { YYD; return(CFG_SPLIT_NETWORK); } local_lan { YYD; return(CFG_SPLIT_LOCAL); } include { YYD; return(CFG_SPLIT_INCLUDE); } split_dns { YYD; return(CFG_SPLIT_DNS); } pfs_group { YYD; return(CFG_PFS_GROUP); } save_passwd { YYD; return(CFG_SAVE_PASSWD); } {comma} { YYD; return(COMMA); } {ecl} { BEGIN S_INI; return(EOC); } /* timer */ timer { BEGIN S_RTRY; YYDB; return(RETRY); } {bcl} { return(BOC); } counter { YYD; return(RETRY_COUNTER); } interval { YYD; return(RETRY_INTERVAL); } persend { YYD; return(RETRY_PERSEND); } phase1 { YYD; return(RETRY_PHASE1); } phase2 { YYD; return(RETRY_PHASE2); } natt_keepalive { YYD; return(NATT_KA); } {ecl} { BEGIN S_INI; return(EOC); } /* sainfo */ sainfo { BEGIN S_SAINF; YYDB; return(SAINFO); } anonymous { YYD; return(ANONYMOUS); } {blcl}any{elcl} { YYD; return(PORTANY); } any { YYD; return(ANY); } from { YYD; return(FROM); } group { YYD; return(GROUP); } /* sainfo spec */ {bcl} { BEGIN S_SAINFS; return(BOC); } {semi} { BEGIN S_INI; return(EOS); } {ecl} { BEGIN S_INI; return(EOC); } pfs_group { YYD; return(PFS_GROUP); } remoteid { YYD; return(REMOTEID); } identifier { YYD; yywarn("it is obsoleted. use \"my_identifier\"."); return(IDENTIFIER); } my_identifier { YYD; return(MY_IDENTIFIER); } lifetime { YYD; return(LIFETIME); } time { YYD; return(LIFETYPE_TIME); } byte { YYD; return(LIFETYPE_BYTE); } encryption_algorithm { YYD; yylval.num = algclass_ipsec_enc; return(ALGORITHM_CLASS); } authentication_algorithm { YYD; yylval.num = algclass_ipsec_auth; return(ALGORITHM_CLASS); } compression_algorithm { YYD; yylval.num = algclass_ipsec_comp; return(ALGORITHM_CLASS); } {comma} { YYD; return(COMMA); } /* remote */ remote { BEGIN S_RMT; YYDB; return(REMOTE); } anonymous { YYD; return(ANONYMOUS); } inherit { YYD; return(INHERIT); } /* remote spec */ {bcl} { BEGIN S_RMTS; return(BOC); } {ecl} { BEGIN S_INI; return(EOC); } exchange_mode { YYD; return(EXCHANGE_MODE); } {comma} { YYD; /* XXX ignored, but to be handled. */ ; } base { YYD; yylval.num = ISAKMP_ETYPE_BASE; return(EXCHANGETYPE); } main { YYD; yylval.num = ISAKMP_ETYPE_IDENT; return(EXCHANGETYPE); } aggressive { YYD; yylval.num = ISAKMP_ETYPE_AGG; return(EXCHANGETYPE); } doi { YYD; return(DOI); } ipsec_doi { YYD; yylval.num = IPSEC_DOI; return(DOITYPE); } situation { YYD; return(SITUATION); } identity_only { YYD; yylval.num = IPSECDOI_SIT_IDENTITY_ONLY; return(SITUATIONTYPE); } secrecy { YYD; yylval.num = IPSECDOI_SIT_SECRECY; return(SITUATIONTYPE); } integrity { YYD; yylval.num = IPSECDOI_SIT_INTEGRITY; return(SITUATIONTYPE); } identifier { YYD; yywarn("it is obsoleted. use \"my_identifier\"."); return(IDENTIFIER); } my_identifier { YYD; return(MY_IDENTIFIER); } xauth_login { YYD; return(XAUTH_LOGIN); /* formerly identifier type login */ } peers_identifier { YYD; return(PEERS_IDENTIFIER); } verify_identifier { YYD; return(VERIFY_IDENTIFIER); } certificate_type { YYD; return(CERTIFICATE_TYPE); } ca_type { YYD; return(CA_TYPE); } x509 { YYD; yylval.num = ISAKMP_CERT_X509SIGN; return(CERT_X509); } plain_rsa { YYD; yylval.num = ISAKMP_CERT_PLAINRSA; return(CERT_PLAINRSA); } peers_certfile { YYD; return(PEERS_CERTFILE); } dnssec { YYD; return(DNSSEC); } verify_cert { YYD; return(VERIFY_CERT); } send_cert { YYD; return(SEND_CERT); } send_cr { YYD; return(SEND_CR); } dh_group { YYD; return(DH_GROUP); } nonce_size { YYD; return(NONCE_SIZE); } generate_policy { YYD; return(GENERATE_POLICY); } unique { YYD; yylval.num = GENERATE_POLICY_UNIQUE; return(GENERATE_LEVEL); } require { YYD; yylval.num = GENERATE_POLICY_REQUIRE; return(GENERATE_LEVEL); } support_mip6 { YYD; yywarn("it is obsoleted. use \"support_proxy\"."); return(SUPPORT_PROXY); } support_proxy { YYD; return(SUPPORT_PROXY); } initial_contact { YYD; return(INITIAL_CONTACT); } nat_traversal { YYD; return(NAT_TRAVERSAL); } force { YYD; return(REMOTE_FORCE_LEVEL); } proposal_check { YYD; return(PROPOSAL_CHECK); } obey { YYD; yylval.num = PROP_CHECK_OBEY; return(PROPOSAL_CHECK_LEVEL); } strict { YYD; yylval.num = PROP_CHECK_STRICT; return(PROPOSAL_CHECK_LEVEL); } exact { YYD; yylval.num = PROP_CHECK_EXACT; return(PROPOSAL_CHECK_LEVEL); } claim { YYD; yylval.num = PROP_CHECK_CLAIM; return(PROPOSAL_CHECK_LEVEL); } keepalive { YYD; return(KEEPALIVE); } passive { YYD; return(PASSIVE); } lifetime { YYD; return(LIFETIME); } time { YYD; return(LIFETYPE_TIME); } byte { YYD; return(LIFETYPE_BYTE); } dpd { YYD; return(DPD); } dpd_delay { YYD; return(DPD_DELAY); } dpd_retry { YYD; return(DPD_RETRY); } dpd_maxfail { YYD; return(DPD_MAXFAIL); } ph1id { YYD; return(PH1ID); } ike_frag { YYD; return(IKE_FRAG); } esp_frag { YYD; return(ESP_FRAG); } script { YYD; return(SCRIPT); } phase1_up { YYD; return(PHASE1_UP); } phase1_down { YYD; return(PHASE1_DOWN); } mode_cfg { YYD; return(MODE_CFG); } weak_phase1_check { YYD; return(WEAK_PHASE1_CHECK); } /* remote proposal */ proposal { BEGIN S_RMTP; YYDB; return(PROPOSAL); } {bcl} { return(BOC); } {ecl} { BEGIN S_RMTS; return(EOC); } lifetime { YYD; return(LIFETIME); } time { YYD; return(LIFETYPE_TIME); } byte { YYD; return(LIFETYPE_BYTE); } encryption_algorithm { YYD; yylval.num = algclass_isakmp_enc; return(ALGORITHM_CLASS); } authentication_method { YYD; yylval.num = algclass_isakmp_ameth; return(ALGORITHM_CLASS); } hash_algorithm { YYD; yylval.num = algclass_isakmp_hash; return(ALGORITHM_CLASS); } dh_group { YYD; return(DH_GROUP); } gss_id { YYD; return(GSS_ID); } gssapi_id { YYD; return(GSS_ID); } /* for back compatibility */ /* GSS ID encoding type (global) */ gss_id_enc { BEGIN S_GSSENC; YYDB; return(GSS_ID_ENC); } latin1 { YYD; yylval.num = LC_GSSENC_LATIN1; return(GSS_ID_ENCTYPE); } utf-16le { YYD; yylval.num = LC_GSSENC_UTF16LE; return(GSS_ID_ENCTYPE); } {semi} { BEGIN S_INI; YYDB; return(EOS); } /* parameter */ on { YYD; yylval.num = TRUE; return(SWITCH); } off { YYD; yylval.num = FALSE; return(SWITCH); } /* prefix */ {slash}{digit}{1,3} { YYD; yytext++; yylval.num = atoi(yytext); return(PREFIX); } /* port number */ {blcl}{decstring}{elcl} { char *p = yytext; YYD; while (*++p != ']') ; *p = 0; yytext++; yylval.num = atoi(yytext); return(PORT); } /* address range */ {hyphen}{addrstring} { YYD; yytext++; yylval.val = vmalloc(yyleng + 1); if (yylval.val == NULL) { yyerror("vmalloc failed"); return -1; } memcpy(yylval.val->v, yytext, yylval.val->l); return(ADDRRANGE); } /* upper protocol */ esp { YYD; yylval.num = IPPROTO_ESP; return(UL_PROTO); } ah { YYD; yylval.num = IPPROTO_AH; return(UL_PROTO); } ipcomp { YYD; yylval.num = IPPROTO_IPCOMP; return(UL_PROTO); } icmp { YYD; yylval.num = IPPROTO_ICMP; return(UL_PROTO); } icmp6 { YYD; yylval.num = IPPROTO_ICMPV6; return(UL_PROTO); } tcp { YYD; yylval.num = IPPROTO_TCP; return(UL_PROTO); } udp { YYD; yylval.num = IPPROTO_UDP; return(UL_PROTO); } /* algorithm type */ des_iv64 { YYD; yylval.num = algtype_des_iv64; return(ALGORITHMTYPE); } des { YYD; yylval.num = algtype_des; return(ALGORITHMTYPE); } 3des { YYD; yylval.num = algtype_3des; return(ALGORITHMTYPE); } rc5 { YYD; yylval.num = algtype_rc5; return(ALGORITHMTYPE); } idea { YYD; yylval.num = algtype_idea; return(ALGORITHMTYPE); } cast128 { YYD; yylval.num = algtype_cast128; return(ALGORITHMTYPE); } blowfish { YYD; yylval.num = algtype_blowfish; return(ALGORITHMTYPE); } 3idea { YYD; yylval.num = algtype_3idea; return(ALGORITHMTYPE); } des_iv32 { YYD; yylval.num = algtype_des_iv32; return(ALGORITHMTYPE); } rc4 { YYD; yylval.num = algtype_rc4; return(ALGORITHMTYPE); } null_enc { YYD; yylval.num = algtype_null_enc; return(ALGORITHMTYPE); } null { YYD; yylval.num = algtype_null_enc; return(ALGORITHMTYPE); } aes { YYD; yylval.num = algtype_aes; return(ALGORITHMTYPE); } rijndael { YYD; yylval.num = algtype_aes; return(ALGORITHMTYPE); } twofish { YYD; yylval.num = algtype_twofish; return(ALGORITHMTYPE); } camellia { YYD; yylval.num = algtype_camellia; return(ALGORITHMTYPE); } non_auth { YYD; yylval.num = algtype_non_auth; return(ALGORITHMTYPE); } hmac_md5 { YYD; yylval.num = algtype_hmac_md5; return(ALGORITHMTYPE); } hmac_sha1 { YYD; yylval.num = algtype_hmac_sha1; return(ALGORITHMTYPE); } hmac_sha2_256 { YYD; yylval.num = algtype_hmac_sha2_256; return(ALGORITHMTYPE); } hmac_sha256 { YYD; yylval.num = algtype_hmac_sha2_256; return(ALGORITHMTYPE); } hmac_sha2_384 { YYD; yylval.num = algtype_hmac_sha2_384; return(ALGORITHMTYPE); } hmac_sha384 { YYD; yylval.num = algtype_hmac_sha2_384; return(ALGORITHMTYPE); } hmac_sha2_512 { YYD; yylval.num = algtype_hmac_sha2_512; return(ALGORITHMTYPE); } hmac_sha512 { YYD; yylval.num = algtype_hmac_sha2_512; return(ALGORITHMTYPE); } des_mac { YYD; yylval.num = algtype_des_mac; return(ALGORITHMTYPE); } kpdk { YYD; yylval.num = algtype_kpdk; return(ALGORITHMTYPE); } md5 { YYD; yylval.num = algtype_md5; return(ALGORITHMTYPE); } sha1 { YYD; yylval.num = algtype_sha1; return(ALGORITHMTYPE); } tiger { YYD; yylval.num = algtype_tiger; return(ALGORITHMTYPE); } sha2_256 { YYD; yylval.num = algtype_sha2_256; return(ALGORITHMTYPE); } sha256 { YYD; yylval.num = algtype_sha2_256; return(ALGORITHMTYPE); } sha2_384 { YYD; yylval.num = algtype_sha2_384; return(ALGORITHMTYPE); } sha384 { YYD; yylval.num = algtype_sha2_384; return(ALGORITHMTYPE); } sha2_512 { YYD; yylval.num = algtype_sha2_512; return(ALGORITHMTYPE); } sha512 { YYD; yylval.num = algtype_sha2_512; return(ALGORITHMTYPE); } oui { YYD; yylval.num = algtype_oui; return(ALGORITHMTYPE); } deflate { YYD; yylval.num = algtype_deflate; return(ALGORITHMTYPE); } lzs { YYD; yylval.num = algtype_lzs; return(ALGORITHMTYPE); } modp768 { YYD; yylval.num = algtype_modp768; return(ALGORITHMTYPE); } modp1024 { YYD; yylval.num = algtype_modp1024; return(ALGORITHMTYPE); } modp1536 { YYD; yylval.num = algtype_modp1536; return(ALGORITHMTYPE); } ec2n155 { YYD; yylval.num = algtype_ec2n155; return(ALGORITHMTYPE); } ec2n185 { YYD; yylval.num = algtype_ec2n185; return(ALGORITHMTYPE); } modp2048 { YYD; yylval.num = algtype_modp2048; return(ALGORITHMTYPE); } modp3072 { YYD; yylval.num = algtype_modp3072; return(ALGORITHMTYPE); } modp4096 { YYD; yylval.num = algtype_modp4096; return(ALGORITHMTYPE); } modp6144 { YYD; yylval.num = algtype_modp6144; return(ALGORITHMTYPE); } modp8192 { YYD; yylval.num = algtype_modp8192; return(ALGORITHMTYPE); } pre_shared_key { YYD; yylval.num = algtype_psk; return(ALGORITHMTYPE); } rsasig { YYD; yylval.num = algtype_rsasig; return(ALGORITHMTYPE); } dsssig { YYD; yylval.num = algtype_dsssig; return(ALGORITHMTYPE); } rsaenc { YYD; yylval.num = algtype_rsaenc; return(ALGORITHMTYPE); } rsarev { YYD; yylval.num = algtype_rsarev; return(ALGORITHMTYPE); } gssapi_krb { YYD; yylval.num = algtype_gssapikrb; return(ALGORITHMTYPE); } hybrid_rsa_server { #ifdef ENABLE_HYBRID YYD; yylval.num = algtype_hybrid_rsa_s; return(ALGORITHMTYPE); #else yyerror("racoon not configured with --enable-hybrid"); #endif } hybrid_dss_server { #ifdef ENABLE_HYBRID YYD; yylval.num = algtype_hybrid_dss_s; return(ALGORITHMTYPE); #else yyerror("racoon not configured with --enable-hybrid"); #endif } hybrid_rsa_client { #ifdef ENABLE_HYBRID YYD; yylval.num = algtype_hybrid_rsa_c; return(ALGORITHMTYPE); #else yyerror("racoon not configured with --enable-hybrid"); #endif } hybrid_dss_client { #ifdef ENABLE_HYBRID YYD; yylval.num = algtype_hybrid_dss_c; return(ALGORITHMTYPE); #else yyerror("racoon not configured with --enable-hybrid"); #endif } xauth_psk_server { #ifdef ENABLE_HYBRID YYD; yylval.num = algtype_xauth_psk_s; return(ALGORITHMTYPE); #else yyerror("racoon not configured with --enable-hybrid"); #endif } xauth_psk_client { #ifdef ENABLE_HYBRID YYD; yylval.num = algtype_xauth_psk_c; return(ALGORITHMTYPE); #else yyerror("racoon not configured with --enable-hybrid"); #endif } xauth_rsa_server { #ifdef ENABLE_HYBRID YYD; yylval.num = algtype_xauth_rsa_s; return(ALGORITHMTYPE); #else yyerror("racoon not configured with --enable-hybrid"); #endif } xauth_rsa_client { #ifdef ENABLE_HYBRID YYD; yylval.num = algtype_xauth_rsa_c; return(ALGORITHMTYPE); #else yyerror("racoon not configured with --enable-hybrid"); #endif } /* identifier type */ vendor_id { YYD; yywarn("it is obsoleted."); return(VENDORID); } user_fqdn { YYD; yylval.num = IDTYPE_USERFQDN; return(IDENTIFIERTYPE); } fqdn { YYD; yylval.num = IDTYPE_FQDN; return(IDENTIFIERTYPE); } keyid { YYD; yylval.num = IDTYPE_KEYID; return(IDENTIFIERTYPE); } address { YYD; yylval.num = IDTYPE_ADDRESS; return(IDENTIFIERTYPE); } subnet { YYD; yylval.num = IDTYPE_SUBNET; return(IDENTIFIERTYPE); } asn1dn { YYD; yylval.num = IDTYPE_ASN1DN; return(IDENTIFIERTYPE); } certname { YYD; yywarn("certname will be obsoleted in near future."); yylval.num = IDTYPE_ASN1DN; return(IDENTIFIERTYPE); } /* identifier qualifier */ tag { YYD; yylval.num = IDQUAL_TAG; return(IDENTIFIERQUAL); } file { YYD; yylval.num = IDQUAL_FILE; return(IDENTIFIERQUAL); } /* units */ B|byte|bytes { YYD; return(UNITTYPE_BYTE); } KB { YYD; return(UNITTYPE_KBYTES); } MB { YYD; return(UNITTYPE_MBYTES); } TB { YYD; return(UNITTYPE_TBYTES); } sec|secs|second|seconds { YYD; return(UNITTYPE_SEC); } min|mins|minute|minutes { YYD; return(UNITTYPE_MIN); } hour|hours { YYD; return(UNITTYPE_HOUR); } /* boolean */ yes { YYD; yylval.num = TRUE; return(BOOLEAN); } no { YYD; yylval.num = FALSE; return(BOOLEAN); } {decstring} { char *bp; YYD; yylval.num = strtol(yytext, &bp, 10); return(NUMBER); } {hexstring} { char *p; YYD; yylval.val = vmalloc(yyleng + (yyleng & 1) + 1); if (yylval.val == NULL) { yyerror("vmalloc failed"); return -1; } p = yylval.val->v; *p++ = '0'; *p++ = 'x'; /* fixed string if length is odd. */ if (yyleng & 1) *p++ = '0'; memcpy(p, &yytext[2], yyleng - 1); return(HEXSTRING); } {quotedstring} { char *p = yytext; YYD; while (*++p != '"') ; *p = '\0'; yylval.val = vmalloc(yyleng - 1); if (yylval.val == NULL) { yyerror("vmalloc failed"); return -1; } memcpy(yylval.val->v, &yytext[1], yylval.val->l); return(QUOTEDSTRING); } {addrstring} { YYD; yylval.val = vmalloc(yyleng + 1); if (yylval.val == NULL) { yyerror("vmalloc failed"); return -1; } memcpy(yylval.val->v, yytext, yylval.val->l); return(ADDRSTRING); } <> { yy_delete_buffer(YY_CURRENT_BUFFER); incstackp--; nextfile: if (incstack[incstackp].matchon < incstack[incstackp].matches.gl_pathc) { char* filepath = incstack[incstackp].matches.gl_pathv[incstack[incstackp].matchon]; incstack[incstackp].matchon++; incstackp++; if (yycf_set_buffer(filepath) != 0) { incstackp--; goto nextfile; } yy_switch_to_buffer(yy_create_buffer(yyin, YY_BUF_SIZE)); BEGIN(S_INI); } else { globfree(&incstack[incstackp].matches); if (incstackp == 0) yyterminate(); else yy_switch_to_buffer(incstack[incstackp].prevstate); } } /* ... */ {ws} { ; } {nl} { incstack[incstackp].lineno++; } {comment} { YYD; } {semi} { return(EOS); } . { yymore(); } %% void yyerror(char *s, ...) { char fmt[512]; va_list ap; #ifdef HAVE_STDARG_H va_start(ap, s); #else va_start(ap); #endif snprintf(fmt, sizeof(fmt), "%s:%d: \"%s\" %s\n", incstack[incstackp].path, incstack[incstackp].lineno, yytext, s); plogv(LLV_ERROR, LOCATION, NULL, fmt, ap); va_end(ap); yyerrorcount++; } void yywarn(char *s, ...) { char fmt[512]; va_list ap; #ifdef HAVE_STDARG_H va_start(ap, s); #else va_start(ap); #endif snprintf(fmt, sizeof(fmt), "%s:%d: \"%s\" %s\n", incstack[incstackp].path, incstack[incstackp].lineno, yytext, s); plogv(LLV_WARNING, LOCATION, NULL, fmt, ap); va_end(ap); } int yycf_switch_buffer(path) char *path; { char *filepath = NULL; /* got the include file name */ if (incstackp >= MAX_INCLUDE_DEPTH) { plog(LLV_ERROR, LOCATION, NULL, "Includes nested too deeply"); return -1; } if (glob(path, GLOB_TILDE, NULL, &incstack[incstackp].matches) != 0 || incstack[incstackp].matches.gl_pathc == 0) { plog(LLV_ERROR, LOCATION, NULL, "glob found no matches for path \"%s\"\n", path); return -1; } incstack[incstackp].matchon = 0; incstack[incstackp].prevstate = YY_CURRENT_BUFFER; nextmatch: if (incstack[incstackp].matchon >= incstack[incstackp].matches.gl_pathc) return -1; filepath = incstack[incstackp].matches.gl_pathv[incstack[incstackp].matchon]; incstack[incstackp].matchon++; incstackp++; if (yycf_set_buffer(filepath) != 0) { incstackp--; goto nextmatch; } yy_switch_to_buffer(yy_create_buffer(yyin, YY_BUF_SIZE)); BEGIN(S_INI); return 0; } int yycf_set_buffer(path) char *path; { yyin = fopen(path, "r"); if (yyin == NULL) { fprintf(stderr, "failed to open file %s (%s)\n", path, strerror(errno)); plog(LLV_ERROR, LOCATION, NULL, "failed to open file %s (%s)\n", path, strerror(errno)); return -1; } /* initialize */ incstack[incstackp].fp = yyin; if (incstack[incstackp].path != NULL) racoon_free(incstack[incstackp].path); incstack[incstackp].path = racoon_strdup(path); STRDUP_FATAL(incstack[incstackp].path); incstack[incstackp].lineno = 1; plog(LLV_DEBUG, LOCATION, NULL, "reading config file %s\n", path); return 0; } void yycf_init_buffer() { int i; for (i = 0; i < MAX_INCLUDE_DEPTH; i++) memset(&incstack[i], 0, sizeof(incstack[i])); incstackp = 0; } void yycf_clean_buffer() { int i; for (i = 0; i < MAX_INCLUDE_DEPTH; i++) { if (incstack[i].path != NULL) { fclose(incstack[i].fp); racoon_free(incstack[i].path); incstack[i].path = NULL; } } }