/* $OpenBSD: parse.y,v 1.71 2019/02/13 22:57:08 deraadt Exp $ */ /* * Copyright (c) 2013, 2015, 2016 Renato Westphal * Copyright (c) 2004, 2005, 2008 Esben Norby * Copyright (c) 2004 Ryan McBride * Copyright (c) 2002, 2003, 2004 Henning Brauer * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Daniel Hartmeier. All rights reserved. * Copyright (c) 2001 Theo de Raadt. All rights reserved. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ %{ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "ldpd.h" #include "ldpe.h" #include "lde.h" #include "log.h" struct file { TAILQ_ENTRY(file) entry; FILE *stream; char *name; size_t ungetpos; size_t ungetsize; u_char *ungetbuf; int eof_reached; int lineno; int errors; }; TAILQ_HEAD(files, file); struct sym { TAILQ_ENTRY(sym) entry; int used; int persist; char *nam; char *val; }; TAILQ_HEAD(symhead, sym); struct config_defaults { uint16_t keepalive; uint16_t lhello_holdtime; uint16_t lhello_interval; uint16_t thello_holdtime; uint16_t thello_interval; union ldpd_addr trans_addr; int afflags; uint8_t pwflags; }; typedef struct { union { int64_t number; char *string; struct in_addr routerid; struct ldp_auth *auth; } v; int lineno; } YYSTYPE; static int yyerror(const char *, ...) __attribute__((__format__ (printf, 1, 2))) __attribute__((__nonnull__ (1))); static int kw_cmp(const void *, const void *); static int lookup(char *); static int igetc(void); static int lgetc(int); void lungetc(int); static int findeol(void); static int yylex(void); static int check_file_secrecy(int, const char *); static struct file *pushfile(const char *, int); static int popfile(void); static int yyparse(void); static int symset(const char *, const char *, int); static char *symget(const char *); static struct iface *conf_get_if(struct kif *); static struct tnbr *conf_get_tnbr(union ldpd_addr *); static struct nbr_params *conf_get_nbrp(struct in_addr); static struct l2vpn *conf_get_l2vpn(char *); static struct l2vpn_if *conf_get_l2vpn_if(struct l2vpn *, struct kif *); static struct l2vpn_pw *conf_get_l2vpn_pw(struct l2vpn *, struct kif *); int conf_check_rdomain(unsigned int); static void clear_config(struct ldpd_conf *xconf); static uint32_t get_rtr_id(void); static int get_address(const char *, union ldpd_addr *); static int get_af_address(const char *, int *, union ldpd_addr *); static int str2key(char *, const char *, int); static struct file *file, *topfile; static struct files files = TAILQ_HEAD_INITIALIZER(files); static struct symhead symhead = TAILQ_HEAD_INITIALIZER(symhead); static struct ldpd_conf *conf; static int errors; static int af; static struct ldpd_af_conf *af_conf; static struct iface *iface; static struct iface_af *ia; static struct tnbr *tnbr; static struct nbr_params *nbrp; static struct l2vpn *l2vpn; static struct l2vpn_pw *pw; static struct config_defaults globaldefs; static struct config_defaults afdefs; static struct config_defaults ifacedefs; static struct config_defaults tnbrdefs; static struct config_defaults pwdefs; static struct config_defaults *defs; %} %token INTERFACE TNEIGHBOR ROUTERID FIBUPDATE RDOMAIN EXPNULL %token LHELLOHOLDTIME LHELLOINTERVAL %token THELLOHOLDTIME THELLOINTERVAL %token THELLOACCEPT AF IPV4 IPV6 INET INET6 GTSMENABLE GTSMHOPS %token KEEPALIVE TRANSADDRESS TRANSPREFERENCE DSCISCOINTEROP %token NEIGHBOR %token TCP MD5SIG PASSWORD KEY %token L2VPN TYPE VPLS PWTYPE MTU BRIDGE %token ETHERNET ETHERNETTAGGED STATUSTLV CONTROLWORD %token PSEUDOWIRE NEIGHBORID NEIGHBORADDR PWID %token EXTTAG %token YES NO %token INCLUDE %token ERROR %token STRING %token NUMBER %type yesno ldp_af l2vpn_type pw_type %type string %type routerid %type auth tcpmd5 optnbrprefix %% grammar : /* empty */ | grammar include '\n' | grammar '\n' | grammar conf_main '\n' | grammar varset '\n' | grammar af '\n' | grammar neighbor '\n' | grammar l2vpn '\n' | grammar error '\n' { file->errors++; } ; include : INCLUDE STRING { struct file *nfile; if ((nfile = pushfile($2, !(global.cmd_opts & LDPD_OPT_NOACTION))) == NULL) { yyerror("failed to include file %s", $2); free($2); YYERROR; } free($2); file = nfile; lungetc('\n'); } ; string : string STRING { if (asprintf(&$$, "%s %s", $1, $2) == -1) { free($1); free($2); yyerror("string: asprintf"); YYERROR; } free($1); free($2); } | STRING ; routerid : STRING { if (!inet_aton($1, &$$)) { yyerror("%s: error parsing router id", $1); free($1); YYERROR; } if (bad_addr_v4($$)) { yyerror("%s: invalid router id", $1); free($1); YYERROR; } free($1); break; } ; yesno : YES { $$ = 1; } | NO { $$ = 0; } ; ldp_af : IPV4 { $$ = AF_INET; } | IPV6 { $$ = AF_INET6; } ; l2vpn_type : VPLS { $$ = L2VPN_TYPE_VPLS; } ; pw_type : ETHERNET { $$ = PW_TYPE_ETHERNET; } | ETHERNETTAGGED { $$ = PW_TYPE_ETHERNET_TAGGED; } ; varset : STRING '=' string { char *s = $1; if (global.cmd_opts & LDPD_OPT_VERBOSE) printf("%s = \"%s\"\n", $1, $3); while (*s++) { if (isspace((unsigned char)*s)) { yyerror("macro name cannot contain " "whitespace"); free($1); free($3); YYERROR; } } if (symset($1, $3, 0) == -1) fatal("cannot store variable"); free($1); free($3); } ; conf_main : ROUTERID routerid { conf->rtr_id = $2; } | FIBUPDATE yesno { if ($2 == 0) conf->flags |= F_LDPD_NO_FIB_UPDATE; else conf->flags &= ~F_LDPD_NO_FIB_UPDATE; } | RDOMAIN NUMBER { if ($2 < 0 || $2 > RT_TABLEID_MAX) { yyerror("invalid rdomain"); YYERROR; } conf->rdomain = $2; } | TRANSPREFERENCE ldp_af { conf->trans_pref = $2; switch (conf->trans_pref) { case AF_INET: conf->trans_pref = DUAL_STACK_LDPOV4; break; case AF_INET6: conf->trans_pref = DUAL_STACK_LDPOV6; break; default: yyerror("invalid address-family"); YYERROR; } } | DSCISCOINTEROP yesno { if ($2 == 1) conf->flags |= F_LDPD_DS_CISCO_INTEROP; else conf->flags &= ~F_LDPD_DS_CISCO_INTEROP; } | auth { LIST_INSERT_HEAD(&conf->auth_list, $1, entry); } | af_defaults | iface_defaults | tnbr_defaults ; af : AF ldp_af { af = $2; switch (af) { case AF_INET: af_conf = &conf->ipv4; break; case AF_INET6: af_conf = &conf->ipv6; break; default: yyerror("invalid address-family"); YYERROR; } afdefs = *defs; defs = &afdefs; } af_block { af_conf->keepalive = defs->keepalive; af_conf->thello_holdtime = defs->thello_holdtime; af_conf->thello_interval = defs->thello_interval; af_conf->flags = defs->afflags; af_conf->flags |= F_LDPD_AF_ENABLED; af_conf = NULL; af = AF_UNSPEC; defs = &globaldefs; } ; af_block : '{' optnl afopts_l '}' | '{' optnl '}' | ; afopts_l : afopts_l afoptsl nl | afoptsl optnl ; afoptsl : TRANSADDRESS STRING { if (get_address($2, &af_conf->trans_addr) == -1) { yyerror("error parsing transport-address"); free($2); YYERROR; } free($2); if (bad_addr(af, &af_conf->trans_addr)) { yyerror("invalid transport-address"); YYERROR; } if (af == AF_INET6 && IN6_IS_SCOPE_EMBED(&af_conf->trans_addr.v6)) { yyerror("ipv6 transport-address can not be " "link-local"); YYERROR; } } | GTSMENABLE yesno { if ($2 == 0) defs->afflags |= F_LDPD_AF_NO_GTSM; } | af_defaults | iface_defaults | tnbr_defaults | interface | tneighbor ; af_defaults : THELLOACCEPT yesno { if ($2 == 0) defs->afflags &= ~F_LDPD_AF_THELLO_ACCEPT; else defs->afflags |= F_LDPD_AF_THELLO_ACCEPT; } | EXPNULL yesno { if ($2 == 0) defs->afflags &= ~F_LDPD_AF_EXPNULL; else defs->afflags |= F_LDPD_AF_EXPNULL; } | KEEPALIVE NUMBER { if ($2 < MIN_KEEPALIVE || $2 > MAX_KEEPALIVE) { yyerror("keepalive out of range (%d-%d)", MIN_KEEPALIVE, MAX_KEEPALIVE); YYERROR; } defs->keepalive = $2; } ; iface_defaults : LHELLOHOLDTIME NUMBER { if ($2 < MIN_HOLDTIME || $2 > MAX_HOLDTIME) { yyerror("hello-holdtime out of range (%d-%d)", MIN_HOLDTIME, MAX_HOLDTIME); YYERROR; } defs->lhello_holdtime = $2; } | LHELLOINTERVAL NUMBER { if ($2 < MIN_HELLO_INTERVAL || $2 > MAX_HELLO_INTERVAL) { yyerror("hello-interval out of range (%d-%d)", MIN_HELLO_INTERVAL, MAX_HELLO_INTERVAL); YYERROR; } defs->lhello_interval = $2; } ; tnbr_defaults : THELLOHOLDTIME NUMBER { if ($2 < MIN_HOLDTIME || $2 > MAX_HOLDTIME) { yyerror("hello-holdtime out of range (%d-%d)", MIN_HOLDTIME, MAX_HOLDTIME); YYERROR; } defs->thello_holdtime = $2; } | THELLOINTERVAL NUMBER { if ($2 < MIN_HELLO_INTERVAL || $2 > MAX_HELLO_INTERVAL) { yyerror("hello-interval out of range (%d-%d)", MIN_HELLO_INTERVAL, MAX_HELLO_INTERVAL); YYERROR; } defs->thello_interval = $2; } ; tcpmd5 : TCP MD5SIG PASSWORD STRING { size_t len; $$ = calloc(1, sizeof(*$$)); if ($$ == NULL) { free($4); yyerror("unable to allocate md5 key"); YYERROR; } len = strlen($4); if (len > sizeof($$->md5key)) { free($$); free($4); yyerror("tcp md5sig password too long: " "max %zu", sizeof($$->md5key)); YYERROR; } memcpy($$->md5key, $4, len); $$->md5key_len = len; free($4); } | TCP MD5SIG KEY STRING { int len; $$ = calloc(1, sizeof(*$$)); if ($$ == NULL) { free($4); yyerror("unable to allocate md5 key"); YYERROR; } len = str2key($$->md5key, $4, sizeof($$->md5key)); if (len == -1) { free($$); free($4); yyerror("invalid hex string"); YYERROR; } if ((size_t)len > sizeof($$->md5key_len)) { free($$); free($4); yyerror("tcp md5sig key too long: %d " "max %zu", len, sizeof($$->md5key)); YYERROR; } $$->md5key_len = len; free($4); } | NO TCP MD5SIG { $$ = calloc(1, sizeof(*$$)); if ($$ == NULL) { yyerror("unable to allocate no md5 key"); YYERROR; } $$->md5key_len = 0; } ; optnbrprefix : STRING { $$ = calloc(1, sizeof(*$$)); if ($$ == NULL) { yyerror("unable to allocate auth"); free($1); YYERROR; } $$->idlen = inet_net_pton(AF_INET, $1, &$$->id, sizeof($$->id)); if ($$->idlen == -1) { yyerror("%s: %s", $1, strerror(errno)); free($1); YYERROR; } } | /* empty */ { $$ = NULL; } ; auth : tcpmd5 optnbrprefix { $$ = $1; if ($2 != NULL) { $$->id = $2->id; $$->idlen = $2->idlen; free($2); } else { $$->id.s_addr = 0; $$->idlen = 0; } } ; nbr_opts : KEEPALIVE NUMBER { if ($2 < MIN_KEEPALIVE || $2 > MAX_KEEPALIVE) { yyerror("keepalive out of range (%d-%d)", MIN_KEEPALIVE, MAX_KEEPALIVE); YYERROR; } nbrp->keepalive = $2; nbrp->flags |= F_NBRP_KEEPALIVE; } | tcpmd5 { /* this is syntactic sugar... */ $1->id = nbrp->lsr_id; $1->idlen = 32; LIST_INSERT_HEAD(&conf->auth_list, $1, entry); } | GTSMENABLE yesno { nbrp->flags |= F_NBRP_GTSM; nbrp->gtsm_enabled = $2; } | GTSMHOPS NUMBER { if ($2 < 1 || $2 > 255) { yyerror("invalid number of hops %lld", $2); YYERROR; } nbrp->gtsm_hops = $2; nbrp->flags |= F_NBRP_GTSM_HOPS; } ; pw_defaults : STATUSTLV yesno { if ($2 == 1) defs->pwflags |= F_PW_STATUSTLV_CONF; else defs->pwflags &= ~F_PW_STATUSTLV_CONF; } | CONTROLWORD yesno { if ($2 == 1) defs->pwflags |= F_PW_CWORD_CONF; else defs->pwflags &= ~F_PW_CWORD_CONF; } ; pwopts : PWID NUMBER { if ($2 < MIN_PWID_ID || $2 > MAX_PWID_ID) { yyerror("pw-id out of range (%d-%d)", MIN_PWID_ID, MAX_PWID_ID); YYERROR; } pw->pwid = $2; } | NEIGHBORID routerid { pw->lsr_id = $2; } | NEIGHBORADDR STRING { int family; union ldpd_addr addr; if (get_af_address($2, &family, &addr) == -1) { yyerror("error parsing neighbor address"); free($2); YYERROR; } free($2); if (bad_addr(family, &addr)) { yyerror("invalid neighbor address"); YYERROR; } if (family == AF_INET6 && IN6_IS_SCOPE_EMBED(&addr.v6)) { yyerror("neighbor address can not be " "link-local"); YYERROR; } pw->af = family; pw->addr = addr; } | pw_defaults ; pseudowire : PSEUDOWIRE STRING { struct kif *kif; if ((kif = kif_findname($2)) == NULL) { yyerror("unknown interface %s", $2); free($2); YYERROR; } free($2); if (kif->if_type != IFT_MPLSTUNNEL && kmpw_find(kif->ifname) == -1) { yyerror("unsupported interface type on " "interface %s", kif->ifname); YYERROR; } pw = conf_get_l2vpn_pw(l2vpn, kif); if (pw == NULL) YYERROR; pwdefs = *defs; defs = &pwdefs; } pw_block { struct l2vpn *l; struct l2vpn_pw *p; /* check for errors */ if (pw->pwid == 0) { yyerror("missing pseudowire id"); YYERROR; } if (pw->lsr_id.s_addr == INADDR_ANY) { yyerror("missing pseudowire neighbor-id"); YYERROR; } LIST_FOREACH(l, &conf->l2vpn_list, entry) { LIST_FOREACH(p, &l->pw_list, entry) { if (pw != p && pw->pwid == p->pwid && pw->af == p->af && pw->lsr_id.s_addr == p->lsr_id.s_addr) { yyerror("pseudowire already " "configured"); YYERROR; } } } /* * If the neighbor address is not specified, use the * neighbor id. */ if (pw->af == AF_UNSPEC) { pw->af = AF_INET; pw->addr.v4 = pw->lsr_id; } pw->flags = defs->pwflags; pw = NULL; defs = &globaldefs; } ; pw_block : '{' optnl pwopts_l '}' | '{' optnl '}' | /* nothing */ ; pwopts_l : pwopts_l pwopts nl | pwopts optnl ; l2vpnopts : PWTYPE pw_type { l2vpn->pw_type = $2; } | MTU NUMBER { if ($2 < MIN_L2VPN_MTU || $2 > MAX_L2VPN_MTU) { yyerror("l2vpn mtu out of range (%d-%d)", MIN_L2VPN_MTU, MAX_L2VPN_MTU); YYERROR; } l2vpn->mtu = $2; } | pw_defaults | BRIDGE STRING { struct l2vpn *l; struct kif *kif; if ((kif = kif_findname($2)) == NULL) { yyerror("unknown interface %s", $2); free($2); YYERROR; } free($2); if (l2vpn->br_ifindex != 0) { yyerror("bridge interface cannot be " "redefined on l2vpn %s", l2vpn->name); YYERROR; } if (kif->if_type != IFT_BRIDGE) { yyerror("unsupported interface type on " "interface %s", kif->ifname); YYERROR; } LIST_FOREACH(l, &conf->l2vpn_list, entry) { if (l->br_ifindex == kif->ifindex) { yyerror("bridge %s is already being " "used by l2vpn %s", kif->ifname, l->name); YYERROR; } } l2vpn->br_ifindex = kif->ifindex; strlcpy(l2vpn->br_ifname, kif->ifname, sizeof(l2vpn->br_ifname)); } | INTERFACE STRING { struct kif *kif; struct l2vpn_if *lif; if ((kif = kif_findname($2)) == NULL) { yyerror("unknown interface %s", $2); free($2); YYERROR; } free($2); lif = conf_get_l2vpn_if(l2vpn, kif); if (lif == NULL) YYERROR; } | pseudowire ; optnl : '\n' optnl | ; nl : '\n' optnl /* one newline or more */ ; interface : INTERFACE STRING { struct kif *kif; if ((kif = kif_findname($2)) == NULL) { yyerror("unknown interface %s", $2); free($2); YYERROR; } free($2); iface = conf_get_if(kif); if (iface == NULL) YYERROR; ia = iface_af_get(iface, af); if (ia->enabled) { yyerror("interface %s already configured for " "address-family %s", kif->ifname, af_name(af)); YYERROR; } ia->enabled = 1; ifacedefs = *defs; defs = &ifacedefs; } interface_block { ia->hello_holdtime = defs->lhello_holdtime; ia->hello_interval = defs->lhello_interval; iface = NULL; defs = &afdefs; } ; interface_block : '{' optnl interfaceopts_l '}' | '{' optnl '}' | /* nothing */ ; interfaceopts_l : interfaceopts_l iface_defaults nl | iface_defaults optnl ; tneighbor : TNEIGHBOR STRING { union ldpd_addr addr; if (get_address($2, &addr) == -1) { yyerror("error parsing targeted-neighbor " "address"); free($2); YYERROR; } free($2); if (bad_addr(af, &addr)) { yyerror("invalid targeted-neighbor address"); YYERROR; } if (af == AF_INET6 && IN6_IS_SCOPE_EMBED(&addr.v6)) { yyerror("targeted-neighbor address can not be " "link-local"); YYERROR; } tnbr = conf_get_tnbr(&addr); if (tnbr == NULL) YYERROR; tnbrdefs = *defs; defs = &tnbrdefs; } tneighbor_block { tnbr->hello_holdtime = defs->thello_holdtime; tnbr->hello_interval = defs->thello_interval; tnbr = NULL; defs = &afdefs; } ; tneighbor_block : '{' optnl tneighboropts_l '}' | '{' optnl '}' | /* nothing */ ; tneighboropts_l : tneighboropts_l tnbr_defaults nl | tnbr_defaults optnl ; neighbor : NEIGHBOR routerid { nbrp = conf_get_nbrp($2); if (nbrp == NULL) YYERROR; } neighbor_block { nbrp = NULL; } ; neighbor_block : '{' optnl neighboropts_l '}' | '{' optnl '}' | /* nothing */ ; neighboropts_l : neighboropts_l nbr_opts nl | nbr_opts optnl ; l2vpn : L2VPN STRING TYPE l2vpn_type { l2vpn = conf_get_l2vpn($2); if (l2vpn == NULL) YYERROR; l2vpn->type = $4; } l2vpn_block { l2vpn = NULL; } ; l2vpn_block : '{' optnl l2vpnopts_l '}' | '{' optnl '}' | /* nothing */ ; l2vpnopts_l : l2vpnopts_l l2vpnopts nl | l2vpnopts optnl ; %% struct keywords { const char *k_name; int k_val; }; static int yyerror(const char *fmt, ...) { va_list ap; char *msg; file->errors++; va_start(ap, fmt); if (vasprintf(&msg, fmt, ap) == -1) fatalx("yyerror vasprintf"); va_end(ap); logit(LOG_CRIT, "%s:%d: %s", file->name, yylval.lineno, msg); free(msg); return (0); } static int kw_cmp(const void *k, const void *e) { return (strcmp(k, ((const struct keywords *)e)->k_name)); } static int lookup(char *s) { /* this has to be sorted always */ static const struct keywords keywords[] = { {"address-family", AF}, {"bridge", BRIDGE}, {"control-word", CONTROLWORD}, {"ds-cisco-interop", DSCISCOINTEROP}, {"ethernet", ETHERNET}, {"ethernet-tagged", ETHERNETTAGGED}, {"explicit-null", EXPNULL}, {"fib-update", FIBUPDATE}, {"gtsm-enable", GTSMENABLE}, {"gtsm-hops", GTSMHOPS}, {"include", INCLUDE}, {"inet", INET}, {"inet6", INET6}, {"interface", INTERFACE}, {"ipv4", IPV4}, {"ipv6", IPV6}, {"keepalive", KEEPALIVE}, {"key", KEY}, {"l2vpn", L2VPN}, {"link-hello-holdtime", LHELLOHOLDTIME}, {"link-hello-interval", LHELLOINTERVAL}, {"md5sig", MD5SIG}, {"mtu", MTU}, {"neighbor", NEIGHBOR}, {"neighbor-addr", NEIGHBORADDR}, {"neighbor-id", NEIGHBORID}, {"no", NO}, {"password", PASSWORD}, {"pseudowire", PSEUDOWIRE}, {"pw-id", PWID}, {"pw-type", PWTYPE}, {"rdomain", RDOMAIN}, {"router-id", ROUTERID}, {"status-tlv", STATUSTLV}, {"targeted-hello-accept", THELLOACCEPT}, {"targeted-hello-holdtime", THELLOHOLDTIME}, {"targeted-hello-interval", THELLOINTERVAL}, {"targeted-neighbor", TNEIGHBOR}, {"tcp", TCP}, {"transport-address", TRANSADDRESS}, {"transport-preference", TRANSPREFERENCE}, {"type", TYPE}, {"vpls", VPLS}, {"yes", YES} }; const struct keywords *p; p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]), sizeof(keywords[0]), kw_cmp); if (p) return (p->k_val); else return (STRING); } #define START_EXPAND 1 #define DONE_EXPAND 2 static int expanding; int igetc(void) { int c; while (1) { if (file->ungetpos > 0) c = file->ungetbuf[--file->ungetpos]; else c = getc(file->stream); if (c == START_EXPAND) expanding = 1; else if (c == DONE_EXPAND) expanding = 0; else break; } return (c); } static int lgetc(int quotec) { int c, next; if (quotec) { if ((c = igetc()) == EOF) { yyerror("reached end of file while parsing " "quoted string"); if (file == topfile || popfile() == EOF) return (EOF); return (quotec); } return (c); } while ((c = igetc()) == '\\') { next = igetc(); if (next != '\n') { c = next; break; } yylval.lineno = file->lineno; file->lineno++; } if (c == EOF) { /* * Fake EOL when hit EOF for the first time. This gets line * count right if last line in included file is syntactically * invalid and has no newline. */ if (file->eof_reached == 0) { file->eof_reached = 1; return ('\n'); } while (c == EOF) { if (file == topfile || popfile() == EOF) return (EOF); c = igetc(); } } return (c); } void lungetc(int c) { if (c == EOF) return; if (file->ungetpos >= file->ungetsize) { void *p = reallocarray(file->ungetbuf, file->ungetsize, 2); if (p == NULL) err(1, "%s", __func__); file->ungetbuf = p; file->ungetsize *= 2; } file->ungetbuf[file->ungetpos++] = c; } static int findeol(void) { int c; /* skip to either EOF or the first real EOL */ while (1) { c = lgetc(0); if (c == '\n') { file->lineno++; break; } if (c == EOF) break; } return (ERROR); } static int yylex(void) { unsigned char buf[8096]; unsigned char *p, *val; int quotec, next, c; int token; top: p = buf; while ((c = lgetc(0)) == ' ' || c == '\t') ; /* nothing */ yylval.lineno = file->lineno; if (c == '#') while ((c = lgetc(0)) != '\n' && c != EOF) ; /* nothing */ if (c == '$' && !expanding) { while (1) { if ((c = lgetc(0)) == EOF) return (0); if (p + 1 >= buf + sizeof(buf) - 1) { yyerror("string too long"); return (findeol()); } if (isalnum(c) || c == '_') { *p++ = c; continue; } *p = '\0'; lungetc(c); break; } val = symget(buf); if (val == NULL) { yyerror("macro '%s' not defined", buf); return (findeol()); } p = val + strlen(val) - 1; lungetc(DONE_EXPAND); while (p >= val) { lungetc(*p); p--; } lungetc(START_EXPAND); goto top; } switch (c) { case '\'': case '"': quotec = c; while (1) { if ((c = lgetc(quotec)) == EOF) return (0); if (c == '\n') { file->lineno++; continue; } else if (c == '\\') { if ((next = lgetc(quotec)) == EOF) return (0); if (next == quotec || next == ' ' || next == '\t') c = next; else if (next == '\n') { file->lineno++; continue; } else lungetc(next); } else if (c == quotec) { *p = '\0'; break; } else if (c == '\0') { yyerror("syntax error"); return (findeol()); } if (p + 1 >= buf + sizeof(buf) - 1) { yyerror("string too long"); return (findeol()); } *p++ = c; } yylval.v.string = strdup(buf); if (yylval.v.string == NULL) err(1, "%s", __func__); return (STRING); } #define allowed_to_end_number(x) \ (isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' || x == '=') if (c == '-' || isdigit(c)) { do { *p++ = c; if ((size_t)(p-buf) >= sizeof(buf)) { yyerror("string too long"); return (findeol()); } } while ((c = lgetc(0)) != EOF && isdigit(c)); lungetc(c); if (p == buf + 1 && buf[0] == '-') goto nodigits; if (c == EOF || allowed_to_end_number(c)) { const char *errstr = NULL; *p = '\0'; yylval.v.number = strtonum(buf, LLONG_MIN, LLONG_MAX, &errstr); if (errstr) { yyerror("\"%s\" invalid number: %s", buf, errstr); return (findeol()); } return (NUMBER); } else { nodigits: while (p > buf + 1) lungetc(*--p); c = *--p; if (c == '-') return (c); } } #define allowed_in_string(x) \ (isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \ x != '{' && x != '}' && \ x != '!' && x != '=' && x != '#' && \ x != ',')) if (isalnum(c) || c == ':' || c == '_') { do { *p++ = c; if ((size_t)(p-buf) >= sizeof(buf)) { yyerror("string too long"); return (findeol()); } } while ((c = lgetc(0)) != EOF && (allowed_in_string(c))); lungetc(c); *p = '\0'; if ((token = lookup(buf)) == STRING) if ((yylval.v.string = strdup(buf)) == NULL) err(1, "%s", __func__); return (token); } if (c == '\n') { yylval.lineno = file->lineno; file->lineno++; } if (c == EOF) return (0); return (c); } static int check_file_secrecy(int fd, const char *fname) { struct stat st; if (fstat(fd, &st)) { log_warn("cannot stat %s", fname); return (-1); } if (st.st_uid != 0 && st.st_uid != getuid()) { log_warnx("%s: owner not root or current user", fname); return (-1); } if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) { log_warnx("%s: group writable or world read/writable", fname); return (-1); } return (0); } static struct file * pushfile(const char *name, int secret) { struct file *nfile; if ((nfile = calloc(1, sizeof(struct file))) == NULL) { log_warn("%s", __func__); return (NULL); } if ((nfile->name = strdup(name)) == NULL) { log_warn("%s", __func__); free(nfile); return (NULL); } if ((nfile->stream = fopen(nfile->name, "r")) == NULL) { log_warn("%s: %s", __func__, nfile->name); free(nfile->name); free(nfile); return (NULL); } else if (secret && check_file_secrecy(fileno(nfile->stream), nfile->name)) { fclose(nfile->stream); free(nfile->name); free(nfile); return (NULL); } nfile->lineno = TAILQ_EMPTY(&files) ? 1 : 0; nfile->ungetsize = 16; nfile->ungetbuf = malloc(nfile->ungetsize); if (nfile->ungetbuf == NULL) { log_warn("%s", __func__); fclose(nfile->stream); free(nfile->name); free(nfile); return (NULL); } TAILQ_INSERT_TAIL(&files, nfile, entry); return (nfile); } static int popfile(void) { struct file *prev; if ((prev = TAILQ_PREV(file, files, entry)) != NULL) prev->errors += file->errors; TAILQ_REMOVE(&files, file, entry); fclose(file->stream); free(file->name); free(file->ungetbuf); free(file); file = prev; return (file ? 0 : EOF); } struct ldpd_conf * parse_config(char *filename) { struct sym *sym, *next; conf = config_new_empty(); conf->rdomain = 0; conf->trans_pref = DUAL_STACK_LDPOV6; defs = &globaldefs; defs->keepalive = DEFAULT_KEEPALIVE; defs->lhello_holdtime = LINK_DFLT_HOLDTIME; defs->lhello_interval = DEFAULT_HELLO_INTERVAL; defs->thello_holdtime = TARGETED_DFLT_HOLDTIME; defs->thello_interval = DEFAULT_HELLO_INTERVAL; defs->pwflags = F_PW_STATUSTLV_CONF|F_PW_CWORD_CONF; if ((file = pushfile(filename, !(global.cmd_opts & LDPD_OPT_NOACTION))) == NULL) { free(conf); return (NULL); } topfile = file; yyparse(); errors = file->errors; popfile(); /* Free macros and check which have not been used. */ TAILQ_FOREACH_SAFE(sym, &symhead, entry, next) { if ((global.cmd_opts & LDPD_OPT_VERBOSE2) && !sym->used) fprintf(stderr, "warning: macro '%s' not " "used\n", sym->nam); if (!sym->persist) { free(sym->nam); free(sym->val); TAILQ_REMOVE(&symhead, sym, entry); free(sym); } } /* check that all interfaces belong to the configured rdomain */ errors += conf_check_rdomain(conf->rdomain); /* free global config defaults */ if (errors) { clear_config(conf); return (NULL); } if (conf->rtr_id.s_addr == INADDR_ANY) conf->rtr_id.s_addr = get_rtr_id(); /* if the ipv4 transport-address is not set, use the router-id */ if ((conf->ipv4.flags & F_LDPD_AF_ENABLED) && conf->ipv4.trans_addr.v4.s_addr == INADDR_ANY) conf->ipv4.trans_addr.v4 = conf->rtr_id; return (conf); } static int symset(const char *nam, const char *val, int persist) { struct sym *sym; TAILQ_FOREACH(sym, &symhead, entry) { if (strcmp(nam, sym->nam) == 0) break; } if (sym != NULL) { if (sym->persist == 1) return (0); else { free(sym->nam); free(sym->val); TAILQ_REMOVE(&symhead, sym, entry); free(sym); } } if ((sym = calloc(1, sizeof(*sym))) == NULL) return (-1); sym->nam = strdup(nam); if (sym->nam == NULL) { free(sym); return (-1); } sym->val = strdup(val); if (sym->val == NULL) { free(sym->nam); free(sym); return (-1); } sym->used = 0; sym->persist = persist; TAILQ_INSERT_TAIL(&symhead, sym, entry); return (0); } int cmdline_symset(char *s) { char *sym, *val; int ret; if ((val = strrchr(s, '=')) == NULL) return (-1); sym = strndup(s, val - s); if (sym == NULL) errx(1, "%s: strndup", __func__); ret = symset(sym, val + 1, 1); free(sym); return (ret); } static char * symget(const char *nam) { struct sym *sym; TAILQ_FOREACH(sym, &symhead, entry) { if (strcmp(nam, sym->nam) == 0) { sym->used = 1; return (sym->val); } } return (NULL); } static struct iface * conf_get_if(struct kif *kif) { struct iface *i; struct l2vpn *l; if (kif->if_type == IFT_LOOP || kif->if_type == IFT_CARP || kif->if_type == IFT_BRIDGE || kif->if_type == IFT_MPLSTUNNEL) { yyerror("unsupported interface type on interface %s", kif->ifname); return (NULL); } LIST_FOREACH(l, &conf->l2vpn_list, entry) if (l2vpn_if_find(l, kif->ifindex)) { yyerror("interface %s already configured under " "l2vpn %s", kif->ifname, l->name); return (NULL); } LIST_FOREACH(i, &conf->iface_list, entry) if (i->ifindex == kif->ifindex) return (i); i = if_new(kif); LIST_INSERT_HEAD(&conf->iface_list, i, entry); return (i); } static struct tnbr * conf_get_tnbr(union ldpd_addr *addr) { struct tnbr *t; t = tnbr_find(conf, af, addr); if (t) { yyerror("targeted neighbor %s already configured", log_addr(af, addr)); return (NULL); } t = tnbr_new(conf, af, addr); t->flags |= F_TNBR_CONFIGURED; LIST_INSERT_HEAD(&conf->tnbr_list, t, entry); return (t); } static struct nbr_params * conf_get_nbrp(struct in_addr lsr_id) { struct nbr_params *n; LIST_FOREACH(n, &conf->nbrp_list, entry) { if (n->lsr_id.s_addr == lsr_id.s_addr) { yyerror("neighbor %s already configured", inet_ntoa(lsr_id)); return (NULL); } } n = nbr_params_new(lsr_id); LIST_INSERT_HEAD(&conf->nbrp_list, n, entry); return (n); } static struct l2vpn * conf_get_l2vpn(char *name) { struct l2vpn *l; if (l2vpn_find(conf, name)) { yyerror("l2vpn %s already configured", name); return (NULL); } l = l2vpn_new(name); LIST_INSERT_HEAD(&conf->l2vpn_list, l, entry); return (l); } static struct l2vpn_if * conf_get_l2vpn_if(struct l2vpn *l, struct kif *kif) { struct iface *i; struct l2vpn *ltmp; struct l2vpn_if *f; if (kif->if_type == IFT_LOOP || kif->if_type == IFT_CARP || kif->if_type == IFT_BRIDGE || kif->if_type == IFT_MPLSTUNNEL) { yyerror("unsupported interface type on interface %s", kif->ifname); return (NULL); } LIST_FOREACH(ltmp, &conf->l2vpn_list, entry) if (l2vpn_if_find(ltmp, kif->ifindex)) { yyerror("interface %s already configured under " "l2vpn %s", kif->ifname, ltmp->name); return (NULL); } LIST_FOREACH(i, &conf->iface_list, entry) { if (i->ifindex == kif->ifindex) { yyerror("interface %s already configured", kif->ifname); return (NULL); } } f = l2vpn_if_new(l, kif); LIST_INSERT_HEAD(&l2vpn->if_list, f, entry); return (f); } static struct l2vpn_pw * conf_get_l2vpn_pw(struct l2vpn *l, struct kif *kif) { struct l2vpn *ltmp; struct l2vpn_pw *p; LIST_FOREACH(ltmp, &conf->l2vpn_list, entry) { if (l2vpn_pw_find(ltmp, kif->ifindex)) { yyerror("pseudowire %s is already being " "used by l2vpn %s", kif->ifname, ltmp->name); return (NULL); } } p = l2vpn_pw_new(l, kif); LIST_INSERT_HEAD(&l2vpn->pw_list, p, entry); return (p); } int conf_check_rdomain(unsigned int rdomain) { struct iface *i; int errs = 0; LIST_FOREACH(i, &conf->iface_list, entry) { if (i->rdomain != rdomain) { logit(LOG_CRIT, "interface %s not in rdomain %u", i->name, rdomain); errs++; } } return (errs); } static void clear_config(struct ldpd_conf *xconf) { struct iface *i; struct tnbr *t; struct nbr_params *n; struct l2vpn *l; struct l2vpn_if *f; struct l2vpn_pw *p; while ((i = LIST_FIRST(&xconf->iface_list)) != NULL) { LIST_REMOVE(i, entry); free(i); } while ((t = LIST_FIRST(&xconf->tnbr_list)) != NULL) { LIST_REMOVE(t, entry); free(t); } while ((n = LIST_FIRST(&xconf->nbrp_list)) != NULL) { LIST_REMOVE(n, entry); free(n); } while ((l = LIST_FIRST(&xconf->l2vpn_list)) != NULL) { while ((f = LIST_FIRST(&l->if_list)) != NULL) { LIST_REMOVE(f, entry); free(f); } while ((p = LIST_FIRST(&l->pw_list)) != NULL) { LIST_REMOVE(p, entry); free(p); } LIST_REMOVE(l, entry); free(l); } free(xconf); } static uint32_t get_rtr_id(void) { struct ifaddrs *ifap, *ifa; uint32_t ip = 0, cur, localnet; localnet = htonl(INADDR_LOOPBACK & IN_CLASSA_NET); if (getifaddrs(&ifap) == -1) { log_warn("getifaddrs"); return (0); } for (ifa = ifap; ifa; ifa = ifa->ifa_next) { if (strncmp(ifa->ifa_name, "carp", 4) == 0) continue; if (ifa->ifa_addr->sa_family != AF_INET) continue; cur = ((struct sockaddr_in *)ifa->ifa_addr)->sin_addr.s_addr; if ((cur & localnet) == localnet) /* skip 127/8 */ continue; if (ntohl(cur) < ntohl(ip) || ip == 0) ip = cur; } freeifaddrs(ifap); return (ip); } static int get_address(const char *s, union ldpd_addr *addr) { switch (af) { case AF_INET: if (inet_pton(AF_INET, s, &addr->v4) != 1) return (-1); break; case AF_INET6: if (inet_pton(AF_INET6, s, &addr->v6) != 1) return (-1); break; default: return (-1); } return (0); } static int get_af_address(const char *s, int *family, union ldpd_addr *addr) { if (inet_pton(AF_INET, s, &addr->v4) == 1) { *family = AF_INET; return (0); } if (inet_pton(AF_INET6, s, &addr->v6) == 1) { *family = AF_INET6; return (0); } return (-1); } static int hexchar(int ch) { if (ch >= '0' && ch <= '9') return (ch - '0'); if (ch >= 'a' && ch <= 'f') return (ch - 'a'); if (ch >= 'A' && ch <= 'F') return (ch - 'A'); return (-1); } static int str2key(char *dst, const char *src, int dstlen) { int i = 0; int digit; while (*src != '\0') { digit = hexchar(*src); if (digit == -1) return (-1); if (i < dstlen) *dst = digit << 4; src++; if (*src == '\0') return (-1); digit = hexchar(*src); if (digit == -1) return (-1); if (i < dstlen) *dst |= digit; src++; i++; } return (i); }