xref: /netbsd-src/usr.sbin/inetd/parse_v2.c (revision d3789543466c1fc9b2703e1746ab85d655beccb3)

/*	$NetBSD: parse_v2.c,v 1.7 2024/02/08 20:51:25 andvar Exp $	*/

/*-
 * Copyright (c) 2021 The NetBSD Foundation, Inc.
 * All rights reserved.
 *
 * This code is derived from software contributed to The NetBSD Foundation
 * by James Browning, Gabe Coffland, Alex Gavin, and Solomon Ritzow.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#include <sys/cdefs.h>
__RCSID("$NetBSD: parse_v2.c,v 1.7 2024/02/08 20:51:25 andvar Exp $");

#include <ctype.h>
#include <errno.h>
#include <limits.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
#include <err.h>

#include "inetd.h"
#include "ipsec.h"

typedef enum values_state {
	VALS_PARSING, VALS_END_KEY, VALS_END_DEF, VALS_ERROR
} values_state;

/* Values parsing state */
typedef struct val_parse_info {
	char *cp;
	/* Used so we can null-terminate values by overwriting ',' and ';' */
	//char terminal;
	values_state state;
} val_parse_info, *vlist;

/* The result of a call to parse_invoke_handler */
typedef enum invoke_result {
	INVOKE_SUCCESS, INVOKE_FINISH, INVOKE_ERROR
} invoke_result;

/* The result of a parse of key handler values */
typedef enum hresult {
	KEY_HANDLER_FAILURE, KEY_HANDLER_SUCCESS
} hresult;

/* v2 syntax key-value parsers */
static hresult	args_handler(struct servtab *, vlist);
static hresult	bind_handler(struct servtab *, vlist);
static hresult	exec_handler(struct servtab *, vlist);
static hresult	filter_handler(struct servtab *, vlist);
static hresult	group_handler(struct servtab *, vlist);
static hresult	service_max_handler(struct servtab *, vlist);
static hresult	ip_max_handler(struct servtab *, vlist);
static hresult	protocol_handler(struct servtab *, vlist);
static hresult	recv_buf_handler(struct servtab *, vlist);
static hresult	send_buf_handler(struct servtab *, vlist);
static hresult	socket_type_handler(struct servtab *, vlist);
static hresult	unknown_handler(struct servtab *, vlist);
static hresult	user_handler(struct servtab *, vlist);
static hresult	wait_handler(struct servtab *, vlist);

#ifdef IPSEC
static hresult	ipsec_handler(struct servtab *, vlist);
#endif

static invoke_result	parse_invoke_handler(bool *, char **, struct servtab *);
static bool fill_default_values(struct servtab *);
static bool parse_quotes(char **);
static bool	skip_whitespace(char **);
static int	size_to_bytes(char *);
static bool infer_protocol_ip_version(struct servtab *);
static bool	setup_internal(struct servtab *);
static void	try_infer_socktype(struct servtab *);
static int hex_to_bits(char);
#ifdef IPSEC
static void	setup_ipsec(struct servtab *);
#endif
static inline void	strmove(char *, size_t);

/* v2 Key handlers infrastructure */

/* v2 syntax Handler function, which must parse all values for its key */
typedef hresult (*key_handler_func)(struct servtab *, vlist);

/* List of v2 syntax key handlers */
static struct key_handler {
	const char *name;
	key_handler_func handler;
} key_handlers[] = {
	{ "bind", bind_handler },
	{ "socktype", socket_type_handler },
	{ "acceptfilter", filter_handler },
	{ "protocol", protocol_handler },
	{ "sndbuf", send_buf_handler },
	{ "recvbuf", recv_buf_handler },
	{ "wait", wait_handler },
	{ "service_max", service_max_handler },
	{ "user", user_handler },
	{ "group", group_handler },
	{ "exec", exec_handler },
	{ "args", args_handler },
	{ "ip_max", ip_max_handler },
#ifdef IPSEC
	{ "ipsec", ipsec_handler }
#endif
};

/* Error Not Initialized */
#define ENI(key) ERR("Required option '%s' not specified", (key))

#define WAIT_WRN "Option 'wait' for internal service '%s' was inferred"

/* Too Few Arguments (values) */
#define TFA(key) ERR("Option '%s' has too few arguments", (key))

/* Too Many Arguments (values) */
#define TMA(key) ERR("Option '%s' has too many arguments", (key))

/* Too Many Definitions */
#define TMD(key) ERR("Option '%s' is already specified", (key))

#define VALID_SOCKET_TYPES "stream, dgram, rdm, seqpacket, raw"

parse_v2_result
parse_syntax_v2(struct servtab *sep, char **cpp)
{

	/* Catch multiple semantic errors instead of skipping after one */
	bool is_valid_definition = true;
	/* Line number of service for error logging. */
	size_t line_number_start = line_number;

	for (;;) {
		switch(parse_invoke_handler(&is_valid_definition, cpp, sep)) {
		case INVOKE_SUCCESS:
			/* Keep reading more options in. */
			continue;
		case INVOKE_FINISH:
			/*
			 * Found a semicolon, do final checks and defaults
			 * and return.
			 * Skip whitespace after semicolon to end of line.
		         */
			while (isspace((unsigned char)**cpp)) {
				(*cpp)++;
			}

			if (is_valid_definition && fill_default_values(sep)) {
				if (**cpp == '\0') {
					*cpp = nextline(fconfig);
				}
				return V2_SUCCESS;
			}

			DPRINTCONF("Ignoring invalid definition.");
			/* Log the error for the starting line of the service */
			syslog(LOG_ERR, CONF_ERROR_FMT
			    "Ignoring invalid definition.", CONFIG,
			    line_number_start);
			if (**cpp == '\0') {
				*cpp = nextline(fconfig);
			}
			return V2_SKIP;
		case INVOKE_ERROR:
			DPRINTCONF("Syntax error; Exiting '%s'", CONFIG);
			return V2_ERROR;
		}
	}
}

/*
 * Fill in any remaining values that should be inferred
 * Log an error if a required parameter that isn't
 * provided by user can't be inferred from other servtab data.
 * Return true on success, false on failure.
 */
static bool
fill_default_values(struct servtab *sep)
{
	bool is_valid = true;

	if (sep->se_service_max == SERVTAB_UNSPEC_SIZE_T) {
		/* Set default to same as in v1 syntax. */
		sep->se_service_max = TOOMANY;
	}

	if (sep->se_hostaddr == NULL) {
		/* Set hostaddr to default */
		sep->se_hostaddr = newstr(defhost);
	}

	try_infer_socktype(sep);

	if (sep->se_server == NULL) {
		/* If an executable is not specified, assume internal. */
		is_valid = setup_internal(sep) && is_valid;
	}

	if (sep->se_socktype == SERVTAB_UNSPEC_VAL) {
		/* Ensure socktype is specified (either set or inferred) */
		ENI("socktype");
		is_valid = false;
	}

	if (sep->se_wait == SERVTAB_UNSPEC_VAL) {
		/* Ensure wait is specified */
		ENI("wait");
		is_valid = false;
	}

	if (sep->se_user == NULL) {
		/* Ensure user is specified */
		ENI("user");
		is_valid = false;
	}

	if (sep->se_proto == NULL) {
		/* Ensure protocol is specified */
		ENI("protocol");
		is_valid = false;
	} else {
		is_valid = infer_protocol_ip_version(sep) && is_valid;
	}

#ifdef IPSEC
	setup_ipsec(sep);
#endif
	return is_valid;
}

/* fill_default_values related functions */
#ifdef IPSEC
static void
setup_ipsec(struct servtab *sep)
{
	if (sep->se_policy == NULL) {
		/* Set to default global policy */
		sep->se_policy = policy;
	} else if (*sep->se_policy == '\0') {
		/* IPsec was intentionally disabled. */
		free(sep->se_policy);
		sep->se_policy = NULL;
	}
}
#endif

static void
try_infer_socktype(struct servtab *sep) {
	if (sep->se_socktype != SERVTAB_UNSPEC_VAL || sep->se_proto == NULL) {
		return;
	}

	/* Check values of se_proto udp, udp6, tcp, tcp6 to set dgram/stream */
	if (strncmp(sep->se_proto, "udp", 3) == 0) {
		sep->se_socktype = SOCK_DGRAM;
	} else if (strncmp(sep->se_proto, "tcp", 3) == 0) {
		sep->se_socktype = SOCK_STREAM;
	}
}

static bool
setup_internal(struct servtab *sep)
{
	pid_t wait_prev = sep->se_wait;
	if (parse_server(sep, "internal") != 0) {
		ENI("exec");
		return false;
	}

	if (wait_prev != SERVTAB_UNSPEC_VAL && wait_prev != sep->se_wait) {
		/* If wait was already specified throw an error. */
		WRN(WAIT_WRN, sep->se_service);
	}
	return true;
}

static bool
infer_protocol_ip_version(struct servtab *sep)
{
	struct in_addr tmp;

	if (strcmp("tcp", sep->se_proto) != 0
		&& strcmp("udp", sep->se_proto) != 0
		&& strcmp("rpc/tcp", sep->se_proto) != 0
		&& strcmp("rpc/udp", sep->se_proto) != 0) {
		return true;
	}

	if (inet_pton(AF_INET, sep->se_hostaddr, &tmp)) {
		sep->se_family = AF_INET;
		return true;
	}

	if (inet_pton(AF_INET6, sep->se_hostaddr, &tmp)) {
		sep->se_family = AF_INET6;
		return true;
	}

	ERR("Address family of %s is ambigous or invalid. "
		"Explicitly specify protocol", sep->se_hostaddr);
	return false;
}

/*
 * Skips whitespaces, newline characters, and comments,
 * and returns the next token. Returns false and logs error if an EOF is
 * encountered.
 */
static bool
skip_whitespace(char **cpp)
{
	char *cp = *cpp;

	size_t line_start = line_number;

	for (;;) {
		while (isblank((unsigned char)*cp))
			cp++;

		if (*cp == '\0' || *cp == '#') {
			cp = nextline(fconfig);

			/* Should never expect EOF when skipping whitespace */
			if (cp == NULL) {
				ERR("Early end of file after line %zu",
				    line_start);
				return false;
			}
			continue;
		}
		break;
	}

	*cpp = cp;
	return true;
}

/* Get the key handler function pointer for the given name */
static key_handler_func
get_handler(char *name)
{
	/* Call function to handle option parsing. */
	for (size_t i = 0; i < __arraycount(key_handlers); i++) {
		if (strcmp(key_handlers[i].name, name) == 0) {
			return key_handlers[i].handler;
		}
	}
	return NULL;
}

static inline void
strmove(char *buf, size_t off)
{
	memmove(buf, buf + off, strlen(buf + off) + 1);
}

/*
 * Perform an in-place parse of a single-line quoted string
 * with escape sequences. Sets *cpp to the position after the quoted characters.
 * Uses shell-style quote parsing.
 */
static bool
parse_quotes(char **cpp)
{
	char *cp = *cpp;
	char quote = *cp;

	strmove(cp, 1);
	while (*cp != '\0' && quote != '\0') {
		if (*cp == quote) {
			quote = '\0';
			strmove(cp, 1);
			continue;
		}

		if (*cp == '\\') {
			/* start is location of backslash */
			char *start = cp;
			cp++;
			switch (*cp) {
			case 'x': {
				int hi, lo;
				if ((hi = hex_to_bits(cp[1])) == -1
				|| (lo = hex_to_bits(cp[2])) == -1) {
					ERR("Invalid hexcode sequence '%.4s'",
					    start);
					return false;
				}
				*start = (char)((hi << 4) | lo);
				strmove(cp, 3);
				continue;
			}
			case '\\':
				*start = '\\';
				break;
			case 'n':
				*start = '\n';
				break;
			case 't':
				*start = '\t';
				break;
			case 'r':
				*start = '\r';
				break;
			case '\'':
				*start = '\'';
				break;
			case '"':
				*start = '"';
				break;
			case '\0':
				ERR("Dangling escape sequence backslash");
				return false;
			default:
				ERR("Unknown escape sequence '\\%c'", *cp);
				return false;
			}
			strmove(cp, 1);
			continue;
		}

		/* Regular character, advance to the next one. */
		cp++;
	}

	if (*cp == '\0' && quote != '\0') {
		ERR("Unclosed quote");
		return false;
	}
	*cpp = cp;
	return true;
}

static int
hex_to_bits(char in)
{
	switch(in) {
	case '0'...'9':
		return in - '0';
	case 'a'...'f':
		return in - 'a' + 10;
	case 'A'...'F':
		return in - 'A' + 10;
	default:
		return -1;
	}
}

/*
 * Parse the next value for a key handler and advance list->cp past the found
 * value. Return NULL if there are no more values or there was an error
 * during parsing, and set the list->state to the appropriate value.
 */
static char *
next_value(vlist list)
{
	char *cp = list->cp;

	if (list->state != VALS_PARSING) {
		/* Already at the end of a values list, or there was an error.*/
		return NULL;
	}

	if (!skip_whitespace(&cp)) {
		list->state = VALS_ERROR;
		return NULL;
	}

	if (*cp == ',' || *cp == ';') {
		/* Found end of args, but not immediately after value */
		list->state = (*cp == ',' ? VALS_END_KEY : VALS_END_DEF);
		list->cp = cp + 1;
		return NULL;
	}

	/* Check for end of line */
	if (!skip_whitespace(&cp)) {
		list->state = VALS_ERROR;
		return NULL;
	}

	/*
	 * Found the start of a potential value. Advance one character
	 * past the end of the value.
	 */
	char *start = cp;
	while (!isblank((unsigned char)*cp) && *cp != '#' &&
	    *cp != ',' && *cp != ';' && *cp != '\0' ) {
		if (*cp == '"' || *cp == '\'') {
			/* Found a quoted segment */
			if (!parse_quotes(&cp)) {
				list->state = VALS_ERROR;
				return NULL;
			}
		} else {
			/* Find the end of the value */
			cp++;
		}
	}

	/* Handle comments next to unquoted values */
	if (*cp == '#') {
		*cp = '\0';
		list->cp = cp;
		return start;
	}

	if (*cp == '\0') {
		/*
		 * Value ends with end of line, so it is already NUL-terminated
		 */
		list->cp = cp;
		return start;
	}

	if (*cp == ',') {
		list->state = VALS_END_KEY;
	} else if (*cp == ';') {
		list->state = VALS_END_DEF;
	}

	*cp = '\0';
	/* Advance past null so we don't skip the rest of the line */
	list->cp = cp + 1;
	return start;
}

/* Parse key name and invoke associated handler */
static invoke_result
parse_invoke_handler(bool *is_valid_definition, char **cpp, struct servtab *sep)
{
	char *key_name, save, *cp = *cpp;
	int is_blank;
	key_handler_func handler;
	val_parse_info info;

	/* Skip any whitespace if it exists, otherwise do nothing */
	if (!skip_whitespace(&cp)) {
		return INVOKE_ERROR;
	}

	/* Starting character of key */
	key_name = cp;


	/* alphabetical or underscore allowed in name */
	while (isalpha((unsigned char)*cp) || *cp == '_') {
		cp++;
	}

	is_blank = isblank((unsigned char)*cp);

	/* Get key handler and move to start of values */
	if (*cp != '=' && !is_blank && *cp != '#') {
		ERR("Expected '=' but found '%c'", *cp);
		return INVOKE_ERROR;
	}

	save = *cp;
	*cp = '\0';
	cp++;

	handler = get_handler(key_name);

	if (handler == NULL) {
		ERR("Unknown option '%s'", key_name);
		handler = unknown_handler;
	}

	/* If blank or new line, still need to find the '=' or throw error */
	if (is_blank || save == '#') {
		if (save == '#') {
			cp = nextline(fconfig);
		}

		skip_whitespace(&cp);
		if (*cp != '=') {
			ERR("Expected '=' but found '%c'", *cp);
			return INVOKE_ERROR;
		}
		cp++;
	}

	/* Skip whitespace to start of values */
	if (!skip_whitespace(&cp)) {
		return INVOKE_ERROR;
	}

	info = (val_parse_info) {cp, VALS_PARSING};

	/*
	 * Read values for key and write into sep.
	 * If parsing is successful, all values for key must be read.
	 */
	if (handler(sep, &info) == KEY_HANDLER_FAILURE) {
		/*
		 * Eat remaining values if an error happened
	         * so more errors can be caught.
		 */
		while (next_value(&info) != NULL)
			continue;
		*is_valid_definition = false;
	}

	if (info.state == VALS_END_DEF) {
		/*
		 * Exit definition handling for(;;).
		 * Set the position to the end of the definition,
		 * for multi-definition lines.
		 */
		*cpp = info.cp;
		return INVOKE_FINISH;
	}
	if (info.state == VALS_ERROR) {
		/* Parse error, stop reading config */
		return INVOKE_ERROR;
	}

	*cpp = info.cp;
	return INVOKE_SUCCESS;
}

/* Return true if sep must be a built-in service */
static bool
is_internal(struct servtab *sep)
{
	return sep->se_bi != NULL;
}

/*
 * Key-values handlers
 */

static hresult
/*ARGSUSED*/
unknown_handler(struct servtab *sep, vlist values)
{
	/* Return failure for an unknown service name. */
	return KEY_HANDLER_FAILURE;
}

/* Set listen address for this service */
static hresult
bind_handler(struct servtab *sep, vlist values)
{
	if (sep->se_hostaddr != NULL) {
		TMD("bind");
		return KEY_HANDLER_FAILURE;
	}

	char *val = next_value(values);
	sep->se_hostaddr = newstr(val);
	if (next_value(values) != NULL) {
		TMA("bind");
		return KEY_HANDLER_FAILURE;
	}
	return KEY_HANDLER_SUCCESS;
}

static hresult
socket_type_handler(struct servtab *sep, vlist values)
{
	char *type = next_value(values);
	if (type == NULL) {
		TFA("socktype");
		return KEY_HANDLER_FAILURE;
	}

	parse_socktype(type, sep);

	if (sep->se_socktype == -1) {
		ERR("Invalid socket type '%s'. Valid: " VALID_SOCKET_TYPES,
		    type);
		return KEY_HANDLER_FAILURE;
	}

	if (next_value(values) != NULL) {
		TMA("socktype");
		return KEY_HANDLER_FAILURE;
	}

	return KEY_HANDLER_SUCCESS;
}

/* Set accept filter SO_ACCEPTFILTER */
static hresult
filter_handler(struct servtab *sep, vlist values)
{
	/*
	 * See: SO_ACCEPTFILTER https://man.netbsd.org/setsockopt.2
	 * An accept filter can have one other argument.
	 * This code currently only supports one accept filter
	 * Also see parse_accept_filter(char* arg, struct servtab*sep)
	 */

	char *af_name, *af_arg;

	af_name = next_value(values);

	if (af_name == NULL) {
		TFA("filter");
		return KEY_HANDLER_FAILURE;
	}

	/* Store af_name in se_accf.af_name, no newstr call */
	strlcpy(sep->se_accf.af_name, af_name, sizeof(sep->se_accf.af_name));

	af_arg = next_value(values);

	if (af_arg != NULL) {
		strlcpy(sep->se_accf.af_arg, af_arg,
		    sizeof(sep->se_accf.af_arg));
		if (next_value(values) != NULL) {
			TMA("filter");
			return KEY_HANDLER_FAILURE;
		}
	} else {
		/* Store null string */
		sep->se_accf.af_arg[0] = '\0';
	}

	return KEY_HANDLER_SUCCESS;
}

/* Set protocol (udp, tcp, unix, etc.) */
static hresult
protocol_handler(struct servtab *sep, vlist values)
{
	char *val;

	if ((val = next_value(values)) == NULL) {
		TFA("protocol");
		return KEY_HANDLER_FAILURE;
	}

	if (sep->se_type == NORM_TYPE &&
	    strncmp(val, "faith/", strlen("faith/")) == 0) {
		val += strlen("faith/");
		sep->se_type = FAITH_TYPE;
	}
	sep->se_proto = newstr(val);

	if (parse_protocol(sep))
		return KEY_HANDLER_FAILURE;

	if ((val = next_value(values)) != NULL) {
		TMA("protocol");
		return KEY_HANDLER_FAILURE;
	}
	return KEY_HANDLER_SUCCESS;
}

/*
 * Convert a string number possible ending with k or m to an integer.
 * Based on MALFORMED, GETVAL, and ASSIGN in getconfigent(void).
 */
static int
size_to_bytes(char *arg)
{
	char *tail;
	int rstatus, count;

	count = (int)strtoi(arg, &tail, 10, 0, INT_MAX, &rstatus);

	if (rstatus != 0 && rstatus != ENOTSUP) {
		ERR("Invalid buffer size '%s': %s", arg, strerror(rstatus));
		return -1;
	}

	switch(tail[0]) {
	case 'm':
		if (__builtin_smul_overflow((int)count, 1024, &count)) {
			ERR("Invalid buffer size '%s': Result too large", arg);
			return -1;
		}
		/* FALLTHROUGH */
	case 'k':
		if (__builtin_smul_overflow((int)count, 1024, &count)) {
			ERR("Invalid buffer size '%s': Result too large", arg);
			return -1;
		}
		/* FALLTHROUGH */
	case '\0':
		return count;
	default:
		ERR("Invalid buffer size unit prefix");
		return -1;
	}
}

/* sndbuf size */
static hresult
send_buf_handler(struct servtab *sep, vlist values)
{
	char *arg;
	int buffer_size;

	if (ISMUX(sep)) {
		ERR("%s: can't specify buffer sizes for tcpmux services",
			sep->se_service);
		return KEY_HANDLER_FAILURE;
	}


	if ((arg = next_value(values)) == NULL) {
		TFA("sndbuf");
		return KEY_HANDLER_FAILURE;
	}

	buffer_size = size_to_bytes(arg);

	if (buffer_size == -1) {
		return KEY_HANDLER_FAILURE;
	}

	if ((arg = next_value(values)) != NULL) {
		TMA("sndbuf");
		return KEY_HANDLER_FAILURE;
	}

	sep->se_sndbuf = buffer_size;

	return KEY_HANDLER_SUCCESS;
}

/* recvbuf size */
static hresult
recv_buf_handler(struct servtab *sep, vlist values)
{
	char *arg;
	int buffer_size;

	if (ISMUX(sep)) {
		ERR("%s: Cannot specify buffer sizes for tcpmux services",
			sep->se_service);
		return KEY_HANDLER_FAILURE;
	}

	if ((arg = next_value(values)) == NULL){
		TFA("recvbuf");
		return KEY_HANDLER_FAILURE;
	}

	buffer_size = size_to_bytes(arg);

	if (buffer_size == -1) {
		return KEY_HANDLER_FAILURE;
	}

	if ((arg = next_value(values)) != NULL) {
		TMA("recvbuf");
		return KEY_HANDLER_FAILURE;
	}

	sep->se_rcvbuf = buffer_size;

	return KEY_HANDLER_SUCCESS;

}

/* Same as wait in positional */
static hresult
wait_handler(struct servtab *sep, vlist values)
{
	char *val;
	pid_t wait;

	/* If 'wait' is specified after internal exec */

	if (!is_internal(sep) && sep->se_wait != SERVTAB_UNSPEC_VAL) {
		/* Prevent duplicate wait keys */
		TMD("wait");
		return KEY_HANDLER_FAILURE;
	}

	val = next_value(values);

	if (val == NULL) {
		TFA("wait");
		return KEY_HANDLER_FAILURE;
	}

	if (strcmp(val, "yes") == 0) {
		wait = true;
	} else if (strcmp(val, "no") == 0) {
		wait = false;
	} else {
		ERR("Invalid value '%s' for wait. Valid: yes, no", val);
		return KEY_HANDLER_FAILURE;
	}

	if (is_internal(sep) && wait != sep->se_wait) {
		/* If wait was set for internal service check for correctness */
		WRN(WAIT_WRN, sep->se_service);
	} else if (parse_wait(sep, wait)) {
		return KEY_HANDLER_FAILURE;
	}

	if ((val = next_value(values)) != NULL) {
		TMA("wait");
		return KEY_HANDLER_FAILURE;
	}

	return KEY_HANDLER_SUCCESS;
}

/* Set max connections in interval rate-limit, same as max in positional */
static hresult
service_max_handler(struct servtab *sep, vlist values)
{
	char *count_str;
	int rstatus;

	if (sep->se_service_max != SERVTAB_UNSPEC_SIZE_T) {
		TMD("service_max");
		return KEY_HANDLER_FAILURE;
	}

	count_str = next_value(values);

	if (count_str == NULL) {
		TFA("service_max");
		return KEY_HANDLER_FAILURE;
	}

	size_t count = (size_t)strtou(count_str, NULL, 10, 0,
	    SERVTAB_COUNT_MAX, &rstatus);

	if (rstatus != 0) {
		ERR("Invalid service_max '%s': %s", count_str,
		    strerror(rstatus));
		return KEY_HANDLER_FAILURE;
	}

	if (next_value(values) != NULL) {
		TMA("service_max");
		return KEY_HANDLER_FAILURE;
	}

	sep->se_service_max = count;

	return KEY_HANDLER_SUCCESS;
}

static hresult
ip_max_handler(struct servtab *sep, vlist values)
{
	char *count_str;
	int rstatus;

	if (sep->se_ip_max != SERVTAB_UNSPEC_SIZE_T) {
		TMD("ip_max");
		return KEY_HANDLER_FAILURE;
	}

	count_str = next_value(values);

	if (count_str == NULL) {
		TFA("ip_max");
		return KEY_HANDLER_FAILURE;
	}

	size_t count = (size_t)strtou(count_str, NULL, 10, 0,
	    SERVTAB_COUNT_MAX, &rstatus);

	if (rstatus != 0) {
		ERR("Invalid ip_max '%s': %s", count_str, strerror(rstatus));
		return KEY_HANDLER_FAILURE;
	}

	if (next_value(values) != NULL) {
		TMA("ip_max");
		return KEY_HANDLER_FAILURE;
	}

	sep->se_ip_max = count;

	return KEY_HANDLER_SUCCESS;
}

/* Set user to execute as */
static hresult
user_handler(struct servtab *sep, vlist values)
{
	if (sep->se_user != NULL) {
		TMD("user");
		return KEY_HANDLER_FAILURE;
	}

	char *name = next_value(values);

	if (name == NULL) {
		TFA("user");
		return KEY_HANDLER_FAILURE;
	}

	sep->se_user = newstr(name);

	if (next_value(values) != NULL) {
		TMA("user");
		return KEY_HANDLER_FAILURE;
	}

	return KEY_HANDLER_SUCCESS;
}

/* Set group to execute as */
static hresult
group_handler(struct servtab *sep, vlist values)
{
	char *name = next_value(values);

	if (name == NULL) {
		TFA("group");
		return KEY_HANDLER_FAILURE;
	}

	sep->se_group = newstr(name);

	if (next_value(values) != NULL) {
		TMA("group");
		return KEY_HANDLER_FAILURE;
	}

	return KEY_HANDLER_SUCCESS;
}

/* Handle program path or "internal" */
static hresult
exec_handler(struct servtab *sep, vlist values)
{
	char *val;

	if ((val = next_value(values)) == NULL) {
		TFA("exec");
		return KEY_HANDLER_FAILURE;
	}

	pid_t wait_prev = sep->se_wait;
	if (parse_server(sep, val))
		return KEY_HANDLER_FAILURE;
	if (is_internal(sep) && wait_prev != SERVTAB_UNSPEC_VAL) {
		/*
		 * Warn if the user specifies a value for an internal which
		 * is different
		 */
		if (wait_prev != sep->se_wait) {
			WRN(WAIT_WRN, sep->se_service);
		}
	}

	if ((val = next_value(values)) != NULL) {
		TMA("exec");
		return KEY_HANDLER_FAILURE;
	}

	return KEY_HANDLER_SUCCESS;
}

/* Handle program arguments */
static hresult
args_handler(struct servtab *sep, vlist values)
{
	char *val;
	int argc;

	if (sep->se_argv[0] != NULL) {
		TMD("args");
		return KEY_HANDLER_FAILURE;
	}

	argc = 0;
	for (val = next_value(values); val != NULL; val = next_value(values)) {
		if (argc >= MAXARGV) {
			ERR("Must be fewer than " TOSTRING(MAXARGV)
			    " arguments");
			return KEY_HANDLER_FAILURE;
		}
		sep->se_argv[argc++] = newstr(val);
	}
	while (argc <= MAXARGV)
		sep->se_argv[argc++] = NULL;

	return KEY_HANDLER_SUCCESS;

}

#ifdef IPSEC
/*
 * ipsec_handler currently uses the ipsec.h utilities for parsing, requiring
 * all policies as a single value. This handler could potentially allow multiple
 * policies as separate values in the future, but strings would need to be
 * concatenated so the existing ipsec.h functions continue to work and policies
 * can continue to be stored in sep->policy.
 */
static hresult
ipsec_handler(struct servtab *sep, vlist values)
{
	if (sep->se_policy != NULL) {
		TMD("ipsec");
		return KEY_HANDLER_FAILURE;
	}

	char *ipsecstr = next_value(values);

	if (ipsecstr != NULL && ipsecsetup_test(ipsecstr) < 0) {
		ERR("IPsec policy '%s' is invalid", ipsecstr);
		return KEY_HANDLER_FAILURE;
	}

	/*
	 * Use 'ipsec=' with no argument to disable ipsec for this service
	 * An empty string indicates that IPsec was disabled, handled in
	 * fill_default_values.
	 */
	sep->se_policy = policy != NULL ? newstr(ipsecstr) : newstr("");

	if (next_value(values) != NULL) {
		TMA("ipsec");
		/* Currently only one semicolon separated string is allowed */
		return KEY_HANDLER_FAILURE;
	}

	return KEY_HANDLER_SUCCESS;
}
#endif