[ff36f5e] | 1 | /* $NetBSD: token.l,v 1.15 2010/06/04 13:06:03 vanhu Exp $ */ |
---|
| 2 | |
---|
| 3 | /* $KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $ */ |
---|
| 4 | |
---|
| 5 | /* |
---|
| 6 | * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. |
---|
| 7 | * All rights reserved. |
---|
| 8 | * |
---|
| 9 | * Redistribution and use in source and binary forms, with or without |
---|
| 10 | * modification, are permitted provided that the following conditions |
---|
| 11 | * are met: |
---|
| 12 | * 1. Redistributions of source code must retain the above copyright |
---|
| 13 | * notice, this list of conditions and the following disclaimer. |
---|
| 14 | * 2. Redistributions in binary form must reproduce the above copyright |
---|
| 15 | * notice, this list of conditions and the following disclaimer in the |
---|
| 16 | * documentation and/or other materials provided with the distribution. |
---|
| 17 | * 3. Neither the name of the project nor the names of its contributors |
---|
| 18 | * may be used to endorse or promote products derived from this software |
---|
| 19 | * without specific prior written permission. |
---|
| 20 | * |
---|
| 21 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND |
---|
| 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
---|
| 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
---|
| 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE |
---|
| 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
---|
| 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
---|
| 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
---|
| 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
---|
| 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
---|
| 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
---|
| 31 | * SUCH DAMAGE. |
---|
| 32 | */ |
---|
| 33 | |
---|
| 34 | %{ |
---|
| 35 | |
---|
| 36 | #ifdef HAVE_CONFIG_H |
---|
| 37 | #include "config.h" |
---|
| 38 | #endif |
---|
| 39 | |
---|
| 40 | #include <sys/types.h> |
---|
| 41 | #include <sys/param.h> |
---|
| 42 | #include <sys/socket.h> |
---|
| 43 | #include <net/pfkeyv2.h> |
---|
| 44 | #include <netinet/in.h> |
---|
| 45 | #include PATH_IPSEC_H |
---|
| 46 | |
---|
| 47 | #include <stdlib.h> |
---|
| 48 | #include <limits.h> |
---|
| 49 | #include <string.h> |
---|
| 50 | #include <unistd.h> |
---|
| 51 | #include <errno.h> |
---|
| 52 | #include <netdb.h> |
---|
| 53 | |
---|
| 54 | #include "vchar.h" |
---|
| 55 | #if defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || \ |
---|
| 56 | (defined(__APPLE__) && defined(__MACH__)) |
---|
| 57 | #include "parse.h" |
---|
| 58 | #else |
---|
| 59 | #include "y.tab.h" |
---|
| 60 | #endif |
---|
| 61 | |
---|
| 62 | #include "extern.h" |
---|
| 63 | |
---|
| 64 | /* make the code compile on *BSD-current */ |
---|
| 65 | #ifndef SADB_X_AALG_SHA2_256 |
---|
| 66 | #define SADB_X_AALG_SHA2_256 (-1) |
---|
| 67 | #endif |
---|
| 68 | #ifndef SADB_X_AALG_SHA2_384 |
---|
| 69 | #define SADB_X_AALG_SHA2_384 (-1) |
---|
| 70 | #endif |
---|
| 71 | #ifndef SADB_X_AALG_SHA2_512 |
---|
| 72 | #define SADB_X_AALG_SHA2_512 (-1) |
---|
| 73 | #endif |
---|
| 74 | #ifndef SADB_X_AALG_RIPEMD160HMAC |
---|
| 75 | #define SADB_X_AALG_RIPEMD160HMAC (-1) |
---|
| 76 | #endif |
---|
| 77 | #ifndef SADB_X_AALG_AES_XCBC_MAC |
---|
| 78 | #define SADB_X_AALG_AES_XCBC_MAC (-1) |
---|
| 79 | #endif |
---|
| 80 | #ifndef SADB_X_EALG_TWOFISHCBC |
---|
| 81 | #define SADB_X_EALG_TWOFISHCBC (-1) |
---|
| 82 | #endif |
---|
| 83 | #ifndef SADB_X_EALG_AESCTR |
---|
| 84 | #define SADB_X_EALG_AESCTR (-1) |
---|
| 85 | #endif |
---|
| 86 | #if defined(SADB_X_EALG_AES) && ! defined(SADB_X_EALG_AESCBC) |
---|
| 87 | #define SADB_X_EALG_AESCBC SADB_X_EALG_AES |
---|
| 88 | #endif |
---|
| 89 | %} |
---|
| 90 | |
---|
| 91 | /* common section */ |
---|
| 92 | nl \n |
---|
| 93 | ws [ \t]+ |
---|
| 94 | digit [0-9] |
---|
| 95 | letter [0-9A-Za-z] |
---|
| 96 | hexdigit [0-9A-Fa-f] |
---|
| 97 | dot \. |
---|
| 98 | hyphen \- |
---|
| 99 | slash \/ |
---|
| 100 | blcl \[ |
---|
| 101 | elcl \] |
---|
| 102 | semi \; |
---|
| 103 | comment \#.* |
---|
| 104 | quotedstring \"[^"]*\" |
---|
| 105 | decstring {digit}+ |
---|
| 106 | hexstring 0[xX]{hexdigit}+ |
---|
| 107 | ipaddress [a-fA-F0-9:]([a-fA-F0-9:\.]*|[a-fA-F0-9:\.]*%[a-zA-Z0-9]*) |
---|
| 108 | ipaddrmask {slash}{digit}{1,3} |
---|
| 109 | name {letter}(({letter}|{digit}|{hyphen})*({letter}|{digit}))* |
---|
| 110 | hostname {name}(({dot}{name})+{dot}?)? |
---|
| 111 | |
---|
| 112 | %s S_PL S_AUTHALG S_ENCALG |
---|
| 113 | |
---|
| 114 | %option noinput nounput |
---|
| 115 | %% |
---|
| 116 | |
---|
| 117 | |
---|
| 118 | add { return(ADD); } |
---|
| 119 | delete { return(DELETE); } |
---|
| 120 | deleteall { return(DELETEALL); } |
---|
| 121 | get { return(GET); } |
---|
| 122 | flush { return(FLUSH); } |
---|
| 123 | dump { return(DUMP); } |
---|
| 124 | exit { return(EXIT); } |
---|
| 125 | quit { return(EXIT); } |
---|
| 126 | bye { return(EXIT); } |
---|
| 127 | |
---|
| 128 | /* for management SPD */ |
---|
| 129 | spdadd { return(SPDADD); } |
---|
| 130 | spdupdate { return(SPDUPDATE); } |
---|
| 131 | spddelete { return(SPDDELETE); } |
---|
| 132 | spddump { return(SPDDUMP); } |
---|
| 133 | spdflush { return(SPDFLUSH); } |
---|
| 134 | tagged { return(TAGGED); } |
---|
| 135 | {hyphen}P { BEGIN S_PL; return(F_POLICY); } |
---|
| 136 | <S_PL>[a-zA-Z0-9:\.\-_/ \n\t][a-zA-Z0-9:\.%\-+_/ \n\t\]\[]* { |
---|
| 137 | yymore(); |
---|
| 138 | |
---|
| 139 | /* count up for nl */ |
---|
| 140 | { |
---|
| 141 | char *p; |
---|
| 142 | for (p = yytext; *p != '\0'; p++) |
---|
| 143 | if (*p == '\n') |
---|
| 144 | lineno++; |
---|
| 145 | } |
---|
| 146 | |
---|
| 147 | yylval.val.len = strlen(yytext); |
---|
| 148 | yylval.val.buf = strdup(yytext); |
---|
| 149 | if (!yylval.val.buf) |
---|
| 150 | yyfatal("insufficient memory"); |
---|
| 151 | |
---|
| 152 | return(PL_REQUESTS); |
---|
| 153 | } |
---|
| 154 | <S_PL>{semi} { BEGIN INITIAL; return(EOT); } |
---|
| 155 | |
---|
| 156 | /* address resolution flags */ |
---|
| 157 | {hyphen}[n46][n46]* { |
---|
| 158 | yylval.val.len = strlen(yytext); |
---|
| 159 | yylval.val.buf = strdup(yytext); |
---|
| 160 | if (!yylval.val.buf) |
---|
| 161 | yyfatal("insufficient memory"); |
---|
| 162 | return(F_AIFLAGS); |
---|
| 163 | } |
---|
| 164 | |
---|
| 165 | /* security protocols */ |
---|
| 166 | ah { yylval.num = 0; return(PR_AH); } |
---|
| 167 | esp { yylval.num = 0; return(PR_ESP); } |
---|
| 168 | ah-old { yylval.num = 1; return(PR_AH); } |
---|
| 169 | esp-old { yylval.num = 1; return(PR_ESP); } |
---|
| 170 | esp-udp { yylval.num = 0; return(PR_ESPUDP); } |
---|
| 171 | ipcomp { yylval.num = 0; return(PR_IPCOMP); } |
---|
| 172 | tcp { |
---|
| 173 | yylval.num = 0; return(PR_TCP); |
---|
| 174 | } |
---|
| 175 | |
---|
| 176 | /* authentication alogorithm */ |
---|
| 177 | {hyphen}A { BEGIN S_AUTHALG; return(F_AUTH); } |
---|
| 178 | <S_AUTHALG>hmac-md5 { yylval.num = SADB_AALG_MD5HMAC; BEGIN INITIAL; return(ALG_AUTH); } |
---|
| 179 | <S_AUTHALG>hmac-sha1 { yylval.num = SADB_AALG_SHA1HMAC; BEGIN INITIAL; return(ALG_AUTH); } |
---|
| 180 | <S_AUTHALG>keyed-md5 { yylval.num = SADB_X_AALG_MD5; BEGIN INITIAL; return(ALG_AUTH); } |
---|
| 181 | <S_AUTHALG>keyed-sha1 { yylval.num = SADB_X_AALG_SHA; BEGIN INITIAL; return(ALG_AUTH); } |
---|
| 182 | <S_AUTHALG>hmac-sha2-256 { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); } |
---|
| 183 | <S_AUTHALG>hmac-sha256 { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); } |
---|
| 184 | <S_AUTHALG>hmac-sha2-384 { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); } |
---|
| 185 | <S_AUTHALG>hmac-sha384 { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); } |
---|
| 186 | <S_AUTHALG>hmac-sha2-512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); } |
---|
| 187 | <S_AUTHALG>hmac-sha512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); } |
---|
| 188 | <S_AUTHALG>hmac-ripemd160 { yylval.num = SADB_X_AALG_RIPEMD160HMAC; BEGIN INITIAL; return(ALG_AUTH); } |
---|
| 189 | <S_AUTHALG>aes-xcbc-mac { yylval.num = SADB_X_AALG_AES_XCBC_MAC; BEGIN INITIAL; return(ALG_AUTH); } |
---|
| 190 | <S_AUTHALG>tcp-md5 { |
---|
| 191 | #ifdef SADB_X_AALG_TCP_MD5 |
---|
| 192 | yylval.num = SADB_X_AALG_TCP_MD5; |
---|
| 193 | BEGIN INITIAL; |
---|
| 194 | return(ALG_AUTH); |
---|
| 195 | #endif |
---|
| 196 | } |
---|
| 197 | <S_AUTHALG>null { yylval.num = SADB_X_AALG_NULL; BEGIN INITIAL; return(ALG_AUTH_NOKEY); } |
---|
| 198 | |
---|
| 199 | /* encryption alogorithm */ |
---|
| 200 | {hyphen}E { BEGIN S_ENCALG; return(F_ENC); } |
---|
| 201 | <S_ENCALG>des-cbc { yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC); } |
---|
| 202 | <S_ENCALG>3des-cbc { yylval.num = SADB_EALG_3DESCBC; BEGIN INITIAL; return(ALG_ENC); } |
---|
| 203 | <S_ENCALG>null { yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC_NOKEY); } |
---|
| 204 | <S_ENCALG>simple { yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC_OLD); } |
---|
| 205 | <S_ENCALG>blowfish-cbc { yylval.num = SADB_X_EALG_BLOWFISHCBC; BEGIN INITIAL; return(ALG_ENC); } |
---|
| 206 | <S_ENCALG>cast128-cbc { yylval.num = SADB_X_EALG_CAST128CBC; BEGIN INITIAL; return(ALG_ENC); } |
---|
| 207 | <S_ENCALG>des-deriv { yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DESDERIV); } |
---|
| 208 | <S_ENCALG>des-32iv { yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DES32IV); } |
---|
| 209 | <S_ENCALG>twofish-cbc { yylval.num = SADB_X_EALG_TWOFISHCBC; BEGIN INITIAL; return(ALG_ENC); } |
---|
| 210 | <S_ENCALG>aes-cbc { |
---|
| 211 | #ifdef SADB_X_EALG_AESCBC |
---|
| 212 | yylval.num = SADB_X_EALG_AESCBC; BEGIN INITIAL; return(ALG_ENC); |
---|
| 213 | #endif |
---|
| 214 | } |
---|
| 215 | <S_ENCALG>rijndael-cbc { |
---|
| 216 | #ifdef SADB_X_EALG_AESCBC |
---|
| 217 | yylval.num = SADB_X_EALG_AESCBC; BEGIN INITIAL; return(ALG_ENC); |
---|
| 218 | #endif |
---|
| 219 | } |
---|
| 220 | <S_ENCALG>aes-ctr { yylval.num = SADB_X_EALG_AESCTR; BEGIN INITIAL; return(ALG_ENC); } |
---|
| 221 | <S_ENCALG>camellia-cbc { |
---|
| 222 | #ifdef SADB_X_EALG_CAMELLIACBC |
---|
| 223 | yylval.num = SADB_X_EALG_CAMELLIACBC; BEGIN INITIAL; return(ALG_ENC); |
---|
| 224 | #endif |
---|
| 225 | } |
---|
| 226 | |
---|
| 227 | /* compression algorithms */ |
---|
| 228 | {hyphen}C { return(F_COMP); } |
---|
| 229 | oui { yylval.num = SADB_X_CALG_OUI; return(ALG_COMP); } |
---|
| 230 | deflate { yylval.num = SADB_X_CALG_DEFLATE; return(ALG_COMP); } |
---|
| 231 | lzs { yylval.num = SADB_X_CALG_LZS; return(ALG_COMP); } |
---|
| 232 | {hyphen}R { return(F_RAWCPI); } |
---|
| 233 | |
---|
| 234 | /* extension */ |
---|
| 235 | {hyphen}m { return(F_MODE); } |
---|
| 236 | transport { yylval.num = IPSEC_MODE_TRANSPORT; return(MODE); } |
---|
| 237 | tunnel { yylval.num = IPSEC_MODE_TUNNEL; return(MODE); } |
---|
| 238 | {hyphen}u { return(F_REQID); } |
---|
| 239 | {hyphen}f { return(F_EXT); } |
---|
| 240 | random-pad { yylval.num = SADB_X_EXT_PRAND; return(EXTENSION); } |
---|
| 241 | seq-pad { yylval.num = SADB_X_EXT_PSEQ; return(EXTENSION); } |
---|
| 242 | zero-pad { yylval.num = SADB_X_EXT_PZERO; return(EXTENSION); } |
---|
| 243 | nocyclic-seq { return(NOCYCLICSEQ); } |
---|
| 244 | {hyphen}r { return(F_REPLAY); } |
---|
| 245 | {hyphen}lh { return(F_LIFETIME_HARD); } |
---|
| 246 | {hyphen}ls { return(F_LIFETIME_SOFT); } |
---|
| 247 | {hyphen}bh { return(F_LIFEBYTE_HARD); } |
---|
| 248 | {hyphen}bs { return(F_LIFEBYTE_SOFT); } |
---|
| 249 | {hyphen}ctx { return(SECURITY_CTX); } |
---|
| 250 | |
---|
| 251 | /* ... */ |
---|
| 252 | any { return(ANY); } |
---|
| 253 | {ws} { } |
---|
| 254 | {nl} { lineno++; } |
---|
| 255 | {comment} |
---|
| 256 | {semi} { return(EOT); } |
---|
| 257 | |
---|
| 258 | /* for address parameters: /prefix, [port] */ |
---|
| 259 | {slash} { return SLASH; } |
---|
| 260 | {blcl} { return BLCL; } |
---|
| 261 | {elcl} { return ELCL; } |
---|
| 262 | |
---|
| 263 | /* parameter */ |
---|
| 264 | {decstring} { |
---|
| 265 | char *bp; |
---|
| 266 | |
---|
| 267 | yylval.ulnum = strtoul(yytext, &bp, 10); |
---|
| 268 | return(DECSTRING); |
---|
| 269 | } |
---|
| 270 | |
---|
| 271 | {hexstring} { |
---|
| 272 | yylval.val.buf = strdup(yytext + 2); |
---|
| 273 | if (!yylval.val.buf) |
---|
| 274 | yyfatal("insufficient memory"); |
---|
| 275 | yylval.val.len = strlen(yylval.val.buf); |
---|
| 276 | |
---|
| 277 | return(HEXSTRING); |
---|
| 278 | } |
---|
| 279 | |
---|
| 280 | {quotedstring} { |
---|
| 281 | char *p = yytext; |
---|
| 282 | while (*++p != '"') ; |
---|
| 283 | *p = '\0'; |
---|
| 284 | yytext++; |
---|
| 285 | yylval.val.len = yyleng - 2; |
---|
| 286 | yylval.val.buf = strdup(yytext); |
---|
| 287 | if (!yylval.val.buf) |
---|
| 288 | yyfatal("insufficient memory"); |
---|
| 289 | |
---|
| 290 | return(QUOTEDSTRING); |
---|
| 291 | } |
---|
| 292 | |
---|
| 293 | [A-Za-z0-9:][A-Za-z0-9:%\.-]* { |
---|
| 294 | yylval.val.len = yyleng; |
---|
| 295 | yylval.val.buf = strdup(yytext); |
---|
| 296 | if (!yylval.val.buf) |
---|
| 297 | yyfatal("insufficient memory"); |
---|
| 298 | return(STRING); |
---|
| 299 | } |
---|
| 300 | |
---|
| 301 | [0-9,]+ { |
---|
| 302 | yylval.val.len = yyleng; |
---|
| 303 | yylval.val.buf = strdup(yytext); |
---|
| 304 | if (!yylval.val.buf) |
---|
| 305 | yyfatal("insufficient memory"); |
---|
| 306 | return(STRING); |
---|
| 307 | } |
---|
| 308 | |
---|
| 309 | . { |
---|
| 310 | yyfatal("Syntax error"); |
---|
| 311 | /*NOTREACHED*/ |
---|
| 312 | } |
---|
| 313 | |
---|
| 314 | %% |
---|
| 315 | |
---|
| 316 | void |
---|
| 317 | yyfatal(s) |
---|
| 318 | const char *s; |
---|
| 319 | { |
---|
| 320 | yyerror(s); |
---|
| 321 | exit(1); |
---|
| 322 | } |
---|
| 323 | |
---|
| 324 | void |
---|
| 325 | yyerror(s) |
---|
| 326 | const char *s; |
---|
| 327 | { |
---|
| 328 | printf("line %d: %s at [%s]\n", lineno, s, yytext); |
---|
| 329 | } |
---|
| 330 | |
---|
| 331 | int |
---|
| 332 | parse(fp) |
---|
| 333 | FILE **fp; |
---|
| 334 | { |
---|
| 335 | yyin = *fp; |
---|
| 336 | |
---|
| 337 | lineno = 1; |
---|
| 338 | parse_init(); |
---|
| 339 | |
---|
| 340 | if (yyparse()) { |
---|
| 341 | printf("parse failed, line %d.\n", lineno); |
---|
| 342 | return(-1); |
---|
| 343 | } |
---|
| 344 | |
---|
| 345 | return(0); |
---|
| 346 | } |
---|
| 347 | |
---|
| 348 | int |
---|
| 349 | parse_string (char *src) |
---|
| 350 | { |
---|
| 351 | int result; |
---|
| 352 | YY_BUFFER_STATE buf_state; |
---|
| 353 | |
---|
| 354 | buf_state = yy_scan_string(src); |
---|
| 355 | result = yyparse(); |
---|
| 356 | yy_delete_buffer(buf_state); |
---|
| 357 | return result; |
---|
| 358 | } |
---|
| 359 | |
---|