1: /* $NetBSD: cftoken.l,v 1.23.2.1 2012/08/29 08:42:24 tteras Exp $ */
2:
3: /* Id: cftoken.l,v 1.53 2006/08/22 18:17:17 manubsd Exp */
4:
5: %{
6: /*
7: * Copyright (C) 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002 and 2003 WIDE Project.
8: * All rights reserved.
9: *
10: * Redistribution and use in source and binary forms, with or without
11: * modification, are permitted provided that the following conditions
12: * are met:
13: * 1. Redistributions of source code must retain the above copyright
14: * notice, this list of conditions and the following disclaimer.
15: * 2. Redistributions in binary form must reproduce the above copyright
16: * notice, this list of conditions and the following disclaimer in the
17: * documentation and/or other materials provided with the distribution.
18: * 3. Neither the name of the project nor the names of its contributors
19: * may be used to endorse or promote products derived from this software
20: * without specific prior written permission.
21: *
22: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
23: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
26: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32: * SUCH DAMAGE.
33: */
34:
35: #include "config.h"
36:
37: #include <sys/types.h>
38: #include <sys/param.h>
39: #include <sys/socket.h>
40:
41: #include <netinet/in.h>
42: #include PATH_IPSEC_H
43:
44: #include <stdlib.h>
45: #include <stdio.h>
46: #include <string.h>
47: #include <errno.h>
48: #include <limits.h>
49: #include <ctype.h>
50: #include <glob.h>
51: #ifdef HAVE_STDARG_H
52: #include <stdarg.h>
53: #else
54: #include <varargs.h>
55: #endif
56:
57: #include "var.h"
58: #include "misc.h"
59: #include "vmbuf.h"
60: #include "plog.h"
61: #include "debug.h"
62:
63: #include "algorithm.h"
64: #include "cfparse_proto.h"
65: #include "cftoken_proto.h"
66: #include "localconf.h"
67: #include "oakley.h"
68: #include "isakmp_var.h"
69: #include "isakmp.h"
70: #include "ipsec_doi.h"
71: #include "policy.h"
72: #include "proposal.h"
73: #include "remoteconf.h"
74: #ifdef GC
75: #include "gcmalloc.h"
76: #endif
77:
78: #include "cfparse.h"
79:
80: int yyerrorcount = 0;
81:
82: #if defined(YIPS_DEBUG)
83: # define YYDB plog(LLV_DEBUG2, LOCATION, NULL, \
84: "begin <%d>%s\n", yy_start, yytext);
85: # define YYD { \
86: plog(LLV_DEBUG2, LOCATION, NULL, "<%d>%s", \
87: yy_start, loglevel >= LLV_DEBUG2 ? "\n" : ""); \
88: }
89: #else
90: # define YYDB
91: # define YYD
92: #endif /* defined(YIPS_DEBUG) */
93:
94: #define MAX_INCLUDE_DEPTH 10
95:
96: static struct include_stack {
97: char *path;
98: FILE *fp;
99: YY_BUFFER_STATE prevstate;
100: int lineno;
101: glob_t matches;
102: int matchon;
103: } incstack[MAX_INCLUDE_DEPTH];
104: static int incstackp = 0;
105:
106: static int yy_first_time = 1;
107: %}
108:
109: /* common seciton */
110: nl \n
111: ws [ \t]+
112: digit [0-9]
113: letter [A-Za-z]
114: hexdigit [0-9A-Fa-f]
115: /*octet (([01]?{digit}?{digit})|((2([0-4]{digit}))|(25[0-5]))) */
116: special [()+\|\?\*]
117: comma \,
118: dot \.
119: slash \/
120: bcl \{
121: ecl \}
122: blcl \[
123: elcl \]
124: hyphen \-
125: percent \%
126: semi \;
127: comment \#.*
128: ccomment "/*"
129: bracketstring \<[^>]*\>
130: quotedstring \"[^"]*\"
131: addrstring [a-fA-F0-9:]([a-fA-F0-9:\.]*|[a-fA-F0-9:\.]*%[a-zA-Z0-9]*)
132: decstring {digit}+
133: hexstring 0x{hexdigit}+
134:
135: %s S_INI S_PRIV S_PTH S_LOG S_PAD S_LST S_RTRY S_CFG S_LDAP S_RAD
136: %s S_ALGST S_ALGCL
137: %s S_SAINF S_SAINFS
138: %s S_RMT S_RMTS S_RMTP
139: %s S_SA
140: %s S_GSSENC
141:
142: %%
143: %{
144: if (yy_first_time) {
145: BEGIN S_INI;
146: yy_first_time = 0;
147: }
148: %}
149:
150: /* privsep */
151: <S_INI>privsep { BEGIN S_PRIV; YYDB; return(PRIVSEP); }
152: <S_PRIV>{bcl} { return(BOC); }
153: <S_PRIV>user { YYD; return(USER); }
154: <S_PRIV>group { YYD; return(GROUP); }
155: <S_PRIV>chroot { YYD; return(CHROOT); }
156: <S_PRIV>{ecl} { BEGIN S_INI; return(EOC); }
157:
158: /* path */
159: <S_INI>path { BEGIN S_PTH; YYDB; return(PATH); }
160: <S_PTH>include { YYD; yylval.num = LC_PATHTYPE_INCLUDE;
161: return(PATHTYPE); }
162: <S_PTH>pre_shared_key { YYD; yylval.num = LC_PATHTYPE_PSK;
163: return(PATHTYPE); }
164: <S_PTH>certificate { YYD; yylval.num = LC_PATHTYPE_CERT;
165: return(PATHTYPE); }
166: <S_PTH>script { YYD; yylval.num = LC_PATHTYPE_SCRIPT;
167: return(PATHTYPE); }
168: <S_PTH>backupsa { YYD; yylval.num = LC_PATHTYPE_BACKUPSA;
169: return(PATHTYPE); }
170: <S_PTH>pidfile { YYD; yylval.num = LC_PATHTYPE_PIDFILE;
171: return(PATHTYPE); }
172: <S_PTH>{semi} { BEGIN S_INI; YYDB; return(EOS); }
173:
174: /* include */
175: <S_INI>include { YYDB; return(INCLUDE); }
176:
177: /* pfkey_buffer */
178: <S_INI>pfkey_buffer { YYDB; return(PFKEY_BUFFER); }
179:
180: /* special */
181: <S_INI>complex_bundle { YYDB; return(COMPLEX_BUNDLE); }
182:
183: /* logging */
184: <S_INI>log { BEGIN S_LOG; YYDB; return(LOGGING); }
185: <S_LOG>error { YYD; yylval.num = LLV_ERROR; return(LOGLEV); }
186: <S_LOG>warning { YYD; yylval.num = LLV_WARNING; return(LOGLEV); }
187: <S_LOG>notify { YYD; yylval.num = LLV_NOTIFY; return(LOGLEV); }
188: <S_LOG>info { YYD; yylval.num = LLV_INFO; return(LOGLEV); }
189: <S_LOG>debug { YYD; yylval.num = LLV_DEBUG; return(LOGLEV); }
190: <S_LOG>debug2 { YYD; yylval.num = LLV_DEBUG2; return(LOGLEV); }
191: <S_LOG>{semi} { BEGIN S_INI; return(EOS); }
192:
193: /* padding */
194: <S_INI>padding { BEGIN S_PAD; YYDB; return(PADDING); }
195: <S_PAD>{bcl} { return(BOC); }
196: <S_PAD>randomize { YYD; return(PAD_RANDOMIZE); }
197: <S_PAD>randomize_length { YYD; return(PAD_RANDOMIZELEN); }
198: <S_PAD>maximum_length { YYD; return(PAD_MAXLEN); }
199: <S_PAD>strict_check { YYD; return(PAD_STRICT); }
200: <S_PAD>exclusive_tail { YYD; return(PAD_EXCLTAIL); }
201: <S_PAD>{ecl} { BEGIN S_INI; return(EOC); }
202:
203: /* listen */
204: <S_INI>listen { BEGIN S_LST; YYDB; return(LISTEN); }
205: <S_LST>{bcl} { return(BOC); }
206: <S_LST>isakmp { YYD; return(X_ISAKMP); }
207: <S_LST>isakmp_natt { YYD; return(X_ISAKMP_NATT); }
208: <S_LST>admin { YYD; return(X_ADMIN); }
209: <S_LST>adminsock { YYD; return(ADMINSOCK); }
210: <S_LST>disabled { YYD; return(DISABLED); }
211: <S_LST>strict_address { YYD; return(STRICT_ADDRESS); }
212: <S_LST>{ecl} { BEGIN S_INI; return(EOC); }
213:
214: /* radius config */
215: <S_INI>radiuscfg { BEGIN S_RAD; YYDB; return(RADCFG); }
216: <S_RAD>{bcl} { return(BOC); }
217: <S_RAD>auth { YYD; return(RAD_AUTH); }
218: <S_RAD>acct { YYD; return(RAD_ACCT); }
219: <S_RAD>timeout { YYD; return(RAD_TIMEOUT); }
220: <S_RAD>retries { YYD; return(RAD_RETRIES); }
221: <S_RAD>{ecl} { BEGIN S_INI; return(EOC); }
222:
223: /* ldap config */
224: <S_INI>ldapcfg { BEGIN S_LDAP; YYDB; return(LDAPCFG); }
225: <S_LDAP>{bcl} { return(BOC); }
226: <S_LDAP>version { YYD; return(LDAP_PVER); }
227: <S_LDAP>host { YYD; return(LDAP_HOST); }
228: <S_LDAP>port { YYD; return(LDAP_PORT); }
229: <S_LDAP>base { YYD; return(LDAP_BASE); }
230: <S_LDAP>subtree { YYD; return(LDAP_SUBTREE); }
231: <S_LDAP>bind_dn { YYD; return(LDAP_BIND_DN); }
232: <S_LDAP>bind_pw { YYD; return(LDAP_BIND_PW); }
233: <S_LDAP>attr_user { YYD; return(LDAP_ATTR_USER); }
234: <S_LDAP>attr_addr { YYD; return(LDAP_ATTR_ADDR); }
235: <S_LDAP>attr_mask { YYD; return(LDAP_ATTR_MASK); }
236: <S_LDAP>attr_group { YYD; return(LDAP_ATTR_GROUP); }
237: <S_LDAP>attr_member { YYD; return(LDAP_ATTR_MEMBER); }
238: <S_LDAP>{ecl} { BEGIN S_INI; return(EOC); }
239:
240: /* mode_cfg */
241: <S_INI>mode_cfg { BEGIN S_CFG; YYDB; return(MODECFG); }
242: <S_CFG>{bcl} { return(BOC); }
243: <S_CFG>network4 { YYD; return(CFG_NET4); }
244: <S_CFG>netmask4 { YYD; return(CFG_MASK4); }
245: <S_CFG>dns4 { YYD; return(CFG_DNS4); }
246: <S_CFG>nbns4 { YYD; return(CFG_NBNS4); }
247: <S_CFG>wins4 { YYD; return(CFG_NBNS4); }
248: <S_CFG>default_domain { YYD; return(CFG_DEFAULT_DOMAIN); }
249: <S_CFG>auth_source { YYD; return(CFG_AUTH_SOURCE); }
250: <S_CFG>auth_groups { YYD; return(CFG_AUTH_GROUPS); }
251: <S_CFG>group_source { YYD; return(CFG_GROUP_SOURCE); }
252: <S_CFG>conf_source { YYD; return(CFG_CONF_SOURCE); }
253: <S_CFG>accounting { YYD; return(CFG_ACCOUNTING); }
254: <S_CFG>system { YYD; return(CFG_SYSTEM); }
255: <S_CFG>local { YYD; return(CFG_LOCAL); }
256: <S_CFG>none { YYD; return(CFG_NONE); }
257: <S_CFG>radius { YYD; return(CFG_RADIUS); }
258: <S_CFG>pam { YYD; return(CFG_PAM); }
259: <S_CFG>ldap { YYD; return(CFG_LDAP); }
260: <S_CFG>pool_size { YYD; return(CFG_POOL_SIZE); }
261: <S_CFG>banner { YYD; return(CFG_MOTD); }
262: <S_CFG>auth_throttle { YYD; return(CFG_AUTH_THROTTLE); }
263: <S_CFG>split_network { YYD; return(CFG_SPLIT_NETWORK); }
264: <S_CFG>local_lan { YYD; return(CFG_SPLIT_LOCAL); }
265: <S_CFG>include { YYD; return(CFG_SPLIT_INCLUDE); }
266: <S_CFG>split_dns { YYD; return(CFG_SPLIT_DNS); }
267: <S_CFG>pfs_group { YYD; return(CFG_PFS_GROUP); }
268: <S_CFG>save_passwd { YYD; return(CFG_SAVE_PASSWD); }
269: <S_CFG>{comma} { YYD; return(COMMA); }
270: <S_CFG>{ecl} { BEGIN S_INI; return(EOC); }
271:
272: /* timer */
273: <S_INI>timer { BEGIN S_RTRY; YYDB; return(RETRY); }
274: <S_RTRY>{bcl} { return(BOC); }
275: <S_RTRY>counter { YYD; return(RETRY_COUNTER); }
276: <S_RTRY>interval { YYD; return(RETRY_INTERVAL); }
277: <S_RTRY>persend { YYD; return(RETRY_PERSEND); }
278: <S_RTRY>phase1 { YYD; return(RETRY_PHASE1); }
279: <S_RTRY>phase2 { YYD; return(RETRY_PHASE2); }
280: <S_RTRY>natt_keepalive { YYD; return(NATT_KA); }
281: <S_RTRY>{ecl} { BEGIN S_INI; return(EOC); }
282:
283: /* sainfo */
284: <S_INI>sainfo { BEGIN S_SAINF; YYDB; return(SAINFO); }
285: <S_SAINF>anonymous { YYD; return(ANONYMOUS); }
286: <S_SAINF>clientaddr { YYD; return(CLIENTADDR); }
287: <S_SAINF>{blcl}any{elcl} { YYD; return(PORTANY); }
288: <S_SAINF>any { YYD; return(ANY); }
289: <S_SAINF>from { YYD; return(FROM); }
290: <S_SAINF>group { YYD; return(GROUP); }
291: /* sainfo spec */
292: <S_SAINF>{bcl} { BEGIN S_SAINFS; return(BOC); }
293: <S_SAINF>{semi} { BEGIN S_INI; return(EOS); }
294: <S_SAINFS>{ecl} { BEGIN S_INI; return(EOC); }
295: <S_SAINFS>pfs_group { YYD; return(PFS_GROUP); }
296: <S_SAINFS>remoteid { YYD; return(REMOTEID); }
297: <S_SAINFS>my_identifier { YYD; return(MY_IDENTIFIER); }
298: <S_SAINFS>lifetime { YYD; return(LIFETIME); }
299: <S_SAINFS>time { YYD; return(LIFETYPE_TIME); }
300: <S_SAINFS>byte { YYD; return(LIFETYPE_BYTE); }
301: <S_SAINFS>encryption_algorithm { YYD; yylval.num = algclass_ipsec_enc; return(ALGORITHM_CLASS); }
302: <S_SAINFS>authentication_algorithm { YYD; yylval.num = algclass_ipsec_auth; return(ALGORITHM_CLASS); }
303: <S_SAINFS>compression_algorithm { YYD; yylval.num = algclass_ipsec_comp; return(ALGORITHM_CLASS); }
304: <S_SAINFS>{comma} { YYD; return(COMMA); }
305:
306: /* remote */
307: <S_INI>remote { BEGIN S_RMT; YYDB; return(REMOTE); }
308: <S_RMT>anonymous { YYD; return(ANONYMOUS); }
309: <S_RMT>inherit { YYD; return(INHERIT); }
310: <S_RMT>{semi} { BEGIN S_INI; YYDB; return(EOS); }
311: /* remote spec */
312: <S_RMT>{bcl} { BEGIN S_RMTS; return(BOC); }
313: <S_RMTS>{ecl} { BEGIN S_INI; return(EOC); }
314: <S_RMTS>remote_address { YYD; return(REMOTE_ADDRESS); }
315: <S_RMTS>exchange_mode { YYD; return(EXCHANGE_MODE); }
316: <S_RMTS>{comma} { YYD; /* XXX ignored, but to be handled. */ ; }
317: <S_RMTS>base { YYD; yylval.num = ISAKMP_ETYPE_BASE; return(EXCHANGETYPE); }
318: <S_RMTS>main { YYD; yylval.num = ISAKMP_ETYPE_IDENT; return(EXCHANGETYPE); }
319: <S_RMTS>aggressive { YYD; yylval.num = ISAKMP_ETYPE_AGG; return(EXCHANGETYPE); }
320: <S_RMTS>doi { YYD; return(DOI); }
321: <S_RMTS>ipsec_doi { YYD; yylval.num = IPSEC_DOI; return(DOITYPE); }
322: <S_RMTS>situation { YYD; return(SITUATION); }
323: <S_RMTS>identity_only { YYD; yylval.num = IPSECDOI_SIT_IDENTITY_ONLY; return(SITUATIONTYPE); }
324: <S_RMTS>secrecy { YYD; yylval.num = IPSECDOI_SIT_SECRECY; return(SITUATIONTYPE); }
325: <S_RMTS>integrity { YYD; yylval.num = IPSECDOI_SIT_INTEGRITY; return(SITUATIONTYPE); }
326: <S_RMTS>my_identifier { YYD; return(MY_IDENTIFIER); }
327: <S_RMTS>xauth_login { YYD; return(XAUTH_LOGIN); /* formerly identifier type login */ }
328: <S_RMTS>peers_identifier { YYD; return(PEERS_IDENTIFIER); }
329: <S_RMTS>verify_identifier { YYD; return(VERIFY_IDENTIFIER); }
330: <S_RMTS>certificate_type { YYD; return(CERTIFICATE_TYPE); }
331: <S_RMTS>ca_type { YYD; return(CA_TYPE); }
332: <S_RMTS>x509 { YYD; yylval.num = ISAKMP_CERT_X509SIGN; return(CERT_X509); }
333: <S_RMTS>plain_rsa { YYD; yylval.num = ISAKMP_CERT_PLAINRSA; return(CERT_PLAINRSA); }
334: <S_RMTS>peers_certfile { YYD; return(PEERS_CERTFILE); }
335: <S_RMTS>dnssec { YYD; return(DNSSEC); }
336: <S_RMTS>verify_cert { YYD; return(VERIFY_CERT); }
337: <S_RMTS>send_cert { YYD; return(SEND_CERT); }
338: <S_RMTS>send_cr { YYD; return(SEND_CR); }
339: <S_RMTS>match_empty_cr { YYD; return(MATCH_EMPTY_CR); }
340: <S_RMTS>dh_group { YYD; return(DH_GROUP); }
341: <S_RMTS>nonce_size { YYD; return(NONCE_SIZE); }
342: <S_RMTS>generate_policy { YYD; return(GENERATE_POLICY); }
343: <S_RMTS>unique { YYD; yylval.num = GENERATE_POLICY_UNIQUE; return(GENERATE_LEVEL); }
344: <S_RMTS>require { YYD; yylval.num = GENERATE_POLICY_REQUIRE; return(GENERATE_LEVEL); }
345: <S_RMTS>support_proxy { YYD; return(SUPPORT_PROXY); }
346: <S_RMTS>initial_contact { YYD; return(INITIAL_CONTACT); }
347: <S_RMTS>nat_traversal { YYD; return(NAT_TRAVERSAL); }
348: <S_RMTS>force { YYD; return(REMOTE_FORCE_LEVEL); }
349: <S_RMTS>proposal_check { YYD; return(PROPOSAL_CHECK); }
350: <S_RMTS>obey { YYD; yylval.num = PROP_CHECK_OBEY; return(PROPOSAL_CHECK_LEVEL); }
351: <S_RMTS>strict { YYD; yylval.num = PROP_CHECK_STRICT; return(PROPOSAL_CHECK_LEVEL); }
352: <S_RMTS>exact { YYD; yylval.num = PROP_CHECK_EXACT; return(PROPOSAL_CHECK_LEVEL); }
353: <S_RMTS>claim { YYD; yylval.num = PROP_CHECK_CLAIM; return(PROPOSAL_CHECK_LEVEL); }
354: <S_RMTS>keepalive { YYD; return(KEEPALIVE); }
355: <S_RMTS>passive { YYD; return(PASSIVE); }
356: <S_RMTS>lifetime { YYD; return(LIFETIME); }
357: <S_RMTS>time { YYD; return(LIFETYPE_TIME); }
358: <S_RMTS>byte { YYD; return(LIFETYPE_BYTE); }
359: <S_RMTS>dpd { YYD; return(DPD); }
360: <S_RMTS>dpd_delay { YYD; return(DPD_DELAY); }
361: <S_RMTS>dpd_retry { YYD; return(DPD_RETRY); }
362: <S_RMTS>dpd_maxfail { YYD; return(DPD_MAXFAIL); }
363: <S_RMTS>ph1id { YYD; return(PH1ID); }
364: <S_RMTS>ike_frag { YYD; return(IKE_FRAG); }
365: <S_RMTS>esp_frag { YYD; return(ESP_FRAG); }
366: <S_RMTS>script { YYD; return(SCRIPT); }
367: <S_RMTS>phase1_up { YYD; return(PHASE1_UP); }
368: <S_RMTS>phase1_down { YYD; return(PHASE1_DOWN); }
369: <S_RMTS>phase1_dead { YYD; return(PHASE1_DEAD); }
370: <S_RMTS>mode_cfg { YYD; return(MODE_CFG); }
371: <S_RMTS>weak_phase1_check { YYD; return(WEAK_PHASE1_CHECK); }
372: <S_RMTS>rekey { YYD; return(REKEY); }
373: /* remote proposal */
374: <S_RMTS>proposal { BEGIN S_RMTP; YYDB; return(PROPOSAL); }
375: <S_RMTP>{bcl} { return(BOC); }
376: <S_RMTP>{ecl} { BEGIN S_RMTS; return(EOC); }
377: <S_RMTP>lifetime { YYD; return(LIFETIME); }
378: <S_RMTP>time { YYD; return(LIFETYPE_TIME); }
379: <S_RMTP>byte { YYD; return(LIFETYPE_BYTE); }
380: <S_RMTP>encryption_algorithm { YYD; yylval.num = algclass_isakmp_enc; return(ALGORITHM_CLASS); }
381: <S_RMTP>authentication_method { YYD; yylval.num = algclass_isakmp_ameth; return(ALGORITHM_CLASS); }
382: <S_RMTP>hash_algorithm { YYD; yylval.num = algclass_isakmp_hash; return(ALGORITHM_CLASS); }
383: <S_RMTP>dh_group { YYD; return(DH_GROUP); }
384: <S_RMTP>gss_id { YYD; return(GSS_ID); }
385: <S_RMTP>gssapi_id { YYD; return(GSS_ID); } /* for back compatibility */
386:
387: /* GSS ID encoding type (global) */
388: <S_INI>gss_id_enc { BEGIN S_GSSENC; YYDB; return(GSS_ID_ENC); }
389: <S_GSSENC>latin1 { YYD; yylval.num = LC_GSSENC_LATIN1;
390: return(GSS_ID_ENCTYPE); }
391: <S_GSSENC>utf-16le { YYD; yylval.num = LC_GSSENC_UTF16LE;
392: return(GSS_ID_ENCTYPE); }
393: <S_GSSENC>{semi} { BEGIN S_INI; YYDB; return(EOS); }
394:
395: /* parameter */
396: on { YYD; yylval.num = TRUE; return(SWITCH); }
397: off { YYD; yylval.num = FALSE; return(SWITCH); }
398:
399: /* prefix */
400: {slash}{digit}{1,3} {
401: YYD;
402: yytext++;
403: yylval.num = atoi(yytext);
404: return(PREFIX);
405: }
406:
407: /* port number */
408: {blcl}{decstring}{elcl} {
409: char *p = yytext;
410: YYD;
411: while (*++p != ']') ;
412: *p = 0;
413: yytext++;
414: yylval.num = atoi(yytext);
415: return(PORT);
416: }
417:
418: /* address range */
419: {hyphen}{addrstring} {
420: YYD;
421: yytext++;
422: yylval.val = vmalloc(yyleng + 1);
423: if (yylval.val == NULL) {
424: yyerror("vmalloc failed");
425: return -1;
426: }
427: memcpy(yylval.val->v, yytext, yylval.val->l);
428: return(ADDRRANGE);
429: }
430:
431: /* upper protocol */
432: esp { YYD; yylval.num = IPPROTO_ESP; return(UL_PROTO); }
433: ah { YYD; yylval.num = IPPROTO_AH; return(UL_PROTO); }
434: ipcomp { YYD; yylval.num = IPPROTO_IPCOMP; return(UL_PROTO); }
435: icmp { YYD; yylval.num = IPPROTO_ICMP; return(UL_PROTO); }
436: icmp6 { YYD; yylval.num = IPPROTO_ICMPV6; return(UL_PROTO); }
437: tcp { YYD; yylval.num = IPPROTO_TCP; return(UL_PROTO); }
438: udp { YYD; yylval.num = IPPROTO_UDP; return(UL_PROTO); }
439: gre { YYD; yylval.num = IPPROTO_GRE; return(UL_PROTO); }
440:
441: /* algorithm type */
442: des_iv64 { YYD; yylval.num = algtype_des_iv64; return(ALGORITHMTYPE); }
443: des { YYD; yylval.num = algtype_des; return(ALGORITHMTYPE); }
444: 3des { YYD; yylval.num = algtype_3des; return(ALGORITHMTYPE); }
445: rc5 { YYD; yylval.num = algtype_rc5; return(ALGORITHMTYPE); }
446: idea { YYD; yylval.num = algtype_idea; return(ALGORITHMTYPE); }
447: cast128 { YYD; yylval.num = algtype_cast128; return(ALGORITHMTYPE); }
448: blowfish { YYD; yylval.num = algtype_blowfish; return(ALGORITHMTYPE); }
449: 3idea { YYD; yylval.num = algtype_3idea; return(ALGORITHMTYPE); }
450: des_iv32 { YYD; yylval.num = algtype_des_iv32; return(ALGORITHMTYPE); }
451: rc4 { YYD; yylval.num = algtype_rc4; return(ALGORITHMTYPE); }
452: null_enc { YYD; yylval.num = algtype_null_enc; return(ALGORITHMTYPE); }
453: null { YYD; yylval.num = algtype_null_enc; return(ALGORITHMTYPE); }
454: aes { YYD; yylval.num = algtype_aes; return(ALGORITHMTYPE); }
455: rijndael { YYD; yylval.num = algtype_aes; return(ALGORITHMTYPE); }
456: twofish { YYD; yylval.num = algtype_twofish; return(ALGORITHMTYPE); }
457: camellia { YYD; yylval.num = algtype_camellia; return(ALGORITHMTYPE); }
458: non_auth { YYD; yylval.num = algtype_non_auth; return(ALGORITHMTYPE); }
459: hmac_md5 { YYD; yylval.num = algtype_hmac_md5; return(ALGORITHMTYPE); }
460: hmac_sha1 { YYD; yylval.num = algtype_hmac_sha1; return(ALGORITHMTYPE); }
461: hmac_sha2_256 { YYD; yylval.num = algtype_hmac_sha2_256; return(ALGORITHMTYPE); }
462: hmac_sha256 { YYD; yylval.num = algtype_hmac_sha2_256; return(ALGORITHMTYPE); }
463: hmac_sha2_384 { YYD; yylval.num = algtype_hmac_sha2_384; return(ALGORITHMTYPE); }
464: hmac_sha384 { YYD; yylval.num = algtype_hmac_sha2_384; return(ALGORITHMTYPE); }
465: hmac_sha2_512 { YYD; yylval.num = algtype_hmac_sha2_512; return(ALGORITHMTYPE); }
466: hmac_sha512 { YYD; yylval.num = algtype_hmac_sha2_512; return(ALGORITHMTYPE); }
467: des_mac { YYD; yylval.num = algtype_des_mac; return(ALGORITHMTYPE); }
468: kpdk { YYD; yylval.num = algtype_kpdk; return(ALGORITHMTYPE); }
469: md5 { YYD; yylval.num = algtype_md5; return(ALGORITHMTYPE); }
470: sha1 { YYD; yylval.num = algtype_sha1; return(ALGORITHMTYPE); }
471: tiger { YYD; yylval.num = algtype_tiger; return(ALGORITHMTYPE); }
472: sha2_256 { YYD; yylval.num = algtype_sha2_256; return(ALGORITHMTYPE); }
473: sha256 { YYD; yylval.num = algtype_sha2_256; return(ALGORITHMTYPE); }
474: sha2_384 { YYD; yylval.num = algtype_sha2_384; return(ALGORITHMTYPE); }
475: sha384 { YYD; yylval.num = algtype_sha2_384; return(ALGORITHMTYPE); }
476: sha2_512 { YYD; yylval.num = algtype_sha2_512; return(ALGORITHMTYPE); }
477: sha512 { YYD; yylval.num = algtype_sha2_512; return(ALGORITHMTYPE); }
478: oui { YYD; yylval.num = algtype_oui; return(ALGORITHMTYPE); }
479: deflate { YYD; yylval.num = algtype_deflate; return(ALGORITHMTYPE); }
480: lzs { YYD; yylval.num = algtype_lzs; return(ALGORITHMTYPE); }
481: modp768 { YYD; yylval.num = algtype_modp768; return(ALGORITHMTYPE); }
482: modp1024 { YYD; yylval.num = algtype_modp1024; return(ALGORITHMTYPE); }
483: modp1536 { YYD; yylval.num = algtype_modp1536; return(ALGORITHMTYPE); }
484: ec2n155 { YYD; yylval.num = algtype_ec2n155; return(ALGORITHMTYPE); }
485: ec2n185 { YYD; yylval.num = algtype_ec2n185; return(ALGORITHMTYPE); }
486: modp2048 { YYD; yylval.num = algtype_modp2048; return(ALGORITHMTYPE); }
487: modp3072 { YYD; yylval.num = algtype_modp3072; return(ALGORITHMTYPE); }
488: modp4096 { YYD; yylval.num = algtype_modp4096; return(ALGORITHMTYPE); }
489: modp6144 { YYD; yylval.num = algtype_modp6144; return(ALGORITHMTYPE); }
490: modp8192 { YYD; yylval.num = algtype_modp8192; return(ALGORITHMTYPE); }
491: pre_shared_key { YYD; yylval.num = algtype_psk; return(ALGORITHMTYPE); }
492: rsasig { YYD; yylval.num = algtype_rsasig; return(ALGORITHMTYPE); }
493: dsssig { YYD; yylval.num = algtype_dsssig; return(ALGORITHMTYPE); }
494: rsaenc { YYD; yylval.num = algtype_rsaenc; return(ALGORITHMTYPE); }
495: rsarev { YYD; yylval.num = algtype_rsarev; return(ALGORITHMTYPE); }
496: gssapi_krb { YYD; yylval.num = algtype_gssapikrb; return(ALGORITHMTYPE); }
497: hybrid_rsa_server {
498: #ifdef ENABLE_HYBRID
499: YYD; yylval.num = algtype_hybrid_rsa_s; return(ALGORITHMTYPE);
500: #else
501: yyerror("racoon not configured with --enable-hybrid");
502: #endif
503: }
504: hybrid_dss_server {
505: #ifdef ENABLE_HYBRID
506: YYD; yylval.num = algtype_hybrid_dss_s; return(ALGORITHMTYPE);
507: #else
508: yyerror("racoon not configured with --enable-hybrid");
509: #endif
510: }
511: hybrid_rsa_client {
512: #ifdef ENABLE_HYBRID
513: YYD; yylval.num = algtype_hybrid_rsa_c; return(ALGORITHMTYPE);
514: #else
515: yyerror("racoon not configured with --enable-hybrid");
516: #endif
517: }
518: hybrid_dss_client {
519: #ifdef ENABLE_HYBRID
520: YYD; yylval.num = algtype_hybrid_dss_c; return(ALGORITHMTYPE);
521: #else
522: yyerror("racoon not configured with --enable-hybrid");
523: #endif
524: }
525: xauth_psk_server {
526: #ifdef ENABLE_HYBRID
527: YYD; yylval.num = algtype_xauth_psk_s; return(ALGORITHMTYPE);
528: #else
529: yyerror("racoon not configured with --enable-hybrid");
530: #endif
531: }
532: xauth_psk_client {
533: #ifdef ENABLE_HYBRID
534: YYD; yylval.num = algtype_xauth_psk_c; return(ALGORITHMTYPE);
535: #else
536: yyerror("racoon not configured with --enable-hybrid");
537: #endif
538: }
539: xauth_rsa_server {
540: #ifdef ENABLE_HYBRID
541: YYD; yylval.num = algtype_xauth_rsa_s; return(ALGORITHMTYPE);
542: #else
543: yyerror("racoon not configured with --enable-hybrid");
544: #endif
545: }
546: xauth_rsa_client {
547: #ifdef ENABLE_HYBRID
548: YYD; yylval.num = algtype_xauth_rsa_c; return(ALGORITHMTYPE);
549: #else
550: yyerror("racoon not configured with --enable-hybrid");
551: #endif
552: }
553:
554:
555: /* identifier type */
556: user_fqdn { YYD; yylval.num = IDTYPE_USERFQDN; return(IDENTIFIERTYPE); }
557: fqdn { YYD; yylval.num = IDTYPE_FQDN; return(IDENTIFIERTYPE); }
558: keyid { YYD; yylval.num = IDTYPE_KEYID; return(IDENTIFIERTYPE); }
559: address { YYD; yylval.num = IDTYPE_ADDRESS; return(IDENTIFIERTYPE); }
560: subnet { YYD; yylval.num = IDTYPE_SUBNET; return(IDENTIFIERTYPE); }
561: asn1dn { YYD; yylval.num = IDTYPE_ASN1DN; return(IDENTIFIERTYPE); }
562:
563: /* identifier qualifier */
564: tag { YYD; yylval.num = IDQUAL_TAG; return(IDENTIFIERQUAL); }
565: file { YYD; yylval.num = IDQUAL_FILE; return(IDENTIFIERQUAL); }
566:
567: /* units */
568: B|byte|bytes { YYD; return(UNITTYPE_BYTE); }
569: KB { YYD; return(UNITTYPE_KBYTES); }
570: MB { YYD; return(UNITTYPE_MBYTES); }
571: TB { YYD; return(UNITTYPE_TBYTES); }
572: sec|secs|second|seconds { YYD; return(UNITTYPE_SEC); }
573: min|mins|minute|minutes { YYD; return(UNITTYPE_MIN); }
574: hour|hours { YYD; return(UNITTYPE_HOUR); }
575:
576: /* boolean */
577: yes { YYD; yylval.num = TRUE; return(BOOLEAN); }
578: no { YYD; yylval.num = FALSE; return(BOOLEAN); }
579:
580: {decstring} {
581: char *bp;
582:
583: YYD;
584: yylval.num = strtoul(yytext, &bp, 10);
585: return(NUMBER);
586: }
587:
588: {hexstring} {
589: char *p;
590:
591: YYD;
592: yylval.val = vmalloc(yyleng + (yyleng & 1) + 1);
593: if (yylval.val == NULL) {
594: yyerror("vmalloc failed");
595: return -1;
596: }
597:
598: p = yylval.val->v;
599: *p++ = '0';
600: *p++ = 'x';
601:
602: /* fixed string if length is odd. */
603: if (yyleng & 1)
604: *p++ = '0';
605: memcpy(p, &yytext[2], yyleng - 1);
606:
607: return(HEXSTRING);
608: }
609:
610: {quotedstring} {
611: char *p = yytext;
612:
613: YYD;
614: while (*++p != '"') ;
615: *p = '\0';
616:
617: yylval.val = vmalloc(yyleng - 1);
618: if (yylval.val == NULL) {
619: yyerror("vmalloc failed");
620: return -1;
621: }
622: memcpy(yylval.val->v, &yytext[1], yylval.val->l);
623:
624: return(QUOTEDSTRING);
625: }
626:
627: {addrstring} {
628: YYD;
629:
630: yylval.val = vmalloc(yyleng + 1);
631: if (yylval.val == NULL) {
632: yyerror("vmalloc failed");
633: return -1;
634: }
635: memcpy(yylval.val->v, yytext, yylval.val->l);
636:
637: return(ADDRSTRING);
638: }
639:
640: <<EOF>> {
641: yy_delete_buffer(YY_CURRENT_BUFFER);
642: fclose (incstack[incstackp].fp);
643: incstack[incstackp].fp = NULL;
644: racoon_free(incstack[incstackp].path);
645: incstack[incstackp].path = NULL;
646: incstackp--;
647: nextfile:
648: if (incstack[incstackp].matchon <
649: incstack[incstackp].matches.gl_pathc) {
650: char* filepath = incstack[incstackp].matches.gl_pathv[incstack[incstackp].matchon];
651: incstack[incstackp].matchon++;
652: incstackp++;
653: if (yycf_set_buffer(filepath) != 0) {
654: incstackp--;
655: goto nextfile;
656: }
657: yy_switch_to_buffer(yy_create_buffer(yyin, YY_BUF_SIZE));
658: BEGIN(S_INI);
659: } else {
660: globfree(&incstack[incstackp].matches);
661: if (incstackp == 0)
662: yyterminate();
663: else
664: yy_switch_to_buffer(incstack[incstackp].prevstate);
665: }
666: }
667:
668: /* ... */
669: {ws} { ; }
670: {nl} { incstack[incstackp].lineno++; }
671: {comment} { YYD; }
672: {semi} { return(EOS); }
673: . { yymore(); }
674:
675: %%
676:
677: void
678: yyerror(char *s, ...)
679: {
680: char fmt[512];
681:
682: va_list ap;
683: #ifdef HAVE_STDARG_H
684: va_start(ap, s);
685: #else
686: va_start(ap);
687: #endif
688: snprintf(fmt, sizeof(fmt), "%s:%d: \"%s\" %s\n",
689: incstack[incstackp].path, incstack[incstackp].lineno,
690: yytext, s);
691: plogv(LLV_ERROR, LOCATION, NULL, fmt, ap);
692: va_end(ap);
693:
694: yyerrorcount++;
695: }
696:
697: void
698: yywarn(char *s, ...)
699: {
700: char fmt[512];
701:
702: va_list ap;
703: #ifdef HAVE_STDARG_H
704: va_start(ap, s);
705: #else
706: va_start(ap);
707: #endif
708: snprintf(fmt, sizeof(fmt), "%s:%d: \"%s\" %s\n",
709: incstack[incstackp].path, incstack[incstackp].lineno,
710: yytext, s);
711: plogv(LLV_WARNING, LOCATION, NULL, fmt, ap);
712: va_end(ap);
713: }
714:
715: int
716: yycf_switch_buffer(path)
717: char *path;
718: {
719: char *filepath = NULL;
720:
721: /* got the include file name */
722: if (incstackp >= MAX_INCLUDE_DEPTH) {
723: plog(LLV_ERROR, LOCATION, NULL,
724: "Includes nested too deeply");
725: return -1;
726: }
727:
728: if (glob(path, GLOB_TILDE, NULL, &incstack[incstackp].matches) != 0 ||
729: incstack[incstackp].matches.gl_pathc == 0) {
730: plog(LLV_ERROR, LOCATION, NULL,
731: "glob found no matches for path \"%s\"\n", path);
732: return -1;
733: }
734: incstack[incstackp].matchon = 0;
735: incstack[incstackp].prevstate = YY_CURRENT_BUFFER;
736:
737: nextmatch:
738: if (incstack[incstackp].matchon >= incstack[incstackp].matches.gl_pathc)
739: return -1;
740: filepath =
741: incstack[incstackp].matches.gl_pathv[incstack[incstackp].matchon];
742: incstack[incstackp].matchon++;
743: incstackp++;
744:
745: if (yycf_set_buffer(filepath) != 0) {
746: incstackp--;
747: goto nextmatch;
748: }
749:
750: yy_switch_to_buffer(yy_create_buffer(yyin, YY_BUF_SIZE));
751:
752: BEGIN(S_INI);
753:
754: return 0;
755: }
756:
757: int
758: yycf_set_buffer(path)
759: char *path;
760: {
761: yyin = fopen(path, "r");
762: if (yyin == NULL) {
763: fprintf(stderr, "failed to open file %s (%s)\n",
764: path, strerror(errno));
765: plog(LLV_ERROR, LOCATION, NULL,
766: "failed to open file %s (%s)\n",
767: path, strerror(errno));
768: return -1;
769: }
770:
771: /* initialize */
772: incstack[incstackp].fp = yyin;
773: if (incstack[incstackp].path != NULL)
774: racoon_free(incstack[incstackp].path);
775: incstack[incstackp].path = racoon_strdup(path);
776: STRDUP_FATAL(incstack[incstackp].path);
777: incstack[incstackp].lineno = 1;
778: plog(LLV_DEBUG, LOCATION, NULL,
779: "reading config file %s\n", path);
780:
781: return 0;
782: }
783:
784: void
785: yycf_init_buffer()
786: {
787: int i;
788:
789: for (i = 0; i < MAX_INCLUDE_DEPTH; i++)
790: memset(&incstack[i], 0, sizeof(incstack[i]));
791: incstackp = 0;
792: }
793:
794: void
795: yycf_clean_buffer()
796: {
797: int i;
798:
799: for (i = 0; i < MAX_INCLUDE_DEPTH; i++) {
800: if (incstack[i].path != NULL) {
801: fclose(incstack[i].fp);
802: racoon_free(incstack[i].path);
803: incstack[i].path = NULL;
804: }
805: }
806: }
807:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to cftoken.l CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon