1 /* $OpenBSD: parse.y,v 1.31 2024/08/22 07:56:47 florian Exp $ */ 2 3 /* 4 * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> 5 * Copyright (c) 2001 Markus Friedl. All rights reserved. 6 * Copyright (c) 2001 Daniel Hartmeier. All rights reserved. 7 * Copyright (c) 2001 Theo de Raadt. All rights reserved. 8 * 9 * Permission to use, copy, modify, and distribute this software for any 10 * purpose with or without fee is hereby granted, provided that the above 11 * copyright notice and this permission notice appear in all copies. 12 * 13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 20 */ 21 22 %{ 23 #include <sys/types.h> 24 #include <sys/socket.h> 25 #include <sys/queue.h> 26 #include <netinet/in.h> 27 #include <arpa/inet.h> 28 #include <net/if.h> 29 30 #include <ctype.h> 31 #include <errno.h> 32 #include <inttypes.h> 33 #include <limits.h> 34 #include <stdarg.h> 35 #include <stddef.h> 36 #include <stdio.h> 37 #include <stdlib.h> 38 #include <string.h> 39 #include <syslog.h> 40 #include <netdb.h> 41 #include <event.h> 42 43 #include <stdbool.h> 44 #include "npppd_auth.h" 45 #include "npppd.h" 46 #ifdef USE_NPPPD_RADIUS 47 #include "radius_req.h" 48 #endif 49 #include "privsep.h" 50 #include "log.h" 51 52 TAILQ_HEAD(files, file) files = TAILQ_HEAD_INITIALIZER(files); 53 static struct file { 54 TAILQ_ENTRY(file) entry; 55 FILE *stream; 56 char *name; 57 int lineno; 58 int errors; 59 } *file, *topfile; 60 struct file *pushfile(const char *); 61 int popfile(void); 62 int yyparse(void); 63 int yylex(void); 64 int yyerror(const char *, ...) 65 __attribute__((__format__ (printf, 1, 2))) 66 __attribute__((__nonnull__ (1))); 67 int kw_cmp(const void *, const void *); 68 int lookup(char *); 69 int lgetc(int); 70 int lungetc(int); 71 int findeol(void); 72 73 static void tunnconf_init (struct tunnconf *, int); 74 static void tunnconf_fini (struct tunnconf *); 75 static struct tunnconf *tunnconf_find (const char *); 76 static void authconf_init (struct authconf *); 77 static void authconf_fini (struct authconf *); 78 static void radconf_fini (struct radconf *); 79 static struct authconf *authconf_find (const char *); 80 static void ipcpconf_init (struct ipcpconf *); 81 static void ipcpconf_fini (struct ipcpconf *); 82 static struct ipcpconf *ipcpconf_find (const char *); 83 static struct iface *iface_find (const char *); 84 static void sa_set_in_addr_any(struct sockaddr *); 85 86 struct npppd_conf *conf; 87 struct ipcpconf *curr_ipcpconf; 88 struct tunnconf *curr_tunnconf; 89 struct authconf *curr_authconf; 90 struct radconf *curr_radconf; 91 92 typedef struct { 93 union { 94 int64_t number; 95 char *string; 96 struct sockaddr_storage address; 97 struct in_addr in4_addr; 98 bool yesno; 99 } v; 100 int lineno; 101 } YYSTYPE; 102 103 %} 104 105 %token SET MAX_SESSION USER_MAX_SESSION 106 %token TUNNEL LISTEN ON PROTOCOL 107 %token MRU 108 %token IP LCP PAP CHAP EAP MPPE CCP MSCHAPV2 STATEFUL STATELESS REQUIRED 109 %token YES NO 110 %token L2TP PPTP PPPOE L2TP_HOSTNAME L2TP_VENDOR_NAME L2TP_DATA_USE_SEQ 111 %token L2TP_REQUIRE_IPSEC L2TP_LCP_RENEGOTIATION L2TP_FORCE_LCP_RENEGOTIATION 112 %token L2TP_CTRL_IN_PKTDUMP L2TP_CTRL_OUT_PKTDUMP L2TP_DATA_IN_PKTDUMP 113 %token L2TP_DATA_OUT_PKTDUMP PPTP_HOSTNAME 114 %token PPTP_VENDOR_NAME PPTP_ECHO_INTERVAL PPTP_ECHO_TIMEOUT 115 %token PPTP_CTRL_IN_PKTDUMP PPTP_CTRL_OUT_PKTDUMP PPTP_DATA_IN_PKTDUMP 116 %token PPTP_DATA_OUT_PKTDUMP 117 %token PPPOE_SERVICE_NAME PPPOE_ACCEPT_ANY_SERVICE PPPOE_AC_NAME 118 %token PPPOE_DESC_IN_PKTDUMP PPPOE_DESC_OUT_PKTDUMP PPPOE_SESSION_IN_PKTDUMP 119 %token PPPOE_SESSION_OUT_PKTDUMP 120 %token LCP_TIMEOUT LCP_MAX_CONFIGURE LCP_MAX_TERMINATE LCP_MAX_NAK_LOOP 121 %token LCP_KEEPALIVE LCP_KEEPALIVE_INTERVAL LCP_KEEPALIVE_RETRY_INTERVAL 122 %token LCP_KEEPALIVE_MAX_RETRIES AUTHENTICATION_METHOD CHAP_NAME 123 %token IPCP_TIMEOUT IPCP_MAX_CONFIGURE IPCP_MAX_TERMINATE IPCP_MAX_NAK_LOOP 124 %token CCP_TIMEOUT CCP_MAX_CONFIGURE CCP_MAX_TERMINATE CCP_MAX_NAK_LOOP 125 %token L2TP_HELLO_INTERVAL L2TP_HELLO_TIMEOUT L2TP_ACCEPT_DIALIN 126 %token MPPE MPPE_KEY_LENGTH MPPE_KEY_STATE 127 %token IDLE_TIMEOUT TCP_MSS_ADJUST INGRESS_FILTER CALLNUM_CHECK 128 %token PIPEX DEBUG_DUMP_PKTIN DEBUG_DUMP_PKTOUT 129 %token AUTHENTICATION TYPE LOCAL USERNAME_SUFFIX USERNAME_PREFIX EAP_CAPABLE 130 %token STRIP_NT_DOMAIN STRIP_ATMARK_REALM USERS_FILE 131 %token RADIUS AUTHENTICATION_SERVER ACCOUNTING_SERVER PORT 132 %token X_TIMEOUT MAX_TRIES MAX_FAILOVERS SECRET 133 %token POOL_ADDRESS DNS_SERVERS NBNS_SERVERS FOR STATIC DYNAMIC 134 %token RESOLVER ALLOW_USER_SELECTED_ADDRESS 135 %token INTERFACE ADDRESS IPCP 136 %token BIND FROM AUTHENTICATED BY TO 137 %token ERROR 138 %token DAE CLIENT NAS_ID 139 %token <v.string> STRING 140 %token <v.number> NUMBER 141 %type <v.yesno> yesno 142 %type <v.address> address 143 %type <v.address> addressport 144 %type <v.number> optport 145 %type <v.in4_addr> in4_addr 146 %type <v.number> tunnelproto 147 %type <v.number> mppeyesno 148 %type <v.number> mppekeylen 149 %type <v.number> mppekeylen_l 150 %type <v.number> mppekeystate 151 %type <v.number> mppekeystate_l 152 %type <v.number> protobit 153 %type <v.number> protobit_l 154 %type <v.number> authtype 155 %type <v.number> authmethod 156 %type <v.number> authmethod_l 157 %type <v.number> ipcppooltype 158 159 %% 160 161 grammar : /* empty */ 162 | grammar '\n' 163 | grammar set '\n' 164 | grammar tunnel '\n' 165 | grammar authentication '\n' 166 | grammar ipcp '\n' 167 | grammar interface '\n' 168 | grammar bind '\n' 169 | grammar radius '\n' 170 | grammar error '\n' { file->errors++; } 171 ; 172 173 174 set : SET MAX_SESSION NUMBER { conf->max_session = $3; } 175 | SET USER_MAX_SESSION NUMBER { conf->user_max_session = $3; } 176 ; 177 178 /* 179 * tunnel { } 180 */ 181 tunnel : TUNNEL STRING PROTOCOL tunnelproto { 182 struct tunnconf *n; 183 184 if (tunnconf_find($2) != NULL) { 185 yyerror("tunnel name = %s is already in use.", 186 $2); 187 free($2); 188 YYERROR; 189 } 190 191 if ((n = malloc(sizeof(struct tunnconf))) == NULL) { 192 yyerror("out of memory"); 193 free($2); 194 YYERROR; 195 } 196 tunnconf_init(n, $4); 197 switch ($4) { 198 case NPPPD_TUNNEL_L2TP: 199 strlcpy(n->proto.l2tp.name, $2, 200 sizeof(n->proto.l2tp.name)); 201 n->name = n->proto.l2tp.name; 202 break; 203 case NPPPD_TUNNEL_PPTP: 204 strlcpy(n->proto.pptp.name, $2, 205 sizeof(n->proto.pptp.name)); 206 n->name = n->proto.pptp.name; 207 break; 208 case NPPPD_TUNNEL_PPPOE: 209 strlcpy(n->proto.pppoe.name, $2, 210 sizeof(n->proto.pppoe.name)); 211 n->name = n->proto.pppoe.name; 212 break; 213 } 214 free($2); 215 n->protocol = $4; 216 curr_tunnconf = n; 217 } tunnopts { 218 TAILQ_INSERT_TAIL(&conf->tunnconfs, curr_tunnconf, 219 entry); 220 switch (curr_tunnconf->protocol) { 221 #ifdef USE_NPPPD_L2TP 222 case NPPPD_TUNNEL_L2TP: 223 if (TAILQ_EMPTY( 224 &curr_tunnconf->proto.l2tp.listen)) { 225 struct l2tp_listen_addr *addr; 226 227 if ((addr = malloc(sizeof(struct 228 l2tp_listen_addr))) == NULL) { 229 free(curr_tunnconf); 230 yyerror("out of memory"); 231 YYERROR; 232 } 233 sa_set_in_addr_any( 234 (struct sockaddr *)&addr->addr); 235 TAILQ_INSERT_TAIL(&curr_tunnconf->proto. 236 l2tp.listen, addr, entry); 237 } 238 TAILQ_INSERT_TAIL(&conf->l2tp_confs, 239 &curr_tunnconf->proto.l2tp, entry); 240 break; 241 #endif 242 #ifdef USE_NPPPD_PPTP 243 case NPPPD_TUNNEL_PPTP: 244 if (TAILQ_EMPTY( 245 &curr_tunnconf->proto.pptp.listen)) { 246 struct pptp_listen_addr *addr; 247 248 if ((addr = malloc(sizeof(struct 249 pptp_listen_addr))) == NULL) { 250 free(curr_tunnconf); 251 yyerror("out of memory"); 252 YYERROR; 253 } 254 sa_set_in_addr_any( 255 (struct sockaddr *)&addr->addr); 256 TAILQ_INSERT_TAIL(&curr_tunnconf->proto. 257 pptp.listen, addr, entry); 258 } 259 TAILQ_INSERT_TAIL(&conf->pptp_confs, 260 &curr_tunnconf->proto.pptp, entry); 261 break; 262 #endif 263 #ifdef USE_NPPPD_PPPOE 264 case NPPPD_TUNNEL_PPPOE: 265 TAILQ_INSERT_TAIL(&conf->pppoe_confs, 266 &curr_tunnconf->proto.pppoe, entry); 267 break; 268 #endif 269 default: 270 yyerror("%s is not enabled.", 271 npppd_tunnel_protocol_name( 272 curr_tunnconf->protocol)); 273 tunnconf_fini(curr_tunnconf); 274 free(curr_tunnconf); 275 YYERROR; 276 } 277 curr_tunnconf = NULL; 278 } 279 ; 280 281 282 tunnopts : 283 | '{' optnl tunnopt_l '}' 284 ; 285 286 tunnopt_l : /* empty */ 287 | tunnopt_l tunnopt nl 288 | tunnopt optnl 289 ; 290 291 tunnopt : LISTEN ON addressport { 292 293 switch (curr_tunnconf->protocol) { 294 case NPPPD_TUNNEL_L2TP: 295 { 296 struct l2tp_listen_addr *l_listen; 297 298 if ((l_listen = malloc(sizeof( 299 struct l2tp_listen_addr))) == NULL) { 300 yyerror("out of memory"); 301 YYERROR; 302 } 303 l_listen->addr = $3; 304 TAILQ_INSERT_TAIL(&curr_tunnconf->proto 305 .l2tp.listen, l_listen, entry); 306 break; 307 } 308 case NPPPD_TUNNEL_PPTP: 309 if ($3.ss_family == AF_INET6) { 310 yyerror("listen on IPv6 address is not " 311 "supported by pptp tunnel"); 312 YYERROR; 313 } 314 { 315 struct pptp_listen_addr *p_listen; 316 317 if ((p_listen = malloc(sizeof( 318 struct pptp_listen_addr))) == NULL) { 319 yyerror("out of memory"); 320 YYERROR; 321 } 322 p_listen->addr = $3; 323 TAILQ_INSERT_TAIL(&curr_tunnconf->proto 324 .pptp.listen, p_listen, entry); 325 break; 326 } 327 default: 328 yyerror("listen on address is not supported " 329 "for specified protocol.\n"); 330 YYERROR; 331 } 332 } 333 | LISTEN ON INTERFACE STRING { 334 switch (curr_tunnconf->protocol) { 335 case NPPPD_TUNNEL_PPPOE: 336 strlcpy(curr_tunnconf->proto.pppoe.if_name, $4, 337 sizeof(curr_tunnconf->proto.pppoe.if_name)); 338 free($4); 339 break; 340 default: 341 free($4); 342 yyerror("listen on interface is not supported " 343 "for specified protocol.\n"); 344 YYERROR; 345 } 346 } 347 | LCP_TIMEOUT NUMBER { 348 curr_tunnconf->lcp_timeout = $2; 349 } 350 | LCP_MAX_CONFIGURE NUMBER { 351 curr_tunnconf->lcp_max_configure = $2; 352 } 353 | LCP_MAX_TERMINATE NUMBER { 354 curr_tunnconf->lcp_max_terminate = $2; 355 } 356 | LCP_MAX_NAK_LOOP NUMBER { 357 curr_tunnconf->lcp_max_nak_loop = $2; 358 } 359 | MRU NUMBER { 360 curr_tunnconf->mru = $2; 361 } 362 | LCP_KEEPALIVE yesno { 363 curr_tunnconf->lcp_keepalive = $2; 364 } 365 | LCP_KEEPALIVE_INTERVAL NUMBER { 366 curr_tunnconf->lcp_keepalive_interval = $2; 367 } 368 | LCP_KEEPALIVE_RETRY_INTERVAL NUMBER { 369 curr_tunnconf->lcp_keepalive_retry_interval = $2; 370 } 371 | LCP_KEEPALIVE_MAX_RETRIES NUMBER { 372 curr_tunnconf->lcp_keepalive_max_retries = $2; 373 } 374 | AUTHENTICATION_METHOD authmethod_l { 375 curr_tunnconf->auth_methods = $2; 376 } 377 | CHAP_NAME STRING { 378 curr_tunnconf->chap_name = $2; 379 } 380 | IPCP_TIMEOUT NUMBER { 381 curr_tunnconf->ipcp_timeout = $2; 382 } 383 | IPCP_MAX_CONFIGURE NUMBER { 384 curr_tunnconf->ipcp_max_configure = $2; 385 } 386 | IPCP_MAX_TERMINATE NUMBER { 387 curr_tunnconf->ipcp_max_terminate = $2; 388 } 389 | IPCP_MAX_NAK_LOOP NUMBER { 390 curr_tunnconf->ipcp_max_nak_loop = $2; 391 } 392 | CCP_TIMEOUT NUMBER { 393 curr_tunnconf->ccp_timeout = $2; 394 } 395 | CCP_MAX_CONFIGURE NUMBER { 396 curr_tunnconf->ccp_max_configure = $2; 397 } 398 | CCP_MAX_TERMINATE NUMBER { 399 curr_tunnconf->ccp_max_terminate = $2; 400 } 401 | CCP_MAX_NAK_LOOP NUMBER { 402 curr_tunnconf->ccp_max_nak_loop = $2; 403 } 404 | L2TP_HOSTNAME STRING { 405 curr_tunnconf->proto.l2tp.hostname = $2; 406 } 407 | L2TP_VENDOR_NAME STRING { 408 curr_tunnconf->proto.l2tp.vendor_name = $2; 409 } 410 | L2TP_HELLO_INTERVAL NUMBER { 411 curr_tunnconf->proto.l2tp.hello_interval = $2; 412 } 413 | L2TP_HELLO_TIMEOUT NUMBER { 414 curr_tunnconf->proto.l2tp.hello_timeout = $2; 415 } 416 | L2TP_ACCEPT_DIALIN yesno { 417 curr_tunnconf->proto.l2tp.accept_dialin = $2; 418 } 419 | L2TP_DATA_USE_SEQ yesno { 420 curr_tunnconf->proto.l2tp.data_use_seq = $2; 421 } 422 | L2TP_REQUIRE_IPSEC yesno { 423 curr_tunnconf->proto.l2tp.require_ipsec = $2; 424 } 425 | L2TP_LCP_RENEGOTIATION yesno { 426 curr_tunnconf->proto.l2tp.lcp_renegotiation = $2; 427 } 428 | L2TP_FORCE_LCP_RENEGOTIATION yesno { 429 curr_tunnconf->proto.l2tp.force_lcp_renegotiation = $2; 430 } 431 | L2TP_CTRL_IN_PKTDUMP yesno { 432 curr_tunnconf->proto.l2tp.ctrl_in_pktdump = $2; 433 } 434 | L2TP_CTRL_OUT_PKTDUMP yesno { 435 curr_tunnconf->proto.l2tp.ctrl_out_pktdump = $2; 436 } 437 | L2TP_DATA_IN_PKTDUMP yesno { 438 curr_tunnconf->proto.l2tp.data_in_pktdump = $2; 439 } 440 | L2TP_DATA_OUT_PKTDUMP yesno { 441 curr_tunnconf->proto.l2tp.data_out_pktdump = $2; 442 } 443 | PPTP_HOSTNAME STRING { 444 curr_tunnconf->proto.pptp.hostname = $2; 445 } 446 | PPTP_VENDOR_NAME STRING { 447 curr_tunnconf->proto.pptp.vendor_name = $2; 448 } 449 | PPTP_ECHO_INTERVAL NUMBER { 450 curr_tunnconf->proto.pptp.echo_interval = $2; 451 } 452 | PPTP_ECHO_TIMEOUT NUMBER { 453 curr_tunnconf->proto.pptp.echo_timeout = $2; 454 } 455 | PPTP_CTRL_IN_PKTDUMP yesno { 456 curr_tunnconf->proto.pptp.ctrl_in_pktdump = $2; 457 } 458 | PPTP_CTRL_OUT_PKTDUMP yesno { 459 curr_tunnconf->proto.pptp.ctrl_out_pktdump = $2; 460 } 461 | PPTP_DATA_IN_PKTDUMP yesno { 462 curr_tunnconf->proto.pptp.data_in_pktdump = $2; 463 } 464 | PPTP_DATA_OUT_PKTDUMP yesno { 465 curr_tunnconf->proto.pptp.data_out_pktdump = $2; 466 } 467 | PPPOE_SERVICE_NAME STRING { 468 curr_tunnconf->proto.pppoe.service_name = $2; 469 } 470 | PPPOE_ACCEPT_ANY_SERVICE yesno { 471 curr_tunnconf->proto.pppoe.accept_any_service = $2; 472 } 473 | PPPOE_AC_NAME STRING { 474 curr_tunnconf->proto.pppoe.ac_name = $2; 475 } 476 | PPPOE_DESC_IN_PKTDUMP yesno { 477 curr_tunnconf->proto.pppoe.desc_in_pktdump = $2; 478 } 479 | PPPOE_DESC_OUT_PKTDUMP yesno { 480 curr_tunnconf->proto.pppoe.desc_out_pktdump = $2; 481 } 482 | PPPOE_SESSION_IN_PKTDUMP yesno { 483 curr_tunnconf->proto.pppoe.session_in_pktdump = $2; 484 } 485 | PPPOE_SESSION_OUT_PKTDUMP yesno { 486 curr_tunnconf->proto.pppoe.session_out_pktdump = $2; 487 } 488 | MPPE mppeyesno { 489 curr_tunnconf->mppe_yesno = $2; 490 } 491 | MPPE_KEY_LENGTH mppekeylen_l { 492 curr_tunnconf->mppe_keylen = $2; 493 } 494 | MPPE_KEY_STATE mppekeystate_l { 495 curr_tunnconf->mppe_keystate = $2; 496 } 497 | TCP_MSS_ADJUST yesno { 498 curr_tunnconf->tcp_mss_adjust = $2; 499 } 500 | IDLE_TIMEOUT NUMBER { 501 curr_tunnconf->idle_timeout = $2; 502 } 503 | INGRESS_FILTER yesno { 504 curr_tunnconf->ingress_filter = $2; 505 } 506 | CALLNUM_CHECK yesno { 507 curr_tunnconf->callnum_check = $2; 508 } 509 | PIPEX yesno { 510 curr_tunnconf->pipex = $2; 511 } 512 | DEBUG_DUMP_PKTIN protobit_l { 513 curr_tunnconf->debug_dump_pktin = $2; 514 } 515 | DEBUG_DUMP_PKTOUT protobit_l { 516 curr_tunnconf->debug_dump_pktout = $2; 517 } 518 ; 519 radius : RADIUS NAS_ID STRING { 520 if (strlcpy(conf->nas_id, $3, sizeof(conf->nas_id)) 521 >= sizeof(conf->nas_id)) { 522 yyerror("`radius nas-id' is too long. use " 523 "less than %u chars.", 524 (unsigned)sizeof(conf->nas_id) - 1); 525 free($3); 526 YYERROR; 527 } 528 free($3); 529 } 530 | RADIUS DAE CLIENT address SECRET STRING { 531 struct radclientconf *client; 532 int secretsiz; 533 534 secretsiz = strlen($6) + 1; 535 if ((client = calloc(1, offsetof(struct radclientconf, 536 secret[secretsiz]))) == NULL) { 537 yyerror("%s", strerror(errno)); 538 free($6); 539 YYERROR; 540 } 541 strlcpy(client->secret, $6, secretsiz); 542 543 switch ($4.ss_family) { 544 case AF_INET: 545 memcpy(&client->addr, &$4, 546 sizeof(struct sockaddr_in)); 547 break; 548 case AF_INET6: 549 memcpy(&client->addr, &$4, 550 sizeof(struct sockaddr_in6)); 551 break; 552 default: 553 yyerror("address family %d not supported", 554 $4.ss_family); 555 free($6); 556 YYERROR; 557 break; 558 } 559 TAILQ_INSERT_TAIL(&conf->raddaeclientconfs, client, 560 entry); 561 free($6); 562 } 563 | RADIUS DAE LISTEN ON addressport { 564 struct radlistenconf *listen; 565 566 if (ntohs(((struct sockaddr_in *)&$5)->sin_port) == 0) 567 ((struct sockaddr_in *)&$5)->sin_port = htons( 568 RADIUS_DAE_DEFAULT_PORT); 569 570 if ((listen = calloc(1, sizeof(*listen))) == NULL) { 571 yyerror("%s", strerror(errno)); 572 YYERROR; 573 } 574 switch ($5.ss_family) { 575 case AF_INET: 576 memcpy(&listen->addr, &$5, 577 sizeof(struct sockaddr_in)); 578 break; 579 case AF_INET6: 580 memcpy(&listen->addr, &$5, 581 sizeof(struct sockaddr_in6)); 582 break; 583 default: 584 yyerror("address family %d not supported", 585 $5.ss_family); 586 YYERROR; 587 break; 588 } 589 TAILQ_INSERT_TAIL(&conf->raddaelistenconfs, listen, 590 entry); 591 } 592 ; 593 594 tunnelproto : L2TP { $$ = NPPPD_TUNNEL_L2TP; } 595 | PPTP { $$ = NPPPD_TUNNEL_PPTP; } 596 | PPPOE { $$ = NPPPD_TUNNEL_PPPOE; } 597 ; 598 599 mppeyesno : YES { $$ = NPPPD_MPPE_ENABLED; } 600 | NO { $$ = NPPPD_MPPE_DISABLED; } 601 | REQUIRED { $$ = NPPPD_MPPE_REQUIRED; } 602 ; 603 604 address : STRING { 605 int retval; 606 struct addrinfo hint, *res; 607 608 memset(&hint, 0, sizeof(hint)); 609 hint.ai_family = PF_UNSPEC; 610 hint.ai_socktype = SOCK_DGRAM; /* dummy */ 611 hint.ai_flags = AI_NUMERICHOST; 612 613 if ((retval = getaddrinfo($1, NULL, &hint, &res)) 614 != 0) { 615 yyerror("could not parse the address %s: %s", 616 $1, gai_strerror(retval)); 617 free($1); 618 YYERROR; 619 } 620 free($1); 621 622 if (res->ai_family != AF_INET && 623 res->ai_family != AF_INET6) { 624 yyerror("address family(%d) is not supported", 625 res->ai_family); 626 freeaddrinfo(res); 627 YYERROR; 628 } 629 memcpy(&($$), res->ai_addr, res->ai_addrlen); 630 631 freeaddrinfo(res); 632 } 633 ; 634 635 addressport : address optport { 636 $$ = $1; 637 ((struct sockaddr_in *)&($$))->sin_port = htons($2); 638 } 639 ; 640 641 in4_addr : STRING { 642 if (inet_pton(AF_INET, $1, &($$)) != 1) { 643 yyerror("could not parse the address %s", $1); 644 free($1); 645 YYERROR; 646 } 647 } 648 ; 649 650 authmethod_l : authmethod { $$ = $1; } 651 | authmethod_l authmethod { $$ |= $2; } 652 ; 653 654 authmethod : PAP { $$ = NPPPD_AUTH_METHODS_PAP; } 655 | CHAP { $$ = NPPPD_AUTH_METHODS_CHAP; } 656 | MSCHAPV2 { 657 $$ = NPPPD_AUTH_METHODS_MSCHAPV2; 658 } 659 ; 660 661 mppekeylen_l : mppekeylen { $$ = $1; } 662 | mppekeylen_l mppekeylen { $$ |= $2; } 663 ; 664 665 mppekeylen : NUMBER { 666 if ($1 == 40) $$ = NPPPD_MPPE_40BIT; 667 else if ($1 == 56) $$ = NPPPD_MPPE_56BIT; 668 else if ($1 == 128) $$ = NPPPD_MPPE_128BIT; 669 else { 670 yyerror("%"PRId64": unknown mppe key length", 671 $$); 672 YYERROR; 673 } 674 } 675 ; 676 677 mppekeystate_l : mppekeystate { $$ = $1; } 678 | mppekeystate_l mppekeystate { $$ |= $2; } 679 ; 680 681 mppekeystate : STATEFUL { $$ = NPPPD_MPPE_STATEFUL; } 682 | STATELESS { $$ = NPPPD_MPPE_STATELESS; } 683 ; 684 685 protobit_l : protobit { $$ = $1; } 686 | protobit_l protobit { $$ |= $2; } 687 ; 688 689 protobit : IP { $$ = NPPPD_PROTO_BIT_IP; } 690 | LCP { $$ = NPPPD_PROTO_BIT_LCP; } 691 | PAP { $$ = NPPPD_PROTO_BIT_PAP; } 692 | CHAP { $$ = NPPPD_PROTO_BIT_CHAP; } 693 | EAP { $$ = NPPPD_PROTO_BIT_EAP; } 694 | MPPE { $$ = NPPPD_PROTO_BIT_MPPE; } 695 | CCP { $$ = NPPPD_PROTO_BIT_CCP; } 696 | IPCP { $$ = NPPPD_PROTO_BIT_IPCP; } 697 ; 698 699 /* 700 * authentication { } 701 */ 702 authentication : AUTHENTICATION STRING TYPE authtype { 703 struct authconf *n; 704 705 if (authconf_find($2) != NULL) { 706 yyerror("authentication name %s is already in " 707 "use.", $2); 708 free($2); 709 YYERROR; 710 } 711 if ((n = malloc(sizeof(struct authconf))) == NULL) { 712 yyerror("out of memory"); 713 free($2); 714 YYERROR; 715 } 716 authconf_init(n); 717 strlcpy(n->name, $2, sizeof(n->name)); 718 free($2); 719 n->auth_type = $4; 720 if ($4 == NPPPD_AUTH_TYPE_RADIUS) { 721 TAILQ_INIT(&n->data.radius.auth.servers); 722 TAILQ_INIT(&n->data.radius.acct.servers); 723 } 724 curr_authconf = n; 725 } '{' optnl authopt_l '}' { 726 TAILQ_INSERT_TAIL(&conf->authconfs, curr_authconf, 727 entry); 728 curr_authconf = NULL; 729 } 730 ; 731 732 authopt_l : /* empty */ 733 | authopt_l authopt nl 734 | authopt optnl 735 ; 736 737 authopt : USERNAME_SUFFIX STRING { 738 curr_authconf->username_suffix = $2; 739 } 740 | EAP_CAPABLE yesno { 741 curr_authconf->eap_capable = $2; 742 } 743 | STRIP_NT_DOMAIN yesno { 744 curr_authconf->strip_nt_domain = $2; 745 } 746 | STRIP_ATMARK_REALM yesno { 747 curr_authconf->strip_atmark_realm = $2; 748 } 749 | USERS_FILE STRING { 750 strlcpy(curr_authconf->users_file_path, $2, 751 sizeof(curr_authconf->users_file_path)); 752 free($2); 753 } 754 | USER_MAX_SESSION NUMBER { 755 curr_authconf->user_max_session = $2; 756 } 757 | AUTHENTICATION_SERVER { 758 if (curr_authconf->auth_type != NPPPD_AUTH_TYPE_RADIUS){ 759 yyerror("`authentication-server' can not be " 760 "used for this type."); 761 YYERROR; 762 } 763 curr_radconf = &curr_authconf->data.radius.auth; 764 } '{' optnl radopt_l '}' 765 | ACCOUNTING_SERVER { 766 if (curr_authconf->auth_type != NPPPD_AUTH_TYPE_RADIUS){ 767 yyerror("`accounting-server' can not be used " 768 "for this type."); 769 YYERROR; 770 } 771 curr_radconf = &curr_authconf->data.radius.acct; 772 } '{' optnl radopt_l '}' 773 ; 774 775 optport : /* empty */ { $$ = 0; } 776 | PORT NUMBER { $$ = $2; } 777 ; 778 779 authtype : LOCAL { $$ = NPPPD_AUTH_TYPE_LOCAL; } 780 | RADIUS { $$ = NPPPD_AUTH_TYPE_RADIUS; } 781 ; 782 783 radopt_l : 784 | radopt_l radopt nl 785 | radopt optnl 786 ; 787 788 radopt : ADDRESS address optport SECRET STRING { 789 int cnt; 790 struct radserver *n; 791 792 if (strlen($5) > MAX_RADIUS_SECRET - 1) { 793 yyerror("`secret' is too long. " 794 "use less than %d chars.", 795 MAX_RADIUS_SECRET - 1); 796 YYERROR; 797 } 798 cnt = 0; 799 TAILQ_FOREACH(n, &curr_radconf->servers, entry) { 800 cnt++; 801 } 802 if (cnt >= MAX_RADIUS_SERVERS) { 803 yyerror("too many radius servers. use less " 804 "than or equal to %d servers.", 805 MAX_RADIUS_SERVERS); 806 YYERROR; 807 } 808 if ((n = malloc(sizeof(struct radserver))) == NULL) { 809 yyerror("out of memory"); 810 YYERROR; 811 } 812 n->address = $2; 813 ((struct sockaddr_in *)&n->address)->sin_port = 814 htons($3); 815 n->secret = $5; 816 TAILQ_INSERT_TAIL(&curr_radconf->servers, n, entry); 817 } 818 | X_TIMEOUT NUMBER { 819 curr_radconf->timeout = $2; 820 } 821 | MAX_TRIES NUMBER { 822 curr_radconf->max_tries = $2; 823 } 824 | MAX_FAILOVERS NUMBER { 825 curr_radconf->max_failovers = $2; 826 } 827 ; 828 /* 829 * ipcp { } 830 */ 831 ipcp : IPCP STRING { 832 int cnt; 833 struct ipcpconf *n; 834 835 cnt = 0; 836 /* 837 TAILQ_FOREACH(n, &conf->ipcpconfs, entry) { 838 cnt++; 839 } 840 if (cnt >= NPPPD_MAX_POOL) { 841 yyerror("too many `ipcp' settings. it must be " 842 "less than or euals to %d.", 843 NPPPD_MAX_POOL); 844 YYERROR; 845 } 846 */ 847 848 if (ipcpconf_find($2) != NULL) { 849 yyerror("ipcp name %s is already in use.", $2); 850 free($2); 851 YYERROR; 852 } 853 if ((n = malloc(sizeof(struct ipcpconf))) == NULL) { 854 yyerror("out of memory"); 855 free($2); 856 YYERROR; 857 } 858 ipcpconf_init(n); 859 strlcpy(n->name, $2, sizeof(n->name)); 860 free($2); 861 curr_ipcpconf = n; 862 } '{' optnl ipcpopt_l '}' { 863 TAILQ_INSERT_TAIL(&conf->ipcpconfs, curr_ipcpconf, 864 entry); 865 curr_ipcpconf = NULL; 866 } 867 ; 868 869 ipcpopt_l : /* empty */ 870 | ipcpopt_l ipcpopt nl 871 | ipcpopt optnl 872 ; 873 874 ipcpopt : POOL_ADDRESS STRING ipcppooltype { 875 if ($3 != 1) { 876 if (in_addr_range_list_add( 877 &curr_ipcpconf->dynamic_pool, $2) != 0) { 878 yyerror("out of memory"); 879 free($2); 880 YYERROR; 881 } 882 } 883 if (in_addr_range_list_add( 884 &curr_ipcpconf->static_pool, $2) != 0) { 885 yyerror("out of memory"); 886 free($2); 887 YYERROR; 888 } 889 free($2); 890 } 891 | DNS_SERVERS RESOLVER { 892 curr_ipcpconf->dns_use_resolver = true; 893 curr_ipcpconf->dns_servers[0].s_addr = 0; 894 curr_ipcpconf->dns_servers[1].s_addr = 0; 895 } 896 | DNS_SERVERS in4_addr in4_addr { 897 curr_ipcpconf->dns_use_resolver = false; 898 curr_ipcpconf->dns_configured = true; 899 curr_ipcpconf->dns_servers[0] = $2; 900 curr_ipcpconf->dns_servers[1] = $3; 901 } 902 | DNS_SERVERS in4_addr { 903 curr_ipcpconf->dns_use_resolver = false; 904 curr_ipcpconf->dns_configured = true; 905 curr_ipcpconf->dns_servers[0] = $2; 906 curr_ipcpconf->dns_servers[1].s_addr = 0; 907 } 908 | NBNS_SERVERS in4_addr in4_addr { 909 curr_ipcpconf->nbns_configured = true; 910 curr_ipcpconf->nbns_servers[0] = $2; 911 curr_ipcpconf->nbns_servers[1] = $3; 912 } 913 | NBNS_SERVERS in4_addr { 914 curr_ipcpconf->nbns_configured = true; 915 curr_ipcpconf->nbns_servers[0] = $2; 916 curr_ipcpconf->nbns_servers[1].s_addr = 0; 917 } 918 | ALLOW_USER_SELECTED_ADDRESS yesno { 919 curr_ipcpconf->allow_user_select = $2; 920 } 921 | MAX_SESSION NUMBER { 922 curr_ipcpconf->max_session = $2; 923 } 924 ; 925 926 ipcppooltype : /* empty */ { $$ = 0; } 927 | FOR DYNAMIC { $$ = 0; } 928 | FOR STATIC { $$ = 1; } 929 ; 930 931 932 /* 933 * interface 934 */ 935 interface : INTERFACE STRING ADDRESS in4_addr IPCP STRING { 936 int cnt; 937 struct iface *n; 938 struct ipcpconf *ipcp; 939 940 cnt = 0; 941 TAILQ_FOREACH(n, &conf->ifaces, entry) { 942 cnt++; 943 } 944 if (cnt >= NPPPD_MAX_IFACE) { 945 yyerror("too many interfaces. use less than " 946 "or equal to %d", NPPPD_MAX_IFACE); 947 YYERROR; 948 } 949 950 if ((ipcp = ipcpconf_find($6)) == NULL) { 951 yyerror("ipcp %s is not found", $6); 952 free($2); 953 YYERROR; 954 } 955 if (iface_find($2) != NULL) { 956 yyerror("interface %s is already in used.", $2); 957 free($2); 958 YYERROR; 959 } 960 961 if ((n = calloc(1, sizeof(struct iface))) == NULL) { 962 yyerror("out of memory"); 963 free($2); 964 YYERROR; 965 } 966 strlcpy(n->name, $2, sizeof(n->name)); 967 free($2); 968 n->ip4addr = $4; 969 if (strncmp(n->name, "pppx", 4) == 0) 970 n->is_pppx = true; 971 972 n->ipcpconf = ipcp; 973 TAILQ_INSERT_TAIL(&conf->ifaces, n, entry); 974 } 975 ; 976 977 /* 978 * bind 979 */ 980 bind : BIND TUNNEL FROM STRING AUTHENTICATED BY STRING TO STRING { 981 struct authconf *auth; 982 struct tunnconf *tunn; 983 struct iface *iface; 984 struct confbind *n; 985 986 if ((tunn = tunnconf_find($4)) == NULL) { 987 yyerror("tunnel %s is not found", $4); 988 free($4); 989 free($7); 990 free($9); 991 YYERROR; 992 } 993 if ((auth = authconf_find($7)) == NULL) { 994 yyerror("authentication %s is not found", $7); 995 free($4); 996 free($7); 997 free($9); 998 YYERROR; 999 } 1000 if ((iface = iface_find($9)) == NULL) { 1001 yyerror("interface %s is not found", $9); 1002 free($4); 1003 free($7); 1004 free($9); 1005 YYERROR; 1006 } 1007 if (tunn->pipex == 0 && iface->is_pppx) { 1008 yyerror("pipex should be enabled for" 1009 " interface %s", $9); 1010 free($4); 1011 free($7); 1012 free($9); 1013 YYERROR; 1014 } 1015 if ((n = malloc(sizeof(struct confbind))) == NULL) { 1016 yyerror("out of memory"); 1017 free($4); 1018 free($7); 1019 free($9); 1020 YYERROR; 1021 } 1022 n->tunnconf = tunn; 1023 n->authconf = auth; 1024 n->iface = iface; 1025 TAILQ_INSERT_TAIL(&conf->confbinds, n, entry); 1026 } 1027 ; 1028 1029 yesno : YES { $$ = true; } 1030 | NO { $$ = false; } 1031 ; 1032 1033 optnl : '\n' optnl 1034 | 1035 ; 1036 1037 nl : '\n' optnl 1038 ; 1039 1040 %% 1041 1042 struct keywords { 1043 const char *k_name; 1044 int k_val; 1045 }; 1046 1047 int 1048 yyerror(const char *fmt, ...) 1049 { 1050 va_list ap; 1051 char *msg; 1052 1053 file->errors++; 1054 va_start(ap, fmt); 1055 if (vasprintf(&msg, fmt, ap) == -1) 1056 fatalx("yyerror vasprintf"); 1057 va_end(ap); 1058 logit(LOG_CRIT, "%s:%d: %s", file->name, yylval.lineno, msg); 1059 free(msg); 1060 return (0); 1061 } 1062 1063 int 1064 kw_cmp(const void *k, const void *e) 1065 { 1066 return (strcmp(k, ((const struct keywords *)e)->k_name)); 1067 } 1068 1069 int 1070 lookup(char *s) 1071 { 1072 /* this has to be sorted always */ 1073 static const struct keywords keywords[] = { 1074 { "accounting-server", ACCOUNTING_SERVER}, 1075 { "address", ADDRESS}, 1076 { "allow-user-selected-address", ALLOW_USER_SELECTED_ADDRESS}, 1077 { "authenticated", AUTHENTICATED}, 1078 { "authentication", AUTHENTICATION}, 1079 { "authentication-method", AUTHENTICATION_METHOD}, 1080 { "authentication-server", AUTHENTICATION_SERVER}, 1081 { "bind", BIND}, 1082 { "by", BY}, 1083 { "callnum-check", CALLNUM_CHECK}, 1084 { "ccp", CCP}, 1085 { "ccp-max-configure", CCP_MAX_CONFIGURE}, 1086 { "ccp-max-nak-loop", CCP_MAX_NAK_LOOP}, 1087 { "ccp-max-terminate", CCP_MAX_TERMINATE}, 1088 { "ccp-timeout", CCP_TIMEOUT}, 1089 { "chap", CHAP}, 1090 { "chap-name", CHAP_NAME}, 1091 { "client", CLIENT}, 1092 { "dae", DAE}, 1093 { "debug-dump-pktin", DEBUG_DUMP_PKTIN}, 1094 { "debug-dump-pktout", DEBUG_DUMP_PKTOUT}, 1095 { "dns-servers", DNS_SERVERS}, 1096 { "dynamic", DYNAMIC}, 1097 { "eap", EAP}, 1098 { "eap-capable", EAP_CAPABLE}, 1099 { "for", FOR}, 1100 { "from", FROM}, 1101 { "idle-timeout", IDLE_TIMEOUT}, 1102 { "ingress-filter", INGRESS_FILTER}, 1103 { "interface", INTERFACE}, 1104 { "ip", IP}, 1105 { "ipcp", IPCP}, 1106 { "ipcp-max-configure", IPCP_MAX_CONFIGURE}, 1107 { "ipcp-max-nak-loop", IPCP_MAX_NAK_LOOP}, 1108 { "ipcp-max-terminate", IPCP_MAX_TERMINATE}, 1109 { "ipcp-timeout", IPCP_TIMEOUT}, 1110 { "l2tp", L2TP}, 1111 { "l2tp-accept-dialin", L2TP_ACCEPT_DIALIN}, 1112 { "l2tp-ctrl-in-pktdump", L2TP_CTRL_IN_PKTDUMP}, 1113 { "l2tp-ctrl-out-pktdump", L2TP_CTRL_OUT_PKTDUMP}, 1114 { "l2tp-data-in-pktdump", L2TP_DATA_IN_PKTDUMP}, 1115 { "l2tp-data-out-pktdump", L2TP_DATA_OUT_PKTDUMP}, 1116 { "l2tp-data-use-seq", L2TP_DATA_USE_SEQ}, 1117 { "l2tp-force-lcp-renegotiation", L2TP_FORCE_LCP_RENEGOTIATION}, 1118 { "l2tp-hello-interval", L2TP_HELLO_INTERVAL}, 1119 { "l2tp-hello-timeout", L2TP_HELLO_TIMEOUT}, 1120 { "l2tp-hostname", L2TP_HOSTNAME}, 1121 { "l2tp-lcp-renegotiation", L2TP_LCP_RENEGOTIATION}, 1122 { "l2tp-require-ipsec", L2TP_REQUIRE_IPSEC}, 1123 { "l2tp-vendor-name", L2TP_VENDOR_NAME}, 1124 { "lcp", LCP}, 1125 { "lcp-keepalive", LCP_KEEPALIVE}, 1126 { "lcp-keepalive-interval", LCP_KEEPALIVE_INTERVAL}, 1127 { "lcp-keepalive-max-retries", LCP_KEEPALIVE_MAX_RETRIES }, 1128 { "lcp-keepalive-retry-interval", LCP_KEEPALIVE_RETRY_INTERVAL}, 1129 { "lcp-max-configure", LCP_MAX_CONFIGURE}, 1130 { "lcp-max-nak-loop", LCP_MAX_NAK_LOOP}, 1131 { "lcp-max-terminate", LCP_MAX_TERMINATE}, 1132 { "lcp-timeout", LCP_TIMEOUT}, 1133 { "listen", LISTEN}, 1134 { "local", LOCAL}, 1135 { "max-failovers", MAX_FAILOVERS}, 1136 { "max-session", MAX_SESSION}, 1137 { "max-tries", MAX_TRIES}, 1138 { "mppe", MPPE}, 1139 { "mppe-key-length", MPPE_KEY_LENGTH}, 1140 { "mppe-key-state", MPPE_KEY_STATE}, 1141 { "mru", MRU}, 1142 { "mschapv2", MSCHAPV2}, 1143 { "nas-id", NAS_ID}, 1144 { "nbns-servers", NBNS_SERVERS}, 1145 { "no", NO}, 1146 { "on", ON}, 1147 { "pap", PAP}, 1148 { "pipex", PIPEX}, 1149 { "pool-address", POOL_ADDRESS}, 1150 { "port", PORT}, 1151 { "pppoe", PPPOE}, 1152 { "pppoe-ac-name", PPPOE_AC_NAME}, 1153 { "pppoe-accept-any-service", PPPOE_ACCEPT_ANY_SERVICE}, 1154 { "pppoe-desc-in-pktdump", PPPOE_DESC_IN_PKTDUMP}, 1155 { "pppoe-desc-out-pktdump", PPPOE_DESC_OUT_PKTDUMP}, 1156 { "pppoe-service-name", PPPOE_SERVICE_NAME}, 1157 { "pppoe-session-in-pktdump", PPPOE_SESSION_IN_PKTDUMP}, 1158 { "pppoe-session-out-pktdump", PPPOE_SESSION_OUT_PKTDUMP}, 1159 { "pptp", PPTP}, 1160 { "pptp-ctrl-in-pktdump", PPTP_CTRL_IN_PKTDUMP}, 1161 { "pptp-ctrl-out-pktdump", PPTP_CTRL_OUT_PKTDUMP}, 1162 { "pptp-data-in-pktdump", PPTP_DATA_IN_PKTDUMP}, 1163 { "pptp-data-out-pktdump", PPTP_DATA_OUT_PKTDUMP}, 1164 { "pptp-echo-interval", PPTP_ECHO_INTERVAL}, 1165 { "pptp-echo-timeout", PPTP_ECHO_TIMEOUT}, 1166 { "pptp-hostname", PPTP_HOSTNAME}, 1167 { "pptp-vendor-name", PPTP_VENDOR_NAME}, 1168 { "protocol", PROTOCOL}, 1169 { "radius", RADIUS}, 1170 { "required", REQUIRED}, 1171 { "resolver", RESOLVER}, 1172 { "secret", SECRET}, 1173 { "set", SET}, 1174 { "stateful", STATEFUL}, 1175 { "stateless", STATELESS}, 1176 { "static", STATIC}, 1177 { "strip-atmark-realm", STRIP_ATMARK_REALM}, 1178 { "strip-nt-domain", STRIP_NT_DOMAIN}, 1179 { "tcp-mss-adjust", TCP_MSS_ADJUST}, 1180 { "timeout", X_TIMEOUT}, 1181 { "to", TO}, 1182 { "tunnel", TUNNEL}, 1183 { "type", TYPE}, 1184 { "user-max-session", USER_MAX_SESSION}, 1185 { "username-suffix", USERNAME_SUFFIX}, 1186 { "users-file", USERS_FILE}, 1187 { "yes", YES} 1188 }; 1189 const struct keywords *p; 1190 1191 p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]), 1192 sizeof(keywords[0]), kw_cmp); 1193 1194 if (p) 1195 return (p->k_val); 1196 else 1197 return (STRING); 1198 } 1199 1200 #define MAXPUSHBACK 128 1201 1202 char *parsebuf; 1203 int parseindex; 1204 char pushback_buffer[MAXPUSHBACK]; 1205 int pushback_index = 0; 1206 1207 int 1208 lgetc(int quotec) 1209 { 1210 int c, next; 1211 1212 if (parsebuf) { 1213 /* Read character from the parsebuffer instead of input. */ 1214 if (parseindex >= 0) { 1215 c = (unsigned char)parsebuf[parseindex++]; 1216 if (c != '\0') 1217 return (c); 1218 parsebuf = NULL; 1219 } else 1220 parseindex++; 1221 } 1222 1223 if (pushback_index) 1224 return ((unsigned char)pushback_buffer[--pushback_index]); 1225 1226 if (quotec) { 1227 if ((c = getc(file->stream)) == EOF) { 1228 yyerror("reached end of file while parsing " 1229 "quoted string"); 1230 if (file == topfile || popfile() == EOF) 1231 return (EOF); 1232 return (quotec); 1233 } 1234 return (c); 1235 } 1236 1237 while ((c = getc(file->stream)) == '\\') { 1238 next = getc(file->stream); 1239 if (next != '\n') { 1240 c = next; 1241 break; 1242 } 1243 yylval.lineno = file->lineno; 1244 file->lineno++; 1245 } 1246 1247 while (c == EOF) { 1248 if (file == topfile || popfile() == EOF) 1249 return (EOF); 1250 c = getc(file->stream); 1251 } 1252 return (c); 1253 } 1254 1255 int 1256 lungetc(int c) 1257 { 1258 if (c == EOF) 1259 return (EOF); 1260 if (parsebuf) { 1261 parseindex--; 1262 if (parseindex >= 0) 1263 return (c); 1264 } 1265 if (pushback_index + 1 >= MAXPUSHBACK) 1266 return (EOF); 1267 pushback_buffer[pushback_index++] = c; 1268 return (c); 1269 } 1270 1271 int 1272 findeol(void) 1273 { 1274 int c; 1275 1276 parsebuf = NULL; 1277 1278 /* skip to either EOF or the first real EOL */ 1279 while (1) { 1280 if (pushback_index) 1281 c = (unsigned char)pushback_buffer[--pushback_index]; 1282 else 1283 c = lgetc(0); 1284 if (c == '\n') { 1285 file->lineno++; 1286 break; 1287 } 1288 if (c == EOF) 1289 break; 1290 } 1291 return (ERROR); 1292 } 1293 1294 int 1295 yylex(void) 1296 { 1297 char buf[8096]; 1298 char *p; 1299 int quotec, next, c; 1300 int token; 1301 1302 p = buf; 1303 while ((c = lgetc(0)) == ' ' || c == '\t') 1304 ; /* nothing */ 1305 1306 yylval.lineno = file->lineno; 1307 if (c == '#') 1308 while ((c = lgetc(0)) != '\n' && c != EOF) 1309 ; /* nothing */ 1310 1311 switch (c) { 1312 case '\'': 1313 case '"': 1314 quotec = c; 1315 while (1) { 1316 if ((c = lgetc(quotec)) == EOF) 1317 return (0); 1318 if (c == '\n') { 1319 file->lineno++; 1320 continue; 1321 } else if (c == '\\') { 1322 if ((next = lgetc(quotec)) == EOF) 1323 return (0); 1324 if (next == quotec || next == ' ' || 1325 next == '\t') 1326 c = next; 1327 else if (next == '\n') { 1328 file->lineno++; 1329 continue; 1330 } else 1331 lungetc(next); 1332 } else if (c == quotec) { 1333 *p = '\0'; 1334 break; 1335 } else if (c == '\0') { 1336 yyerror("syntax error"); 1337 return (findeol()); 1338 } 1339 if (p + 1 >= buf + sizeof(buf) - 1) { 1340 yyerror("string too long"); 1341 return (findeol()); 1342 } 1343 *p++ = c; 1344 } 1345 yylval.v.string = strdup(buf); 1346 if (yylval.v.string == NULL) 1347 fatal("yylex: strdup"); 1348 return (STRING); 1349 } 1350 1351 #define allowed_to_end_number(x) \ 1352 (isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' || x == '=') 1353 1354 if (c == '-' || isdigit(c)) { 1355 do { 1356 *p++ = c; 1357 if ((size_t)(p-buf) >= sizeof(buf)) { 1358 yyerror("string too long"); 1359 return (findeol()); 1360 } 1361 } while ((c = lgetc(0)) != EOF && isdigit(c)); 1362 lungetc(c); 1363 if (p == buf + 1 && buf[0] == '-') 1364 goto nodigits; 1365 if (c == EOF || allowed_to_end_number(c)) { 1366 const char *errstr = NULL; 1367 1368 *p = '\0'; 1369 yylval.v.number = strtonum(buf, LLONG_MIN, 1370 LLONG_MAX, &errstr); 1371 if (errstr) { 1372 yyerror("\"%s\" invalid number: %s", 1373 buf, errstr); 1374 return (findeol()); 1375 } 1376 return (NUMBER); 1377 } else { 1378 nodigits: 1379 while (p > buf + 1) 1380 lungetc((unsigned char)*--p); 1381 c = (unsigned char)*--p; 1382 if (c == '-') 1383 return (c); 1384 } 1385 } 1386 1387 #define allowed_in_string(x) \ 1388 (isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \ 1389 x != '{' && x != '}' && x != '<' && x != '>' && \ 1390 x != '!' && x != '=' && x != '/' && x != '#' && \ 1391 x != ',')) 1392 1393 if (isalnum(c) || c == ':' || c == '_' || c == '*') { 1394 do { 1395 *p++ = c; 1396 if ((size_t)(p-buf) >= sizeof(buf)) { 1397 yyerror("string too long"); 1398 return (findeol()); 1399 } 1400 } while ((c = lgetc(0)) != EOF && (allowed_in_string(c))); 1401 lungetc(c); 1402 *p = '\0'; 1403 if ((token = lookup(buf)) == STRING) 1404 if ((yylval.v.string = strdup(buf)) == NULL) 1405 fatal("yylex: strdup"); 1406 return (token); 1407 } 1408 if (c == '\n') { 1409 yylval.lineno = file->lineno; 1410 file->lineno++; 1411 } 1412 if (c == EOF) 1413 return (0); 1414 return (c); 1415 } 1416 1417 struct file * 1418 pushfile(const char *name) 1419 { 1420 struct file *nfile; 1421 1422 if ((nfile = calloc(1, sizeof(struct file))) == NULL) { 1423 log_warn("%s", __func__); 1424 return (NULL); 1425 } 1426 if ((nfile->name = strdup(name)) == NULL) { 1427 log_warn("%s", __func__); 1428 free(nfile); 1429 return (NULL); 1430 } 1431 #ifdef NO_PRIVSEP 1432 if ((nfile->stream = fopen(nfile->name, "r")) == NULL) { 1433 #else 1434 if ((nfile->stream = priv_fopen(nfile->name)) == NULL) { 1435 #endif 1436 log_warn("%s: %s", __func__, nfile->name); 1437 free(nfile->name); 1438 free(nfile); 1439 return (NULL); 1440 } 1441 nfile->lineno = 1; 1442 TAILQ_INSERT_TAIL(&files, nfile, entry); 1443 return (nfile); 1444 } 1445 1446 int 1447 popfile(void) 1448 { 1449 struct file *prev; 1450 1451 if ((prev = TAILQ_PREV(file, files, entry)) != NULL) 1452 prev->errors += file->errors; 1453 1454 TAILQ_REMOVE(&files, file, entry); 1455 fclose(file->stream); 1456 free(file->name); 1457 free(file); 1458 file = prev; 1459 return (file ? 0 : EOF); 1460 } 1461 1462 int 1463 npppd_conf_parse(struct npppd_conf *xconf, const char *filename) 1464 { 1465 int errors = 0; 1466 1467 conf = xconf; 1468 1469 if ((file = pushfile(filename)) == NULL) { 1470 return (-1); 1471 } 1472 topfile = file; 1473 1474 yyparse(); 1475 errors = file->errors; 1476 popfile(); 1477 1478 if (curr_tunnconf != NULL) { 1479 tunnconf_fini(curr_tunnconf); 1480 free(curr_tunnconf); 1481 } 1482 curr_tunnconf = NULL; 1483 if (curr_authconf != NULL) { 1484 authconf_fini(curr_authconf); 1485 free(curr_authconf); 1486 } 1487 curr_authconf = NULL; 1488 if (curr_ipcpconf != NULL) { 1489 ipcpconf_fini(curr_ipcpconf); 1490 free(curr_ipcpconf); 1491 } 1492 curr_ipcpconf = NULL; 1493 1494 if (errors) 1495 npppd_conf_fini(xconf); 1496 1497 return (errors ? -1 : 0); 1498 } 1499 1500 void 1501 npppd_conf_init(struct npppd_conf *xconf) 1502 { 1503 memset(xconf, 0, sizeof(struct npppd_conf)); 1504 TAILQ_INIT(&xconf->tunnconfs); 1505 TAILQ_INIT(&xconf->authconfs); 1506 TAILQ_INIT(&xconf->ipcpconfs); 1507 TAILQ_INIT(&xconf->ifaces); 1508 TAILQ_INIT(&xconf->confbinds); 1509 TAILQ_INIT(&xconf->l2tp_confs); 1510 TAILQ_INIT(&xconf->pptp_confs); 1511 TAILQ_INIT(&xconf->pppoe_confs); 1512 TAILQ_INIT(&xconf->raddaeclientconfs); 1513 TAILQ_INIT(&xconf->raddaelistenconfs); 1514 strlcpy(xconf->nas_id, "npppd", sizeof(xconf->nas_id)); 1515 } 1516 1517 void 1518 npppd_conf_fini(struct npppd_conf *xconf) 1519 { 1520 struct tunnconf *tunn, *tunn0; 1521 struct authconf *auth, *auth0; 1522 struct ipcpconf *ipcp, *ipcp0; 1523 struct iface *iface, *iface0; 1524 struct confbind *confbind, *confbind0; 1525 struct radclientconf *radc, *radct; 1526 struct radlistenconf *radl, *radlt; 1527 1528 TAILQ_FOREACH_SAFE(tunn, &xconf->tunnconfs, entry, tunn0) { 1529 tunnconf_fini(tunn); 1530 } 1531 TAILQ_FOREACH_SAFE(auth, &xconf->authconfs, entry, auth0) { 1532 authconf_fini(auth); 1533 } 1534 TAILQ_FOREACH_SAFE(ipcp, &xconf->ipcpconfs, entry, ipcp0) { 1535 ipcpconf_fini(ipcp); 1536 } 1537 TAILQ_FOREACH_SAFE(iface, &xconf->ifaces, entry, iface0) { 1538 free(iface); 1539 } 1540 TAILQ_FOREACH_SAFE(confbind, &xconf->confbinds, entry, confbind0) { 1541 free(confbind); 1542 } 1543 TAILQ_FOREACH_SAFE(radc, &xconf->raddaeclientconfs, entry, radct) 1544 free(radc); 1545 TAILQ_FOREACH_SAFE(radl, &xconf->raddaelistenconfs, entry, radlt) 1546 free(radl); 1547 TAILQ_INIT(&xconf->l2tp_confs); 1548 TAILQ_INIT(&xconf->pptp_confs); 1549 TAILQ_INIT(&xconf->pppoe_confs); 1550 } 1551 1552 void 1553 tunnconf_fini(struct tunnconf *tun) 1554 { 1555 if (tun->chap_name != NULL) 1556 free(tun->chap_name); 1557 tun->chap_name = NULL; 1558 1559 switch (tun->protocol) { 1560 case NPPPD_TUNNEL_L2TP: 1561 { 1562 struct l2tp_listen_addr *l_addr, *l_tmp; 1563 1564 if (tun->proto.l2tp.hostname != NULL) 1565 free(tun->proto.l2tp.hostname); 1566 tun->proto.l2tp.hostname = NULL; 1567 if (tun->proto.l2tp.vendor_name != NULL) 1568 free(tun->proto.l2tp.vendor_name); 1569 tun->proto.l2tp.vendor_name = NULL; 1570 TAILQ_FOREACH_SAFE(l_addr, &tun->proto.l2tp.listen, entry, 1571 l_tmp) { 1572 TAILQ_REMOVE(&tun->proto.l2tp.listen, l_addr, entry); 1573 free(l_addr); 1574 } 1575 break; 1576 } 1577 case NPPPD_TUNNEL_PPTP: 1578 { 1579 struct pptp_listen_addr *p_addr, *p_tmp; 1580 1581 if (tun->proto.pptp.hostname != NULL) 1582 free(tun->proto.pptp.hostname); 1583 tun->proto.pptp.hostname = NULL; 1584 if (tun->proto.pptp.vendor_name != NULL) 1585 free(tun->proto.pptp.vendor_name); 1586 tun->proto.pptp.vendor_name = NULL; 1587 TAILQ_FOREACH_SAFE(p_addr, &tun->proto.pptp.listen, entry, 1588 p_tmp) { 1589 TAILQ_REMOVE(&tun->proto.pptp.listen, p_addr, entry); 1590 free(p_addr); 1591 } 1592 break; 1593 } 1594 case NPPPD_TUNNEL_PPPOE: 1595 if (tun->proto.pppoe.service_name != NULL) 1596 free(tun->proto.pppoe.service_name); 1597 tun->proto.pppoe.service_name = NULL; 1598 if (tun->proto.pppoe.ac_name != NULL) 1599 free(tun->proto.pppoe.ac_name); 1600 tun->proto.pppoe.ac_name = NULL; 1601 break; 1602 } 1603 } 1604 1605 void 1606 tunnconf_init(struct tunnconf *tun, int protocol) 1607 { 1608 extern struct tunnconf tunnconf_default_l2tp, tunnconf_default_pptp; 1609 extern struct tunnconf tunnconf_default_pppoe; 1610 1611 switch (protocol) { 1612 case NPPPD_TUNNEL_L2TP: 1613 memcpy(tun, &tunnconf_default_l2tp, sizeof(struct tunnconf)); 1614 TAILQ_INIT(&tun->proto.l2tp.listen); 1615 break; 1616 case NPPPD_TUNNEL_PPTP: 1617 memcpy(tun, &tunnconf_default_pptp, sizeof(struct tunnconf)); 1618 TAILQ_INIT(&tun->proto.pptp.listen); 1619 break; 1620 case NPPPD_TUNNEL_PPPOE: 1621 memcpy(tun, &tunnconf_default_pppoe, sizeof(struct tunnconf)); 1622 break; 1623 } 1624 } 1625 1626 struct tunnconf * 1627 tunnconf_find(const char *name) 1628 { 1629 struct tunnconf *tunn; 1630 1631 TAILQ_FOREACH(tunn, &conf->tunnconfs, entry) { 1632 if (strcmp(tunn->name, name) == 0) 1633 return tunn; 1634 } 1635 1636 return NULL; 1637 } 1638 1639 void 1640 authconf_init(struct authconf *auth) 1641 { 1642 memset(auth, 0, sizeof(struct authconf)); 1643 auth->eap_capable = true; 1644 auth->strip_nt_domain = true; 1645 auth->strip_atmark_realm = false; 1646 } 1647 1648 void 1649 authconf_fini(struct authconf *auth) 1650 { 1651 if (auth->username_suffix != NULL) 1652 free(auth->username_suffix); 1653 auth->username_suffix = NULL; 1654 1655 switch (auth->auth_type) { 1656 case NPPPD_AUTH_TYPE_RADIUS: 1657 radconf_fini(&auth->data.radius.auth); 1658 radconf_fini(&auth->data.radius.acct); 1659 break; 1660 } 1661 } 1662 1663 void 1664 radconf_fini(struct radconf *radconf) 1665 { 1666 struct radserver *server, *server0; 1667 1668 TAILQ_FOREACH_SAFE(server, &radconf->servers, entry, server0) { 1669 if (server->secret != NULL) 1670 free(server->secret); 1671 server->secret = NULL; 1672 } 1673 } 1674 1675 struct authconf * 1676 authconf_find(const char *name) 1677 { 1678 struct authconf *auth; 1679 1680 TAILQ_FOREACH(auth, &conf->authconfs, entry) { 1681 if (strcmp(auth->name, name) == 0) 1682 return auth; 1683 } 1684 1685 return NULL; 1686 } 1687 1688 void 1689 ipcpconf_init(struct ipcpconf *ipcp) 1690 { 1691 memset(ipcp, 0, sizeof(struct ipcpconf)); 1692 } 1693 1694 void 1695 ipcpconf_fini(struct ipcpconf *ipcp) 1696 { 1697 if (ipcp->dynamic_pool != NULL) 1698 in_addr_range_list_remove_all(&ipcp->dynamic_pool); 1699 if (ipcp->static_pool != NULL) 1700 in_addr_range_list_remove_all(&ipcp->static_pool); 1701 } 1702 1703 struct ipcpconf * 1704 ipcpconf_find(const char *name) 1705 { 1706 struct ipcpconf *ipcp; 1707 1708 TAILQ_FOREACH(ipcp, &conf->ipcpconfs, entry) { 1709 if (strcmp(ipcp->name, name) == 0) 1710 return ipcp; 1711 } 1712 1713 return NULL; 1714 } 1715 1716 struct iface * 1717 iface_find(const char *name) 1718 { 1719 struct iface *iface; 1720 1721 TAILQ_FOREACH(iface, &conf->ifaces, entry) { 1722 if (strcmp(iface->name, name) == 0) 1723 return iface; 1724 } 1725 1726 return NULL; 1727 } 1728 1729 void 1730 sa_set_in_addr_any(struct sockaddr *sa) 1731 { 1732 memset(sa, 0, sizeof(struct sockaddr_in)); 1733 1734 sa->sa_family = AF_INET, 1735 sa->sa_len = sizeof(struct sockaddr_in); 1736 ((struct sockaddr_in *)sa)->sin_addr.s_addr = htonl(INADDR_ANY); 1737 } 1738